PHP 5.3 to PHP 5.5 code issue?

[jeffshead]

The code snippet below works fine with PHP 5.3 (register_globals = Off) but does NOT give the same results with PHP 5.5:

$verhash = md5($tstamp."salt");
if ($hash != $verhash) {
	$_SESSION['direct'] = 1;
	if(isset($_SESSION['ntrd'])) {
		unset($_SESSION['ntrd']);
	}
	if(isset($_SESSION['rntr'])) {
		unset($_SESSION['rntr']);
	}	
	header('refresh: 0; url=/accessDenied.php');
 	exit;
}

I'm not sure if there is a problem with the above snippet or with some other part of the code but I always get redirected to the 'accessDenied.php' page with PHP 5.5.

 

Can someone tell me if the snippet above would output differently on PHP 5.5?

 

Thanks,

 

Jeff

[requinix]

Where are $hash and $tstamp coming from?

[jeffshead]

Where are $hash and $tstamp coming from?

From previous code:

tstamp = $_SESSION['tstamp'];
$hash = $_SESSION['thash'];

[requinix]

Looks like the hashes don't match. Are you sure the data is in the session in the first place?

[jeffshead]

After more testing, I don't think the problem is related to the PHP version. I created a new test environment with both versions of PHP and I cannot re-create the issue on my server. The issue must be related to the host provider's server and/or settings. I think it must have something to do with sessions. Any ideas on what settings to look for?

[requinix]

The session ones. While you're at it, why not check all settings? phpinfo can help.

[mac_gyver]

php's error_reporting would probably help track down the problem.

[Jacques1]

What are you even trying to do?

 

You hash a session value and compare the result with a hash stored in the same session. What does that tell you? And what's this strange "salt" string?