1 crub.class.php
class Crumb {
CONST SALT = "your-secret-salt";
static $ttl = 1; //$ttl表示這個隨機串的有效時間(秒)
static public function challenge($data) {
return hash_hmac('md5', $data, self::SALT);
}
static public function issueCrumb($uid, $action = -1) {
$i = ceil(time() / self::$ttl);
return substr(self::challenge($i . $action . $uid), -12, 10);
}
static public function verifyCrumb($uid, $crumb, $action = -1) {
//var_Dump( $uid);
$i = ceil(time() / self::$ttl);
if(substr(self::challenge($i . $action . $uid), -12, 10) == $crumb ||
substr(self::challenge(($i - 1) . $action . $uid), -12, 10) == $crumb)
return true;
return false;
}
}
應用示例
構造表單
在表單中插入一個隱藏的隨機串crumb
處理表單 demo.php
對crumb進行檢查
if(Crumb::verifyCrumb($uid, $_POST['crumb'])){
//按照正常流程處理表單
}else{
//crumb校驗失敗,錯誤提示流程
}
如果是ajax,也可以應用crumb,以jquery的ajax提交為例:
$.ajax({
type: "POST",
url: "some.php",
data: "name=blah&crumb=<?php echo Crumb::issueCrumb($uid)?>",
success: function(msg){
alert( "Data Saved: " + msg );
}
});
同理,crumb也可以在get方式的ajax請求中應用