Solved

Bug with session and md5?

Posted on 2002-03-03
4
291 Views
Last Modified: 2010-05-18
Is there any known bug in md5-function?
Or is anything wrong with my session-function:

<?
  for ($i==0;$i<5000;$i++)
  {
    mt_srand((double)microtime()*1000000);
    $s =  str_replace(".","",$REMOTE_ADDR) + mt_rand(100000,999999);
    if ($s=="")
    {
      die ("s==0");
    }

    $xid = md5($s);
    if ($xid==0)
    {
      die("xid==0, s = $s");
    }
    else echo ("i=$i, s=$s, xid=$xid<p>");
  }

?>

The script does return xid==0 most of the times,
sometimes there are 2 valid md5-hash-values,
but never more than this.

One run as example:
----------
i=, s=887070, xid=1b38808a9dd9d678dcd154fdb063755e
i=1, s=524150, xid=53f52d26980bae606c37ce213ce34764
i=2, s=589563, xid=7a37ac718e05d27b25498e846a1c42b1
xid==0, s = 741154
-------

md5 should always return valid hash values, but not
xid==0, or am I wrong?

(tested with php version 4.06 and 4.1.1)

Thank you for help!

Gamba

0
Comment
Question by:Gamba
  • 2
  • 2
4 Comments
 
LVL 5

Accepted Solution

by:
andriv earned 100 total points
ID: 6837900
It is not a problem with the md5 it's with the condition of the if statement.  If you place echo $xid immediately after:

$xid = md5($s);

it will have a value every time.

But sometime for some reason it the condition:

($xid == 0) returns true. It's because the return value of md5() is datatype string and I beleive PHP at times converts it to a int (but because it's a string it's 0) for the sake of the condition to compare it to a number.

If you change it to

if($xid == "")

it will work like a charm.
0
 

Author Comment

by:Gamba
ID: 6837908
That's great!!
A small difference with great effect!

Now it works.

Thank you,

Gamba
0
 
LVL 5

Expert Comment

by:andriv
ID: 6838311
Glad I was able to help.
0
 

Author Comment

by:Gamba
ID: 6838596
I took a look at some older projects and found out,
that I always did the condition that way
and it worked fine . Do you maybe know, if this "sometimes handling as a number" is a inconsistency in a new version
of php (cause the only thing which changed, is that
we updated the php version to 4.1.1)?

Gamba
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction HTML checkboxes provide the perfect way for a web developer to receive client input when the client's options might be none, one or many.  But the PHP code for processing the checkboxes can be confusing at first.  What if a checkbox is…
Since pre-biblical times, humans have sought ways to keep secrets, and share the secrets selectively.  This article explores the ways PHP can be used to hide and encrypt information.
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
The viewer will learn how to dynamically set the form action using jQuery.

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now