自用PHP版密码生成器源码分享

12次阅读
没有评论

无聊写了一个用来生成密码,省的自己动脑筋了

优点

  • 高强度密码生成
    • 使用random_int()加密安全随机数
    • 支持4种字符类型组合:
      • 小写字母(a-z)
      • 大写字母(A-Z)
      • 数字(0-9)
      • 特殊符号(!@#$%^&*等)
    • 自动确保每种选中类型至少包含1个字符
  • 安全防护机制
    • CSRF令牌双重验证
    • 会话固定攻击防护
    • 输入参数严格过滤
  • 智能用户体验
    • 实时密码强度可视化
    • AJAX无刷新生成
    • 响应式移动端适配
    • 一键复制功能

?';

    $char_pool = '';
    $password = '';

    if ($include_lowercase) {
        $char_pool .= $lowercase_chars;
        $password .= $lowercase_chars[random_int(0, strlen($lowercase_chars) - 1)];
    }
    if ($include_uppercase) {
        $char_pool .= $uppercase_chars;
        $password .= $uppercase_chars[random_int(0, strlen($uppercase_chars) - 1)];
    }
    if ($include_numbers) {
        $char_pool .= $number_chars;
        $password .= $number_chars[random_int(0, strlen($number_chars) - 1)];
    }
    if ($include_symbols) {
        $char_pool .= $symbol_chars;
        $password .= $symbol_chars[random_int(0, strlen($symbol_chars) - 1)];
    }

    if (empty($char_pool)) {
        return '错误:请至少选择一种字符类型。';
    }

    $remaining_length = $length - strlen($password);
    
    if ($remaining_length > 0) {
        $pool_length = strlen($char_pool) - 1;
        for ($i = 0; $i < $remaining_length; $i++) {
            $password .= $char_pool[random_int(0, $pool_length)];
        }
    }
    
    return str_shuffle($password);
}

// 生成并存储CSRF令牌
if (empty($_SESSION['csrf_token'])) {
    $_SESSION['csrf_token'] = bin2hex(random_bytes(32));
}
$csrf_token = $_SESSION['csrf_token'];

// --- 页面逻辑:处理用户输入和显示 ---
$generated_password = '';
$options = [
    'length' => $_POST['length'] ?? 16,
    'lowercase' => isset($_POST['form_submitted']) ? isset($_POST['lowercase']) : true,
    'uppercase' => isset($_POST['form_submitted']) ? isset($_POST['uppercase']) : true,
    'numbers' => isset($_POST['form_submitted']) ? isset($_POST['numbers']) : true,
    'symbols' => isset($_POST['form_submitted']) ? isset($_POST['symbols']) : true,
];

// 验证用户输入的函数
function validate_input(array $data): array {
    $errors = [];

    // 验证密码长度
    $length = filter_var($data['length'] ?? 16, FILTER_VALIDATE_INT, [
        'options' => [
            'min_range' => 8,
            'max_range' => 50
        ]
    ]);
    if ($length === false) {
        $errors[] = '密码长度必须在8-50之间';
    }

    // 验证布尔值参数
    $types = ['lowercase', 'uppercase', 'numbers', 'symbols'];
    foreach ($types as $type) {
        if (isset($data[$type])) {
            $value = filter_var($data[$type], FILTER_VALIDATE_BOOLEAN, FILTER_NULL_ON_FAILURE);
            if ($value === null) {
                $errors[] = "无效的字符类型参数: $type";
            }
        }
    }

    // 验证CSRF令牌
    if (empty($data['csrf_token']) || !hash_equals($_SESSION['csrf_token'], $data['csrf_token'])) {
        $errors[] = 'CSRF验证失败';
    }

    return $errors;
}

// 处理表单提交
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
    $input_errors = validate_input($_POST);
    
    // 检查是否有AJAX请求头
    $is_ajax = isset($_SERVER['HTTP_X_REQUESTED_WITH']) && 
               strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) === 'xmlhttprequest';
    
    if (!empty($input_errors)) {
        $error_message = implode('
', $input_errors); $generated_password = '错误: ' . $error_message; if ($is_ajax) { header('Content-Type: application/json'); echo json_encode(['password' => $generated_password]); exit; } } else { if ($is_ajax) { $generated_password = generate_secure_password( (int)($_POST['length'] ?? 16), (bool)($_POST['uppercase'] ?? false), (bool)($_POST['lowercase'] ?? false), (bool)($_POST['numbers'] ?? false), (bool)($_POST['symbols'] ?? false) ); header('Content-Type: application/json'); echo json_encode(['password' => $generated_password]); exit; } else { $generated_password = generate_secure_password( (int)$options['length'], (bool)$options['uppercase'], (bool)$options['lowercase'], (bool)$options['numbers'], (bool)$options['symbols'] ); } } } ?> 安全密码生成器

🔐🔐 安全密码生成器

快速创建高强度随机密码

自定义选项

密码强度:
-
正文完
 0
评论(没有评论)
验证码