<?php @session_start(); if($_POST) { if ($_POST['privatetoken'] == $_SESSION['token']) { unset($_SESSION['token']); echo '合法提交'; } else { echo 'novalite'; } } $token=md5(getrandcode()); $_SESSION['token'] = $token; function getrandcode(){ $str =array(1,2,3,4,5,6,7,8,9,'a','b','c','d','e','f','g','h'); $res=''; for($i=0;$i<4;$i++){ $rand=mt_rand(1,16); $res .=$str[$rand]; } return $res; } ?> <!doctype html> <html lang="en"> <head> <meta charset="UTF-8"> <title>form</title> </head> <body> <form action="form.php" method="post"> url:<input type="text" name="urlist" /> <input type="hidden" name="privatetoken" value="<?php echo $token;?>" /> <br /> <input type="submit" value="tijiao" /> </form> </body> </html> ------------------------------------------- 表单被模拟的话 session是不会重新生成的- session
PHP表单增加token验证,防止站外提交/重复提交/双击提交
最新推荐文章于 2021-03-28 23:08:36 发布
2362
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
