Generating Unique Account IDs

:wave: Hello! :wave:

I am trying to generate two keys for user accounts, a public key (Which the client will see), and a private key (For the system).

Currently, I am just using substr(str_shuffle()) to generate the keys for testing, but for production, I have to be 100% certain that no two keys are alike. Also, the private key must be near impossible to guess.


Generating Private Key

My idea was like this: RandomString + Number. Example: “jHudSbE12” with the number being unique.

The code I have so far:

$pKeyPartOne = substr(str_shuffle('qwertyuioplkjhgfdsazxcvbnmQWERTYUIOPLKJHGFDSAZXCVBNM'),0,10);
$pKeyPartTwo = 0 //I got stuck here
$finalpKey = $pKeyPartOne.$pKeyPartTwo

The final private key is then inserted into the database.

I want the number to be unique (Like Auto_Increment), but could not figure out how to get the Auto_Increment number into the code before it is inserted into the database (I know I could insert it into the database, then fetch the Increment ID and update it, but I don’t want to do that).


Generating the Public Key

The public key needs to be 8 numbers that are unique. My original idea was to just generate an 8-digit string with substr(str_shuffle() and check if it already exists in the database, but that could take a long time, especially if the code keeps generating a string that already exists.

I thought about using the PHP date() or time() function, but either it would not be unique, or not the right length. I also considered using Auto_Increment (I know you can set a starting value), but I would prefer random generation. Is there a better way to do this?


My Questions

  1. How can I get the Increment ID that the database entry that will be assigned before the information is entered into the database?
  2. How can I generate an 8-digit numerical string that is 100% unique?

Sorry for any confusion, and thanks in advance!

Why do you want to reinvent to wheel?

Just use RSA key generator

https://www.php.net/manual/en/function.openssl-pkey-new.php

But that is numbers and letters, I only want numbers, and of a specific length.

Setting the table column to unique will enforce no duplicates being made.
You just need some logic around your INSERT query to check if the execute was successful, and try again with a new key if not.

1 Like

Your approach is senseless.

Either you use a strong key or you use a unique number. If you need a unique number, use the autoincrement feature of the database and don’t care about the first user will get the number 1.

For what is the public key used? Why can’t it contain characters? A 8 digit number is never ever a secure key. That’s nonsense.

1 Like

It’s not supposed to be. The 8 digits is the public one. It’s not meant to be secure. That is literally why I also have a private ID.

Yeah, that was my original thought. But it has to be 8 numerical digits, and I don’t them to be in order.

So kind of like:

$Key= //key generaron
INSERT STATEMENT
IF(INSERT){
//all good
}else{
$Key = //key generation
INSERT
}

But there has to be a way to loop it so it is continually checking for duplicates, right?

First you will prepare the insert.

$sql = $db->prepare("INSERT INTO table (data1, data2, data3, pubkey) VALUES (?, ?, ?, ?)");

Then you can loop an execution.

$e = 1062 ; // Code for duplicate
while($e == 1062){
    $pubkey = makeRand(8, 'num') ; // Get new key from a custom function
    $sql->execute([$data1, $data2, $data3, $pubkey]);   // Try execution
    $e = $sql->errorCode();   // Get error code
}

Not tested, just an idea.

What is the real problem you are trying to solve by doing this?

1 Like

The terminology is confusing. Private and public key are actual software engineering terms. They mean something specific. You shouldn’t be referring to what you are doing using the same terminology. Regardless of security it’s just confusing.

1 Like

This loop needs a counter to force an exit after a reasonable number of iterations, should a programming mistake, the random generator fail to produce sufficiently unique values (computers don’t do random things very well), or most/all the combinations get used up. If the exit condition is reached, you would need to log the information about the specific occurrence and setup a message for the user that the operation could not be completed.

1 Like

Try adding a new user using “ON_DUPLICATE_KEY_UPDATE” and use the generated unique key… which could be hashed.