Generating confirmation code for an email confirmation

Question

Using PHP, what are some ways to generate a random confirmation code that can be stored in a DB and be used for email confirmation? I can't for the life of me think of a way to generate a unique number that can be generated from a user's profile. That way I can use a function to make the number small enough to be included in the URL (see this link). Remember, the user has to click on the link to "confirm/activate" his/her account. If I can't use numbers, I have no problems using both letters and numbers.

With that said, I've tried hashing the username along with a "salt" to generate the random code. I know there has to be a better way, so let's hear it.

Answer 1

$random_hash = md5(uniqid(rand(), true)); 

That will be 32 alphanumeric characters long and unique. If you want it to be shorter just use substr():

$random_hash = substr(md5(uniqid(rand(), true)), 16, 16); // 16 characters long 

Alternative methods to generate random data include:

$random_hash = md5(openssl_random_pseudo_bytes(32)); $random_hash = md5(mcrypt_create_iv(32, MCRYPT_DEV_URANDOM));  // New in PHP7 $random_hash = bin2hex(random_bytes(32)); 

Answer 2

1) Create an Activated Field in Database

2) After registration the Email is sent

3) Create a Link to include in Email,Use a Unique identifier It would look something like this

Welcome Username Thanks for registering.

Please Click on the Link below to activate your account

domain.com/register.php?uid=100&activate=1 

4) Update the Activated Field to true

_{(source: jackborn.com)}

$email_encrypt = urlencode($email); $special_string = 'maybeyourcompanynamereversed?'; $hash = md5($email_encrypt.$special_string);  Here is the link that is sent to the email that was provided:  http://yourdoman.com/confirm.php?hash='.$hash.'  The actual link will look something like this:  http://yourdomain.com/confirm.php?hash=00413297cc003c03d0f1ffe1cc8445f8