Seker Posted June 26, 2012 Share Posted June 26, 2012 I'm currently creating an alternative to the brothels floating around here. What I'm trying to do with it right now is make it so it generates a random session ID/token at the end of the url to prevent refreshing/botting, etc. While perusing some tutorial sites, I found this function. My question is, will this work? And is the example usage I posted correct? genToken: function genToken( $len = 32, $md5 = true ) { # Seed random number generator # Only needed for PHP versions prior to 4.2 mt_srand( (double)microtime()*1000000 ); # Array of characters, adjust as desired $chars = array( 'Q', '@', '8', 'y', '%', '^', '5', 'Z', '(', 'G', '_', 'O', '`', 'S', '-', 'N', '<', 'D', '{', '}', '[', ']', 'h', ';', 'W', '.', '/', '|', ':', '1', 'E', 'L', '4', '&', '6', '7', '#', '9', 'a', 'A', 'b', 'B', '~', 'C', 'd', '>', 'e', '2', 'f', 'P', 'g', ')', '?', 'H', 'i', 'X', 'U', 'J', 'k', 'r', 'l', '3', 't', 'M', 'n', '=', 'o', '+', 'p', 'F', 'q', '!', 'K', 'R', 's', 'c', 'm', 'T', 'v', 'j', 'u', 'V', 'w', ',', 'x', 'I', '$', 'Y', 'z', '*' ); # Array indice friendly number of chars; empty token string $numChars = count($chars) - 1; $token = ''; # Create random token at the specified length for ( $i=0; $i<$len; $i++ ) $token .= $chars[ mt_rand(0, $numChars) ]; # Should token be run through md5? if ( $md5 ) { # Number of 32 char chunks $chunks = ceil( strlen($token) / 32 ); $md5token = ''; # Run each chunk through md5 for ( $i=1; $i<=$chunks; $i++ ) $md5token .= md5( substr($token, $i * 32 - 32, 32) ); # Trim the token $token = substr($md5token, 0, $len); } return $token; } example usage: $randok = genToken(); <a href='example.php?ID={$randtok}'>Example</a> To better explain, what I'm looking for is a URL that would then look like this: http://example.com/example.php?ID=aahkf$%dhkjsh$ And, when refreshed would throw an error. But, when you go back to the link and click it again, it should generate a new random token at the end. Am I making sense? Quote Link to comment Share on other sites More sharing options...
Danny696 Posted June 26, 2012 Share Posted June 26, 2012 It should in theory work, If you remember to set the session in the correct place in the function, and remember it is being md5'd on request Quote Link to comment Share on other sites More sharing options...
HauntedDawg Posted June 26, 2012 Share Posted June 26, 2012 I just wrote this, it was hard to explain. So hopefully code will do better. It's a lot more simpler than the approach you trying to take. <?php session_start(); $brothel = array('sara','lara'); if(isset($_GET['next']) && in_array($_GET['next'], $brothel)) { $_SESSION['token'] = uniqid('seed_'); header('location: brothel.php?do='.$_GET['next'].'&token='.$_SESSION['token']); exit; } if(isset($_GET['do']) && in_array($_GET['do'], $brothel)) { if($_SESSION['token'] == $_GET['token']) { unset($_SESSION['token']); //let the guy sleep with sexy girl :P } else { //user has refreshed! } } echo '<a href="?next=sara">Lets go hump SARA!</a>'; ?> Quote Link to comment Share on other sites More sharing options...
Seker Posted June 26, 2012 Author Share Posted June 26, 2012 I just wrote this, it was hard to explain. So hopefully code will do better. It's a lot more simpler than the approach you trying to take. <?php session_start(); $brothel = array('sara','lara'); if(isset($_GET['next']) && in_array($_GET['next'], $brothel)) { $_SESSION['token'] = uniqid('seed_'); header('location: brothel.php?do='.$_GET['next'].'&token='.$_SESSION['token']); exit; } if(isset($_GET['do']) && in_array($_GET['do'], $brothel)) { if($_SESSION['token'] == $_GET['token']) { unset($_SESSION['token']); //let the guy sleep with sexy girl :P } else { //user has refreshed! } } ?> Well, I'm not actually calling it a brothel. Though, I guess that'd be as easy as just tweaking some things. The reason I was leaning toward the function is because then I could use it anywhere. Places like crystal temple, hunting, etc. Anywhere I wouldn't want refreshing. Quote Link to comment Share on other sites More sharing options...
HauntedDawg Posted June 26, 2012 Share Posted June 26, 2012 But, if you use that function everywhere, you'd still need to specifically go and modify those pages. Which you could then do is: <?php session_start(); function genToken($prefix = 'seed_', $tokenName = 'token') { $_SESSION[$tokenName] = uniqid($prefix); return $_SESSION[$tokenName]; } $brothel = array('sara','lara'); if(isset($_GET['do']) && in_array($_GET['do'], $brothel)) { if($_SESSION['token'] == $_GET['token']) { unset($_SESSION['token']); exit('You have not refreshed'); } else { exit('Stop refreshing'); } } echo '<a href="?do=sara&token='.genToken().'">Lets go hump SARA!</a>'; ?> Please note, with that function there are couple posibilites. $token = genToken('prefixID_', 'tokenName'); if you searching for it, and you have got the tokenName, then you do for example: <?php session_start(); function genToken($prefix = 'seed_', $tokenName = 'token') { $_SESSION[$tokenName] = uniqid($prefix); return $_SESSION[$tokenName]; } $brothel = array('sara','lara'); if(isset($_GET['do']) && in_array($_GET['do'], $brothel)) { if($_SESSION['hostile_Token'] == $_GET['token']) { unset($_SESSION['token']); exit('You have not refreshed'); } else { exit('Stop refreshing'); } } echo '<a href="?do=sara&token='.genToken(false, 'hostile_Token').'">Lets go hump SARA!</a>'; ?> or even: <?php session_start(); function genToken($prefix = 'seed_', $tokenName = 'token') { $_SESSION[$tokenName] = uniqid($prefix); return $_SESSION[$tokenName]; } $brothel = array('sara','lara'); if(isset($_GET['do']) && in_array($_GET['do'], $brothel)) { if($_SESSION['hostile_Token'] == $_GET['token']) { unset($_SESSION['token']); exit('You have not refreshed'); } else { exit('Stop refreshing'); } } echo '<a href="?do=sara&token='.genToken('prefixed_with_', 'hostile_Token').'">Lets go hump SARA!</a>'; ?> you can test all of these examples on a simple php page. Quote Link to comment Share on other sites More sharing options...
Seker Posted June 26, 2012 Author Share Posted June 26, 2012 I'll definitely work with everything and see what works best for me. Appreciate the tips. Quote Link to comment Share on other sites More sharing options...
HauntedDawg Posted June 26, 2012 Share Posted June 26, 2012 nvm. -tooshort- Quote Link to comment Share on other sites More sharing options...
Spudinski Posted July 6, 2012 Share Posted July 6, 2012 I've created a salt generator which is both secure and suitable to your needs. See: https://github.com/nands/ezrpg/blob/master/lib/func.security.php#L67 It was designed with functional cryptography in mind, but it should suit your needs. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.