Jump to content

I'm going crazy, a md5 comparison fools me.


AzeS

Recommended Posts

I have to create an id check. For this, an id is generated and written in a cookie, encrypted by the md5 algorithm and a password phrase.Then the id sent to the page and encrypted with the same process and afterwards written to a variable.Then the cookie is read out and compared with the variabele, all well until the fact that the two strings are not considered equal even though they are.

 

<?php 
$reference = $_GET['id'];
setcookie("meoid", md5($reference . "Password") . " OID:" . $reference,time()+(600));
if (isset($_GET['id'])) {
	$hash = md5(trim(strip_tags($_GET['id'])) . "Password");
	if ($hash == $_COOKIE['meoid']) {
		echo "yes: hash= " . $hash . "::::meoid: " . $_COOKIE['meoid'];
	} else {
		echo "no: hash= " . $hash . "::::meoid: " . $_COOKIE['meoid'] . " GENERATET: " . md5($_GET['id'] . "Password");
	}
} else {
	header("Location: ../../../../report.php?x=Abuse of Success");
}
?>

what am i doing wrong here  :suicide:

Link to comment
Share on other sites

Hard for me not to be condescending. How do you think these two values would be the same?

 

 

The cookie value

setcookie("meoid", md5($reference . "Password") . " OID:" . $reference,time()+(600));

 

The reference hash

$hash = md5(trim(strip_tags($_GET['id'])) . "Password");

 

Two problems:

1. You are trimming and using strip_tags() on the $_GET value in one case and not the other

2. At the end of the first value you are also including "OID" . $reference but not on the other.

 

If you need to 'create a code' or some other p[rocess that should be repeatable, you should create a function to do it rather than creating the process multiple times.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.