wp_rand( int $min, int $max )

Generates a random number


Description Description

WordPress uses wp_rand() in order to create hashes, passwords, and nonces that are far less predictable than the similar PHP native functions like rand() and mt_rand().


Parameters Parameters

$min

(int) (Required) Lower limit for the generated number

$max

(int) (Required) Upper limit for the generated number


Top ↑

Return Return

(int) A random number between min and max


Top ↑

Source Source

File: wp-includes/pluggable.php

function wp_rand( $min = 0, $max = 0 ) {
	global $rnd_value;

	// Some misconfigured 32bit environments (Entropy PHP, for example) truncate integers larger than PHP_INT_MAX to PHP_INT_MAX rather than overflowing them to floats.
	$max_random_number = 3000000000 === 2147483647 ? (float) "4294967295" : 4294967295; // 4294967295 = 0xffffffff

	// We only handle Ints, floats are truncated to their integer value.
	$min = (int) $min;
	$max = (int) $max;

	// Use PHP's CSPRNG, or a compatible method
	static $use_random_int_functionality = true;
	if ( $use_random_int_functionality ) {
		try {
			$_max = ( 0 != $max ) ? $max : $max_random_number;
			// wp_rand() can accept arguments in either order, PHP cannot.
			$_max = max( $min, $_max );
			$_min = min( $min, $_max );
			$val = random_int( $_min, $_max );
			if ( false !== $val ) {
				return absint( $val );
			} else {
				$use_random_int_functionality = false;
			}
		} catch ( Error $e ) {
			$use_random_int_functionality = false;
		} catch ( Exception $e ) {
			$use_random_int_functionality = false;
		}
	}

	// Reset $rnd_value after 14 uses
	// 32(md5) + 40(sha1) + 40(sha1) / 8 = 14 random numbers from $rnd_value
	if ( strlen($rnd_value) < 8 ) {
		if ( defined( 'WP_SETUP_CONFIG' ) )
			static $seed = '';
		else
			$seed = get_transient('random_seed');
		$rnd_value = md5( uniqid(microtime() . mt_rand(), true ) . $seed );
		$rnd_value .= sha1($rnd_value);
		$rnd_value .= sha1($rnd_value . $seed);
		$seed = md5($seed . $rnd_value);
		if ( ! defined( 'WP_SETUP_CONFIG' ) && ! defined( 'WP_INSTALLING' ) ) {
			set_transient( 'random_seed', $seed );
		}
	}

	// Take the first 8 digits for our value
	$value = substr($rnd_value, 0, 8);

	// Strip the first eight, leaving the remainder for the next call to wp_rand().
	$rnd_value = substr($rnd_value, 8);

	$value = abs(hexdec($value));

	// Reduce the value to be within the min - max range
	if ( $max != 0 )
		$value = $min + ( $max - $min + 1 ) * $value / ( $max_random_number + 1 );

	return abs(intval($value));
}

Top ↑

Changelog Changelog

Changelog
Version Description
4.4.0 Uses PHP7 random_int() or the random_compat library if available.
2.6.2 Introduced.


Top ↑

User Contributed Notes User Contributed Notes

You must log in before being able to contribute a note or feedback.