Jump to content

I'm going crazy, a md5 comparison fools me.

Go to solution Solved by Psycho,

Recommended Posts

I have to create an id check. For this, an id is generated and written in a cookie, encrypted by the md5 algorithm and a password phrase.Then the id sent to the page and encrypted with the same process and afterwards written to a variable.Then the cookie is read out and compared with the variabele, all well until the fact that the two strings are not considered equal even though they are.


$reference = $_GET['id'];
setcookie("meoid", md5($reference . "Password") . " OID:" . $reference,time()+(600));
if (isset($_GET['id'])) {
	$hash = md5(trim(strip_tags($_GET['id'])) . "Password");
	if ($hash == $_COOKIE['meoid']) {
		echo "yes: hash= " . $hash . "::::meoid: " . $_COOKIE['meoid'];
	} else {
		echo "no: hash= " . $hash . "::::meoid: " . $_COOKIE['meoid'] . " GENERATET: " . md5($_GET['id'] . "Password");
} else {
	header("Location: ../../../../report.php?x=Abuse of Success");

what am i doing wrong here  :suicide:

Link to post
Share on other sites
  • Solution

Hard for me not to be condescending. How do you think these two values would be the same?



The cookie value

setcookie("meoid", md5($reference . "Password") . " OID:" . $reference,time()+(600));


The reference hash

$hash = md5(trim(strip_tags($_GET['id'])) . "Password");


Two problems:

1. You are trimming and using strip_tags() on the $_GET value in one case and not the other

2. At the end of the first value you are also including "OID" . $reference but not on the other.


If you need to 'create a code' or some other p[rocess that should be repeatable, you should create a function to do it rather than creating the process multiple times.

Edited by Psycho
Link to post
Share on other sites

ok now ive seen it, im the worst, i assume that i just needed an other pair of eyes, thanks psycho


I hope you created a function as opposed to rewriting those two sets of logic to be identical.

Link to post
Share on other sites
This thread is more than a year old.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.