Key Generator without storing in database

Question

My code creates random key and stores it in the databaseon button click,keygen is the button name, if the user/customer already has the key it gets the key from the database in a text box on click else it generates a new key and stores it in the database . Is there a way i can achieve this without storing the key in the database and get the same key for a particular user/customer each time.

Code:

<?php
include('session.php');
$result = mysql_query("SELECT * FROM customer WHERE customer_no = '$customer_no'");
$row = mysql_fetch_array($result);
if (isset($_POST['keygen'])){
$customer_no = $_POST['customer_no'];
$customer_no = mysql_real_escape_string($customer_no);
$result = mysql_query("SELECT * FROM customer WHERE customer_no = '$customer_no'");
while ($row = mysql_fetch_assoc($result)) {
$keyString = $row['key'];
if($keyString == ""){
$keyString = mysql_real_escape_string($keyString);
$query = mysql_query("UPDATE customer SET `key` = '$keyString' WHERE customer_no = '$customer_no'");
}
else{
$keyString = $row['key'];
}}} 

function  generateRandomString($length = 10) {  
$characters = '23456789ABCDEFGHJKMNPQRSTUVWXYZ';
$randomString = '';
for ($i = 0; $i < $length; $i++) {
    $randomString .= $characters[rand(0, strlen($characters) - 1)];
} 
return $randomString;
}

?>

My HTML is,

<div id="content" class="box2">
<div class="login">
<form action="" method="post" style="margin:12px;">
<table class="nostyle">
<tr>
<td align="center">
<label style="font-size:16px;"><strong>Customer ID: </strong></label>
<select name="customer_no">
<?php $result_customer= mysql_query('SELECT customer_no FROM customer ORDER BY   customer_no'); ?>
<?php while($row_customer= mysql_fetch_assoc($result_customer)) { ?>
<option <?php if ($row_customer['customer_no']=='') { ?> selected="selected"<?php } ?>> <?php echo htmlspecialchars($row_customer['customer_no']); ?> </option>
<?php } ?>
</select>
</td>
</tr>
<tr>
<td align="center"><label style="font-size:16px;"><br /><strong>Register Key: </strong> </label>
<input type="text" id="key" class="input-text" name="key" size="20" align="middle"   value = " <?=$row["key"];?>"></td>
 </tr>
 <td align="center"><br /><input type="submit" id="keygen" class="input-submit" name="keygen" value="Generate" onclick=""/>
 </td>
 </tr>
 </table>
 </form>
 </div>
 </div>

Please help,I'm a newbie.

Answer 1

One way is to create a hash from one (or more) customer properties. A hash is a function that creates a string from a source string. The same source string will allways generate the same hash.

But you have to take care of two problems with hashs: you can't generate the source string from the hash (because the hashing algorithm is non reversible) and you have to take care of possible hash collisions (two differents strings generating the same hash). It is quite unlikely given your hash has enough length (md5 has 32 characters, sha1 is 40 long...).

If you need a two way encryption (getting a string from the username, then generating back that username from the string), then you'll need to look at encryption techniques.

Have a look at the mcrypt library that provide many differents encryption/hashing algorithms. I'm sure you'll find one that suit your needs.

Answer 2

Depends on how and what is the key used for.

One option if you have a fixed key anyway then derive it somehow from the customer_no. like using md5(), but if your customer numbers are sequential, that is also easy to attack, so a bit more complex calculation would be better, using all the non changeable customer data. this md5() sum can then be verified against the customer table.