Solved

Bug with session and md5?

Posted on 2002-03-03
4
295 Views
Last Modified: 2010-05-18
Is there any known bug in md5-function?
Or is anything wrong with my session-function:

<?
  for ($i==0;$i<5000;$i++)
  {
    mt_srand((double)microtime()*1000000);
    $s =  str_replace(".","",$REMOTE_ADDR) + mt_rand(100000,999999);
    if ($s=="")
    {
      die ("s==0");
    }

    $xid = md5($s);
    if ($xid==0)
    {
      die("xid==0, s = $s");
    }
    else echo ("i=$i, s=$s, xid=$xid<p>");
  }

?>

The script does return xid==0 most of the times,
sometimes there are 2 valid md5-hash-values,
but never more than this.

One run as example:
----------
i=, s=887070, xid=1b38808a9dd9d678dcd154fdb063755e
i=1, s=524150, xid=53f52d26980bae606c37ce213ce34764
i=2, s=589563, xid=7a37ac718e05d27b25498e846a1c42b1
xid==0, s = 741154
-------

md5 should always return valid hash values, but not
xid==0, or am I wrong?

(tested with php version 4.06 and 4.1.1)

Thank you for help!

Gamba

0
Comment
Question by:Gamba
  • 2
  • 2
4 Comments
 
LVL 5

Accepted Solution

by:
andriv earned 100 total points
ID: 6837900
It is not a problem with the md5 it's with the condition of the if statement.  If you place echo $xid immediately after:

$xid = md5($s);

it will have a value every time.

But sometime for some reason it the condition:

($xid == 0) returns true. It's because the return value of md5() is datatype string and I beleive PHP at times converts it to a int (but because it's a string it's 0) for the sake of the condition to compare it to a number.

If you change it to

if($xid == "")

it will work like a charm.
0
 

Author Comment

by:Gamba
ID: 6837908
That's great!!
A small difference with great effect!

Now it works.

Thank you,

Gamba
0
 
LVL 5

Expert Comment

by:andriv
ID: 6838311
Glad I was able to help.
0
 

Author Comment

by:Gamba
ID: 6838596
I took a look at some older projects and found out,
that I always did the condition that way
and it worked fine . Do you maybe know, if this "sometimes handling as a number" is a inconsistency in a new version
of php (cause the only thing which changed, is that
we updated the php version to 4.1.1)?

Gamba
0

Featured Post

Gigs: Get Your Project Delivered by an Expert

Select from freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Foreword (July, 2015) Since I first wrote this article, years ago, a great many more people have begun using the internet.  They are coming online from every part of the globe, learning, reading, shopping and spending money at an ever-increasing ra…
Build an array called $myWeek which will hold the array elements Today, Yesterday and then builds up the rest of the week by the name of the day going back 1 week.   (CODE) (CODE) Then you just need to pass your date to the function. If i…
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…

816 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now