unique generated values not matching?

Forum Moderators: coopster

Message Too Old, No Replies

unique generated values not matching?

PHPycho

10:47 am on Nov 21, 2007 (gmt 0)

Hello forums
I had used following function in order to prevent against form spoofing.
test.php
[php]function getSecurityCode(){
$_SESSION['sess_security_code'] = md5(uniqid(rand(), true));
return $_SESSION['sess_security_code'];
}[/php]

and I had used that session's value in hidden field of a form as
test.html.php

<input type="hidden" name="security_code" value="<?=$_SESSION['sess_security_code']?>">

and checked when the form is submitted as
[php]if(isset($_POST['security_code']) && $_POST['security_code'] == $_SESSION['sess_security_code']){
//submission goes here..
}[/php]
but the problem is:
the two value never matches ie they are different and its amazing.
I dont know whats gone wrong with my code.
Any help and suggestions are warmly welcome.

phranque

1:47 pm on Nov 21, 2007 (gmt 0)

have you actually output those values to see what they are?

PHP_Chimp

10:01 pm on Nov 21, 2007 (gmt 0)

Although this is isnt the issue with your code however it is worth noting that the function in the manual as an example for better tokens is not guaranteed to be unique (so kind of defeating the object of the function).

From the user notes in the manual -

The example given in this document for a "better token" should be:
<?php
$better_token = uniqid(md5(rand()), true);
?>
As it is now, the result isn't guaranteed to be unique, because MD5 has collisions.

Are you sure that your function is not getting called twice, as if it is then you will get 2 different values? So if you are outputting html then calling the function again then this will not work.

[edited by: PHP_Chimp at 10:05 pm (utc) on Nov. 21, 2007]