// +---------------------------------------------------------------------- namespace think\behavior; use think\Behavior; /** * 系统行为扩展:表单令牌生成 * @category Think * @package Think * @subpackage Behavior * @author liu21st */ class TokenBuild extends Behavior { // 行为参数定义 protected $options = [ 'TOKEN_ON' => false, // 开启令牌验证 'TOKEN_NAME' => '__hash__', // 令牌验证的表单隐藏字段名称 'TOKEN_TYPE' => 'md5', // 令牌验证哈希规则 'TOKEN_RESET' => true, // 令牌错误后是否重置 ]; public function run(&$content) { if (C('TOKEN_ON')) { if (strpos($content, '{__TOKEN__}')) { // 指定表单令牌隐藏域位置 $content = str_replace('{__TOKEN__}', $this->buildToken(), $content); } elseif (preg_match('/<\/form(\s*)>/is', $content, $match)) { // 智能生成表单令牌隐藏域 $content = str_replace($match[0], $this->buildToken() . $match[0], $content); } } else { $content = str_replace('{__TOKEN__}', '', $content); } } // 创建表单令牌 private function buildToken() { $tokenName = C('TOKEN_NAME'); $tokenType = C('TOKEN_TYPE'); if (!isset($_SESSION[$tokenName])) { $_SESSION[$tokenName] = []; } // 标识当前页面唯一性 $tokenKey = md5($_SERVER['REQUEST_URI']); if (isset($_SESSION[$tokenName][$tokenKey])) { // 相同页面不重复生成session $tokenValue = $_SESSION[$tokenName][$tokenKey]; } else { $tokenValue = $tokenType(microtime(true)); $_SESSION[$tokenName][$tokenKey] = $tokenValue; } $token = ''; return $token; } }