php random value - can't verify

[griimnak]

i have no idea why, but this isn't working:

<?php
$sec = rand(100000,999999);

echo $sec;

if ($_POST['check_field'] == $sec) {
    yes, do something
} else {
    no, throw error
}

For some reason it just keeps returning my error, even though the text in my html fieldbox is the exact value of $sec

 

[Marcel]

i have no idea why, but this isn't working:

<?php
$sec = rand(100000,999999);

echo $sec;

if ($_POST['check_field'] == $sec) {
    yes, do something
} else {
    no, throw error
}

For some reason it just keeps returning my error, even though the text in my html fieldbox is the exact value of $sec

I can't get it for some reason, seems perfectly fine to me.

 

[griimnak]

I can't get it for some reason, seems perfectly fine to me.

yeah it's fkin weird.. ohwell i guess i'm forced to use reCaptcha :x

 

[RastaLulz]

I assume you are trying to create some sort of CSRF protection, and that you're putting the value of "$sec" in "check_field", and posting it?

If that's the case, this obviously won't work because the value of "$sec" is being regenerated every time you make a request. The solution would be to set "$sec" to a session, and then on POST check if the value is the same as the one that's stored as a session, and then set the new value for the session ($sec) below that.

Example:

<?php
session_start();

$sec = rand(100000,999999);

echo $sec;

if (isset($_SESSION['sec']) && $_POST['check_field'] == $_SESSION['sec']) {
    yes, do something
} else {
    no, throw error
}

$_SESSION['sec'] = $sec;

 

[griimnak]

I assume you are trying to create some sort of CSRF protection, and that you're putting the value of "$sec" in "check_field", and posting it?

If that's the case, this obviously won't work because the value of "$sec" is being regenerated every time you make a request. The solution would be to set "$sec" to a session, and then on POST check if the value is the same as the one that's stored as a session, and then set the new value for the session ($sec) below that.

Example:

<?php
session_start();

$sec = rand(100000,999999);

echo $sec;

if (isset($_SESSION['sec']) && $_POST['check_field'] == $_SESSION['sec']) {
    yes, do something
} else {
    no, throw error
}

$_SESSION['sec'] = $sec;

Cool, i'll try this. thanks for the help, man.

 

[Sysode]

Cool, i'll try this. thanks for the help, man.

How did you get on using what @RastaLulz suggested?

 

[griimnak]

How did you get on using what @RastaLulz suggested?

It was still throwing a me my error for some reason, but i'm just going to assume it's some bug with my users class.
Anyways I'll consider this solved because i'll be going with recaptcha anyways

 

[Sysode]

It was still throwing a me my error for some reason, but i'm just going to assume it's some bug with my users class.
Anyways I'll consider this solved because i'll be going with recaptcha anyways

Okay man, I'll close the thread. If you want to resolve the issue, just send over a PM and I'll re-open the thread again.