PHP Token(令牌)设计
2009-12-21 23:11:03 出处:https://www.yqdown.com
示例:
首先从$_POST里取出token,用isToken判断.
<?phpinclude ("../common.inc.php");$token = $_POST["token"];if (GToken::isToken($token,"adminLogin",true)) { $vCode = $_POST["vCode"]; if (strtoupper($vCode) != strtoupper($_SESSION[GConfig::SESSION_KEY_VALIDATE_CODE ])) { throw new Exception("验证码不正确!"); } $vo = new VO_Admin(); $vo->setNickName($_POST["name"]); $vo->setPwd($_POST["pwd"]); $mo = new MO_Admin(); $mo->setVO($vo); $f = $mo->login(); if(!$f){ throw new Exception("用户名或密码不正确!"); }else{ GToken::dropToken($token); //header("location:".GDir::getRelativePath("/admin/index.php")); echo "here"; //如果是外部提交的,这句就不会打印出来! }}$sFile = GDir::getAbsPath(GConfig::DIR_SERIALIZE ,"admin/login");$tpl = GSerialize::load($sFile);if ($tpl === false) { $tpl = new GTpl(GConfig::DIR_SKIN ,GConfig::DEBUG_TPL_FILE ); $tpl->load(array( "header" => "admin/header.html", "footer" => "admin/footer.html", "admLogin" => "admin/login.html", "admLoginJs"=> "admin/loginJs.html" )); GSerialize::save($tpl,$sFile);}$tpl->assign("title","管理员登陆");$tpl->assign("path",GDir::getRelativePath(SITE_DIR));$tpl->assign("vImg",GDir::getRelativePath("/vImg.php"));if (MO_Admin::isLogined()) { $tpl->parseBlock("blk_logined");}else { $tpl->assign("token",GToken::granteToken("adminLogin")); $tpl->parseBlock("blk_loadScripts","cond_notLogin"); $tpl->parseBlock("blk_notLogin");}echo $tpl->parse("header");echo $tpl->parse("admLogin");echo $tpl->parse("footer");echo $tpl->parse("admLoginJs");?>
分享到