raydona Posted October 28, 2014 Share Posted October 28, 2014 Hi, Say I have the situation shown below: <form action="" method="POST"> <P> <label for="username">Username</label> <input type="text" name="username" id="username" autocomplete="off"> </P> <P> <label for="password">Password</label> <input type="password" name="password" id="password" autocomplete="off"> </P> <P> <input type="hidden" name="token" value="<?php echo md5(sha1($salt.$ip).sha1($salt.$formName)) ?>" /> <input type="submit" value="LOG IN"> </P> </form> When form is submitted a hash is generated for the line: value="<?php echo md5(sha1($salt.$ip).sha1($salt.$formName)) ?>" However, it is found username or password is incorrect and the form has to be resubmitted with correct username or password. When form is submitted for a second time is a new hash generated in the line: value="<?php echo md5(sha1($salt.$ip).sha1($salt.$formName)) ?>" which is likely to be different from the first one????? Quote Link to comment Share on other sites More sharing options...
Psycho Posted October 28, 2014 Share Posted October 28, 2014 There is no way for us to know. How are $salt, $ip, and $formName defined? If they are the same, then the resulting hash will be the same. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.