php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Doc Bug #50943 rand/mt_rand not seeded for every request
Submitted: 2010-02-05 23:37 UTC Modified: 2010-02-24 01:00 UTC
From: maarten-baert at hotmail dot com Assigned:
Status: No Feedback Package: Documentation problem
PHP Version: Irrelevant OS: Linux
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: maarten-baert at hotmail dot com
New email:
PHP Version: OS:

 

 [2010-02-05 23:37 UTC] maarten-baert at hotmail dot com 
Description:
------------
Rand/mt_rand is not seeded automatically for every request: if I use srand/mt_srand the results of rand/mt_rand in future requests (even in other scripts) are also affected.

The server uses PHP Version 5.2.4-2ubuntu5.9, I can't update it so I'm not sure whether this has been fixed in future versions. I can't reproduce this on my own computer (using CLI).

Maybe this isn't a bug, but the documentation claims the random number generator is seeded automatically, so if anyone uses rand/mt_rand to generate tokens, captchas (like me), or any other kind of security-related random data, an attacker could use this to get the same data every time.

Reproduce code:
---------------
<?php

echo rand(1,1000);
srand(5);

// OR

echo mt_rand(1,1000);
mt_srand(5);

?>

Expected result:
----------------
I expected to see a random number every time I refresh the page.


Actual result:
--------------
The first time I get a random number, but after that I always get 275 (rand) or 775 (mt_rand).

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2010-02-16 11:18 UTC] degeberg@php.net 
I cannot duplicate this on PHP 5.3.1 or 5.2.4. My guess is that this is caused by Ubuntu specific changes. Otherwise you would have to provide more information about your setup.

================
daniel@daniel-laptop:~$ cat test.php
<?php
echo rand(1,1000);
srand(5);

echo PHP_EOL;
?>
daniel@daniel-laptop:~$ ~/Desktop/php-5.2.4/sapi/cli/php --version
PHP 5.2.4 (cli) (built: Feb 16 2010 11:59:06) 
Copyright (c) 1997-2007 The PHP Group
Zend Engine v2.2.0, Copyright (c) 1998-2007 Zend Technologies
daniel@daniel-laptop:~$ ~/Desktop/php-5.2.4/sapi/cli/php test.php
277
daniel@daniel-laptop:~$ ~/Desktop/php-5.2.4/sapi/cli/php test.php
961
daniel@daniel-laptop:~$ php --version
PHP 5.3.1 (cli) (built: Dec 11 2009 19:55:07) 
Copyright (c) 1997-2009 The PHP Group
Zend Engine v2.3.0, Copyright (c) 1998-2009 Zend Technologies
daniel@daniel-laptop:~$ php test.php
459
daniel@daniel-laptop:~$ php test.php
329
daniel@daniel-laptop:~$ ~/Desktop/php-5.2.4/sapi/cgi/php-cgi test.php
X-Powered-By: PHP/5.2.4
Content-type: text/html

124
daniel@daniel-laptop:~$ ~/Desktop/php-5.2.4/sapi/cgi/php-cgi test.php
X-Powered-By: PHP/5.2.4
Content-type: text/html

114
================
 [2010-02-24 01:00 UTC] doc-bugs at lists dot php dot net 
No feedback was provided for this bug for over a week, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Sat Jul 05 22:01:35 2025 UTC