PHP中未提交表单和无效令牌

时间:2016-12-02 01:52:31

标签: php forms token

当您点击Login提交按钮时,它只显示"无效令牌"因为系统无法识别给定的 令牌 。但是,如果我点击Register提交按钮,表单就会被提交和处理。

表格代码:

<form method="post">
  <div class="field">
    <label for="username">Username: </label>
    <input type="text" name="username" id="username" autocomplete="off" />
  </div>

  <div class="field">
    <label for="Password">Password: </label>
    <input type="password" name="password" id="password" autocomplete="off" />
  </div>

  <div class="field">
    <label for="remember">
      <input type="checkbox" name="remember" id="remember" value="on"/> Remember Me
    </label>
  </div>

  <input type="hidden" name="login_token" value="<?php echo Token::generate(); ?>" />
  <input name="login" type="submit" value="Login" />
</form>
<hr>
<br>
<form action="" method="post">
      <div class="field">
        <label for="username">Username</label>
        <input type="text" name="username" id="username" value="<?php echo sanitize(Input::get('username')); ?>" autocomplete="off" />
      </div>

      <div class="field">
        <label for="password">Choose a Password</label>
        <input type="password" name="password" id="password" />
      </div>

      <div class="field">
        <label for="password_again">Enter your Password Again</label>
        <input type="password" name="password_again" id="password_again" />
      </div>

      <div class="field">
        <label for="name">Name</label>
        <input type="text" name="name" id="name" value="<?php echo sanitize(Input::get('name')); ?>"/>
      </div>
      <input type="hidden" name="rgstr_tkn" value="<?php echo Token::generate(); ?>" />
      <input type="submit" value="Register" name="register"/>
</form>

提交表单时要处理的PHP代码:

if (isset($_POST["login"])){
        if(Token::check(Input::get('login_token'))) {
            echo "Login!";
            echo Input::get('login_token');
        } else {
            echo 'invalid token';
        }
}

if (isset($_POST["register"])) {
        if(Token::check(Input::get('rgstr_tkn'))) {
            echo "Register!";
            echo Input::get('rgstr_tkn');
        }
}

Token上课:

class Token {

  # Generate a token, and put it into the session/token_name
  public static function generate() {
      return Session::put(Config::get('session/token_name'), md5(uniqid()));
  }

  # Check if the token exists
  public static function check($token) {
      $tokenName = Config::get('session/token_name');

      if(Session::exists($tokenName) && $token === Session::get($tokenName)) {
          Session::delete($tokenName);
          return true;
      }

      return false;
  }

}

Input上课:

class Input {

    # Check if the POST or GET request is submitted
    public static function exists($type = 'post') {
        switch($type) {
            case 'post':
                return (!empty($_POST)) ? true : false;
                break;
            case 'get':
                return (!empty($_GET)) ? true : false;
                break;
            default:
                return false;
                break;
        }
    }

    # Get an item from the posted or get field
    public static function get($item) {
        if(isset($_POST[$item])) {
            return $_POST[$item];
        } else if(isset($_GET[$item])) {
            return $_GET[$item];
        }

        return '';
    }

}

1 个答案:

答案 0 :(得分:2)

您的问题是,当您再次返回该页面时,它会再次生成新令牌 这就是为什么它会返回&#34;无效的令牌&#34;解决这个问题

在你的

public static function generate() {

}

如果您在创建指定的会话令牌之前已经生成了

,请先检查 
public static function generate() {
    $tokenName = Config::get('session/token_name');
    // if session is already generate then just return it instead of generating new one
    if (Session::exists($tokenName)) {    
        return Session::get($tokenName);
    }
    // else create this session_token
    return Session::put($tokenName, md5(uniqid()));
}

希望有所帮助

相关问题
最新问题