/**
* 获取客户端IP
* @return string
*/
private final function getSessionId()
{
if (!($id = Cookie::get($this->session_name))) {
$id = 'hdphp' . md5(clientIp() . microtime(true)) . mt_rand(1, 99999);
}
Cookie::set($this->session_name, $id, $this->expire, '/', c('session.domain'));
return $id;
}
public function run()
{
//获取令牌,不存在时创建令牌
if (!($token = Session::get('csrf_token'))) {
$token = md5(clientIp() . microtime(true));
Session::set('csrf_token', $token);
}
//令牌检测
if (IS_POST && Config::get('csrf.open')) {
if (Request::post('csrf_token') != $token) {
/**
* 存在过滤的验证时忽略验证
*/
foreach ((array) c('csrf.except') as $f) {
if (preg_match("@{$f}@", __URL__)) {
return;
}
}
throw new \Exception('CSRF 令牌验证失败');
}
}
}
public function run()
{
$open = Config::get('csrf.open');
//服务器令牌数据
$token = Session::get('csrf_token');
//不存在时创建令牌
if ($open && !$token) {
Session::set('csrf_token', md5(clientIp() . microtime(true)));
}
//令牌检测
if ($open && $token && Request::post() && Request::isDomain()) {
if (Request::post('csrf_token') != $token) {
//存在过滤的验证时忽略验证
$except = c('csrf.except');
foreach ((array) $except as $f) {
if (preg_match("@{$f}@", __URL__)) {
return;
}
}
throw new \Exception('CSRF 令牌验证失败');
}
}
}
public function ip($type = 0)
{
return clientIp($type);
}
