上面的timestamp , adminuser, token参数传送到服务器
服务器端进行验证
public function actionMailchangepass(){
$this->layout = false;
//接收来自用户的url链接信息
$time = Yii::$app->request->get("timestamp");
$adminuser = Yii::$app->request->get("adminuser");
$token = Yii::$app->request->get("token");
$model = new Admin;
//根据用户传递过来的信息创建一个tocken
$myToken = $model->createToken($adminuser, $time);
//创建的token和原油的token对比
if ($token != $myToken) {
$this->redirect(['public/login']);
Yii::$app->end();
}
//时间对比
if (time() - $time > 300) {
$this->redirect(['public/login']);
Yii::$app->end();
}
if (Yii::$app->request->isPost) {
$post = Yii::$app->request->post();
if ($model->changePass($post)) {
Yii::$app->session->setFlash('info', '密码修改成功');
}
}
$model->adminuser = $adminuser;
return $this->render("mailchangepass", ['model' => $model]);
}
创建tocken代码
public function createToken($adminuser, $time)
{
return md5(md5($adminuser).base64_encode(Yii::$app->request->userIP).md5($time));
}
上面用ip进行加密, 转发无效