无聊写了一个用来生成密码,省的自己动脑筋了
优点
- 高强度密码生成
- 使用
random_int()
加密安全随机数 - 支持4种字符类型组合:
- 小写字母(a-z)
- 大写字母(A-Z)
- 数字(0-9)
- 特殊符号(!@#$%^&*等)
- 自动确保每种选中类型至少包含1个字符
- 使用
- 安全防护机制
- CSRF令牌双重验证
- 会话固定攻击防护
- 输入参数严格过滤
- 智能用户体验
- 实时密码强度可视化
- AJAX无刷新生成
- 响应式移动端适配
- 一键复制功能
?';
$char_pool = '';
$password = '';
if ($include_lowercase) {
$char_pool .= $lowercase_chars;
$password .= $lowercase_chars[random_int(0, strlen($lowercase_chars) - 1)];
}
if ($include_uppercase) {
$char_pool .= $uppercase_chars;
$password .= $uppercase_chars[random_int(0, strlen($uppercase_chars) - 1)];
}
if ($include_numbers) {
$char_pool .= $number_chars;
$password .= $number_chars[random_int(0, strlen($number_chars) - 1)];
}
if ($include_symbols) {
$char_pool .= $symbol_chars;
$password .= $symbol_chars[random_int(0, strlen($symbol_chars) - 1)];
}
if (empty($char_pool)) {
return '错误:请至少选择一种字符类型。';
}
$remaining_length = $length - strlen($password);
if ($remaining_length > 0) {
$pool_length = strlen($char_pool) - 1;
for ($i = 0; $i < $remaining_length; $i++) {
$password .= $char_pool[random_int(0, $pool_length)];
}
}
return str_shuffle($password);
}
// 生成并存储CSRF令牌
if (empty($_SESSION['csrf_token'])) {
$_SESSION['csrf_token'] = bin2hex(random_bytes(32));
}
$csrf_token = $_SESSION['csrf_token'];
// --- 页面逻辑:处理用户输入和显示 ---
$generated_password = '';
$options = [
'length' => $_POST['length'] ?? 16,
'lowercase' => isset($_POST['form_submitted']) ? isset($_POST['lowercase']) : true,
'uppercase' => isset($_POST['form_submitted']) ? isset($_POST['uppercase']) : true,
'numbers' => isset($_POST['form_submitted']) ? isset($_POST['numbers']) : true,
'symbols' => isset($_POST['form_submitted']) ? isset($_POST['symbols']) : true,
];
// 验证用户输入的函数
function validate_input(array $data): array {
$errors = [];
// 验证密码长度
$length = filter_var($data['length'] ?? 16, FILTER_VALIDATE_INT, [
'options' => [
'min_range' => 8,
'max_range' => 50
]
]);
if ($length === false) {
$errors[] = '密码长度必须在8-50之间';
}
// 验证布尔值参数
$types = ['lowercase', 'uppercase', 'numbers', 'symbols'];
foreach ($types as $type) {
if (isset($data[$type])) {
$value = filter_var($data[$type], FILTER_VALIDATE_BOOLEAN, FILTER_NULL_ON_FAILURE);
if ($value === null) {
$errors[] = "无效的字符类型参数: $type";
}
}
}
// 验证CSRF令牌
if (empty($data['csrf_token']) || !hash_equals($_SESSION['csrf_token'], $data['csrf_token'])) {
$errors[] = 'CSRF验证失败';
}
return $errors;
}
// 处理表单提交
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$input_errors = validate_input($_POST);
// 检查是否有AJAX请求头
$is_ajax = isset($_SERVER['HTTP_X_REQUESTED_WITH']) &&
strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) === 'xmlhttprequest';
if (!empty($input_errors)) {
$error_message = implode('
', $input_errors);
$generated_password = '错误: ' . $error_message;
if ($is_ajax) {
header('Content-Type: application/json');
echo json_encode(['password' => $generated_password]);
exit;
}
} else {
if ($is_ajax) {
$generated_password = generate_secure_password(
(int)($_POST['length'] ?? 16),
(bool)($_POST['uppercase'] ?? false),
(bool)($_POST['lowercase'] ?? false),
(bool)($_POST['numbers'] ?? false),
(bool)($_POST['symbols'] ?? false)
);
header('Content-Type: application/json');
echo json_encode(['password' => $generated_password]);
exit;
} else {
$generated_password = generate_secure_password(
(int)$options['length'],
(bool)$options['uppercase'],
(bool)$options['lowercase'],
(bool)$options['numbers'],
(bool)$options['symbols']
);
}
}
}
?>
安全密码生成器
🔐🔐 安全密码生成器
快速创建高强度随机密码
正文完