我在使用Zend的CSRF令牌时遇到了一些问题。我正在使用ZF1(不要开始)。
每次我提交表单时,都会收到错误消息' missingToken'。经过核心后,我发现Zend在验证时从未获得令牌,因此始终为null并且永远不会通过。
为什么会这样?我该如何解决这个问题?
我已经看过几乎所有提出的问题,到目前为止还没有。
表格
parent::init();
$this->addElement('text', 'email', [
'label' => 'Email',
'required' => true,
'filters' => ['StringTrim'],
'autocomplete' => 'off',
'validators' => [
['NotEmpty', true, ["messages" => 'Enter your email address.']],
['EmailAddress', true, ['messages' => [
Zend_Validate_EmailAddress::INVALID => 'Not a valid email address.',
Zend_Validate_EmailAddress::INVALID_FORMAT => 'Not a valid email address.',
Zend_Validate_EmailAddress::INVALID_HOSTNAME => 'Not a valid email address.',
Zend_Validate_EmailAddress::INVALID_MX_RECORD => 'Not a valid email address.',
Zend_Validate_EmailAddress::INVALID_SEGMENT => 'Not a valid email address.',
Zend_Validate_EmailAddress::DOT_ATOM => 'Not a valid email address.',
Zend_Validate_EmailAddress::QUOTED_STRING => 'Not a valid email address.',
Zend_Validate_EmailAddress::INVALID_LOCAL_PART => 'Not a valid email address.',
Zend_Validate_EmailAddress::LENGTH_EXCEEDED => 'Not a valid email address.'
]]]
]
]);
$this->addElement('password', 'password', [
'label' => 'Password',
'required' => true,
'autocomplete' => 'off',
'validators' => [['NotEmpty', true, ["messages" => 'Enter a password.']]]
]);
$this->addElement('password', 'passwordRepeat', [
'label' => 'Repeat Password',
'required' => true,
'validators' => [
['NotEmpty', true, ["messages" => 'Enter the password again.']],
['Identical', false, 'token' => 'password', "messages" => 'Passwords did not match. Try again.']
]
]);
$this->addElement('checkbox', 'termsOfUse', [
'label' => 'I agree to the <a href="/terms">Marquee Terms of Use</a>',
'value' => 1,
'validators' => [
['NotEmpty', true, ['messages' => 'To continue you please agree to Marquee\'s Terms of Use.']]
]
]);
$this->addElement(
(new Zend_Form_Element_Hash('token', 'csrf', array('salt' => 'secure')))->setSalt('my_magical_token')
);
$this->getElement('token')->initCsrfToken();
我的控制器
public function accountAction()
{
//load form
$form = new Application_Auth_Forms_Account(['action' => '/subscribe']);
// Assign form to the view
$this->view->form = $form;
// Defensive post check so nothing below this executes if not submitted
if (!$this->getRequest()->isPost()) {
return false;
}
// Defensive form validation
if (!$form->isValid($this->getRequest()->getParams())) {
return false;
}
}
查看
form name="create-account" method="post" action="<?= $this->getAction() ?>">
<div class="row">
<div class="col-xs-12 col-sm-12 col-lg-12">
<?php $email = $this->getElement('email'); ?>
<div class="form-group<?php if ($email->getMessages()): ?> has-warning<?php endif; ?>">
<div class="input-prepend">
<i class="fa fa-user" aria-hidden="true"></i>
<input type="email" class="form-control" id="<?= $email->getName() ?>"
placeholder="<?= $this->getLocaliser()->key( 'email_address', 'Email Address' ) ?>" name="<?= $email->getName() ?>"
value="<?= $email->getValue() ?>">
</div>
</div>
</div>
<div class="col-xs-12 col-sm-12 col-lg-12">
<?php $password = $this->getElement('password'); ?>
<div class="form-group<?php if ($password->getMessages()): ?> has-warning<?php endif; ?>">
<div class="input-prepend">
<i class="fa fa-lock" aria-hidden="true"></i>
<input type="password" class="form-control" id="<?= $password->getName() ?>"
placeholder="<?= $this->getLocaliser()->key( 'password', 'Password' ) ?>" name="<?= $password->getName() ?>"
value="<?= $password->getValue() ?>">
</div>
</div>
<?php $passwordRepeat = $this->getElement('passwordRepeat'); ?>
<div class="form-group<?php if ($passwordRepeat->getMessages()): ?> has-warning<?php endif; ?>">
<div class="input-prepend">
<i class="fa fa-lock" aria-hidden="true"></i>
<input type="password" class="form-control" id="<?= $passwordRepeat->getName() ?>"
placeholder="<?= $this->getLocaliser()->key( 'repeat_password', 'Re-enter Password' ) ?>" name="<?= $passwordRepeat->getName() ?>"
value="<?= $passwordRepeat->getValue() ?>">
</div>
</div>
<?php $termsOfUse = $this->getElement('termsOfUse'); ?>
<div class="form-group">
<div class="terms-of-use">
<?php if ($termsOfUse->getMessages()): ?>
<p class="has-warning"><?php echo $termsOfUse->getMessages(); ?></p>
<?php endif; ?>
<input type="checkbox" style="" value="<?= $termsOfUse->getValue() ?>"
id="<?= $termsOfUse->getName() ?>"
name="<?= $termsOfUse->getName() ?>" <?= $termsOfUse->getValue() ? "checked" : "" ?>>
<label for="<?= $termsOfUse->getName() ?>"><?= $this->getLocaliser()->key( 'terms_of_use_label', $termsOfUse->getLabel()) ?></label>
</div>
</div>
<?php $token = $this->getElement('token'); ?>
<input type="hidden" name="<?= $token->getName() ?>" value="<?= $token->getHash() ?>">
</div>
</div>
<div class="row">
<div class="col-xs-12 col-sm-12 col-lg-12">
<button type="submit" class="btn btn-trace"><?= $this->getLocaliser()->key( 'continue', 'Continue' ) ?></button>
</div>
</div>