unique generated values not matching ??

PHPycho

Hello forums
I had used following function in order to prevent against form spoofing.
test.php

function getSecurityCode(){
	$_SESSION['sess_security_code'] = md5(uniqid(rand(), true));
	return $_SESSION['sess_security_code'];		
}

and I had used that session's value in hidden field of a form as
test.html.php

<input type="hidden" name="security_code" value="<?=getSecurityCode()?>">

and checked when the form is submitted as

if(isset($_POST['security_code']) && $_POST['security_code'] == $_SESSION['sess_security_code']){
	//submission goes here..
}

but the problem is:
the two value never matches ie they are different and its amazing.
I dont know whats gone wrong with my code.
Any help and suggestions are warmly welcome.

rsmith

Could it be that you're randomly generating the security codes? That's the whole point of rand() to make it extremely difficult to produce the same number or sequence. It seems what you want to do is generate the random security code once, store it into a db, and then when you need to compare, read the session variable you created and compare it to the one that was stored into the db.

bradgrafelman

I don't know how you're implementing it, but could it be that you accidentally overwrite the stored key with a newly generated one, e.g. you don't check to see if one already exists?

If not, we might need to see a more complete implementation of this function to debug it.