Skip to main content
Code Review

Return to Question

replaced http://codereview.stackexchange.com/ with https://codereview.stackexchange.com/
Source Link

I am trying to prevent CSRF for my login page (linked from here here), and for this I am going to use a random token generator to create a UUID for the session.

The function that I have so far is as such:

function UUID()
{
 mt_srand((double)microtime()*10000);
 $charid = strtoupper(md5(uniqid(rand(), true)));
 $hyphen = chr(45);
 $uuid = substr($charid, 0, 8).$hyphen
 .substr($charid, 8, 4).$hyphen
 .substr($charid,12, 4).$hyphen
 .substr($charid,16, 4).$hyphen
 .substr($charid,20,12);
 return $uuid;
}

This function is working perfect and on a loop of 30 runs it gives me this result:

E1BDBF20-A481-AD53-648F-C89E5242B934
E2329CE9-B79D-999A-C61F-65C3C3976EBE
B2FE5771-60DE-9E9B-ADF2-1A78B6BD8BC4
77384406-B472-8192-E301-50CCA1E0CC10
7854EF9F-991F-90D9-ACA5-07C01C25F355
EB4D6BC0-6AB1-9020-0C94-BCB81C540EA9
0AAABBCC-B53F-AF23-2D18-92B971AFD76C
298FAE1A-F25A-7BF9-ECA9-3C5E80CCBC82
0533A8D8-AC1F-3A94-FD51-8A95B69DB9C7
CC650B31-14B6-8709-9E6C-84AA307E77DA
52AEE9D4-FAC4-7AEC-DB31-882CA61A6AE6
EED5154B-7425-ED7C-95A1-2239A79F0FAC
42094233-09D7-BB08-8404-908889B5AB6C
1A3C9D28-4FF3-5A4B-1994-AFE189D02C01
4F5D3BC5-C94A-CFD5-87C1-4E2903811DF0
6BC0612C-93EE-DE33-299B-44888BCCC670
D7029641-ED26-C136-C5BB-6A6C932A1354
AB3CF87D-8FA1-C38F-13AA-BFEEA016122C
687DC395-CF5C-2797-F825-9122D179D6B4
7970708B-F266-B308-6DA5-49DB190C9326
ABF5494D-C8B3-976D-42D6-FE108BFF593E
F0A3A1C0-3A57-EED3-54FB-60C644C8F329
7A687548-B0B3-E266-E473-74E9BE6D45BE
A445E134-A9FD-E554-D6E7-E6D1DE9D1046
F8FCE8F8-7B2C-92E4-00B3-9F834BCE1E9A
982E093A-0D93-AEAC-DEC3-EFEFA9401EEE
353E75FC-80B5-6177-F987-4EAF77BC4F97
8262F39E-F4C0-B60B-9007-A533BC043600
3810166A-38AC-1275-2593-922CD25E42C6
59E6A361-8FEA-FE81-B75E-927FC439159E

But it seems like there is a better way of creating this, although I have tried to use com_create_guid, this did not give quite the result I wanted.

I am trying to prevent CSRF for my login page (linked from here), and for this I am going to use a random token generator to create a UUID for the session.

The function that I have so far is as such:

function UUID()
{
 mt_srand((double)microtime()*10000);
 $charid = strtoupper(md5(uniqid(rand(), true)));
 $hyphen = chr(45);
 $uuid = substr($charid, 0, 8).$hyphen
 .substr($charid, 8, 4).$hyphen
 .substr($charid,12, 4).$hyphen
 .substr($charid,16, 4).$hyphen
 .substr($charid,20,12);
 return $uuid;
}

This function is working perfect and on a loop of 30 runs it gives me this result:

