Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 3 of 3
  1. #1
    Regular Coder
    Join Date
    Dec 2005
    Posts
    217
    Thanks
    1
    Thanked 0 Times in 0 Posts

    unique generated values not matching ??

    Hello forums
    I had used following function in order to prevent against form spoofing.
    test.php
    PHP Code:
    function getSecurityCode(){
        
    $_SESSION['sess_security_code'] = md5(uniqid(rand(), true));
        return 
    $_SESSION['sess_security_code'];        

    and I had used that session's value in hidden field of a form as
    test.html.php
    Code:
    <input type="hidden" name="security_code" value="<?=getSecurityCode()?>">
    and checked when the form is submitted as
    PHP Code:
    if(isset($_POST['security_code']) && $_POST['security_code'] == $_SESSION['sess_security_code']){
        
    //submission goes here..

    but the problem is:
    the two value never matches ie they are different and its amazing.
    I dont know whats gone wrong with my code.
    Any help and suggestions are warmly welcome.
    Last edited by PHPycho; 11-21-2007 at 10:50 AM.

  • #2
    Supreme Master coder! abduraooft's Avatar
    Join Date
    Mar 2007
    Location
    N/A
    Posts
    14,853
    Thanks
    160
    Thanked 2,223 Times in 2,210 Posts
    Blog Entries
    1
    use strcmp() instead of ==
    PHP Code:
    if(isset($_POST['security_code']) && strcmp($_POST['security_code'],$_SESSION['sess_security_code'])==0
    (Ensure that session_start() is called in both of your pages)
    The Dream is not what you see in sleep; Dream is the thing which doesn't let you sleep. --(Dr. APJ. Abdul Kalam)

  • #3
    Senior Coder CFMaBiSmAd's Avatar
    Join Date
    Oct 2006
    Location
    Denver, Colorado USA
    Posts
    3,043
    Thanks
    2
    Thanked 316 Times in 308 Posts
    My guess is that getSecurityCode() is called again on the page, either when the form is output or when the form is submitted. You would need to post your actual code to get help with what it is doing.
    If you are learning PHP, developing PHP code, or debugging PHP code, do yourself a favor and check your web server log for errors and/or turn on full PHP error reporting in php.ini or in a .htaccess file to get PHP to help you.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •