Solved

Bug with session and md5?

Posted on 2002-03-03
4
298 Views
Last Modified: 2010-05-18
Is there any known bug in md5-function?
Or is anything wrong with my session-function:

<?
  for ($i==0;$i<5000;$i++)
  {
    mt_srand((double)microtime()*1000000);
    $s =  str_replace(".","",$REMOTE_ADDR) + mt_rand(100000,999999);
    if ($s=="")
    {
      die ("s==0");
    }

    $xid = md5($s);
    if ($xid==0)
    {
      die("xid==0, s = $s");
    }
    else echo ("i=$i, s=$s, xid=$xid<p>");
  }

?>

The script does return xid==0 most of the times,
sometimes there are 2 valid md5-hash-values,
but never more than this.

One run as example:
----------
i=, s=887070, xid=1b38808a9dd9d678dcd154fdb063755e
i=1, s=524150, xid=53f52d26980bae606c37ce213ce34764
i=2, s=589563, xid=7a37ac718e05d27b25498e846a1c42b1
xid==0, s = 741154
-------

md5 should always return valid hash values, but not
xid==0, or am I wrong?

(tested with php version 4.06 and 4.1.1)

Thank you for help!

Gamba

0
Comment
Question by:Gamba
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 5

Accepted Solution

by:
andriv earned 100 total points
ID: 6837900
It is not a problem with the md5 it's with the condition of the if statement.  If you place echo $xid immediately after:

$xid = md5($s);

it will have a value every time.

But sometime for some reason it the condition:

($xid == 0) returns true. It's because the return value of md5() is datatype string and I beleive PHP at times converts it to a int (but because it's a string it's 0) for the sake of the condition to compare it to a number.

If you change it to

if($xid == "")

it will work like a charm.
0
 

Author Comment

by:Gamba
ID: 6837908
That's great!!
A small difference with great effect!

Now it works.

Thank you,

Gamba
0
 
LVL 5

Expert Comment

by:andriv
ID: 6838311
Glad I was able to help.
0
 

Author Comment

by:Gamba
ID: 6838596
I took a look at some older projects and found out,
that I always did the condition that way
and it worked fine . Do you maybe know, if this "sometimes handling as a number" is a inconsistency in a new version
of php (cause the only thing which changed, is that
we updated the php version to 4.1.1)?

Gamba
0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Deprecated and Headed for the Dustbin By now, you have probably heard that some PHP features, while convenient, can also cause PHP security problems.  This article discusses one of those, called register_globals.  It is a thing you do not want.  …
Author Note: Since this E-E article was originally written, years ago, formal testing has come into common use in the world of PHP.  PHPUnit (http://en.wikipedia.org/wiki/PHPUnit) and similar technologies have enjoyed wide adoption, making it possib…
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…

710 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question