E1BDBF20-A481-AD53-648F-C89E5242B934
E2329CE9-B79D-999A-C61F-65C3C3976EBE
B2FE5771-60DE-9E9B-ADF2-1A78B6BD8BC4
77384406-B472-8192-E301-50CCA1E0CC10
7854EF9F-991F-90D9-ACA5-07C01C25F355
EB4D6BC0-6AB1-9020-0C94-BCB81C540EA9
0AAABBCC-B53F-AF23-2D18-92B971AFD76C
298FAE1A-F25A-7BF9-ECA9-3C5E80CCBC82
0533A8D8-AC1F-3A94-FD51-8A95B69DB9C7
CC650B31-14B6-8709-9E6C-84AA307E77DA
52AEE9D4-FAC4-7AEC-DB31-882CA61A6AE6
EED5154B-7425-ED7C-95A1-2239A79F0FAC
42094233-09D7-BB08-8404-908889B5AB6C
1A3C9D28-4FF3-5A4B-1994-AFE189D02C01
4F5D3BC5-C94A-CFD5-87C1-4E2903811DF0
6BC0612C-93EE-DE33-299B-44888BCCC670
D7029641-ED26-C136-C5BB-6A6C932A1354
AB3CF87D-8FA1-C38F-13AA-BFEEA016122C
687DC395-CF5C-2797-F825-9122D179D6B4
7970708B-F266-B308-6DA5-49DB190C9326
ABF5494D-C8B3-976D-42D6-FE108BFF593E
F0A3A1C0-3A57-EED3-54FB-60C644C8F329
7A687548-B0B3-E266-E473-74E9BE6D45BE
A445E134-A9FD-E554-D6E7-E6D1DE9D1046
F8FCE8F8-7B2C-92E4-00B3-9F834BCE1E9A
982E093A-0D93-AEAC-DEC3-EFEFA9401EEE
353E75FC-80B5-6177-F987-4EAF77BC4F97
8262F39E-F4C0-B60B-9007-A533BC043600
3810166A-38AC-1275-2593-922CD25E42C6
59E6A361-8FEA-FE81-B75E-927FC439159E

But it seems like there is a better way of creating this, although I have tried to use com_create_guid, this did not give quite the result I wanted.

I am trying to prevent CSRF for my login page (linked from here), and for this I am going to use a random token generator to create a UUID for the session.

The function that I have so far is as such:

function UUID()
{
 mt_srand((double)microtime()*10000);
 $charid = strtoupper(md5(uniqid(rand(), true)));
 $hyphen = chr(45);
 $uuid = substr($charid, 0, 8).$hyphen
 .substr($charid, 8, 4).$hyphen
 .substr($charid,12, 4).$hyphen
 .substr($charid,16, 4).$hyphen
 .substr($charid,20,12);
 return $uuid;
}

This function is working perfect and on a loop of 30 runs it gives me this result:

E1BDBF20-A481-AD53-648F-C89E5242B934
E2329CE9-B79D-999A-C61F-65C3C3976EBE
B2FE5771-60DE-9E9B-ADF2-1A78B6BD8BC4
77384406-B472-8192-E301-50CCA1E0CC10
7854EF9F-991F-90D9-ACA5-07C01C25F355
EB4D6BC0-6AB1-9020-0C94-BCB81C540EA9
0AAABBCC-B53F-AF23-2D18-92B971AFD76C
298FAE1A-F25A-7BF9-ECA9-3C5E80CCBC82
0533A8D8-AC1F-3A94-FD51-8A95B69DB9C7
CC650B31-14B6-8709-9E6C-84AA307E77DA
52AEE9D4-FAC4-7AEC-DB31-882CA61A6AE6
EED5154B-7425-ED7C-95A1-2239A79F0FAC
42094233-09D7-BB08-8404-908889B5AB6C
1A3C9D28-4FF3-5A4B-1994-AFE189D02C01
4F5D3BC5-C94A-CFD5-87C1-4E2903811DF0
6BC0612C-93EE-DE33-299B-44888BCCC670
D7029641-ED26-C136-C5BB-6A6C932A1354
AB3CF87D-8FA1-C38F-13AA-BFEEA016122C
687DC395-CF5C-2797-F825-9122D179D6B4
7970708B-F266-B308-6DA5-49DB190C9326
ABF5494D-C8B3-976D-42D6-FE108BFF593E
F0A3A1C0-3A57-EED3-54FB-60C644C8F329
7A687548-B0B3-E266-E473-74E9BE6D45BE
A445E134-A9FD-E554-D6E7-E6D1DE9D1046
F8FCE8F8-7B2C-92E4-00B3-9F834BCE1E9A
982E093A-0D93-AEAC-DEC3-EFEFA9401EEE
353E75FC-80B5-6177-F987-4EAF77BC4F97
8262F39E-F4C0-B60B-9007-A533BC043600
3810166A-38AC-1275-2593-922CD25E42C6
59E6A361-8FEA-FE81-B75E-927FC439159E

