PHP 无法在表单提交上设置会话令牌

【问题标题】:PHP Can't Set Session Token on Form SubmittalPHP 无法在表单提交上设置会话令牌
【发布时间】:2018-05-25 04:13:43
【问题描述】:

我的 PHP 表单有问题。我的表单上有一个图像作为提交按钮,并且在提交表单时我似乎无法设置会话令牌。代码的编写方式是在页面加载时设置令牌。这并没有给我带来太多困扰,但我需要在提交表单时设置或重置它。谁能告诉我我做错了什么?代码如下:

<?php
// Initiate the session.
session_start();
// Simple function to return a timestamp.
function microtime_float() {
    list($usec, $sec) = explode(" ", microtime());
    return ((float)$usec + (float)$sec);
}
// Generate the token.
function generateToken() {
    // generate a token from a unique value, took from microtime...
    $token = "myFormToken-" . microtime_float();  

    // Write the generated token to the session variable to check it against the hidden field when the form is sent
    $_SESSION['myFormToken'] = $token; 
    return $token;
}
?>
<!DOCTYPE HTML>
<html>
<head>
<title>This Is My Webpage...</title>
</head>
<body>
<h1>Click on the image below to be taken to the next page..</h1>
<br /><br />
<!-- BEGIN My Form -->
<form action="http://www.mywebsite.com/mypage.php" method="post" target="_top">
<input type="hidden" name="myFormToken" value="<?php echo generateToken(); ?>">
<input type="image" src="http://www.mywebsite.com/myimage.jpg" border="0" name="submit" alt="Click this image!">
</form>
<!-- END My Form -->

</body>
</html>

感谢您的帮助!

布赖恩

【问题讨论】:

  • 你应该检查表单是否提交。

标签: php html forms submit


【解决方案1】: 
<?php
// Initiate the session.
session_start();
// Simple function to return a timestamp.
function microtime_float() {
    list($usec, $sec) = explode(" ", microtime());
    return ((float)$usec + (float)$sec);
}
// Generate the token.
function generateToken() {
    // generate a token from a unique value, took from microtime...
    $token = "myFormToken-" . microtime_float();  

    // Write the generated token to the session variable to check it against the hidden field when the form is sent
      $request = filter_input(INPUT_SERVER, "REQUEST_METHOD");
   if($request === 'POST')
    $_SESSION['myFormToken'] = $token;
   } else{
$_SESSION['myFormToken'] = $token;
}
    return $token;
}
?>
<!DOCTYPE HTML>
<html>
<head>
<title>This Is My Webpage...</title>
</head>
<body>
<h1>Click on the image below to be taken to the next page..</h1>
<br /><br />
<!-- BEGIN My Form -->
<form action="http://www.mywebsite.com/mypage.php" method="post" target="_top">
<input type="hidden" name="myFormToken" value="<?php echo generateToken(); ?>">
<input type="image" src="http://www.mywebsite.com/myimage.jpg" border="0" name="submit" alt="Click this image!">
</form>
<!-- END My Form -->

</body>
</html>

【讨论】:

  • 古弗兰,感谢您的意见。我已经发布了我想出的解决方案。对于无法接受的回复延迟,我们深表歉意。
  • @B.J.Torreano,没问题 :)
【解决方案2】:

我很抱歉没有早点发布这个。这是我最终提出的解决方案。请注意,为了保护我的代码,一些信息已被删除。我希望我在这里发布的内容仍然可以帮助某人。

<?php
// Initiate the session.
session_start();

$myname =""; // Sender Name
$mynameError ="";
$mysoftwarelicensetoken = "";
$mylicensetokenError = "";

// Set this so that we don't go into the function below, until the form posts.
$errors = 1;

// Simple function to replicate PHP 5 behaviour
function microtime_float() {
    list($usec, $sec) = explode(" ", microtime());
    return ((float)$usec + (float)$sec);
}

// Set the token here to prevent any user going to this page and then
//   getting back to the sumbit page.
$_SESSION["myformtoken"] = "myunknowntesttoken";

// Set the variable so that we get into the 'if' section below.
if(isset($_POST['submit'])) { // Checking to see if the form posted.

    $errors = 0;
    //$myname = $_POST["myname"]; // Sender Name
    $mysoftwarelicensetoken = $_POST["mysoftwarelicensetoken"];

    if (!isset($_POST["mysoftwarelicensetoken"])){
        $mylicensetokenError = "You must accept the license agreement";
        $errors = 1;
    } else {
        if ($mysoftwarelicensetoken !== "Yes") {
            $mylicensetokenError = "You must accept the license agreement";
            $errors = 1;
        } else {
            $errors = 0;
        }
    }

    // Set the token again, just for safety's sake.
    $_SESSION["myformtoken"] = "myunknowntesttoken";
}

// This will run when the form posts.
if($errors == 0){
    // Set output SESSION variable. 
    $_SESSION["myformtoken"] = 'myformtoken_intro_' . microtime_float();

    // Re-direct to payment website for payment processing.
    header('Location: https://www.mypaymentwebsite.com');
}
// header("Cache-Control: no cache");
// session_cache_limiter("private_no_expire");
?>
<!DOCTYPE html>
<html>
<head>This Is My Webpage...</head>
<body>
<h1>Click on the image below to be taken to the next page..</h1>
<br /><br />
<!-- BEGIN My Form -->
<form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>" enctype="multipart/form-data">
<label>Do you accept the <a href="mysoftwarelicense.html" class="underlinelink">license agreement</a>?<br />
    You MUST do so to proceed with your purchase.</label>
<div>
<input type="radio" name="mysoftwarelicensetoken" value="Yes" <?php if (isset($mysoftwarelicensetoken) && $mysoftwarelicensetoken == "Yes") echo "checked"; ?> > Yes
<input type="radio" name="mysoftwarelicensetoken" value="No" <?php if (isset($mysoftwarelicensetoken) && $mysoftwarelicensetoken == "No") echo "checked"; ?> > No
</div>
<div class="error"><?php echo $mylicensetokenError;?></div>
<br />
<input class="submit link-button btn btn-outline-primary btn-lg" type="submit" name="submit" value="Buy It Now" id="myBuyButton">
</form>
<!-- END My Form -->

</body>
</html>

【讨论】:

    猜你喜欢
    • 1970-01-01
    • 1970-01-01
    • 2013-07-09
    • 1970-01-01
    • 1970-01-01
    • 2015-11-17
    • 1970-01-01
    • 2016-08-18
    • 1970-01-01
    相关资源
    最近更新 更多
    热门标签
    Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode