$pass = substr(base64_encode(md5(str_shuffle(time()))),0,8);

Example output: N2UxYzZm

The original question only asked for letters and numbers, not special chars. So this approach takes the current time stamp, shuffles it and gets the first eight chars of the base64 encoded md5 hash from it. This should be pretty random, even if you knew the time stamp when the password was created it is still shuffled, just in case two people generate a password at the exact same timestamp. You can also shuffle the substring if you want or the md5 hash, as well. But for enough randomness, I guess it would do.