1

I have a security token that is created when a page loads and writes that token to a file. Then I confirm that the token passed in the form matches one of the tokens in the file.

This first section is located in the FORM.PHP file, and I can confirm that the token is being written to the file.

//Create Token
$token = md5(time());

//Save token to file
$fp = fopen('/PATH/tokens.txt', 'a') or die ("Unable to open to Token file");
fwrite($fp, "$token\n") or die ("Unable to write to Token file");
fclose($fp);

This section of code is located in the PROCESS.PHP file. I have printed out the contents of the $tokens array and I can manually confirm that the same token is in there. 

$tokens = file('/PATH/tokens.txt') or die("Unable to read file");

$token = $_POST['token'];

if (in_array($token, $tokens)){
   error_log("Found Token");
} else {
   error_log("Token Not Found");
}

I can't figure out why the in_array($token, $tokens) function is not returning TRUE.

Improve this question

3 Answers 3

Reset to default
2

Use file('/path/file.ext',FILE_IGNORE_NEW_LINES);, otherwise every entry has the newline characters from the file appended.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

2

file() keeps the newlines character by default, which means you are matching a md5() to md5()\n.

To strip the newline character out, you need to pass FILE_IGNORE_NEW_LINES as a second argument to file()

Improve this answer

Comments

0

the file function will return an array with the newlines attached

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.