From 9dd5a508d006950e5aa6440ce793344b7c35554f Mon Sep 17 00:00:00 2001 From: thinkphp Date: Sun, 14 Aug 2016 21:52:48 +0800 Subject: [PATCH] =?UTF-8?q?=E6=B7=BB=E5=8A=A0=E8=A1=A8=E5=8D=95=E4=BB=A4?= =?UTF-8?q?=E7=89=8C=E6=94=AF=E6=8C=81?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- library/think/Request.php | 16 ++++++++++++++++ library/think/Validate.php | 33 ++++++++++++++++++++++++++++++++- 2 files changed, 48 insertions(+), 1 deletion(-) diff --git a/library/think/Request.php b/library/think/Request.php index 76b29fa5..9112beed 100644 --- a/library/think/Request.php +++ b/library/think/Request.php @@ -1404,4 +1404,20 @@ class Request } return $this->content; } + + /** + * 生成请求令牌 + * @access public + * @param string $name 令牌名称 + * @param string $type 令牌生成类型 + * @return string + */ + public function token($name = '__token__', $type = 'md5') + { + $type = is_callable($type) ? $type : 'md5'; + $token = $type($_SERVER['REQUEST_TIME_FLOAT']); + + Session::set($name, $token); + return $token; + } } diff --git a/library/think/Validate.php b/library/think/Validate.php index d7b33d9d..0148e2e7 100644 --- a/library/think/Validate.php +++ b/library/think/Validate.php @@ -12,6 +12,7 @@ namespace think; use think\Request; +use think\Session; class Validate { @@ -481,7 +482,7 @@ class Validate * @param string $rule 验证规则 * @return bool */ - protected function is($value, $rule) + protected function is($value, $rule, $data) { switch ($rule) { case 'require': @@ -565,6 +566,9 @@ class Validate case 'image': $result = $value instanceof \think\File && in_array($this->getImageType($value->getRealPath()), [1, 2, 3, 6]); break; + case 'token': + $result = $this->token($value, '__token__', $data); + break; default: if (isset(self::$type[$rule])) { // 注册的验证规则 @@ -1085,6 +1089,33 @@ class Validate return 1 === preg_match($rule, (string) $value); } + /** + * 验证表单令牌 + * @access protected + * @param mixed $value 字段值 + * @param mixed $rule 验证规则 + * @param array $data 数据 + * @return bool + */ + protected function token($value, $rule, $data) + { + $rule = !empty($rule) ? $rule : '__token__'; + if (!isset($data[$rule]) || !Session::has($rule)) { + // 令牌数据无效 + return false; + } + + // 令牌验证 + if (isset($data[$rule]) && Session::get($rule) === $data[$rule]) { + // 防止重复提交 + Session::delete($rule); // 验证完成销毁session + return true; + } + // 开启TOKEN重置 + Session::delete($rule); + return false; + } + // 获取错误信息 public function getError() {