提交和無效的令牌,它只會顯示「無效令牌」,因爲令牌給出不被系統識別。但是,如果我點擊Register
提交按鈕,表單將被提交併處理。表當您單擊<code>Login</code>提交按鈕沒有在PHP
形態代碼:
<form method="post">
<div class="field">
<label for="username">Username: </label>
<input type="text" name="username" id="username" autocomplete="off" />
</div>
<div class="field">
<label for="Password">Password: </label>
<input type="password" name="password" id="password" autocomplete="off" />
</div>
<div class="field">
<label for="remember">
<input type="checkbox" name="remember" id="remember" value="on"/> Remember Me
</label>
</div>
<input type="hidden" name="login_token" value="<?php echo Token::generate(); ?>" />
<input name="login" type="submit" value="Login" />
</form>
<hr>
<br>
<form action="" method="post">
<div class="field">
<label for="username">Username</label>
<input type="text" name="username" id="username" value="<?php echo sanitize(Input::get('username')); ?>" autocomplete="off" />
</div>
<div class="field">
<label for="password">Choose a Password</label>
<input type="password" name="password" id="password" />
</div>
<div class="field">
<label for="password_again">Enter your Password Again</label>
<input type="password" name="password_again" id="password_again" />
</div>
<div class="field">
<label for="name">Name</label>
<input type="text" name="name" id="name" value="<?php echo sanitize(Input::get('name')); ?>"/>
</div>
<input type="hidden" name="rgstr_tkn" value="<?php echo Token::generate(); ?>" />
<input type="submit" value="Register" name="register"/>
</form>
PHP代碼時的形式被提交給被處理:
if (isset($_POST["login"])){
if(Token::check(Input::get('login_token'))) {
echo "Login!";
echo Input::get('login_token');
} else {
echo 'invalid token';
}
}
if (isset($_POST["register"])) {
if(Token::check(Input::get('rgstr_tkn'))) {
echo "Register!";
echo Input::get('rgstr_tkn');
}
}
Token
類別:
class Token {
# Generate a token, and put it into the session/token_name
public static function generate() {
return Session::put(Config::get('session/token_name'), md5(uniqid()));
}
# Check if the token exists
public static function check($token) {
$tokenName = Config::get('session/token_name');
if(Session::exists($tokenName) && $token === Session::get($tokenName)) {
Session::delete($tokenName);
return true;
}
return false;
}
}
Input
類別:
class Input {
# Check if the POST or GET request is submitted
public static function exists($type = 'post') {
switch($type) {
case 'post':
return (!empty($_POST)) ? true : false;
break;
case 'get':
return (!empty($_GET)) ? true : false;
break;
default:
return false;
break;
}
}
# Get an item from the posted or get field
public static function get($item) {
if(isset($_POST[$item])) {
return $_POST[$item];
} else if(isset($_GET[$item])) {
return $_GET[$item];
}
return '';
}
}
你看過html源代碼來驗證'value =「<?php echo Token :: generate(); ?>「'。你是否嘗試回顯'Session :: get($ tokenName)'和'$ token'以查看它們包含的內容以及它們爲什麼不匹配? – Sean
它們都有值,它們都不相同。我嘗試使用單個令牌爲他們兩個,但現在註冊按鈕不提交。我已經試圖回聲''('echo'Config :: get('session/token_name'); '),它只顯示* token *。 – astronomicalXoom
你能否包含你的配置 – Beginner