Jump to content
AzeS

I'm going crazy, a md5 comparison fools me.

Recommended Posts

I have to create an id check. For this, an id is generated and written in a cookie, encrypted by the md5 algorithm and a password phrase.Then the id sent to the page and encrypted with the same process and afterwards written to a variable.Then the cookie is read out and compared with the variabele, all well until the fact that the two strings are not considered equal even though they are.

 

<?php 
$reference = $_GET['id'];
setcookie("meoid", md5($reference . "Password") . " OID:" . $reference,time()+(600));
if (isset($_GET['id'])) {
	$hash = md5(trim(strip_tags($_GET['id'])) . "Password");
	if ($hash == $_COOKIE['meoid']) {
		echo "yes: hash= " . $hash . "::::meoid: " . $_COOKIE['meoid'];
	} else {
		echo "no: hash= " . $hash . "::::meoid: " . $_COOKIE['meoid'] . " GENERATET: " . md5($_GET['id'] . "Password");
	}
} else {
	header("Location: ../../../../report.php?x=Abuse of Success");
}
?>

what am i doing wrong here  :suicide:

Share this post


Link to post
Share on other sites

Hard for me not to be condescending. How do you think these two values would be the same?

 

 

The cookie value

setcookie("meoid", md5($reference . "Password") . " OID:" . $reference,time()+(600));

 

The reference hash

$hash = md5(trim(strip_tags($_GET['id'])) . "Password");

 

Two problems:

1. You are trimming and using strip_tags() on the $_GET value in one case and not the other

2. At the end of the first value you are also including "OID" . $reference but not on the other.

 

If you need to 'create a code' or some other p[rocess that should be repeatable, you should create a function to do it rather than creating the process multiple times.

Edited by Psycho

Share this post


Link to post
Share on other sites

ok now ive seen it, im the worst, i assume that i just needed an other pair of eyes, thanks psycho

Edited by AzeS

Share this post


Link to post
Share on other sites

ok now ive seen it, im the worst, i assume that i just needed an other pair of eyes, thanks psycho

 

I hope you created a function as opposed to rewriting those two sets of logic to be identical.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.