Seker Posted June 26, 2012 Posted June 26, 2012 I'm currently creating an alternative to the brothels floating around here. What I'm trying to do with it right now is make it so it generates a random session ID/token at the end of the url to prevent refreshing/botting, etc. While perusing some tutorial sites, I found this function. My question is, will this work? And is the example usage I posted correct? genToken: function genToken( $len = 32, $md5 = true ) { # Seed random number generator # Only needed for PHP versions prior to 4.2 mt_srand( (double)microtime()*1000000 ); # Array of characters, adjust as desired $chars = array( 'Q', '@', '8', 'y', '%', '^', '5', 'Z', '(', 'G', '_', 'O', '`', 'S', '-', 'N', '<', 'D', '{', '}', '[', ']', 'h', ';', 'W', '.', '/', '|', ':', '1', 'E', 'L', '4', '&', '6', '7', '#', '9', 'a', 'A', 'b', 'B', '~', 'C', 'd', '>', 'e', '2', 'f', 'P', 'g', ')', '?', 'H', 'i', 'X', 'U', 'J', 'k', 'r', 'l', '3', 't', 'M', 'n', '=', 'o', '+', 'p', 'F', 'q', '!', 'K', 'R', 's', 'c', 'm', 'T', 'v', 'j', 'u', 'V', 'w', ',', 'x', 'I', '$', 'Y', 'z', '*' ); # Array indice friendly number of chars; empty token string $numChars = count($chars) - 1; $token = ''; # Create random token at the specified length for ( $i=0; $i<$len; $i++ ) $token .= $chars[ mt_rand(0, $numChars) ]; # Should token be run through md5? if ( $md5 ) { # Number of 32 char chunks $chunks = ceil( strlen($token) / 32 ); $md5token = ''; # Run each chunk through md5 for ( $i=1; $i<=$chunks; $i++ ) $md5token .= md5( substr($token, $i * 32 - 32, 32) ); # Trim the token $token = substr($md5token, 0, $len); } return $token; } example usage: $randok = genToken(); <a href='example.php?ID={$randtok}'>Example</a> To better explain, what I'm looking for is a URL that would then look like this: http://example.com/example.php?ID=aahkf$%dhkjsh$ And, when refreshed would throw an error. But, when you go back to the link and click it again, it should generate a new random token at the end. Am I making sense? Quote
Danny696 Posted June 26, 2012 Posted June 26, 2012 It should in theory work, If you remember to set the session in the correct place in the function, and remember it is being md5'd on request Quote
HauntedDawg Posted June 26, 2012 Posted June 26, 2012 I just wrote this, it was hard to explain. So hopefully code will do better. It's a lot more simpler than the approach you trying to take. <?php session_start(); $brothel = array('sara','lara'); if(isset($_GET['next']) && in_array($_GET['next'], $brothel)) { $_SESSION['token'] = uniqid('seed_'); header('location: brothel.php?do='.$_GET['next'].'&token='.$_SESSION['token']); exit; } if(isset($_GET['do']) && in_array($_GET['do'], $brothel)) { if($_SESSION['token'] == $_GET['token']) { unset($_SESSION['token']); //let the guy sleep with sexy girl :P } else { //user has refreshed! } } echo '<a href="?next=sara">Lets go hump SARA!</a>'; ?> Quote
Seker Posted June 26, 2012 Author Posted June 26, 2012 I just wrote this, it was hard to explain. So hopefully code will do better. It's a lot more simpler than the approach you trying to take. <?php session_start(); $brothel = array('sara','lara'); if(isset($_GET['next']) && in_array($_GET['next'], $brothel)) { $_SESSION['token'] = uniqid('seed_'); header('location: brothel.php?do='.$_GET['next'].'&token='.$_SESSION['token']); exit; } if(isset($_GET['do']) && in_array($_GET['do'], $brothel)) { if($_SESSION['token'] == $_GET['token']) { unset($_SESSION['token']); //let the guy sleep with sexy girl :P } else { //user has refreshed! } } ?> Well, I'm not actually calling it a brothel. Though, I guess that'd be as easy as just tweaking some things. The reason I was leaning toward the function is because then I could use it anywhere. Places like crystal temple, hunting, etc. Anywhere I wouldn't want refreshing. Quote
HauntedDawg Posted June 26, 2012 Posted June 26, 2012 But, if you use that function everywhere, you'd still need to specifically go and modify those pages. Which you could then do is: <?php session_start(); function genToken($prefix = 'seed_', $tokenName = 'token') { $_SESSION[$tokenName] = uniqid($prefix); return $_SESSION[$tokenName]; } $brothel = array('sara','lara'); if(isset($_GET['do']) && in_array($_GET['do'], $brothel)) { if($_SESSION['token'] == $_GET['token']) { unset($_SESSION['token']); exit('You have not refreshed'); } else { exit('Stop refreshing'); } } echo '<a href="?do=sara&token='.genToken().'">Lets go hump SARA!</a>'; ?> Please note, with that function there are couple posibilites. $token = genToken('prefixID_', 'tokenName'); if you searching for it, and you have got the tokenName, then you do for example: <?php session_start(); function genToken($prefix = 'seed_', $tokenName = 'token') { $_SESSION[$tokenName] = uniqid($prefix); return $_SESSION[$tokenName]; } $brothel = array('sara','lara'); if(isset($_GET['do']) && in_array($_GET['do'], $brothel)) { if($_SESSION['hostile_Token'] == $_GET['token']) { unset($_SESSION['token']); exit('You have not refreshed'); } else { exit('Stop refreshing'); } } echo '<a href="?do=sara&token='.genToken(false, 'hostile_Token').'">Lets go hump SARA!</a>'; ?> or even: <?php session_start(); function genToken($prefix = 'seed_', $tokenName = 'token') { $_SESSION[$tokenName] = uniqid($prefix); return $_SESSION[$tokenName]; } $brothel = array('sara','lara'); if(isset($_GET['do']) && in_array($_GET['do'], $brothel)) { if($_SESSION['hostile_Token'] == $_GET['token']) { unset($_SESSION['token']); exit('You have not refreshed'); } else { exit('Stop refreshing'); } } echo '<a href="?do=sara&token='.genToken('prefixed_with_', 'hostile_Token').'">Lets go hump SARA!</a>'; ?> you can test all of these examples on a simple php page. Quote
Seker Posted June 26, 2012 Author Posted June 26, 2012 I'll definitely work with everything and see what works best for me. Appreciate the tips. Quote
Spudinski Posted July 6, 2012 Posted July 6, 2012 I've created a salt generator which is both secure and suitable to your needs. See: https://github.com/nands/ezrpg/blob/master/lib/func.security.php#L67 It was designed with functional cryptography in mind, but it should suit your needs. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.