But it seems like there is a better way of creating this, although I have tried to use com_create_guid, this did not give quite the result I wanted.

edited tags, questions isn't really about authentication so much as randomness/security
Link
tim
  • 25.3k
  • 3
  • 31
  • 76
Source Link
anon
anon

Function to generate a UUID

I am trying to prevent CSRF for my login page (linked from here), and for this I am going to use a random token generator to create a UUID for the session.

The function that I have so far is as such:

function UUID()
{
 mt_srand((double)microtime()*10000);
 $charid = strtoupper(md5(uniqid(rand(), true)));
 $hyphen = chr(45);
 $uuid = substr($charid, 0, 8).$hyphen
 .substr($charid, 8, 4).$hyphen
 .substr($charid,12, 4).$hyphen
 .substr($charid,16, 4).$hyphen
 .substr($charid,20,12);
 return $uuid;
}

This function is working perfect and on a loop of 30 runs it gives me this result:

E1BDBF20-A481-AD53-648F-C89E5242B934
E2329CE9-B79D-999A-C61F-65C3C3976EBE
B2FE5771-60DE-9E9B-ADF2-1A78B6BD8BC4
77384406-B472-8192-E301-50CCA1E0CC10
7854EF9F-991F-90D9-ACA5-07C01C25F355
EB4D6BC0-6AB1-9020-0C94-BCB81C540EA9
0AAABBCC-B53F-AF23-2D18-92B971AFD76C
298FAE1A-F25A-7BF9-ECA9-3C5E80CCBC82
0533A8D8-AC1F-3A94-FD51-8A95B69DB9C7
CC650B31-14B6-8709-9E6C-84AA307E77DA
52AEE9D4-FAC4-7AEC-DB31-882CA61A6AE6
EED5154B-7425-ED7C-95A1-2239A79F0FAC
42094233-09D7-BB08-8404-908889B5AB6C
1A3C9D28-4FF3-5A4B-1994-AFE189D02C01
4F5D3BC5-C94A-CFD5-87C1-4E2903811DF0
6BC0612C-93EE-DE33-299B-44888BCCC670
D7029641-ED26-C136-C5BB-6A6C932A1354
AB3CF87D-8FA1-C38F-13AA-BFEEA016122C
687DC395-CF5C-2797-F825-9122D179D6B4
7970708B-F266-B308-6DA5-49DB190C9326
ABF5494D-C8B3-976D-42D6-FE108BFF593E
F0A3A1C0-3A57-EED3-54FB-60C644C8F329
7A687548-B0B3-E266-E473-74E9BE6D45BE
A445E134-A9FD-E554-D6E7-E6D1DE9D1046
F8FCE8F8-7B2C-92E4-00B3-9F834BCE1E9A
982E093A-0D93-AEAC-DEC3-EFEFA9401EEE
353E75FC-80B5-6177-F987-4EAF77BC4F97
8262F39E-F4C0-B60B-9007-A533BC043600
3810166A-38AC-1275-2593-922CD25E42C6
59E6A361-8FEA-FE81-B75E-927FC439159E

But it seems like there is a better way of creating this, although I have tried to use com_create_guid, this did not give quite the result I wanted.

lang-php

AltStyle によって変換されたページ (->オリジナル) /