Boo*_*ski 5 php authentication token ruby-on-rails-3
PHP有自己的Rails真实性令牌版本吗?
<meta name="csrf-token" content="<%= form_authenticity_token %>" />
<meta name="csrf-param" content="authenticity_token" />
如果没有,实现相同功能的最佳方法是什么?
输出到表格时:
$token = md5(time() . rand(1,100));
$_SESSION['token'] = $token;
<input type='hidden' name='token' value='<?=$token;?>'/>
POST后:
if(empty($_POST['token']) || $_POST['token'] !== $_SESSION['token']){
exit("Bad token!");
}
unset($_SESSION['token']);