/** * 页面的token标识<br/> * 一般为视图form开始调用 * @param string $path url请求的视图路径 */ public static function token() { $tkid = uniqid(); if (!isset($_SESSION['YYUC_FORM_TOKEN'])) { $_SESSION['YYUC_FORM_TOKEN'] = array(); } $tk_arr =& $_SESSION['YYUC_FORM_TOKEN']; $tk_arr[$tkid] = microtime(true); Page::$tk_str = $tk_arr[$tkid] . '@YYUC@' . $tkid; return '<input type="hidden" value="' . $tkid . '" name="YYUC_FORM_TOKEN"/>'; }
/** * 根据post请求内容填充这个Model<br/> * 这是表单字段自动提交的最常用方法 * * @return Model 模型本身 */ public function load_from_post() { // 先进行解码 $newpost = array(); if (Page::$tk_str != null) { $prevstr = $this->YYUCSYS_tablename . 'T' . $this->YYUCSYS_postid; foreach ($_POST as $k => $v) { $newpost[String::decryption($k, Page::$tk_str)] = $v; } } else { $prevstr = $this->YYUCSYS_tablename . 'T' . $this->YYUCSYS_post_id; $newpost = $_POST; } Page::$tk_str = null; $begin = strlen($prevstr); if (!empty($newpost[$prevstr . 'id']) && isset($this->YYUCSYS_db)) { $this->find($newpost[$prevstr . 'id']); } if (get_magic_quotes_gpc()) { foreach ($newpost as $k => $v) { if (strpos($k, $prevstr) === 0) { $field = substr($k, $begin); if (is_array($v)) { $v = ',' . implode(',', $v) . ','; } $this->{$field} = stripslashes($v); } } } else { foreach ($newpost as $k => $v) { if (strpos($k, $prevstr) === 0) { $field = substr($k, $begin); if (is_array($v)) { $v = ',' . implode(',', $v) . ','; } $this->{$field} = $v; } } } //填充实体 if (!$this->YYUCSYS_isorgin) { $this->fill_entity_field(); } return $this; }
if (is_callable('yyuc_start')) { yyuc_start(); } //加载钩子方法 if (is_callable('access_validations')) { access_validations($_PAGE->controller_path); } } //进行表单令牌验证 if (isset($_POST['YYUC_FORM_TOKEN'])) { if (!@array_key_exists($_POST['YYUC_FORM_TOKEN'], $_SESSION['YYUC_FORM_TOKEN'])) { //不存在令牌 非正常提交 Redirect::to_500($I18N['repost_err']); } else { Page::$tk_ok = true; Page::$tk_str = $_SESSION['YYUC_FORM_TOKEN'][$_POST['YYUC_FORM_TOKEN']] . '@YYUC@' . $_POST['YYUC_FORM_TOKEN']; //删除令牌 unset($_SESSION['YYUC_FORM_TOKEN'][$_POST['YYUC_FORM_TOKEN']]); } } //加载控制器执行文件 include $_PAGE->col_path; //没有开启常规缓存但是请求的是常规缓存后缀 if (Page::$cache_type != CACHE_NORMAL && isset($_SERVER['TRANS_NORMAL_CACHE'])) { Redirect::to_404(); } if (!$YYUC_isobcache && Page::$cache_type !== false) { //开启缓存 ob_start(); } if (Page::$need_view) {