我使用过CsrfComponent,我甚至自己实现了csrfToken,但这些解决方案似乎都没有用。
这是我的代码:
视图:
<?php $session->write('sCsrfToken', sha1(microtime())); ?>
<?= $this->Form->create(false)?>
<!-- Some input fields -->
<?= $this->Form->input('pCsrfToken', ['type' => 'hidden',
'value' => h($session->read('sCsrfToken'))]) ?>
<?= $this->Form->button('Submit') ?>
<?= $this->form->end();?>
控制器:
if($this->request->is('post')){
$sessionToken = $session->read('sCsrfToken');
$postToken = $this->request->data('pCsrfToken');
if(empty($sessionToken) || $postToken != $sessionToken) {
throw new Exception();
}
else {
$session->write('sCsrfToken', sha1(microtime()));
//DB INSERT, SEND MAIL...
}
谢谢