我在表格中使用zf2验证码: 在控制器中:
public function loginAction() {
$loginForm = new LoginForm ( );
if ($this->getRequest ()->isPost ()) {
$postedValues = $this->getRequest ()->getPost ();
$loginForm->setData ( $postedValues );
if ($loginForm->isValid ()) {
echo 'valid';
} else {
echo 'invalid';
}
}
}
$view ['loginForm'] = $loginForm;
return new ViewModel ( $view );
}
在我的loginForm中我有:
public function __construct($adapter) {
parent::__construct ();
$this->setAttribute ( 'method', 'post' );
$this->setAttribute ( 'name', 'loginForm' );
$inputFilter = new InputFilter ();
$factory = new Factory ();
$captchaImage = new CaptchaImage( array(
'font' => dirname(__DIR__).'/../../../../public/fonts/arial.ttf',
'width' => 150,
'height' => 75,
'dotNoiseLevel' => 40,
'lineNoiseLevel' => 3 ,
'wordLen' => 5
)
);
$this->add(array(
'type' => 'Zend\Form\Element\Captcha',
'name' => 'captcha',
'options' => array(
'label' => 'Security Question',
'captcha' => $captchaImage,
),
));
$submit = new Element\Submit ( 'submit' );
$submit->setValue ( _ ( 'Login' ) )->setAttributes ( array (
'id' => 'submitbutton',
'class' => 'btn btn-default'
) );
$this->add ( $submit );
}
并在我的phtml文件中:
if(isset($this->loginForm)){
$form = $this->loginForm;
$form->prepare();
var_dump($form->getMessages());
echo $this->form()->openTag($form);
?>
<div class="col-md-6">
<?php
foreach ($form as $element) {
echo '<div class="form-group">
<label class="control-label">
'.
_($element->getLabel()).
'</label>'
.$this->formElement($element).
'
</div>';
}
?>
</div>
<?php
echo $this->form()->closeTag();
}
我的问题是,当我提交表单时,一切都很完美。 isValid函数执行它所拥有的功能并正确验证验证码。但是,当我通过浏览器刷新按钮重新发送相同的信息时,isValid函数再次返回true,这是不可接受的,因为图像已更改。似乎旧的验证码对zf2仍然有效,这是不正确的,并且存在安全问题,让黑客很容易绕过它。我在这里错过了什么吗?