Jump to content

I'm going crazy, a md5 comparison fools me.


Go to solution Solved by Psycho,

Recommended Posts

I have to create an id check. For this, an id is generated and written in a cookie, encrypted by the md5 algorithm and a password phrase.Then the id sent to the page and encrypted with the same process and afterwards written to a variable.Then the cookie is read out and compared with the variabele, all well until the fact that the two strings are not considered equal even though they are.

 

<?php 
$reference = $_GET['id'];
setcookie("meoid", md5($reference . "Password") . " OID:" . $reference,time()+(600));
if (isset($_GET['id'])) {
	$hash = md5(trim(strip_tags($_GET['id'])) . "Password");
	if ($hash == $_COOKIE['meoid']) {
		echo "yes: hash= " . $hash . "::::meoid: " . $_COOKIE['meoid'];
	} else {
		echo "no: hash= " . $hash . "::::meoid: " . $_COOKIE['meoid'] . " GENERATET: " . md5($_GET['id'] . "Password");
	}
} else {
	header("Location: ../../../../report.php?x=Abuse of Success");
}
?>

what am i doing wrong here  :suicide:

  • Solution

Hard for me not to be condescending. How do you think these two values would be the same?

 

 

The cookie value

setcookie("meoid", md5($reference . "Password") . " OID:" . $reference,time()+(600));

 

The reference hash

$hash = md5(trim(strip_tags($_GET['id'])) . "Password");

 

Two problems:

1. You are trimming and using strip_tags() on the $_GET value in one case and not the other

2. At the end of the first value you are also including "OID" . $reference but not on the other.

 

If you need to 'create a code' or some other p[rocess that should be repeatable, you should create a function to do it rather than creating the process multiple times.

Edited by Psycho
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.