PHP无法在表单提交上设置会话令牌

时间:2018-05-25 04:13:44

标签: php html forms submit

我的PHP表单有问题。我有一个图像作为我的表单上的提交按钮,我似乎无法在提交表单时设置会话令牌。编写代码的方式是在页面加载时设置令牌。这并不会让我感到烦恼,但我需要在提交表单时设置或重置它。谁能告诉我我做错了什么?这是代码:

<?php
// Initiate the session.
session_start();
// Simple function to return a timestamp.
function microtime_float() {
    list($usec, $sec) = explode(" ", microtime());
    return ((float)$usec + (float)$sec);
}
// Generate the token.
function generateToken() {
    // generate a token from a unique value, took from microtime...
    $token = "myFormToken-" . microtime_float();  

    // Write the generated token to the session variable to check it against the hidden field when the form is sent
    $_SESSION['myFormToken'] = $token; 
    return $token;
}
?>
<!DOCTYPE HTML>
<html>
<head>
<title>This Is My Webpage...</title>
</head>
<body>
<h1>Click on the image below to be taken to the next page..</h1>
<br /><br />
<!-- BEGIN My Form -->
<form action="http://www.mywebsite.com/mypage.php" method="post" target="_top">
<input type="hidden" name="myFormToken" value="<?php echo generateToken(); ?>">
<input type="image" src="http://www.mywebsite.com/myimage.jpg" border="0" name="submit" alt="Click this image!">
</form>
<!-- END My Form -->

</body>
</html>

感谢您的帮助!

布赖恩

2 个答案:

答案 0 :(得分:0)

<?php
// Initiate the session.
session_start();
// Simple function to return a timestamp.
function microtime_float() {
    list($usec, $sec) = explode(" ", microtime());
    return ((float)$usec + (float)$sec);
}
// Generate the token.
function generateToken() {
    // generate a token from a unique value, took from microtime...
    $token = "myFormToken-" . microtime_float();  

    // Write the generated token to the session variable to check it against the hidden field when the form is sent
      $request = filter_input(INPUT_SERVER, "REQUEST_METHOD");
   if($request === 'POST')
    $_SESSION['myFormToken'] = $token;
   } else{
$_SESSION['myFormToken'] = $token;
}
    return $token;
}
?>
<!DOCTYPE HTML>
<html>
<head>
<title>This Is My Webpage...</title>
</head>
<body>
<h1>Click on the image below to be taken to the next page..</h1>
<br /><br />
<!-- BEGIN My Form -->
<form action="http://www.mywebsite.com/mypage.php" method="post" target="_top">
<input type="hidden" name="myFormToken" value="<?php echo generateToken(); ?>">
<input type="image" src="http://www.mywebsite.com/myimage.jpg" border="0" name="submit" alt="Click this image!">
</form>
<!-- END My Form -->

</body>
</html>

答案 1 :(得分:0)

我很抱歉没有尽快发布此消息。这是我最终想到的解决方案。请注意,一些信息已被删除以保护我的代码。我希望我在这里发布的内容仍然可以对某人有所帮助。

<?php
// Initiate the session.
session_start();

$myname =""; // Sender Name
$mynameError ="";
$mysoftwarelicensetoken = "";
$mylicensetokenError = "";

// Set this so that we don't go into the function below, until the form posts.
$errors = 1;

// Simple function to replicate PHP 5 behaviour
function microtime_float() {
    list($usec, $sec) = explode(" ", microtime());
    return ((float)$usec + (float)$sec);
}

// Set the token here to prevent any user going to this page and then
//   getting back to the sumbit page.
$_SESSION["myformtoken"] = "myunknowntesttoken";

// Set the variable so that we get into the 'if' section below.
if(isset($_POST['submit'])) { // Checking to see if the form posted.

    $errors = 0;
    //$myname = $_POST["myname"]; // Sender Name
    $mysoftwarelicensetoken = $_POST["mysoftwarelicensetoken"];

    if (!isset($_POST["mysoftwarelicensetoken"])){
        $mylicensetokenError = "You must accept the license agreement";
        $errors = 1;
    } else {
        if ($mysoftwarelicensetoken !== "Yes") {
            $mylicensetokenError = "You must accept the license agreement";
            $errors = 1;
        } else {
            $errors = 0;
        }
    }

    // Set the token again, just for safety's sake.
    $_SESSION["myformtoken"] = "myunknowntesttoken";
}

// This will run when the form posts.
if($errors == 0){
    // Set output SESSION variable. 
    $_SESSION["myformtoken"] = 'myformtoken_intro_' . microtime_float();

    // Re-direct to payment website for payment processing.
    header('Location: https://www.mypaymentwebsite.com');
}
// header("Cache-Control: no cache");
// session_cache_limiter("private_no_expire");
?>
<!DOCTYPE html>
<html>
<head>This Is My Webpage...</head>
<body>
<h1>Click on the image below to be taken to the next page..</h1>
<br /><br />
<!-- BEGIN My Form -->
<form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>" enctype="multipart/form-data">
<label>Do you accept the <a href="mysoftwarelicense.html" class="underlinelink">license agreement</a>?<br />
    You MUST do so to proceed with your purchase.</label>
<div>
<input type="radio" name="mysoftwarelicensetoken" value="Yes" <?php if (isset($mysoftwarelicensetoken) && $mysoftwarelicensetoken == "Yes") echo "checked"; ?> > Yes
<input type="radio" name="mysoftwarelicensetoken" value="No" <?php if (isset($mysoftwarelicensetoken) && $mysoftwarelicensetoken == "No") echo "checked"; ?> > No
</div>
<div class="error"><?php echo $mylicensetokenError;?></div>
<br />
<input class="submit link-button btn btn-outline-primary btn-lg" type="submit" name="submit" value="Buy It Now" id="myBuyButton">
</form>
<!-- END My Form -->

</body>
</html>
相关问题
最新问题