...

View Full Version : unique generated values not matching ??



PHPycho
11-21-2007, 11:48 AM
Hello forums
I had used following function in order to prevent against form spoofing.
test.php

function getSecurityCode(){
$_SESSION['sess_security_code'] = md5(uniqid(rand(), true));
return $_SESSION['sess_security_code'];
}

and I had used that session's value in hidden field of a form as
test.html.php

<input type="hidden" name="security_code" value="<?=getSecurityCode()?>">
and checked when the form is submitted as

if(isset($_POST['security_code']) && $_POST['security_code'] == $_SESSION['sess_security_code']){
//submission goes here..
}
but the problem is:
the two value never matches ie they are different and its amazing.
I dont know whats gone wrong with my code.
Any help and suggestions are warmly welcome.

abduraooft
11-21-2007, 12:11 PM
use strcmp() instead of ==

if(isset($_POST['security_code']) && strcmp($_POST['security_code'],$_SESSION['sess_security_code'])==0)
(Ensure that session_start() is called in both of your pages)

CFMaBiSmAd
11-21-2007, 01:11 PM
My guess is that getSecurityCode() is called again on the page, either when the form is output or when the form is submitted. You would need to post your actual code to get help with what it is doing.



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum