(PHP 4 >= 4.3.0, PHP 5, PHP 7, PHP 8)
str_shuffle — Randomly shuffles a string
str_shuffle() shuffles a string. One permutation of all possible is created.
This function does not generate cryptographically secure values, and must not be used for cryptographic purposes, or purposes that require returned values to be unguessable.
If cryptographically secure randomness is required, the Random\Randomizer may be used with the Random\Engine\Secure engine. For simple use cases, the random_int() and random_bytes() functions provide a convenient and secure API that is backed by the operating system’s CSPRNG.
stringThe input string.
Returns the shuffled string.
| Version | Description |
|---|---|
| 7.1.0 | The internal randomization algorithm has been changed to use the » Mersenne Twister Random Number Generator instead of the libc rand function. |
Example #1 str_shuffle() example
<?php
$str = 'abcdef';
$shuffled = str_shuffle($str);
// This will echo something like: bfdaec
echo $shuffled;
?>
Aoccdrnig to rseearch at an Elingsh uinervtisy, it deosn't mttaer in waht oredr the ltteers in a wrod are, the olny iprmoatnt tihng is that the frist and lsat ltteer is at the rghit pclae. The rset can be a toatl mses and you can sitll raed it wouthit a porbelm. Tihs is bcuseae we do not raed ervey lteter by it slef but the wrod as a wlohe.
Hree's a cdoe taht slerbmcas txet in tihs way:
<?php
function scramble_word($word) {
if (strlen($word) < 2)
return $word;
else
return $word{0} . str_shuffle(substr($word, 1, -1)) . $word{strlen($word) - 1};
}
echo preg_replace('/(\w+)/e', 'scramble_word("1円")', 'A quick brown fox jumped over the lazy dog.');
?>
It may be ufseul if you wnat to cetare an aessblicce CTCPAHA.This page is missing a very important notice:
Caution
This function does not generate cryptographically secure values, and should not be used for cryptographic purposes. If you need a cryptographically secure value, consider using random_int(), random_bytes(), or openssl_random_pseudo_bytes() instead.<?php
function str_rand(int $length = 20) : string {
$ascii_codes = range(48, 57) + range(97, 122);
$codes_lenght = (count($ascii_codes)-1);
shuffle($ascii_codes);
$string = '';
for($i = 1; $i <= $length; $i++){
$previous_char = $char ?? '';
$char = chr($ascii_codes[random_int(0, $codes_lenght)]);
while($char == $previous_char){
$char = chr($ascii_codes[random_int(0, $codes_lenght)]);
}
$string .= $char;
}
return str_shuffle($string);
}
?>This function is affected by srand():
<?php
srand(12345);
echo str_shuffle('Randomize me') . '<br/>'; // "demmiezr aon"
echo str_shuffle('Randomize me') . '<br/>'; // "izadmeo rmen"
srand(12345);
echo str_shuffle('Randomize me') . '<br/>'; // "demmiezr aon" again
?>A proper unicode string shuffle;
<?php
function str_shuffle_unicode($str) {
$tmp = preg_split("//u", $str, -1, PREG_SPLIT_NO_EMPTY);
shuffle($tmp);
return join("", $tmp);
}
?>
$str = "Şeker yârim"; // My sweet love
echo str_shuffle($str); // i�eymrŢekr �
echo str_shuffle_unicode($str); // Şr mreyeikâAs noted in this documentation str_shuffle is NOT cryptographically secure, however I have seen many code examples online of people using nothing more than this to generate say random passwords. So I though I'd share my function which while it makes use of str_shuffle also rely's on random_int() for added security. I use this function to generate salts to use when working with hashes but it can also be used to generate default passwords for new users for example.
It starts with a universe of possible characters, in this case all letters (upper and lower case), 0-9, and several special characters.
It then will run str_shuffle on the universe of characters a random number of times, using random_int() (currently set to 1-10)
Then once the universe of possible characters has been shuffled it using random_int() once more to select the character as a random position within the shuffled string, as does that once for each character you want in the output.
function secret_gen( $len=64 ) {
$secret = "";
$charset = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789!@#$%^&*()_-+=`~,<>.[]: |';
for ( $x = 1l $x <= random_int( 1, 10 ), $x++ ){
$charset = str_shuffle( $charset );
}
for ( $s = 1; $s <= $len; $s++ ) {
$secret .= substr( $charset, random_int( 0, 86 ), 1 );
}
return $secret;
}Unshuffle, using:
<?php
$string = "Hello World!";
$seed = 1234567890;
mt_srand($seed);
echo $sh = str_shuffle($string); //print 'eloWHl rodl!'
echo str_unshuffle($sh, $seed); //print 'Hello World!'
