Jump to content
Sign in to follow this  
Seker

Question about unique session IDs

Recommended Posts

I'm currently creating an alternative to the brothels floating around here. What I'm trying to do with it right now is make it so it generates a random session ID/token at the end of the url to prevent refreshing/botting, etc.

While perusing some tutorial sites, I found this function. My question is, will this work? And is the example usage I posted correct?

genToken:

function genToken( $len = 32, $md5 = true ) {

   # Seed random number generator
   # Only needed for PHP versions prior to 4.2
   mt_srand( (double)microtime()*1000000 );

   # Array of characters, adjust as desired
   $chars = array(
       'Q', '@', '8', 'y', '%', '^', '5', 'Z', '(', 'G', '_', 'O', '`',
       'S', '-', 'N', '<', 'D', '{', '}', '[', ']', 'h', ';', 'W', '.',
       '/', '|', ':', '1', 'E', 'L', '4', '&', '6', '7', '#', '9', 'a',
       'A', 'b', 'B', '~', 'C', 'd', '>', 'e', '2', 'f', 'P', 'g', ')',
       '?', 'H', 'i', 'X', 'U', 'J', 'k', 'r', 'l', '3', 't', 'M', 'n',
       '=', 'o', '+', 'p', 'F', 'q', '!', 'K', 'R', 's', 'c', 'm', 'T',
       'v', 'j', 'u', 'V', 'w', ',', 'x', 'I', '$', 'Y', 'z', '*'
   );

   # Array indice friendly number of chars; empty token string
   $numChars = count($chars) - 1; $token = '';

   # Create random token at the specified length
   for ( $i=0; $i<$len; $i++ )
       $token .= $chars[ mt_rand(0, $numChars) ];

   # Should token be run through md5?
   if ( $md5 ) {

       # Number of 32 char chunks
       $chunks = ceil( strlen($token) / 32 ); $md5token = '';

       # Run each chunk through md5
       for ( $i=1; $i<=$chunks; $i++ )
           $md5token .= md5( substr($token, $i * 32 - 32, 32) );

       # Trim the token
       $token = substr($md5token, 0, $len);

   } return $token;
}

 

example usage:

$randok = genToken();
<a href='example.php?ID={$randtok}'>Example</a>

 

To better explain, what I'm looking for is a URL that would then look like this:

http://example.com/example.php?ID=aahkf$%dhkjsh$

 

And, when refreshed would throw an error. But, when you go back to the link and click it again, it should generate a new random token at the end. Am I making sense?

Share this post


Link to post
Share on other sites

It should in theory work, If you remember to set the session in the correct place in the function, and remember it is being md5'd on request

Share this post


Link to post
Share on other sites

I just wrote this, it was hard to explain. So hopefully code will do better.

It's a lot more simpler than the approach you trying to take.

 

<?php
session_start();

$brothel = array('sara','lara');

if(isset($_GET['next']) && in_array($_GET['next'], $brothel))	{
$_SESSION['token'] = uniqid('seed_');
header('location: brothel.php?do='.$_GET['next'].'&token='.$_SESSION['token']);
exit;
}
if(isset($_GET['do']) && in_array($_GET['do'], $brothel))	{
if($_SESSION['token'] == $_GET['token'])	{
	unset($_SESSION['token']);
	//let the guy sleep with sexy girl :P
}	else	{
	//user has refreshed!
}
}


echo '<a href="?next=sara">Lets go hump SARA!</a>';

?>

Share this post


Link to post
Share on other sites
I just wrote this, it was hard to explain. So hopefully code will do better.

It's a lot more simpler than the approach you trying to take.

 

<?php
session_start();

$brothel = array('sara','lara');

if(isset($_GET['next']) && in_array($_GET['next'], $brothel))	{
$_SESSION['token'] = uniqid('seed_');
header('location: brothel.php?do='.$_GET['next'].'&token='.$_SESSION['token']);
exit;
}
if(isset($_GET['do']) && in_array($_GET['do'], $brothel))	{
if($_SESSION['token'] == $_GET['token'])	{
	unset($_SESSION['token']);
	//let the guy sleep with sexy girl :P
}	else	{
	//user has refreshed!
}
}

?>

Well, I'm not actually calling it a brothel. Though, I guess that'd be as easy as just tweaking some things.

The reason I was leaning toward the function is because then I could use it anywhere. Places like crystal temple, hunting, etc. Anywhere I wouldn't want refreshing.

Share this post


Link to post
Share on other sites

But, if you use that function everywhere, you'd still need to specifically go and modify those pages.

Which you could then do is:

 

<?php
session_start();
function genToken($prefix = 'seed_', $tokenName = 'token')	{
$_SESSION[$tokenName] = uniqid($prefix);
return $_SESSION[$tokenName];
}

$brothel = array('sara','lara');

if(isset($_GET['do']) && in_array($_GET['do'], $brothel))	{
if($_SESSION['token'] == $_GET['token'])	{
	unset($_SESSION['token']);
	exit('You have not refreshed');
}	else	{
	exit('Stop refreshing');
}
}


echo '<a href="?do=sara&token='.genToken().'">Lets go hump SARA!</a>';

?>

 

Please note, with that function there are couple posibilites.

$token = genToken('prefixID_', 'tokenName');

 

if you searching for it, and you have got the tokenName, then you do for example:

 

<?php
session_start();
function genToken($prefix = 'seed_', $tokenName = 'token')	{
$_SESSION[$tokenName] = uniqid($prefix);
return $_SESSION[$tokenName];
}

$brothel = array('sara','lara');

if(isset($_GET['do']) && in_array($_GET['do'], $brothel))	{
if($_SESSION['hostile_Token'] == $_GET['token'])	{
	unset($_SESSION['token']);
	exit('You have not refreshed');
}	else	{
	exit('Stop refreshing');
}
}


echo '<a href="?do=sara&token='.genToken(false, 'hostile_Token').'">Lets go hump SARA!</a>';

?>

 

or even:

 

<?php
session_start();
function genToken($prefix = 'seed_', $tokenName = 'token')	{
$_SESSION[$tokenName] = uniqid($prefix);
return $_SESSION[$tokenName];
}

$brothel = array('sara','lara');

if(isset($_GET['do']) && in_array($_GET['do'], $brothel))	{
if($_SESSION['hostile_Token'] == $_GET['token'])	{
	unset($_SESSION['token']);
	exit('You have not refreshed');
}	else	{
	exit('Stop refreshing');
}
}


echo '<a href="?do=sara&token='.genToken('prefixed_with_', 'hostile_Token').'">Lets go hump SARA!</a>';

?>

 

you can test all of these examples on a simple php page.

Share this post


Link to post
Share on other sites

I'll definitely work with everything and see what works best for me. Appreciate the tips.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

×
×
  • Create New...