Talk In Code

I have talked about generating random passwords before. Although that function generated some nice passwords, they perhaps aren’t as unique as they ought to be.

This function, take from Webtoolkit creates passwords of different length with varying levels of complexity.

function generatePassword($length=9, $strength=0) {
  $vowels = 'aeiu';
  $consonants = 'bdghjmnpqrstvxyz';
  if ( $strength & 1 ) {
    $consonants .= 'BDGHJLMNPQRSTVWXYZ';
  }
  if ( $strength & 2 ) {
    $vowels .= 'AEU';
  }
  if ( $strength & 4 ) {
    $consonants .= '23456789';
  }
  if ( $strength & 8 ) {
    $consonants .= '@#$%';
  }
 
  $password = '';
  $alt = time() % 2;
  for ($i = 0; $i < $length; $i++) {
    if ($alt == 1) {
      $password .= $consonants[(rand() % strlen($consonants))];
      $alt = 0;
    } else {
      $password .= $vowels[(rand() % strlen($vowels))];
      $alt = 1;
    }
  }
  return $password;
}

The first parameter is the number of characters that the function should return. The second parameter is a number up to 8 which converts into complexity. The least complex password consists of only lower case consonants. The most complex password consists of upper and lower case letters,

You might notice that some of the letters and numbers are missing, this is deliberate. When passwords are generated many of the characters can be very similar. Zero can look like an upper case O and I can look like the number one or a lower case L. Removing these letters stops people getting their passwords wrong and having to reapply for them in the future. Also, many people write down their passwords, even though you shouldn’t, and in doing this many characters can also look the same. For example, in a mix of upper and lowercase letters it is difficult to see the difference between an upper and lower case W.

You can run the function like this.

echo generatePassword(8,1); // LareSuSy
echo generatePassword(8,2); // hUsuserU
echo generatePassword(8,3); // MEdEgYze
echo generatePassword(8,4); // tanapa3a
echo generatePassword(8,5); // ary2ugeR
echo generatePassword(8,6); // uqUtebyq
echo generatePassword(8,7); // yRysuNEV
echo generatePassword(8,8); // ygyqyha%

This is just the output that I got from these parameters, a different password is run each time. You should be using level 8 for any system administrator passwords.

If for some reason you can’t remember your WordPress password and you can’t use the "lost your password" function that comes with WordPress, due to problems with email, then you can use the following SQL command to reset your password.

UPDATE wp_users SET user_pass = md5('newpassword') WHERE user_login = 'admin';

This can be useful if you have a local web server that you are trying things out on before they go live on the Internet. These servers often don’t have access to email as they are just testing platforms and will therefore fail if you try to use the "lost your password" function.

This command has been tested on WordPress version 2.6.2.

Here is a function that will generate a string of random characters, ideal if you want to create a password for a new user.

function generatePassword($length=10){
 $pass = '';
 $parts = array_merge(range(0,9),range('a','z'),range('A','Z'));
 for($i=0;strlen($pass)<=$length;$i++){
  $pass .= $parts[array_rand($parts)];
 }
 return $pass;
}

Use the function like this.
echo generatePassword();

To create a longer password string just pass a parameter with the function.
echo generatePassword(5);

If you have command line access to your MySQL database server you will need to use certain parameters to log in. Most web hosts will not allow you to do this, so you might want to install MySQL into a local computer and give it a go.

To log into mysql you must run the program called mysql with certain parameters. Here is an example.

./mysql -u username

One thing you must realise is that all usernames are associated with a host so if the user you specified can’t access the server from this host then you won’t get far. To specify the host location enter the -h flag.

./mysql -h hostaddress -u username

If your user is able to access this server then you will be asked for a password. You can set the password in the string using the -p flag. If this doesn’t work then leave out the space between the -p and the password.

./mysql -h hostaddress -u username -ppassword

For security reasons the MySQL server might have been told to use a different port than the standard 3306. You can therefore set the port using the -P flag.

./mysql -h hostaddress -u username -ppassword -P 3309

Users are also restricted to the tables and commands that they can use, so you can set a default database to use that database once you have logged in. This is useful to do if you don’t have access to administrative commands like SHOW DATABASES. To set the database to be used just add it to the end of the line, no flag is needed.

./mysql -h hostaddress -u username -ppassword -P 3309 test

You should try to log into the MySQL command line if you are trying to learn SQL, but it is useful if you have some special things to do like data importing or carrying out a backup. One alternative to doing it this way is to get hold of the wonderful MySQL GUI tools which will allow you to anything you can do through the command line without having to have an in depth knowledge of SQL syntax.