是什么导致会话值从插入的值更改?

时间:2018-05-30 21:21:31

标签: php session url

我有以下课程 会话类

<?php
class Session
{
    public static function exists($name)
    {
        return (isset($_SESSION[$name])) ? true : false;
    }

    public static function delete($name)
    {
        if (self::exists($name))
        {
            unset($_SESSION[$name]);
        }
    }

    public static function get($name)
    {
        return $_SESSION[$name];
    }

    public static function put($name, $value)
    {
        return $_SESSION[$name] = $value;
    }
}

令牌类

<?php
class Token
{
    public static function generate()
    {
        return Session::put('token', md5(uniqid()));
    }

    public static function check($token)
    {
        //var_dump(Session::get('token'));
        //var_dump($token);
        //die();

        if(Session::exists('token') && $token === Session::get('token'))
        {
            Session::delete('token');
            return true;
        }
        return false;
    }
}

输入类

<?php
class Input
{
    public static function exists($type = 'post')
    {
        switch ($type)
        {
            case 'post':
                return (!empty($_POST)) ? true : false;
                break;
            case 'get':
                return (!empty($_GET)) ? true : false;
                break;  

            case 'uri':
                //echo 'Well we are here. <br>'; 
                return (!empty($_SERVER['REQUEST_URI'])) ? true : false;
                break;
            case 'session':
                return (!empty($_SESSION)) ? true : false;  
            default:
                return false;
                break;
        }
    }

    public function get($item, $method = 'post')
    {
        switch ($method) {
            case 'post':
                if(isset($_POST[$item])) return $_POST[$item];
                break;
            case 'get':
                if(isset($_GET[$item])) return $_GET[$item];
                break;
            case 'session':
                if(isset($_SESSION[$item])) return $_SESSION[$item];
                break;  
            case 'server':
                if(isset($_SERVER[$item])) return $_SERVER[$item];
                break;
            default:
                return "";
                break;
        }
    }
}

我还有一个注册表单

<div class="glob-main-contents-wrapper">
    <span class="signup-header">
        <h1>Sign up</h1>
        <a href="http://localhost/mysite/signin">Already a member?</a>
    </span>
    <form action="http://localhost/mysite/scripts/signup" id="signup-form" class="signup-form" method="post">
        <div class="field">
            <input type="text" class="username" id="username" name="username" placeholder=" Username" value="<?php echo Input::get('username', 'session') ?>">

            <span class="field-error" id="username-error">

            </span>
        </div>

        <div class="field">
            <input type="text" class="email" id="email" name="email" placeholder="Email" value="<?php echo Input::get('email', 'session') ?>">

            <span class="field-error" id="email-error">

            </span>
        </div>

        <div class="field">
            <input type="password" class="password" id="password" name="password" placeholder="Password">

            <span class="field-error" id="password-error">

            </span>
        </div>

         <div class="field">
            <input type="text" class="name" id="name" name="name" placeholder="Full Name" value="<?php echo Input::get('name', 'session') ?>">

            <span class="field-error" id="name-error">

            </span>
        </div>

        <div class="field">
            <input type="text" class="bio" id="bio" name="bio" placeholder="Biography" value="<?php echo Input::get('bio', 'session') ?>"">

            <span class="field-error" id="bio-error">

            </span>
        </div>

        <div class="field">
            <select class="timezone" id="timezone" name="timezone" placeholder="TimeZone" style="width: 300px">
                <?php
                    $date = new Date_Time;
                    $timezones = $date->timezones();
                    foreach ($timezones as $key => $timezone)
                    {
                ?>
                        <option value="<?php echo $timezone; ?>" <?php if($timezone === 'UTC') echo 'selected="selected"' ?>><?php echo $timezone; ?></option>
                <?php
                    }
                ?>
            </select>

            <span class="field-error" id="timezone-error">

            </span>
        </div>

        <div class="field">
            <input type="text" class="site" id="site" name="site" placeholder="Website" value="<?php echo Input::get('site', 'session') ?>">

            <span class="field-error" id="website-error">

            </span>
        </div>

        <div class="field">
            <button type="submit" class="reg-btn" id="reg-btn">Sign up</button>

            <span class="field-error" id="form-error">

                </span>
        </div>

        <input type="hidden" id="token" name="token" value="<?php echo Token::generate(); ?>">
    </form>
</div>

最后,我在表单

中有以下脚本
if(Input::exists()):
    Session::put('username', Input::get('username'));
    Session::put('email', Input::get('email'));
    Session::put('name', Input::get('name'));
    Session::put('bio', Input::get('bio'));
    Session::put('site', Input::get('site'));

    if(Token::check(Input::get('token'))):
        $errors = array();
        if(empty($_POST['username'])):
            $errors[] = 'username=is required';
        else:
            //other username checks
        endif;
        //checks for other form inputs

        if(empty($errors)):
            try{ //insert into database } 
            catch(Exception $e){header('http://localhost/mysite/signup'. '/errors=?error=something went wrong');}
        else:
            $result = '';
            foreach ($errors as $key => $error)
            {
                $result .= '&'. $error;
            }
            Router::to('http://localhost/mysite/signup'. '/errors=?' .$result);
        endif;
    else:
        Router::to('http://localhost/mysite/signup'. '/errors=?invalid token');
    endif;
endif;

当我转到地址http://localhost/mysite/signup并且我正确输入所有表单数据,即通过脚本中的所有错误检查时,我设法注册没有问题。但是,当我犯了一个错误,即至少一次错误检查失败时,我最终得到了一个像这样的http://localhost/mysite/signin/errors=?&username=is20%required这个我想要的网址,这样我就可以使用get变量来突出显示错误。当我尝试注册时,我得到一个无效的令牌网址。无论我是否有错误都会发生这种情况。取消注释令牌类中的vardump后,我发现$ _SESSION [&#39;令牌&#39;]中的值不等于生成的值。是什么原因导致我的$ _SESSION [&#39;令牌&#39;]与生成的令牌不同?

0 个答案:

没有答案