PHP 中的表单未提交且令牌无效

Question

当您点击 Login 提交按钮时，它只显示 "Invalid Token" 因为给定的 token没有被系统识别。但是，如果我点击 Register 提交按钮，表单就会被提交和处理。

表单代码：

<form method="post">
  <div class="field">
    <label for="username">Username: </label>
    <input type="text" name="username" id="username" autocomplete="off" />
  </div>

  <div class="field">
    <label for="Password">Password: </label>
    <input type="password" name="password" id="password" autocomplete="off" />
  </div>

  <div class="field">
    <label for="remember">
      <input type="checkbox" name="remember" id="remember" value="on"/> Remember Me
    </label>
  </div>

  <input type="hidden" name="login_token" value="<?php echo Token::generate(); ?>" />
  <input name="login" type="submit" value="Login" />
</form>
<hr>
<br>
<form action="" method="post">
      <div class="field">
        <label for="username">Username</label>
        <input type="text" name="username" id="username" value="<?php echo sanitize(Input::get('username')); ?>" autocomplete="off" />
      </div>

      <div class="field">
        <label for="password">Choose a Password</label>
        <input type="password" name="password" id="password" />
      </div>

      <div class="field">
        <label for="password_again">Enter your Password Again</label>
        <input type="password" name="password_again" id="password_again" />
      </div>

      <div class="field">
        <label for="name">Name</label>
        <input type="text" name="name" id="name" value="<?php echo sanitize(Input::get('name')); ?>"/>
      </div>
      <input type="hidden" name="rgstr_tkn" value="<?php echo Token::generate(); ?>" />
      <input type="submit" value="Register" name="register"/>
</form>

PHP表单提交时要处理的代码：

if (isset($_POST["login"])){
        if(Token::check(Input::get('login_token'))) {
            echo "Login!";
            echo Input::get('login_token');
        } else {
            echo 'invalid token';
        }
}

if (isset($_POST["register"])) {
        if(Token::check(Input::get('rgstr_tkn'))) {
            echo "Register!";
            echo Input::get('rgstr_tkn');
        }
}

Token Class:

class Token {

  # Generate a token, and put it into the session/token_name
  public static function generate() {
      return Session::put(Config::get('session/token_name'), md5(uniqid()));
  }

  # Check if the token exists
  public static function check($token) {
      $tokenName = Config::get('session/token_name');

      if(Session::exists($tokenName) && $token === Session::get($tokenName)) {
          Session::delete($tokenName);
          return true;
      }

      return false;
  }

}

Input Class:

class Input {

    # Check if the POST or GET request is submitted
    public static function exists($type = 'post') {
        switch($type) {
            case 'post':
                return (!empty($_POST)) ? true : false;
                break;
            case 'get':
                return (!empty($_GET)) ? true : false;
                break;
            default:
                return false;
                break;
        }
    }

    # Get an item from the posted or get field
    public static function get($item) {
        if(isset($_POST[$item])) {
            return $_POST[$item];
        } else if(isset($_GET[$item])) {
            return $_GET[$item];
        }

        return '';
    }

}

Answer 1

你的问题是，当你再次返回那个页面时，它会再次生成一个新的令牌这就是 returns "Invalid token" 解决

的原因

在你的

public static function generate() {

}

您在创建之前先检查您是否已经生成了指定的会话令牌

public static function generate() {
    $tokenName = Config::get('session/token_name');
    // if session is already generate then just return it instead of generating new one
    if (Session::exists($tokenName)) {    
        return Session::get($tokenName);
    }
    // else create this session_token
    return Session::put($tokenName, md5(uniqid()));
}

希望对您有所帮助

PHP 中的表单未提交且令牌无效

Form is not submitted and Invalid Token in PHP

php

forms

token