php使用令牌Token防止表单重复提交
|
php使用令牌Token防止表单重复提交原理在于生成一个随机字符串放在session里,提交表单后来验证这个字符串,可以做到防止他人自己写form来欺骗提交,重复提交或者双击提交。 /* * PHP使用token防止表单重复提交 * 此处理方法纯粹是为了给初学者参考 */ session_start(); function set_token() { $_SESSION['token'] = md5(microtime(true)); } function valid_token() { $return = $_REQUEST['token'] === $_SESSION['token'] ? true : false; set_token(); return $return; } //如果token为空则生成一个token (作者:脚本之家教程 http://www.manongjc.com ) if(!isset($_SESSION['token']) || $_SESSION['token']=='') { set_token(); } if(isset($_POST['test'])){ if(!valid_token()){ echo "token error"; }else{ echo '成功提交,Value:'.$_POST['test']; } } ?> 上面的比较简单一点的方法,下面的代码更加安全一点。 Token.php function getToken($len = 32,$md5 = true) { # Seed random number generator # Only needed for PHP versions prior to 4.2 mt_srand((double) microtime() * 1000000); # Array of characters,adjust as desired $chars = array ('Q','@','8','y','%','^','5','Z','(','G','_','O','`','S','-','N','<','D','{','}','[',']','h',';','W','.','/','|',':','1','E','L','4','&','6','7','#','9','a','A','b','B','~','C','d','>','e','2','f','P','g',')','?','H','i','X','U','J','k','r','l','3','t'); # Array indice friendly number of chars; $numChars = count($chars) - 1; $token = ''; # Create random token(作者:脚本之家教程 http://www.manongjc.com/article/1549.html ) for ($i = 0; $i < $len; $i++) $token .= $chars[mt_rand(0,$numChars)]; # Should token be run through md5? if ($md5) { # Number of 32 char chunks $chunks = ceil(strlen($token) / 32); $md5token = ''; # Run each chunk through md5 for ($i = 1; $i <= $chunks; $i++) $md5token .= md5(substr($token,$i * 32 - 32,32)); # Trim the token $token = substr($md5token,$len); } return $token; } ?> form.php include_once("token.php"); $token = getToken(); session_start(); $_SESSION['token'] = $token; ?> action.php session_start(); if($_POST['token'] == $_SESSION['token']){ unset($_SESSION['token']); echo "这是一个正常的提交请求"; }else{ echo "这是一个非法的提交请求"; } ?> (编辑:安卓应用网) 【声明】本站内容均来自网络,其相关言论仅代表作者个人观点,不代表本站立场。若无意侵犯到您的权利,请及时与联系站长删除相关内容! |