表當您單擊<code>Login</code>提交按鈕沒有在PHP

Question

提交和無效的令牌，它只會顯示「無效令牌」，因爲令牌給出不被系統識別。但是，如果我點擊Register提交按鈕，表單將被提交併處理。

形態代碼：

<form method="post"> 
    <div class="field"> 
    <label for="username">Username: </label> 
    <input type="text" name="username" id="username" autocomplete="off" /> 
    </div> 

    <div class="field"> 
    <label for="Password">Password: </label> 
    <input type="password" name="password" id="password" autocomplete="off" /> 
    </div> 

    <div class="field"> 
    <label for="remember"> 
     <input type="checkbox" name="remember" id="remember" value="on"/> Remember Me 
    </label> 
    </div> 

    <input type="hidden" name="login_token" value="<?php echo Token::generate(); ?>" /> 
    <input name="login" type="submit" value="Login" /> 
</form> 
<hr> 
<br> 
<form action="" method="post"> 
     <div class="field"> 
     <label for="username">Username</label> 
     <input type="text" name="username" id="username" value="<?php echo sanitize(Input::get('username')); ?>" autocomplete="off" /> 
     </div> 

     <div class="field"> 
     <label for="password">Choose a Password</label> 
     <input type="password" name="password" id="password" /> 
     </div> 

     <div class="field"> 
     <label for="password_again">Enter your Password Again</label> 
     <input type="password" name="password_again" id="password_again" /> 
     </div> 

     <div class="field"> 
     <label for="name">Name</label> 
     <input type="text" name="name" id="name" value="<?php echo sanitize(Input::get('name')); ?>"/> 
     </div> 
     <input type="hidden" name="rgstr_tkn" value="<?php echo Token::generate(); ?>" /> 
     <input type="submit" value="Register" name="register"/> 
</form> 

PHP代碼時的形式被提交給被處理：

if (isset($_POST["login"])){ 
     if(Token::check(Input::get('login_token'))) { 
      echo "Login!"; 
      echo Input::get('login_token'); 
     } else { 
      echo 'invalid token'; 
     } 
} 

if (isset($_POST["register"])) { 
     if(Token::check(Input::get('rgstr_tkn'))) { 
      echo "Register!"; 
      echo Input::get('rgstr_tkn'); 
     } 
} 

Token類別：

class Token { 

    # Generate a token, and put it into the session/token_name 
    public static function generate() { 
     return Session::put(Config::get('session/token_name'), md5(uniqid())); 
    } 

    # Check if the token exists 
    public static function check($token) { 
     $tokenName = Config::get('session/token_name'); 

     if(Session::exists($tokenName) && $token === Session::get($tokenName)) { 
      Session::delete($tokenName); 
      return true; 
     } 

     return false; 
    } 

} 

Input類別：

class Input { 

    # Check if the POST or GET request is submitted 
    public static function exists($type = 'post') { 
     switch($type) { 
      case 'post': 
       return (!empty($_POST)) ? true : false; 
       break; 
      case 'get': 
       return (!empty($_GET)) ? true : false; 
       break; 
      default: 
       return false; 
       break; 
     } 
    } 

    # Get an item from the posted or get field 
    public static function get($item) { 
     if(isset($_POST[$item])) { 
      return $_POST[$item]; 
     } else if(isset($_GET[$item])) { 
      return $_GET[$item]; 
     } 

     return ''; 
    } 

} 

Answer 1

你的問題是，當你再次進入該頁面再次產生新的憑證 這就是爲什麼它會返回「無效令牌」，以解決

在你

public static function generate() { 

} 

你檢查第一，如果你已經創建它之前生成您指定的會話令牌

public static function generate() { 
    $tokenName = Config::get('session/token_name'); 
    // if session is already generate then just return it instead of generating new one 
    if (Session::exists($tokenName)) {  
     return Session::get($tokenName); 
    } 
    // else create this session_token 
    return Session::put($tokenName, md5(uniqid())); 
} 

希望它可以幫助