PHP Function to Generate V4 Uuid

PHP function to generate v4 UUID

Taken from this comment on the PHP manual, you could use this:

function gen_uuid() {
    return sprintf( '%04x%04x-%04x-%04x-%04x-%04x%04x%04x',
        // 32 bits for "time_low"
        mt_rand( 0, 0xffff ), mt_rand( 0, 0xffff ),

        // 16 bits for "time_mid"
        mt_rand( 0, 0xffff ),

        // 16 bits for "time_hi_and_version",
        // four most significant bits holds version number 4
        mt_rand( 0, 0x0fff ) | 0x4000,

        // 16 bits, 8 bits for "clk_seq_hi_res",
        // 8 bits for "clk_seq_low",
        // two most significant bits holds zero and one for variant DCE1.1
        mt_rand( 0, 0x3fff ) | 0x8000,

        // 48 bits for "node"
        mt_rand( 0, 0xffff ), mt_rand( 0, 0xffff ), mt_rand( 0, 0xffff )
    );
}

Best way to generate a UUID in PHP without using external libraries

You can use this:

It uses random bytes and puts them in the right positions by using the vsprintf function.

Random bytes

$UUID = vsprintf( '%s%s-%s-%s-%s-%s%s%s', str_split(bin2hex(random_bytes(16)), 4) );

How to create a uuid with 8 or 16 characters use php?

Try this 

echo strtoupper(bin2hex(openssl_random_pseudo_bytes(16)));

This will generate 16 characters unique string

You can create common function also 

function GUID() {
    return strtoupper(bin2hex(openssl_random_pseudo_bytes(16)));
}
$id = GUID();
echo $id;

PHP Format preexisting V4 UUID

You question is poorly written and the example you gave is wrong.
The last part can only have have 12 chars, also, you specified 4 groups, when in fact the string is split in 5.

You can use substr, i.e.:

<?php
$uuid = "a935941636384aa0b7560617c641cc2e";
$part1 = substr($uuid, 0, 8);
$part2 = substr($uuid, 8, 4);
$part3 = substr($uuid, 12, 4);
$part4 = substr($uuid, 16, 4);
$part5 = substr($uuid, 20, 12);

Live Demo

Laravel UUID generation

After laravel 5.6 a new helper was added to generate Universal Unique Identifiers (UUID)

use Illuminate\Support\Str;

return (string) Str::uuid();

return (string) Str::orderedUuid();

The methods return a Ramsey\Uuid\Uuid object

The orderedUuid() method will generate a timestamp first UUID for easier and more efficient database indexing.

Secure UUID v4 generation in PHP - without mt_rand()

Whether it is sufficient for your needs depends on your threat model. Do you have a bunch of kids who want to mess with you, corporate espionage fears, or is the entire Chineese government trying to break your system?

MCRYPT_DEV_URANDOM generates entropy from /dev/urandom. This avoids DOS attacks on /dev/random where you ask for a bunch of UUIDs and deplete the system entropy until the program blocks. However, it also means you have absolutely no guarantee as to how many bits of entropy are actually in your UUID - none whatsoever.

There have been threat models written which start with the assumption that you ping a server with thoudsands of requests to deplete the entropy of /dev/urandom and then start cracking the urandom key.

If you truly care about security, there are cryptographic PRNGs which are designed to be secure, like Blum Blum Shub.

Is there a way to create a reversible opaque UUID?

It sounds like you want it to be hard to guess URLs or spot patterns in them. The suggestion of base64 encoding in another answer is a good one, but similar inputs will still lead to similar outputs, so it may not be ideal:

maps/shop1.jpg: bWFwcy9zaG9wMS5qcGc
maps/shop2.jpg: bWFwcy9zaG9wMi5qcGc
maps/shop3.jpg: bWFwcy9zaG9wMy5qcGc
maps/shop4.jpg: bWFwcy9zaG9wNC5qcGc
maps/shop5.jpg: bWFwcy9zaG9wNS5qcGc

To avoid this, you can XOR the string with a random salt (or "nonce"), and include the salt in the URL to decode it, e.g.:

function base64_url_encode($input)
{
    return strtr(base64_encode($input), '+/=', '._-');
}

function base64_url_decode($input)
{
    return base64_decode(strtr($input, '._-', '+/='));
}

function obfuscate($input)
{
    $salt = random_bytes(strlen($input));
    // Make sure our separator doesn't appear in the salt, or explode() will split at the wrong place
    str_replace('|', '-', $salt);
    $xor = $input ^ $salt;
    return base64_url_encode("$salt|$xor");
}

function deobfuscate($input)
{
    [$salt, $xor] = explode('|', base64_url_decode($input), 2);
    return $salt ^ $xor;
}

Which gives strings like this:

maps/shop1.jpg: NubGQVCitxcciGC8wht8W4e2Mn_R33hsuU7Wsnw-
maps/shop2.jpg: ePr0T12ft29NwpNMslN8FZuEPHLs3wA98L0mwjQ-
maps/shop3.jpg: 7stRD6lwniLozbmY_fJ8g6ohfIYD9k2Y_pfyjZU-
maps/shop4.jpg: 1ArPov5EmGqyikHyN2l8uWu_0dE38AXCvm.YRw4-
maps/shop5.jpg: tQN2RHTzN.LCEHu1URJ82GIGN1uAX42yJVXfIXU-

(A variation of this would be to use the MD5 or SHA1 hash of the string as the salt, so that each string will always have the same obfuscated form, but still be hard to guess.)

You could even XOR a second fixed string that's not transmitted (a "key"), making this into a very simple encryption scheme. But if you want security, you're better off just using a real encryption function like sodium_crypto_secretbox.


Related Topics

Send Email from Localhost Running Xammp in PHP Using Gmail Mail Server

Difference Between Two Arrays

How to Use Filesystem Functions in PHP, Using Utf-8 Strings

How to Make a Calculator in PHP

How to Hide Config Files from Direct Access

How to Sort an Array of Associative Arrays by Value of a Given Key in PHP

Allowed Memory Size of 33554432 Bytes Exhausted (Tried to Allocate 43148176 Bytes) in PHP

PHP "PHP://Input" VS $_Post

Remove Empty Array Elements

Why Would $_Files Be Empty When Uploading Files to PHP

What Kinds of Patterns Could I Enforce on the Code to Make It Easier to Translate to Another Programming Language

How to Get a File Name from a Full Path With PHP

How to Store and Retrieve Images from a MySQL Database Using PHP

If Block Inside Echo Statement

PHP 7.2 Function Create_Function() Is Deprecated

How to Zip a Whole Folder Using PHP

Angularjs Http Post to PHP and Undefined

Strange Behavior of Foreach When Using Reference: Foreach ($A as &$V) { ... }


Leave a reply



Submit