18 01 2018
php表单加入Token方法
简单的用php实现的代码如下:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
|
<?php /* * PHP简单利用token防止表单重复提交 * 此处理方法纯粹是为了给初学者参考 */ session_start(); function set_token() { ?? $_SESSION [ 'token' ] = md5(microtime(true)); } function valid_token() { ?? $return = $_REQUEST [ 'token' ] === $_SESSION [ 'token' ] ? true : false; ?? set_token(); ?? return $return ; } //如果token为空则生成一个token if (!isset( $_SESSION [ 'token' ]) || $_SESSION [ 'token' ]== '' ) { ?? set_token(); } if (isset( $_POST [ 'test' ])){ ?? if (!valid_token()){ ???? echo "token error" ; ?? } else { ???? echo '成功提交,Value:' . $_POST [ 'test' ]; ?? } } ?> <form method= "post" action= "" > ?? <input type= "hidden" name= "token" value= "<?php echo $_SESSION['token']?>" > ?? <input type= "text" name= "test" value= "Default" > ?? <input type= "submit" value= "提交" /> </form> |
下面的代码更加安全一点。
Token.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
|
<?php /* ? * Created on 2013-3-25 ? * ? * To change the template for this generated file go to ? * Window - Preferences - PHPeclipse - PHP - Code Templates ? */ function getToken( $len = 32, $md5 = true) { ?? # Seed random number generator ?? # Only needed for PHP versions prior to 4.2 ?? mt_srand((double) microtime() * 1000000); ?? # Array of characters, adjust as desired ?? $chars = array ( ???? 'Q' , ???? '@' , ???? '8' , ???? 'y' , ???? '%' , ???? '^' , ???? '5' , ???? 'Z' , ???? '(' , ???? 'G' , ???? '_' , ???? 'O' , ???? '`' , ???? 'S' , ???? '-' , ???? 'N' , ???? '<' , ???? 'D' , ???? '{' , ???? '}' , ???? '[' , ???? ']' , ???? 'h' , ???? ';' , ???? 'W' , ???? '.' , ???? '/' , ???? '|' , ???? ':' , ???? '1' , ???? 'E' , ???? 'L' , ???? '4' , ???? '&' , ???? '6' , ???? '7' , ???? '#' , ???? '9' , ???? 'a' , ???? 'A' , ???? 'b' , ???? 'B' , ???? '~' , ???? 'C' , ???? 'd' , ???? '>' , ???? 'e' , ???? '2' , ???? 'f' , ???? 'P' , ???? 'g' , ???? ')' , ???? '?' , ???? 'H' , ???? 'i' , ???? 'X' , ???? 'U' , ???? 'J' , ???? 'k' , ???? 'r' , ???? 'l' , ???? '3' , ???? 't' , ???? 'M' , ???? 'n' , ???? '=' , ???? 'o' , ???? '+' , ???? 'p' , ???? 'F' , ???? 'q' , ???? '!' , ???? 'K' , ???? 'R' , ???? 's' , ???? 'c' , ???? 'm' , ???? 'T' , ???? 'v' , ???? 'j' , ???? 'u' , ???? 'V' , ???? 'w' , ???? ',' , ???? 'x' , ???? 'I' , ???? '$' , ???? 'Y' , ???? 'z' , ???? '*' ?? ); ?? # Array indice friendly number of chars; ?? $numChars = count ( $chars ) - 1; ?? $token = '' ; ?? # Create random token at the specified length ?? for ( $i = 0; $i < $len ; $i ++) ???? $token .= $chars [mt_rand(0, $numChars )]; ?? # Should token be run through md5? ?? if ( $md5 ) { ???? # Number of 32 char chunks ???? $chunks = ceil ( strlen ( $token ) / 32); ???? $md5token = '' ; ???? # Run each chunk through md5 ???? for ( $i = 1; $i <= $chunks ; $i ++) ?????? $md5token .= md5( substr ( $token , $i * 32 - 32, 32)); ???? # Trim the token ???? $token = substr ( $md5token , 0, $len ); ?? } ?? return $token ; } ?> |
form.php
1
2
3
4
5
6
7
8
9
10
|
<?php include_once ( "token.php" ); $token = getToken(); session_start(); $_SESSION [ 'token' ] = $token ; ?> <form action= "action.php" method= "post" <input type= "hidden" name= "token" value= "<?=$token?>" /> <!-- 其他input submit之类的 --> </form> |
action.php
1
2
3
4
5
6
7
8
9
|
<?php session_start(); if ( $_POST [ 'token' ] == $_SESSION [ 'token' ]){ ?? unset( $_SESSION [ 'token' ]); ?? echo "这是一个正常的提交请求" ; } else { ?? echo "这是一个非法的提交请求" ; } ?> |
PHP $_SERVER[’PHP_SELF’]漏洞 详解Windows Hash与破解