Feel Online wp Copy each other and write it in an ambiguous way , Just briefly describe my understanding of this problem , If there are any mistakes, please correct them

 <?php
# This is not the source code of the lottery program ！ Don't look ！
header("Content-Type: text/html;charset=utf-8");
session_start();
if(!isset($_SESSION['seed'])){
$_SESSION['seed']=rand(0,999999999);
}

mt_srand($_SESSION['seed']);
$str_long1 = "abcdefghijklmnopqrstuvwxyz0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ";
$str='';
$len1=20;
for ( $i = 0; $i < $len1; $i++ ){
    $str.=substr($str_long1, mt_rand(0, strlen($str_long1) - 1), 1);       
}
$str_show = substr($str, 0, 10);
echo "<p id='p1'>".$str_show."</p>";


if(isset($_POST['num'])){
    if($_POST['num']===$str){x
        echo "<p id=flag> Luck draw , It's just so boring and tasteless , Here you are. flag{xxxxxxxxx}</p>";
    }
    else{
        echo "<p id=flag> I missed it , Try again </p>";
    }
}
show_source("check.php"); 

Part of the string I got from this question is
UVCRacsLrR

When the seed is fixed ,mt_srand($_SESSION[‘seed’]); The order of random numbers generated each time is also fixed

 <?php
mt_srand(111);
for($i=0;$i<5;$i++){
	echo mt_rand()." ";
}
echo "<hr>";

mt_srand(111);
for($i=0;$i<5;$i++){
	echo mt_rand()." ";
}
?> 

Need to use php_mt_seed Tools
Download address ：https://www.openwall.com/php_mt_seed/
This tool is to use C Tools for language writing , One of the libraries inside is Windows I don't have any , Recommend to use Linux Direct use . Drag in kali After decompression

tar -zxvf php_mt_seed-4.0.tar.gz 

install

php_mt_seed Use

It's official readme This explains its command line syntax

php_mt_seed  On its command line  1、2、4  Or more numbers . These numbers specify  mt_rand()  Output constraints .
 When using only  1  When a number is called , This is the first one to find seeds for  mt_rand()  Output .
 When using  2  When a number is called , These are the first  mt_rand()  The range the output should fall into （ The minimum and maximum values in this order ）.
 When using  4  When a number is called , front  2  Give the first  mt_rand()  Output range , the second  2  Give pass to  mt_rand()  The scope of the .
 When using  5  When calling numbers or more , Each group  4, Then there is the last group  1、2  or （ Usually ）4, Handle as above , Each group quotes the corresponding  mt_rand()  Output .

Or above 111 Generated for seeds
Five random numbers 823157468 1883179200 363074538 648087914 936429611 For example （php7.0）
If you crack Use a number to crack the command ：

./php_mt_seed 823157468 

Use two numbers （ The two numbers are the maximum and minimum , It is clear here that , So it is 823157468 823157468. The result is the same as above

./php_mt_seed 823157468 823157468

If you use four numbers , The third number is the range , Without setting the range （ mt_rand() There are no parameters in brackets ）,64 The default range of bit machines is 0 2147483647

The fourth parameter is the random number generated by the second

./php_mt_seed 823157468 823157468 0 2147483647 1883179200  

If you understand these, you can try to write your own script for this topic

mubiao="UVCRacsLrR"
str1="abcdefghijklmnopqrstuvwxyz0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ"

for i in mubiao:
	n=str1.index(i)
	pa="%d %d 0 %d "%(n,n,len(str1)-1)
	print(pa,end="")

The number to be output , Copy to command

./php_mt_seed 56 56 0 61 57 57 0 61 38 38 0 61 53 53 0 61 0 0 0 61 2 2 0 61 18 18 0 61 47 47 0 61 17 17 0 61 53 53 0 61

Originally, I still grabbed the bag in the middle , Want to see this question php edition , But I didn't see . But there is only one result here

php 7.10 Above version 761644156
hold phpstudy Version change 7.1 above , Copy part of the source code , Get the full content

<?php
mt_srand(761644156);
$str_long1 = "abcdefghijklmnopqrstuvwxyz0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ";
$str='';
$len1=20;
for ( $i = 0; $i < $len1; $i++ ){
    $str.=substr($str_long1, mt_rand(0, strlen($str_long1) - 1), 1);       
}
echo $str; 

Output is UVCRacsLrRv1Mj1Frz6e

Online script

str1='abcdefghijklmnopqrstuvwxyz0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ'
str2='c3wBAyqpZM'
str3 = str1[::-1]
length = len(str2)
res=''
for i in range(len(str2)):  
    for j in range(len(str1)):
        if str2[i] == str1[j]:
            res+=str(j)+' '+str(j)+' '+'0'+' '+str(len(str1)-1)+' '
            break
print(res)

Take a look , I don't understand why I put str1 Upside down , I want to see others , As if str3 It's redundant , these wp Copy each other , I didn't understand , Not worth seeing .
Reference documents ：https://www.openwall.com/php_mt_seed/README