/** * 获取客户端IP * @return string */ private final function getSessionId() { if (!($id = Cookie::get($this->session_name))) { $id = 'hdphp' . md5(clientIp() . microtime(true)) . mt_rand(1, 99999); } Cookie::set($this->session_name, $id, $this->expire, '/', c('session.domain')); return $id; }
public function run() { //获取令牌,不存在时创建令牌 if (!($token = Session::get('csrf_token'))) { $token = md5(clientIp() . microtime(true)); Session::set('csrf_token', $token); } //令牌检测 if (IS_POST && Config::get('csrf.open')) { if (Request::post('csrf_token') != $token) { /** * 存在过滤的验证时忽略验证 */ foreach ((array) c('csrf.except') as $f) { if (preg_match("@{$f}@", __URL__)) { return; } } throw new \Exception('CSRF 令牌验证失败'); } } }
public function run() { $open = Config::get('csrf.open'); //服务器令牌数据 $token = Session::get('csrf_token'); //不存在时创建令牌 if ($open && !$token) { Session::set('csrf_token', md5(clientIp() . microtime(true))); } //令牌检测 if ($open && $token && Request::post() && Request::isDomain()) { if (Request::post('csrf_token') != $token) { //存在过滤的验证时忽略验证 $except = c('csrf.except'); foreach ((array) $except as $f) { if (preg_match("@{$f}@", __URL__)) { return; } } throw new \Exception('CSRF 令牌验证失败'); } } }
public function ip($type = 0) { return clientIp($type); }