PHP helper for the Random string generation

While working on my current project I was needed to generate a unique for an email confirmation. It’s a pretty common task and it has a bunch of simple solutions.
But I wanted it to be really and flexible. I have ended with a helper with static functions which I want to share.

The problem

The problem is self-explanatory. As a PHP developer, we constantly need some uuid or random string to be generated for our need. It’s a common and simple task with several solutions already described on SO. But it’s also could be tricky. It’s because that not all suggested solutions are and not all of them really unique and unpredictable.

Also, since new  PHP versions were developed, some better new functions were added to the language. And some were deprecated and not a “good practice” no more.
That’s why in order to find the best and robust solution I have searched in different places. And I did helper class with static methods in the end.

Static methods are not good practice

Since the use of static methods stands in the same row as the use of Singletons and global constants, I would say – it depends. Depend on common sense and in a way how it would be used. If project architecture development process built on strict rules about where each class shall be placed in the project directory tree and where classes from each place could be used and where not – it’s fine to use a bit of comfortable static methods. Especially if these methods provide only common Infrastructure functionality and nothing bounded to Domain.

In my case, I build projects based on DDD in the core and Hexagonal architecture (some part of it) around the core. And in my Infrastructure, I have two static helpers for a random string, salt, and token . One of them I’m going to share.

The code

In order to come up with this solution I have investigated following sources:
First find: https://stackoverflow.com/questions/2088969/generating-confirmation-code-for-an-email-confirmation
The most discussable one: https://stackoverflow.com/questions/4356289/php-random-string-generator
And the git hub repository of the “phpinspections” plugin for PhpStorm: https://github.com/kalessil/phpinspectionsea/blob/master/docs/security.md#cryptographically-secure-randomness

Why it’s robust? Because it uses several available solutions to get a random string with the desired length. If some of the solutions will not be available due to lack of installed PHP extensions or because of PHP version – the next one will be executed.
And method called getGeneratedStrings() made for purpose of debugging, to get know which methods are available.

random_bytes() have been added in PHP 7 and it’s the most reliable method for a generation at the moment.
openssl_random_pseudo_bytes() is another good alternative and usually available on all Linux based systems with OpenSSL installed.
A method based on random_int() also available since PHP 7. I have added it because it provides a way to set range of characters for a random string as a parameter.
mt_rand() in combination with uniqid() is the less reliable one, but it’s simple and will work if previous methods are not available.
Mcrypt is deprecated but included here intentionally which allows using this helper class with older PHP versions.

That’s all. I hope it will be useful for somebody. Don’t hesitate to add comments with suggestions and critic.