Home Explore Help
Register Sign In
PH
/
heyu
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 94cc65e31f
Branches Tags
heyu
/
ThinkPHP
/
Lib
/
Behavior
/
TokenBuildBehavior.class.php

TokenBuildBehavior.class.php 2.5 KB
History Raw

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061 
  1. <?php
    2. 

  2. // +----------------------------------------------------------------------
    3. 

  3. // | TOPThink [ WE CAN DO IT JUST THINK ]
    4. 

  4. // +----------------------------------------------------------------------
    5. 

  5. // | Copyright (c) 2010 http://topthink.com All rights reserved.
    6. 

  6. // +----------------------------------------------------------------------
    7. 

  7. // | Licensed ( http://www.apache.org/licenses/LICENSE-2.0 )
    8. 

  8. // +----------------------------------------------------------------------
    9. 

  9. // | Author: liu21st <liu21st@gmail.com>
    10. 

  10. // +----------------------------------------------------------------------
    11. 

  11. 

  12. defined('THINK_PATH') or exit();
    13. 

  13. /**
    14. 

  14.  * 系统行为扩展:表单令牌生成
    15. 

  15.  * @category   Think
    16. 

  16.  * @package  Think
    17. 

  17.  * @subpackage  Behavior
    18. 

  18.  * @author   liu21st <liu21st@gmail.com>
    19. 

  19.  */
    20. 

  20. class TokenBuildBehavior extends Behavior {
    21. 

  21.     // 行为参数定义
    22. 

  22.     protected $options   =  array(
    23. 

  23.         'TOKEN_ON'       => false,     // 开启令牌验证
    24. 

  24.         'TOKEN_NAME'     => '__hash__',    // 令牌验证的表单隐藏字段名称
    25. 

  25.         'TOKEN_TYPE'     => 'md5',   // 令牌验证哈希规则
    26. 

  26.         'TOKEN_RESET'    => true, // 令牌错误后是否重置
    27. 

  27.     );
    28. 

  28. 

  29.     public function run(&$content){
    30. 

  30.         if(C('TOKEN_ON')) {
    31. 

  31.             if(strpos($content,'{__TOKEN__}')) {
    32. 

  32.                 // 指定表单令牌隐藏域位置
    33. 

  33.                 $content = str_replace('{__TOKEN__}',$this->buildToken(),$content);
    34. 

  34.             }elseif(preg_match('/<\/form(\s*)>/is',$content,$match)) {
    35. 

  35.                 // 智能生成表单令牌隐藏域
    36. 

  36.                 $content = str_replace($match[0],$this->buildToken().$match[0],$content);
    37. 

  37.             }
    38. 

  38.         }else{
    39. 

  39.             $content = str_replace('{__TOKEN__}','',$content);
    40. 

  40.         }
    41. 

  41.     }
    42. 

  42. 

  43.     // 创建表单令牌
    44. 

  44.     private function buildToken() {
    45. 

  45.         $tokenName  = C('TOKEN_NAME');
    46. 

  46.         $tokenType  = C('TOKEN_TYPE');
    47. 

  47.         if(!isset($_SESSION[$tokenName])) {
    48. 

  48.             $_SESSION[$tokenName]  = array();
    49. 

  49.         }
    50. 

  50.         // 标识当前页面唯一性
    51. 

  51.         $tokenKey   =  md5($_SERVER['REQUEST_URI']);
    52. 

  52.         if(isset($_SESSION[$tokenName][$tokenKey])) {// 相同页面不重复生成session
    53. 

  53.             $tokenValue = $_SESSION[$tokenName][$tokenKey];
    54. 

  54.         }else{
    55. 

  55.             $tokenValue = $tokenType(microtime(TRUE));
    56. 

  56.             $_SESSION[$tokenName][$tokenKey]   =  $tokenValue;
    57. 

  57.         }
    58. 

  58.         $token      =  '<input type="hidden" name="'.$tokenName.'" value="'.$tokenKey.'_'.$tokenValue.'" />';
    59. 

  59.         return $token;
    60. 

  60.     }
    61. 

  61. }
    62.