The first function in this snippet is virtually useless, as the time contributes nothing to the randomness of the string. A "unique code" (such as a cryptographic nonce) should be generated in a way that is repeatable serverside to allow for validation. Otherwise, a simple (see below) will suffice.

I've got good news, and I've got bad news:
The universe is merely a figment of my imagination.
Now are you ready for the bad news?