我有以下课程 会话类
<?php
class Session
{
public static function exists($name)
{
return (isset($_SESSION[$name])) ? true : false;
}
public static function delete($name)
{
if (self::exists($name))
{
unset($_SESSION[$name]);
}
}
public static function get($name)
{
return $_SESSION[$name];
}
public static function put($name, $value)
{
return $_SESSION[$name] = $value;
}
}
令牌类
<?php
class Token
{
public static function generate()
{
return Session::put('token', md5(uniqid()));
}
public static function check($token)
{
//var_dump(Session::get('token'));
//var_dump($token);
//die();
if(Session::exists('token') && $token === Session::get('token'))
{
Session::delete('token');
return true;
}
return false;
}
}
输入类
<?php
class Input
{
public static function exists($type = 'post')
{
switch ($type)
{
case 'post':
return (!empty($_POST)) ? true : false;
break;
case 'get':
return (!empty($_GET)) ? true : false;
break;
case 'uri':
//echo 'Well we are here. <br>';
return (!empty($_SERVER['REQUEST_URI'])) ? true : false;
break;
case 'session':
return (!empty($_SESSION)) ? true : false;
default:
return false;
break;
}
}
public function get($item, $method = 'post')
{
switch ($method) {
case 'post':
if(isset($_POST[$item])) return $_POST[$item];
break;
case 'get':
if(isset($_GET[$item])) return $_GET[$item];
break;
case 'session':
if(isset($_SESSION[$item])) return $_SESSION[$item];
break;
case 'server':
if(isset($_SERVER[$item])) return $_SERVER[$item];
break;
default:
return "";
break;
}
}
}
我还有一个注册表单
<div class="glob-main-contents-wrapper">
<span class="signup-header">
<h1>Sign up</h1>
<a href="http://localhost/mysite/signin">Already a member?</a>
</span>
<form action="http://localhost/mysite/scripts/signup" id="signup-form" class="signup-form" method="post">
<div class="field">
<input type="text" class="username" id="username" name="username" placeholder=" Username" value="<?php echo Input::get('username', 'session') ?>">
<span class="field-error" id="username-error">
</span>
</div>
<div class="field">
<input type="text" class="email" id="email" name="email" placeholder="Email" value="<?php echo Input::get('email', 'session') ?>">
<span class="field-error" id="email-error">
</span>
</div>
<div class="field">
<input type="password" class="password" id="password" name="password" placeholder="Password">
<span class="field-error" id="password-error">
</span>
</div>
<div class="field">
<input type="text" class="name" id="name" name="name" placeholder="Full Name" value="<?php echo Input::get('name', 'session') ?>">
<span class="field-error" id="name-error">
</span>
</div>
<div class="field">
<input type="text" class="bio" id="bio" name="bio" placeholder="Biography" value="<?php echo Input::get('bio', 'session') ?>"">
<span class="field-error" id="bio-error">
</span>
</div>
<div class="field">
<select class="timezone" id="timezone" name="timezone" placeholder="TimeZone" style="width: 300px">
<?php
$date = new Date_Time;
$timezones = $date->timezones();
foreach ($timezones as $key => $timezone)
{
?>
<option value="<?php echo $timezone; ?>" <?php if($timezone === 'UTC') echo 'selected="selected"' ?>><?php echo $timezone; ?></option>
<?php
}
?>
</select>
<span class="field-error" id="timezone-error">
</span>
</div>
<div class="field">
<input type="text" class="site" id="site" name="site" placeholder="Website" value="<?php echo Input::get('site', 'session') ?>">
<span class="field-error" id="website-error">
</span>
</div>
<div class="field">
<button type="submit" class="reg-btn" id="reg-btn">Sign up</button>
<span class="field-error" id="form-error">
</span>
</div>
<input type="hidden" id="token" name="token" value="<?php echo Token::generate(); ?>">
</form>
</div>
最后,我在表单
中有以下脚本if(Input::exists()):
Session::put('username', Input::get('username'));
Session::put('email', Input::get('email'));
Session::put('name', Input::get('name'));
Session::put('bio', Input::get('bio'));
Session::put('site', Input::get('site'));
if(Token::check(Input::get('token'))):
$errors = array();
if(empty($_POST['username'])):
$errors[] = 'username=is required';
else:
//other username checks
endif;
//checks for other form inputs
if(empty($errors)):
try{ //insert into database }
catch(Exception $e){header('http://localhost/mysite/signup'. '/errors=?error=something went wrong');}
else:
$result = '';
foreach ($errors as $key => $error)
{
$result .= '&'. $error;
}
Router::to('http://localhost/mysite/signup'. '/errors=?' .$result);
endif;
else:
Router::to('http://localhost/mysite/signup'. '/errors=?invalid token');
endif;
endif;
当我转到地址http://localhost/mysite/signup并且我正确输入所有表单数据,即通过脚本中的所有错误检查时,我设法注册没有问题。但是,当我犯了一个错误,即至少一次错误检查失败时,我最终得到了一个像这样的http://localhost/mysite/signin/errors=?&username=is20%required这个我想要的网址,这样我就可以使用get变量来突出显示错误。当我尝试注册时,我得到一个无效的令牌网址。无论我是否有错误都会发生这种情况。取消注释令牌类中的vardump后,我发现$ _SESSION [&#39;令牌&#39;]中的值不等于生成的值。是什么原因导致我的$ _SESSION [&#39;令牌&#39;]与生成的令牌不同?