18 01 2018
php表单加入Token方法
简单的用php实现的代码如下:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
|
<?php /* * PHP简单利用token防止表单重复提交 * 此处理方法纯粹是为了给初学者参考 */ session_start(); function set_token() { $_SESSION [ 'token' ] = md5(microtime(true)); } function valid_token() { $return = $_REQUEST [ 'token' ] === $_SESSION [ 'token' ] ? true : false; set_token(); return $return ; } //如果token为空则生成一个token if (!isset( $_SESSION [ 'token' ]) || $_SESSION [ 'token' ]== '' ) { set_token(); } if (isset( $_POST [ 'test' ])){ if (!valid_token()){ echo "token error" ; } else { echo '成功提交,Value:' . $_POST [ 'test' ]; } } ?> <form method= "post" action= "" > <input type= "hidden" name= "token" value= "<?php echo $_SESSION['token']?>" > <input type= "text" name= "test" value= "Default" > <input type= "submit" value= "提交" /> </form> |
下面的代码更加安全一点。
Token.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
|
<?php /* * Created on 2013-3-25 * * To change the template for this generated file go to * Window - Preferences - PHPeclipse - PHP - Code Templates */ function getToken( $len = 32, $md5 = true) { # Seed random number generator # Only needed for PHP versions prior to 4.2 mt_srand((double) microtime() * 1000000); # Array of characters, adjust as desired $chars = array ( 'Q' , '@' , '8' , 'y' , '%' , '^' , '5' , 'Z' , '(' , 'G' , '_' , 'O' , '`' , 'S' , '-' , 'N' , '<' , 'D' , '{' , '}' , '[' , ']' , 'h' , ';' , 'W' , '.' , '/' , '|' , ':' , '1' , 'E' , 'L' , '4' , '&' , '6' , '7' , '#' , '9' , 'a' , 'A' , 'b' , 'B' , '~' , 'C' , 'd' , '>' , 'e' , '2' , 'f' , 'P' , 'g' , ')' , '?' , 'H' , 'i' , 'X' , 'U' , 'J' , 'k' , 'r' , 'l' , '3' , 't' , 'M' , 'n' , '=' , 'o' , '+' , 'p' , 'F' , 'q' , '!' , 'K' , 'R' , 's' , 'c' , 'm' , 'T' , 'v' , 'j' , 'u' , 'V' , 'w' , ',' , 'x' , 'I' , '$' , 'Y' , 'z' , '*' ); # Array indice friendly number of chars; $numChars = count ( $chars ) - 1; $token = '' ; # Create random token at the specified length for ( $i = 0; $i < $len ; $i ++) $token .= $chars [mt_rand(0, $numChars )]; # Should token be run through md5? if ( $md5 ) { # Number of 32 char chunks $chunks = ceil ( strlen ( $token ) / 32); $md5token = '' ; # Run each chunk through md5 for ( $i = 1; $i <= $chunks ; $i ++) $md5token .= md5( substr ( $token , $i * 32 - 32, 32)); # Trim the token $token = substr ( $md5token , 0, $len ); } return $token ; } ?> |
form.php
1
2
3
4
5
6
7
8
9
10
|
<?php include_once ( "token.php" ); $token = getToken(); session_start(); $_SESSION [ 'token' ] = $token ; ?> <form action= "action.php" method= "post" <input type= "hidden" name= "token" value= "<?=$token?>" /> <!-- 其他input submit之类的 --> </form> |
action.php
1
2
3
4
5
6
7
8
9
|
<?php session_start(); if ( $_POST [ 'token' ] == $_SESSION [ 'token' ]){ unset( $_SESSION [ 'token' ]); echo "这是一个正常的提交请求" ; } else { echo "这是一个非法的提交请求" ; } ?> |
PHP $_SERVER[’PHP_SELF’]漏洞 详解Windows Hash与破解