这是我的csrf脚本。它有时会将散列返回为null,从而导致我的Feed无法显示。我用ajax请求feed并通过它发送令牌。现在,任何人都可以帮助弄清楚为什么这只会不时地返回null?我只是没有在这里看到这个问题吗?
/* Cross-site request forgery attack prevention */
class CsrfProtection {
private $previous_hash;
public $hash;
public function __construct() {
/* Generate a new token */
$token = md5(time() + time());
/* Save the previous hash, if there is none then add the new token */
$this->previous_hash = (isset($_SESSION['token'])) ? $_SESSION['token'] : $token;
/* Save the new session / variable */
if(basename($_SERVER['SCRIPT_NAME']) == 'index.php') $_SESSION['token'] = $token;
@$this->hash = $_SESSION['token'];
}
/* Check if post/get iprevious token is valid when sending data to the server */
public function is_valid($key = 'token') {
return (isset($_POST[$key]) && ($_POST[$key] === $this->previous_hash)) || (isset($_GET[$key]) && ($_GET[$key] === $this->previous_hash));
}
}
每次我在页面上调用时,都使用$ token = new CsrfProtection();