?>
<?php
function str_unshuffle($str, $seed){
$unique = implode(array_map('chr',range(0,254)));
$none = chr(255);
$slen = strlen($str);
$c = intval(ceil($slen/255));
$r = '';
for($i=0; $i<$c; $i++){
$aaa = str_repeat($none, $i*255);
$bbb = (($i+1)<$c) ? $unique : substr($unique, 0, $slen%255);
$ccc = (($i+1)<$c) ? str_repeat($none, strlen($str)-($i+1)*255) : "";
$tmp = $aaa.$bbb.$ccc;
mt_srand($seed);
$sh = str_shuffle($tmp);
for($j=0; $j<strlen($bbb); $j++){
$r .= $str{strpos($sh, $unique{$j})};
}
}
return $r;
}str_shuffle isn't recommendable for passwords. Each character exists only one time).
A function like the following one is better for this.
<?php
function generatePassword($length = 8) {
$possibleChars = "abcdefghijklmnopqrstuvwxyz";
$password = '';
for($i = 0; $i < $length; $i++) {
$rand = rand(0, strlen($possibleChars) - 1);
$password .= substr($possibleChars, $rand, 1);
}
return $password;
}
?>To cobine functionality and simplicity of the two functions below we can have:
<?php
function generatePasswd($numAlpha=6,$numNonAlpha=2)
{
$listAlpha = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789';
$listNonAlpha = ',;:!?.$/*-+&@_+;./*&?$-!,';
return str_shuffle(
substr(str_shuffle($listAlpha),0,$numAlpha) .
substr(str_shuffle($listNonAlpha),0,$numNonAlpha)
);
}
?>Shuffle for all encoding formats
<?php
function unicode_shuffle($string, $chars, $format = 'UTF-8')
{
for($i=0; $i<$chars; $i++)
$rands[$i] = rand(0, mb_strlen($string, $format));
$s = NULL;
foreach($rands as $r)
$s.= mb_substr($string, $r, 1, $format);
return $s;
}
?><?php
//get random string with your desire length
function getRandom($length){
$str = 'abcdefghijklmnopqrstuvwzyz';
$str1= 'ABCDEFGHIJKLMNOPQRSTUVWXYZ';
$str2= '0123456789';
$shuffled = str_shuffle($str);
$shuffled1 = str_shuffle($str1);
$shuffled2 = str_shuffle($str2);
$total = $shuffled.$shuffled1.$shuffled2;
$shuffled3 = str_shuffle($total);
$result= substr($shuffled3, 0, $length);
return $result;
}
echo getRandom(8);
//output -->
//GATv3JPX
//g7AzhDtR
//DTboKtiL
//CuWZR4cs
//tmTXbzBC
?>/**
* Test shuffleString
*/
function testShuffleString() {
$shuffled = shuffleString("ĄęźćÓ");
if (\mb_strlen($shuffled) != 5) {
throw new \UnexpectedValueException("Invalid count of characters");
}
if ($shuffled == "ĄęźćÓ") {
throw new \UnexpectedValueException("The same string");
}
foreach (["Ą", "ę", "ź", "ć", "Ó"] as $char) {
if (\mb_strpos($shuffled, $char) === false) {
throw new \UnexpectedValueException("Character not found");
}
}
}
/**
* Shuffle string
*
* @param $stringValue String to shuffle
* @param string $startWith Shuffle $stringValue and append to $startWith
* @return string Shuffled string
* @author Krzysztof Piasecki<krzysiekpiasecki@gmail.com>
*/
function shuffleString($stringValue, $startWith = "") {
$range = \range(0, \mb_strlen($stringValue));
shuffle($range);
foreach($range as $index) {
$startWith .= \mb_substr($stringValue, $index, 1);
}
return $startWith;
};
testShuffleString();
echo shuffleString("Hello"); // > 'elHol' (something like this)
echo shuffleString("World!", "Hello "); // > 'Hello do!lrW' (something like this)Very, very simple random password generator, without using rand() function:
<?php
function random_password($chars = 8) {
$letters = 'abcefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890';
return substr(str_shuffle($letters), 0, $chars);
}
?>