PHP: Generate a random password

A function for generating a random password of whatever length you need. You don't get super-secure passwords from this but they certainly should be good enough for e.g. a "forgotten your password?" feature.

To avoid generating passwords containing offensive words, vowels are excluded from the list of possible characters. To avoid confusing users, pairs of characters which look similar (letter O and number 0, letter S and number 5, lower-case letter L and number 1) have also been left out.


function generatePassword ($length = 8)

  // start with a blank password
  $password = "";

  // define possible characters - any character in this string can be
  // picked for use in the password, so if you want to put vowels back in
  // or add special characters such as exclamation marks, this is where
  // you should do it
  $possible = "2346789bcdfghjkmnpqrtvwxyzBCDFGHJKLMNPQRTVWXYZ";

  // we refer to the length of $possible a few times, so let's grab it now
  $maxlength = strlen($possible);

  // check for length overflow and truncate if necessary
  if ($length > $maxlength) {
    $length = $maxlength;

  // set up a counter for how many characters are in the password so far
  $i = 0; 

  // add random characters to $password until $length is reached
  while ($i < $length) { 

    // pick a random character from the possible ones
    $char = substr($possible, mt_rand(0, $maxlength-1), 1);

    // have we already used this character in $password?
    if (!strstr($password, $char)) { 
      // no, so it's OK to add it onto the end of whatever we've already got...
      $password .= $char;
      // ... and increase the counter by one


  // done!
  return $password;



Please do get in touch if you have any questions or suggestions for improvement.