Solved

Bug with session and md5?

Posted on 2002-03-03
4
287 Views
Last Modified: 2010-05-18
Is there any known bug in md5-function?
Or is anything wrong with my session-function:

<?
  for ($i==0;$i<5000;$i++)
  {
    mt_srand((double)microtime()*1000000);
    $s =  str_replace(".","",$REMOTE_ADDR) + mt_rand(100000,999999);
    if ($s=="")
    {
      die ("s==0");
    }

    $xid = md5($s);
    if ($xid==0)
    {
      die("xid==0, s = $s");
    }
    else echo ("i=$i, s=$s, xid=$xid<p>");
  }

?>

The script does return xid==0 most of the times,
sometimes there are 2 valid md5-hash-values,
but never more than this.

One run as example:
----------
i=, s=887070, xid=1b38808a9dd9d678dcd154fdb063755e
i=1, s=524150, xid=53f52d26980bae606c37ce213ce34764
i=2, s=589563, xid=7a37ac718e05d27b25498e846a1c42b1
xid==0, s = 741154
-------

md5 should always return valid hash values, but not
xid==0, or am I wrong?

(tested with php version 4.06 and 4.1.1)

Thank you for help!

Gamba

0
Comment
Question by:Gamba
  • 2
  • 2
4 Comments
 
LVL 5

Accepted Solution

by:
andriv earned 100 total points
Comment Utility
It is not a problem with the md5 it's with the condition of the if statement.  If you place echo $xid immediately after:

$xid = md5($s);

it will have a value every time.

But sometime for some reason it the condition:

($xid == 0) returns true. It's because the return value of md5() is datatype string and I beleive PHP at times converts it to a int (but because it's a string it's 0) for the sake of the condition to compare it to a number.

If you change it to

if($xid == "")

it will work like a charm.
0
 

Author Comment

by:Gamba
Comment Utility
That's great!!
A small difference with great effect!

Now it works.

Thank you,

Gamba
0
 
LVL 5

Expert Comment

by:andriv
Comment Utility
Glad I was able to help.
0
 

Author Comment

by:Gamba
Comment Utility
I took a look at some older projects and found out,
that I always did the condition that way
and it worked fine . Do you maybe know, if this "sometimes handling as a number" is a inconsistency in a new version
of php (cause the only thing which changed, is that
we updated the php version to 4.1.1)?

Gamba
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Consider the following scenario: You are working on a website and make something great - something that lets the server work with information submitted by your users. This could be anything, from a simple guestbook to a e-Money solution. But what…
I imagine that there are some, like me, who require a way of getting currency exchange rates for implementation in web project from time to time, so I thought I would share a solution that I have developed for this purpose. It turns out that Yaho…
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now