Home Explore Help
Register Sign In
wangyong
/
yuyue
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Branch: master
Branches Tags
yuyue
/
ThinkPHP
/
Library
/
Behavior
/
TokenBuildBehavior.class.php

TokenBuildBehavior.class.php 2.4 KB
Permalink History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354 
  1. <?php
    2. 

  2. // +----------------------------------------------------------------------
    3. 

  3. // | TOPThink [ WE CAN DO IT JUST THINK ]
    4. 

  4. // +----------------------------------------------------------------------
    5. 

  5. // | Copyright (c) 2010 http://topthink.com All rights reserved.
    6. 

  6. // +----------------------------------------------------------------------
    7. 

  7. // | Licensed ( http://www.apache.org/licenses/LICENSE-2.0 )
    8. 

  8. // +----------------------------------------------------------------------
    9. 

  9. // | Author: liu21st <liu21st@gmail.com>
    10. 

  10. // +----------------------------------------------------------------------
    11. 

  11. namespace Behavior;
    12. 

  12. /**
    13. 

  13.  * 系统行为扩展:表单令牌生成
    14. 

  14.  */
    15. 

  15. class TokenBuildBehavior {
    16. 

  16. 

  17.     public function run(&$content){
    18. 

  18.         if(C('TOKEN_ON')) {
    19. 

  19.             list($tokenName,$tokenKey,$tokenValue)=$this->getToken();
    20. 

  20.             $input_token = '<input type="hidden" name="'.$tokenName.'" value="'.$tokenKey.'_'.$tokenValue.'" />';
    21. 

  21.             $meta_token = '<meta name="'.$tokenName.'" content="'.$tokenKey.'_'.$tokenValue.'" />';
    22. 

  22.             if(strpos($content,'{__TOKEN__}')) {
    23. 

  23.                 // 指定表单令牌隐藏域位置
    24. 

  24.                 $content = str_replace('{__TOKEN__}',$input_token,$content);
    25. 

  25.             }elseif(preg_match('/<\/form(\s*)>/is',$content,$match)) {
    26. 

  26.                 // 智能生成表单令牌隐藏域
    27. 

  27.                 $content = str_replace($match[0],$input_token.$match[0],$content);
    28. 

  28.             }
    29. 

  29.             $content = str_ireplace('</head>',$meta_token.'</head>',$content);
    30. 

  30.         }else{
    31. 

  31.             $content = str_replace('{__TOKEN__}','',$content);
    32. 

  32.         }
    33. 

  33.     }
    34. 

  34. 

  35.     //获得token
    36. 

  36.     private function getToken(){
    37. 

  37.         $tokenName  = C('TOKEN_NAME',null,'__hash__');
    38. 

  38.         $tokenType  = C('TOKEN_TYPE',null,'md5');
    39. 

  39.         if(!isset($_SESSION[$tokenName])) {
    40. 

  40.             $_SESSION[$tokenName]  = array();
    41. 

  41.         }
    42. 

  42.         // 标识当前页面唯一性
    43. 

  43.         $tokenKey   =  md5($_SERVER['REQUEST_URI']);
    44. 

  44.         if(isset($_SESSION[$tokenName][$tokenKey])) {// 相同页面不重复生成session
    45. 

  45.             $tokenValue = $_SESSION[$tokenName][$tokenKey];
    46. 

  46.         }else{
    47. 

  47.             $tokenValue = $tokenType(microtime(TRUE));
    48. 

  48.             $_SESSION[$tokenName][$tokenKey]   =  $tokenValue;
    49. 

  49.             if(IS_AJAX && C('TOKEN_RESET',null,true))
    50. 

  50.                 header($tokenName.': '.$tokenKey.'_'.$tokenValue); //ajax需要获得这个header并替换页面中meta中的token值
    51. 

  51.         }
    52. 

  52.         return array($tokenName,$tokenKey,$tokenValue); 
    53. 

  53.     }
    54. 

  54. }
    55.