添加表单令牌支持

This commit is contained in:
thinkphp
2016-08-14 21:52:48 +08:00
parent c436f079d0
commit 9dd5a508d0
2 changed files with 48 additions and 1 deletions

View File

@@ -1404,4 +1404,20 @@ class Request
}
return $this->content;
}
/**
* 生成请求令牌
* @access public
* @param string $name 令牌名称
* @param string $type 令牌生成类型
* @return string
*/
public function token($name = '__token__', $type = 'md5')
{
$type = is_callable($type) ? $type : 'md5';
$token = $type($_SERVER['REQUEST_TIME_FLOAT']);
Session::set($name, $token);
return $token;
}
}

View File

@@ -12,6 +12,7 @@
namespace think;
use think\Request;
use think\Session;
class Validate
{
@@ -481,7 +482,7 @@ class Validate
* @param string $rule 验证规则
* @return bool
*/
protected function is($value, $rule)
protected function is($value, $rule, $data)
{
switch ($rule) {
case 'require':
@@ -565,6 +566,9 @@ class Validate
case 'image':
$result = $value instanceof \think\File && in_array($this->getImageType($value->getRealPath()), [1, 2, 3, 6]);
break;
case 'token':
$result = $this->token($value, '__token__', $data);
break;
default:
if (isset(self::$type[$rule])) {
// 注册的验证规则
@@ -1085,6 +1089,33 @@ class Validate
return 1 === preg_match($rule, (string) $value);
}
/**
* 验证表单令牌
* @access protected
* @param mixed $value 字段值
* @param mixed $rule 验证规则
* @param array $data 数据
* @return bool
*/
protected function token($value, $rule, $data)
{
$rule = !empty($rule) ? $rule : '__token__';
if (!isset($data[$rule]) || !Session::has($rule)) {
// 令牌数据无效
return false;
}
// 令牌验证
if (isset($data[$rule]) && Session::get($rule) === $data[$rule]) {
// 防止重复提交
Session::delete($rule); // 验证完成销毁session
return true;
}
// 开启TOKEN重置
Session::delete($rule);
return false;
}
// 获取错误信息
public function getError()
{