我有一个Joomla组件,我试图添加一些功能。我发现如果我直接通过http://mysite.com/index.php?option=com_mycom&view=unsubscribe调用该组件,表单提交就好了。
但是,如果我在包含{component url='index.php?option=com_mycom&view=unsubscribe'}的文章中包含该组件,以使该页面只是http://mysite.com/unsubscribe,则该令牌似乎无法正确存储,我将收到有关'无效的错误消息或者过期的令牌',其值为空$stored_token,或上次通过长直接网址加载页面时的值。
如何解决此问题?
$confirm = JRequest::getVar('unsubscribe_confirm', NULL);
$sess = JFactory::getSession();
if( is_null($confirm) ) {
// generate random token to prevent accident/malicious use
$token = md5(rand().time().$sub_info['id_joomla_user']);
$sess->set('unsubscribe_token', $token, 'mycom_unsubscribe');
$frm = <<<_E_
<form action="%sindex.php?option=com_mycom&view=unsubscribe" method="POST">
<input type="hidden" name="unsubscribe_token" value="%s" />
<input type="submit" name="unsubscribe_confirm" value="Yes, please cancel my subscription." />
</form>
_E_;
$output = sprintf(JURI::root(), $token);
} else {
$token_stored = $sess->get('unsubscribe_token', NULL, 'mycom_unsubscribe');
$token_passed = JRequest::getVar('unsubscribe_token', NULL);
// make sure tokens have been set, and that they match
if( (is_null($token_stored) || is_null($token_passed)) || ($token_stored !== $token_passed) ) {
JFactory::getApplication()->redirect(
'profile',
'Cannot process unsubscribe request: expired or invalid session token.' .
' S:' . $token_stored . ' P:' . $token_passed,
'error'
);
} else {
// valid unsubscribe request has been given, unset token to prevent multiple requests.
$sess->clear('unsubscribe_token', 'mycom_unsubscribe');
// more code normally happens here...
}
}
答案 0 :(得分:1)
事实证明,包含大括号的组件不是我想象的内置Joomla功能,而是一个名为“Include Component”的插件。内部发生了cURL请求以获取组件内容,并且对于需要进行会话验证的任何内容进行调整。
答案 1 :(得分:0)
组件应该已经有一个可以从菜单管理器链接的视图。如果您需要更改外观,请检查模板覆盖。