PHP令牌形式處理
[英]php token form handling
問題描述
我有一個令牌,我正在嘗試檢查表單提交,以下是我的令牌函數以及我用來提交的表單,然后是應該檢查令牌的表單處理。 我為什么無法使令牌功能正常工作?
<?php
function getToken()
{
if(!isset($_SESSION['user_token']))
{
$_SESSION['user_token'] = md5(uniqid());
}
}
function checkToken($token)
{
if($token != $_SESSION['user_token'])
{
header('location: 404.php');
exit;
}
}
function getTokenField()
{
return '<input type="hidden" name="token" value="'.$_SESSION['user_token'].'" />';
}
function destroyToken()
{
unset($_SESSION['user_token']);
}
一個名為register.php的注冊表單,該表單重定向到registerscript.php頁面。
<?php getToken(); ?>
<form method="post" action="registerscript.php">
<fieldset>
<legend>Registration Form</legend>
<table width="400" border="0" cellpadding="10" cellspacing="10">
<tr>
<td></td>
<td style="font-weight: bold;color:red">
<?php
if(isset($_SESSION['error']))
{
echo '<p>'.$_SESSION['error']['firstname'].'</p>';
echo '<p>'.$_SESSION['error']['lastname'].'</p>';
echo '<p>'.$_SESSION['error']['username'].'</p>';
echo '<p>'.$_SESSION['error']['email'].'</p>';
echo '<p>'.$_SESSION['error']['password'].'</p>';
echo '<p>'.$_SESSION['error']['country'].'</p>';
unset($_SESSION['error']);
}
?>
</td>
<tr>
<td style="font-weight: bold"><div align="right"><label for="firstname">First Name</label></div></td>
<td><input name="firstname" type="text" class="input" size="25" required /></td>
</tr> <tr>
<td style="font-weight: bold"><div align="right"><label for="lastname">Last Name</label></div></td>
<td><input name="lastname" type="text" class="input" size="25" required /></td>
</tr> <tr>
<td style="font-weight: bold"><div align="right"><label for="username">User Name</label></div></td>
<td><input name="username" type="text" class="input" size="25" required /></td>
</tr>
<tr>
<td style="font-weight: bold"><div align="right"><label for="password">Password</label></div></td>
<td><input name="password" type="password" class="input" size="25" required /></td>
</tr>
<tr>
<td style="font-weight: bold"><div align="right"><label for="confirmpw">Confirm Password</label></div></td>
<td><input name="confirmpw" type="password" class="input" size="25" required /></td>
</tr>
<tr>
<td style="font-weight: bold"><div align="right"><label for="email">Email</label></div></td>
<td><input name="email" type="email" class="input" size="25" required /></td>
</tr>
<tr>
<td style="font-weight: bold"><div align="right"><label for="country">Country</label></td>
<td><select name="country">
<option selected value="0">Select Country</option>
<?php
while ($rowCerts = $resultcategories->fetch_assoc()) {
echo "<option value=\"{$rowCerts['country']}\">";
echo $rowCerts['country'];
echo "</option>";
}
?>
</select></td>
</tr>
<tr>
<td height="23"></td>
<td><div align="right">
<input type="submit" name="submit" value="Register!" />
<?php echo getTokenField(); ?>
關於提交的表單處理,我希望它使用以下代碼檢查令牌是否有效,但它帶我到404.php,就好像沒有令牌一樣,但是當我查看頁面源代碼時有一個令牌。
<?php
session_start();
include_once('conn.php');
if(isset($_POST['submit']))
{
checkToken($token);
$firstname = $_POST["firstname"];
$lastname = $_POST["lastname"];
$username = $_POST["username"];
$password = $_POST["password"];
$confirmpw = $_POST["confirmpw"];
$country = $_POST["country"];
if(preg_match("/[^a-zA-Z0-9]+/", $firstname))
{
$_SESSION['error']['firstname'] = "Incorrect characters used in Firstname.<br>";
}
}
我的源代碼顯示:
<input type="submit" name="submit" value="Register!" />
<input type="hidden" name="token" value="f0de3e58dbd6196ac0f964203577abb0" /> </div></td>
</tr>
</table>
</fieldset>
2 個解決方案
解決方案1
0 2016-06-29 22:15:00
此時設置了$token嗎?
if(isset($_POST['submit']))
{
checkToken($token);
}
還是應該
if(isset($_POST['submit']))
{
checkToken($_POST['token']);
}
解決方案2
0 2016-06-29 22:29:53
先前的答案更有可能是正確的。 您在conn.php文件中有什么?
嘗試添加這樣的字符串:
echo "--$token--$_SESSION[user_token]--";die;
行前
header('location: 404.php');
說你得到什么。
PHP表單令牌使用和處理
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.