防止php重复提交表单更安全的方法

时间:2021-04-21 19:28:43

 

  1. Token.php  

    <?php

    /*
    * Created on 2013-3-25
    *
    * To change the template for this generated file go to
    * Window - Preferences - PHPeclipse - PHP - Code Templates
    */
    function getToken($len = 32, $md5 = true) {
    # Seed random number generator
    # Only needed for PHP versions prior to 4.2
    mt_srand((double) microtime() * 1000000);
    # Array of characters, adjust as desired
    $chars = array (
    'Q',
    '@',
    '8',
    'y',
    '%',
    '^',
    '5',
    'Z',
    '(',
    'G',
    '_',
    'O',
    '`',
    'S',
    '-',
    'N',
    '<',
    'D',
    '{',
    '}',
    '[',
    ']',
    'h',
    ';',
    'W',
    '.',
    '/',
    '|',
    ':',
    '1',
    'E',
    'L',
    '4',
    '&',
    '6',
    '7',
    '#',
    '9',
    'a',
    'A',
    'b',
    'B',
    '~',
    'C',
    'd',
    '>',
    'e',
    '2',
    'f',
    'P',
    'g',
    ')',
    '?',
    'H',
    'i',
    'X',
    'U',
    'J',
    'k',
    'r',
    'l',
    '3',
    't',
    'M',
    'n',
    '=',
    'o',
    '+',
    'p',
    'F',
    'q',
    '!',
    'K',
    'R',
    's',
    'c',
    'm',
    'T',
    'v',
    'j',
    'u',
    'V',
    'w',
    ',',
    'x',
    'I',
    '$',
    'Y',
    'z',
    '*'
    );
    # Array indice friendly number of chars;
    $numChars = count($chars) - 1;
    $token = '';
    # Create random token at the specified length
    for ($i = 0; $i < $len; $i++)
    $token .= $chars[mt_rand(0, $numChars)];
    # Should token be run through md5?
    if ($md5) {
    # Number of 32 char chunks
    $chunks = ceil(strlen($token) / 32);
    $md5token = '';
    # Run each chunk through md5
    for ($i = 1; $i <= $chunks; $i++)
    $md5token .= md5(substr($token, $i * 32 - 32, 32));
    # Trim the token
    $token = substr($md5token, 0, $len);
    }
    return $token;
    }
    ?>
    form.php

    <?php
    include_once("token.php");
    $token = getToken();
    session_start();
    $_SESSION['token'] = $token;
    ?>
    <form action="action.php" method="post"
    <input type="hidden" name="token" value="<?=$token?>" />
    <!-- 其他input submit之类的 -->
    </form>
    action.php

    <?php
    session_start();
    if($_POST['token'] == $_SESSION['token']){
    unset($_SESSION['token']);
    echo "这是一个正常的提交请求";
    }else{
    echo "这是一个非法的提交请求";
    }
    ?>