/**
* 校验表单token
*
* 当使用 `Form::open()` 方法开启 token 后,可试用此方法在接受页面中校验token是否正确
*
* @return bool
*/
public static function check_token()
{
if (HttpIO::METHOD == 'GET') {
if (!isset($_GET['__form_token__'])) {
return false;
}
} else {
if (!isset($_POST['__form_token__'])) {
return false;
}
}
if (!$_POST['__form_token__'] || !is_array($_POST['__form_token__']) || !isset($_POST['__form_token__']['key']) || !isset($_POST['__form_token__']['hash'])) {
return false;
}
$cache_time = (int) Core::config('form_token_cache_time', 0);
$key = Text::rc4_decryption($_POST['__form_token__']['key']);
if (!$key || substr($key, 0, 12) != '_form_token/') {
return false;
}
if (!$cache_time > 0) {
if (!isset($_POST['__form_token__']['value'])) {
return false;
}
# 从表单中解密数据
$value = Text::rc4_decryption($_POST['__form_token__']['value']);
} else {
# 从缓存中获取
$value = Cache::instance(Core::config('form_token_cache_name'))->get($key);
}
if (!$value) {
return false;
}
if (Form::get_token_hash($value, $key) != $_POST['__form_token__']['hash']) {
return false;
}
return true;
}
