Page 1 of 1

unique generated values not matching ??

Posted: Wed Nov 21, 2007 4:47 am
by PHPycho
Hello forums
I had used following function in order to prevent against form spoofing.
test.php

Code: Select all

function getSecurityCode(){
	$_SESSION['sess_security_code'] = md5(uniqid(rand(), true));
	return $_SESSION['sess_security_code'];		
}
and I had used that session's value in hidden field of a form as
test.html.php

Code: Select all

<input type="hidden" name="security_code" value="<?=getSecurityCode()?>">
and checked when the form is submitted as

Code: Select all

if(isset($_POST['security_code']) && $_POST['security_code'] == $_SESSION['sess_security_code']){
	//submission goes here..
}
but the problem is:
the two value never matches ie they are different and its amazing.
I dont know whats gone wrong with my code.
Any help and suggestions are warmly welcome.

Posted: Wed Nov 21, 2007 5:54 am
by aaronhall
I'd stick an echo "asdfasdfasdf" in getSecurityCode() to double check that it's not accidentally getting called on the submit page.