选择语言 :

Core_Form::check_token

校验表单token

当使用 Form::open() 方法开启 token 后，可试用此方法在接受页面中校验token是否正确

bool Core_Form::check_token( )

返回值

bool

File: ./core/classes/form.class.php

public static function check_token()
{
    if (HttpIO::METHOD=='GET')
    {
        if (!isset($_GET['__form_token__']))
        {
            return false;
        }
    }
    else
    {
        if (!isset($_POST['__form_token__']))
        {
            return false;
        }
    }

    if (!$_POST['__form_token__'] || !is_array($_POST['__form_token__']) || !isset($_POST['__form_token__']['key']) || !isset($_POST['__form_token__']['hash']))return false;

    $cache_time = (int)Core::config('form_token_cache_time', 0);

    $key = Text::rc4_decryption($_POST['__form_token__']['key']);
    if (!$key || substr($key, 0, 12)!='_form_token/')
    {
        return false;
    }

    if (!$cache_time>0)
    {
        if (!isset($_POST['__form_token__']['value']))return false;

        # 从表单中解密数据
        $value = Text::rc4_decryption($_POST['__form_token__']['value']);
    }
    else
    {
        # 从缓存中获取
        $value = Cache::instance(Core::config('form_token_cache_name'))->get($key);
    }

    if (!$value)return false;

    if (Form::get_token_hash($value, $key)!=$_POST['__form_token__']['hash'])return false;

    return true;
}