Planetarion Forums - View Single Post

meglamaniac · 21 Dec 2005, 17:13

Convergence is possible but very VERY unlikely. Weaknesses have been exposed in MD5 that allow convergences to be found more easily, but that isn't an issue here - that's to get around password encryption. You can't easily alter your IP address, and the other two parameters are outside of your control.

As an example:
http://www.megla.net/unique.php

PHP Code:



<?php 
 
if ($_SERVER['HTTP_X_FORWARDED_FOR'] == NULL) $ip = $_SERVER['REMOTE_ADDR']; 
else { 
    $source = $_SERVER['HTTP_X_FORWARDED_FOR']; 
    $pattern = "/\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}/"; 
    preg_match($pattern, $source, $matches); 
    $ip = $matches[0]; 
} 
 
$timestamp = time(); 
 
$myrandom = rand(10000000,99999999); 
 
echo $ip . " + " . $timestamp . " + ". $myrandom . "<br />"; 
 
$unique = md5($ip . $timestamp . $myrandom); 
 
echo "MD5 ID (hex) = $unique <br />"; 
echo "MD5 ID (dec) = " . base_convert($unique, 16, 10); 
 
?>

The stuff at the top is there to get the real IP if you are going through a proxy (and the proxy is correctly forwarding it), including a regular expression to get it out of the string. If there is nothing in the field, it takes the standard remote address to be the IP address. This may either be your IP if you're directly connected, or the IP of an anonymous proxy (one which doesn't fill in the FORWARD field).

21 Dec 2005, 17:13	#16
meglamaniac Born Sinful Join Date: Nov 2000 Location: Loughborough, UK Posts: 4,059	Re: Basic PHP Help: Global Variables? Convergence is possible but very VERY unlikely. Weaknesses have been exposed in MD5 that allow convergences to be found more easily, but that isn't an issue here - that's to get around password encryption. You can't easily alter your IP address, and the other two parameters are outside of your control. As an example: http://www.megla.net/unique.php PHP Code: <?php if ($_SERVER['HTTP_X_FORWARDED_FOR'] == NULL) $ip = $_SERVER['REMOTE_ADDR']; else { $source = $_SERVER['HTTP_X_FORWARDED_FOR']; $pattern = "/\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}/"; preg_match($pattern, $source, $matches); $ip = $matches[0]; } $timestamp = time(); $myrandom = rand(10000000,99999999); echo $ip . " + " . $timestamp . " + ". $myrandom . "<br />"; $unique = md5($ip . $timestamp . $myrandom); echo "MD5 ID (hex) = $unique <br />"; echo "MD5 ID (dec) = " . base_convert($unique, 16, 10); ?> The stuff at the top is there to get the real IP if you are going through a proxy (and the proxy is correctly forwarding it), including a regular expression to get it out of the string. If there is nothing in the field, it takes the standard remote address to be the IP address. This may either be your IP if you're directly connected, or the IP of an anonymous proxy (one which doesn't fill in the FORWARD field). __________________ Worth dying for. Worth killing for. Worth going to hell for. Amen. Last edited by meglamaniac; 21 Dec 2005 at 17:34.