thinkphp form token

Others 2019-11-12 16:29:38 views: null

ThinkPHP Support form token verification function, can effectively prevent duplicate submissions and other forms of security.

To enable a form token, you need to configure the binding behavior, behavior in the configuration directory of the application or module definition file tags.php added:

Marble platform specifications

  1. return array(
  2. // 添加下面一行定义即可
  3. 'view_filter' => array('Behavior\TokenBuild'),
  4. // 如果是3.2.1以上版本 需要改成
  5. // 'view_filter' => array('Behavior\TokenBuildBehavior'),
  6. );

It represents view_filterexecution behavior label position detection token form.

Form token verification relevant configuration parameters:

  1. 'TOKEN_ON' => true, // 是否开启令牌验证 默认关闭
  2. 'TOKEN_NAME' => '__hash__', // 令牌验证的表单隐藏字段名称,默认为__hash__
  3. 'TOKEN_TYPE' => 'md5', //令牌哈希验证规则 默认为MD5
  4. 'TOKEN_RESET' => true, //令牌验证出错后是否重置令牌 默认为true
Copy the code
 

If the template file opened token verification form, the system will automatically with a form which automatically generates TOKEN_NAME name hidden field, whose value is TOKEN_TYPE way hash generated string of the form for achieving automatic token verification.

Automatically generated hidden fields located before the end of the form Form flag, if you want to control their own location hidden fields, you can manually add in the form page {__TOKEN__}ID, the system will automatically replace the output when the template.

If there are multiple form pages, it is recommended to label and make sure that there is only one form requires token validation.

If the individual does not want to form page output token verification, token validation forms can be dynamically turned off before the controller output method, for example:

  1. C('TOKEN_ON',false);
  2. $this->display();

Model classes will be automatically form token verification operation while creating the data object, if you do not create a data object using the create method, then you need to manually invoke the model autoCheckTokenmethods form token validation. If it returns false, it indicates that an error token validation form. E.g:

  1. $User = M("User"); // 实例化User对象
  2. // 手动进行令牌验证
  3. if (!$User->autoCheckToken($_POST)){
  4. // 令牌验证错误
  5. }
 

Guess you like

Origin www.cnblogs.com/furuihua/p/11842530.html
Recommended
Ranking
Reason Codes enhanced accounting documents
The first test case appium
Force command and dispatch emergency communication plan
Interview - What is concurrent programming
21 classic Python interview questions [recommended collection]
[Dahua Data Structure-Introduction to Data Structure ①]
Spring @ConfigurationProperties
Why do we want to broadcast live on WeChat public account? What are the advantages?
How to bring up the toolbar under the desktop of Apple laptop
Dialog: Manually enter information
Daily
More
2024-05-21(35)
2024-05-20(5)
2024-05-19(0)
2024-05-18(31)
2024-05-17(6)
2024-05-16(23)
2024-05-15(5)
2024-05-14(9)
2024-05-13(8)
2024-05-12(28)

Code World

© 2018 codetd.com