In this lesson, let's learn about template miscellaneous and form token functions.
one. Template Miscellaneous
1. Sometimes, we need to output data similar to template tags or syntax, which will be parsed by the template;
2. At this time, we use the original template to output the tag {literal};
{literal}
变量标签形式:{$name}
{/literal}
3. For the tags in the HTML page, it is invalid to use HTML comments, and the comments defined by the template are required;
{//$name}
{/*$name*/}
{/* 多行注释
*/}
4. There can be no space between the comment and the { symbol, otherwise the comment cannot be hidden;
5. After the compiled file is generated, the content of the comment will be automatically deleted and will not be displayed;
two. form token
1. The form token is to add a hidden field in the form, and randomly generate a string of characters to ensure that it is not forged;
2. The randomly generated characters are compared with the session (open) of the server, and the pass is a legal form;
<form action="http://localhost/tp6/public/verify/token" method="post">
<input type="hidden" name="__token__" value="{:token()}">
<input type="submit" value="提交表单">
</form>
3. In order to verify the internal mechanism of the system, the internal structure can be tested by printing;
//打印出保存到 session 的 token
echo Session::get('__token__');
4. At the verification port, you can use the controller to verify whether the token verification is successful;
$check = Request::checkToken('__token__');
if(false === $check) {
throw new ValidateException('令牌错误');
}
5. In the validator part, as long as the built-in rule token is used to verify, the specific process is as follows:
$validate = \think\facade\Validate::rule([
'name' => 'require|token'
]);
$result = $validate->batch(true)->check([
'name' => input('post.name'),
'__token__' => input('post.__token__')
]);
if (!$result) {
dump($validate->getError());
}