Xigo Xigo - 1 month ago 19
PHP Question

form token not matching

When form is submitted with $token #1 token are matching , but when submitted with $token #2 tokens dont match getting "redir"
I'm little bit confused why is this happening and not sure what I'm doing wrong here

<?php

session_start();
if(isset($_SESSION['token'])){

if ($_POST['token'] == $_SESSION['token']) {

echo "login ";
}
else
{

echo "redir " ;
}

}

// 1st test
// $token = time();

// 2nd test
$token = md5(time().$_SERVER['REMOTE_ADDR']);
$_SESSION['token'] = $token;

?>





<form action="" method="post">

<input type="hidden" name="token" value=" <?php echo $token ?> ">
<input type="text" name="usr">
<input type="text" name="pass">
<input type="submit" name="submit" value="send">



</form>







</body>
</html>

Answer

Can you try removing the spaces between the quoting and the token echo:

<input type="hidden" name="token" value=" <?php echo $token ?> ">

try

<input type="hidden" name="token" value="<?php echo $token ?>">

also, you may be getting through the first time because _SESSION token is empty. let's be sure to test for that, too:

if (! empty($_SESSION['token'])) {
Comments