Hi,
I basically have two functions; the first one below GenerateFormTokenHash() is placed in a hidden field on my form and echoed out in the hidden field plus it stores the token in a session called token.
The second function below IsValidFormTokenHash() is called straight after the check is made to see if form is submitted.
Problem:
Although the session token matches the hidden field token it still echoes out that the session token and hidden field token does not match althou when i echo them out they do match, plus i manually check the session file and it matches.
/* Form Token Hash Generator
This function is called in the hidden text form field
and stores the unique token in a session
*/
function GenerateFormTokenHash()
{
$token = $_SESSION['token'] = sha1(uniqid(time().mt_rand().$_SERVER['REMOTE_ADDR'], true));
return htmlspecialchars($token);
}
/* Form Token Hash Validator
This function is called straight after the check is made to see if form has been submitted
*/
function IsValidFormTokenHash()
{
if($_POST['token'] != $_SESSION['token'])
{
$_SESSION = array();
setcookie(session_name(), '', time()-42000, '/');
# Destroy the session
session_destroy();
# Generate new seesion id
session_regenerate_id(true);
# Display Message (TESTING)
echo '<h1>SESSION TOKEN DOES NOT MATCH</h1>';
}
}
I am very confused at what is happening. Anyone know what could be the cause?
Thanks
PHPLOVER