=5.3 and <7 if(function_exists('openssl_random_pseudo_bytes')) { $token = base64_encode(openssl_random_pseudo_bytes($length, $strong)); // is the token strong enough? if($strong == true) return strtr(substr($token, 0, $length), '+/=', '-_,'); } //fallback to mt_rand if php < 5.3 or no openssl available $characters = '0123456789'; $characters .= 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz/+'; $charactersLength = strlen($characters)-1; $token = ''; //select some random characters for ($i = 0; $i < $length; $i++) $token .= $characters[mt_rand(0, $charactersLength)]; return $token; }