PHP 5.3 to PHP 5.5 code issue?

[jeffshead]

The code snippet below works fine with PHP 5.3 (register_globals = Off) but does NOT give the same results with PHP 5.5:

$verhash = md5($tstamp."salt");
if ($hash != $verhash) {
	$_SESSION['direct'] = 1;
	if(isset($_SESSION['ntrd'])) {
		unset($_SESSION['ntrd']);
	}
	if(isset($_SESSION['rntr'])) {
		unset($_SESSION['rntr']);
	}	
	header('refresh: 0; url=/accessDenied.php');
 	exit;
}

I'm not sure if there is a problem with the above snippet or with some other part of the code but I always get redirected to the 'accessDenied.php' page with PHP 5.5.

 

Can someone tell me if the snippet above would output differently on PHP 5.5?

 

Thanks,

 

Jeff

Edited November 5, 2014 by jeffshead

[requinix]

Where are $hash and $tstamp coming from?

[jeffshead]

Where are $hash and $tstamp coming from?

From previous code:

tstamp = $_SESSION['tstamp'];
$hash = $_SESSION['thash'];

[requinix]

Looks like the hashes don't match. Are you sure the data is in the session in the first place?

[jeffshead]

After more testing, I don't think the problem is related to the PHP version. I created a new test environment with both versions of PHP and I cannot re-create the issue on my server. The issue must be related to the host provider's server and/or settings. I think it must have something to do with sessions. Any ideas on what settings to look for?

[requinix]

The session ones. While you're at it, why not check all settings? phpinfo can help.

[mac_gyver]

php's error_reporting would probably help track down the problem.

[Jacques1]

What are you even trying to do?

 

You hash a session value and compare the result with a hash stored in the same session. What does that tell you? And what's this strange "salt" string?