Salt and sha1 -- passing information in a session
Posted: Sat Jun 03, 2006 10:22 pm
I have one page that has this on it:
And Then I have a page with this on it:
How come on everytime I run this it returns "Invaild Security Code"... no matter what! I know I am entering the right code!
Code: Select all
<?php
session_start();
$code='1234';
define('HASH_LEN',25);
$enc_code_salt = substr(sha1(time()),HASH_LEN);
$enc_code_ready = $enc_code_salt . sha1( $enc_code_salt . $enc_code_ready);
$enc_code = $enc_code_ready;
$_SESSION['code'] = $enc_code;
?>Code: Select all
<?php
$s_code = $_SESSION['code'];
$scode = $_POST['scode'];
$dec_code_ready = $scode;
define('HASH_LEN',25);
$dec_code_salt = substr($security_code,HASH_LEN);
$dec_code = $dec_code_salt . sha1( $dec_code_salt . $dec_code_ready);
$dec_code = md5($dec_code);
if($dec_code != $security_code){
return "Invaild Security Code";
session_unregister('code');
exit;
}
?>