/** * 校验表单token * * 当使用 `Form::open()` 方法开启 token 后,可试用此方法在接受页面中校验token是否正确 * * @return bool */ public static function check_token() { if (HttpIO::METHOD == 'GET') { if (!isset($_GET['__form_token__'])) { return false; } } else { if (!isset($_POST['__form_token__'])) { return false; } } if (!$_POST['__form_token__'] || !is_array($_POST['__form_token__']) || !isset($_POST['__form_token__']['key']) || !isset($_POST['__form_token__']['hash'])) { return false; } $cache_time = (int) Core::config('form_token_cache_time', 0); $key = Text::rc4_decryption($_POST['__form_token__']['key']); if (!$key || substr($key, 0, 12) != '_form_token/') { return false; } if (!$cache_time > 0) { if (!isset($_POST['__form_token__']['value'])) { return false; } # 从表单中解密数据 $value = Text::rc4_decryption($_POST['__form_token__']['value']); } else { # 从缓存中获取 $value = Cache::instance(Core::config('form_token_cache_name'))->get($key); } if (!$value) { return false; } if (Form::get_token_hash($value, $key) != $_POST['__form_token__']['hash']) { return false; } return true; }