Analysis of form token errors and solutions under ThinkPHP
This article mainly introduces the form token errors and solutions under ThinkPHP. It analyzes the principle, configuration, error causes and corresponding solutions of thinkPHP form token in more detail. Friends in need can refer to it
The examples in this article describe the form token errors and solutions under ThinkPHP. Share it with everyone for your reference, the details are as follows:
During the development process of the project, I occasionally encountered the "Form Token Error" prompted by the system when adding and editing data. I didn't pay much attention to it at first, until today. In the afternoon, QA mentioned this issue to the bug system. I happened to have some free time, so I followed the source code of TP3.13 and read it. After a few minutes, I knew the whole story.
To enable form tokens in the project, you usually need to make the following configuration in the configuration file
// 是否开启令牌验证 'TOKEN_ON' => true, // 令牌验证的表单隐藏字段名称 'TOKEN_NAME' => '__hash__', //令牌哈希验证规则 默认为MD5 'TOKEN_TYPE' => 'md5', //令牌验证出错后是否重置令牌 默认为true 'TOKEN_RESET' => true
Take editing data as an example, usually in There is a Model on the server with field filtering rules, and the Action with data detection code, such as
$table = D('table');
if(!$table->create()){
exit($this->error($table->getError()));
}At this time, double-click create() on the IDE to locate The create method in Model.class.php in the TP framework
/**
* 创建数据对象 但不保存到数据库
* @access public
* @param mixed $data 创建数据
* @param string $type 状态
* @return mixed
*/
public function create($data='',$type='') {
……省略……
// 表单令牌验证
if(!$this->autoCheckToken($data)) {
$this->error = L('_TOKEN_ERROR_');
return false;
}
……省略……
}When you see the code, you will understand that an error will be reported when the autoCheckToken method fails to detect, so continue to track this Method
// 自动表单令牌验证
// TODO ajax无刷新多次提交暂不能满足
public function autoCheckToken($data) {
// 支持使用token(false) 关闭令牌验证
// 如果在Action写了D方法,但没有对应的Model文件,那么$this->options为空
if(isset($this->options['token']) && !$this->options['token']) return true;
if(C('TOKEN_ON')){
$name = C('TOKEN_NAME');
if(!isset($data[$name]) || !isset($_SESSION[$name])) { // 令牌数据无效
return false;
}
// 令牌验证
list($key,$value) = explode('_',$data[$name]);
if($value && $_SESSION[$name][$key] === $value) { // 防止重复提交
unset($_SESSION[$name][$key]); // 验证完成销毁session
return true;
}
// 开启TOKEN重置
if(C('TOKEN_RESET')) unset($_SESSION[$name][$key]);
return false;
}
return true;
}After reading this code, you will find that there is $_SESSION[$name] in the first judgment, so where does this seesion variable come from? Well, this has to start when generating the token, locating the TokenBuildBehavior.class.php file
// 创建表单令牌
private function buildToken() {
$tokenName = C('TOKEN_NAME');
$tokenType = C('TOKEN_TYPE');
if(!isset($_SESSION[$tokenName])) {
$_SESSION[$tokenName] = array();
}
// 标识当前页面唯一性
$tokenKey = md5($_SERVER['REQUEST_URI']);
if(isset($_SESSION[$tokenName][$tokenKey])) {// 相同页面不重复生成session
$tokenValue = $_SESSION[$tokenName][$tokenKey];
}else{
$tokenValue = $tokenType(microtime(TRUE));
$_SESSION[$tokenName][$tokenKey] = $tokenValue;
}
$token = '<input type="hidden" name="'.$tokenName.'" value="'.$tokenKey.'_'.$tokenValue.'" />';
return $token;
}This code is mainly used to enable form verification in TP In this case, the token value is generated based on TOKEN_NAME and the md5 of the current URI. When the user submits the form, first verify whether the session exists. If not, return false. If yes, then verify with the form field TOKEN_NAME. If it is consistent Delete this session first (when used to avoid form token errors when submitting next time), return true, otherwise return false.
ok, back to the topic, the reason why a token error occurs when submitting a form under TP, there are only two possibilities
1. When the token is turned on, in the submitted form , there is no TOKEN_NAME field or no corresponding session (in the current submission form environment, no corresponding session is generated. This is mainly because an error is reported after the user submits and the user then refreshes the current page. At the same time, the editing page and the display page are in the same method)
2. There is a session variable, but the before and after values are different
The reason why this error occurs in our project can be seen in the following configuration
return array ( 'TOKEN_ON' => 'false', 'TOKEN_NAME' => '__hash__', 'TOKEN_TYPE' => 'md5', 'TOKEN_RESET' => 'true', 'DB_FIELDTYPE_CHECK' => 'true' );
It should have been written as false as a Boolean value. I don’t know which hero wrote it as false as a string. Then of course the judgment will be based on the logic of opening the form token, and in the project, add, edit and The display method is the same. Once there is an error in verification, the general program processing logic will return to the original interface, then it will be the same form as last time. Continuous submission of the same form is equivalent to repeated submission, then " Form token error".
Related recommendations:
thinkPHP’s method of implementing the check-in function
thinkPHP’s method of implementing excel data Import and export (with complete case)
The above is the detailed content of Analysis of form token errors and solutions under ThinkPHP. For more information, please follow other related articles on the PHP Chinese website!
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
1655
14
1414
52
1307
25
1253
29
1227
24
Is the company's security software causing the application to fail to run? How to troubleshoot and solve it?
Apr 19, 2025 pm 04:51 PM
Troubleshooting and solutions to the company's security software that causes some applications to not function properly. Many companies will deploy security software in order to ensure internal network security. ...
Navicat's solution to the database cannot be connected
Apr 08, 2025 pm 11:12 PM
The following steps can be used to resolve the problem that Navicat cannot connect to the database: Check the server connection, make sure the server is running, address and port correctly, and the firewall allows connections. Verify the login information and confirm that the user name, password and permissions are correct. Check network connections and troubleshoot network problems such as router or firewall failures. Disable SSL connections, which may not be supported by some servers. Check the database version to make sure the Navicat version is compatible with the target database. Adjust the connection timeout, and for remote or slower connections, increase the connection timeout timeout. Other workarounds, if the above steps are not working, you can try restarting the software, using a different connection driver, or consulting the database administrator or official Navicat support.
What to do if Redis memory usage is too high?
Apr 10, 2025 pm 02:21 PM
Redis memory soaring includes: too large data volume, improper data structure selection, configuration problems (such as maxmemory settings too small), and memory leaks. Solutions include: deletion of expired data, use compression technology, selecting appropriate structures, adjusting configuration parameters, checking for memory leaks in the code, and regularly monitoring memory usage.
Centos minio installation permissions issues
Apr 14, 2025 pm 02:00 PM
Permissions issues and solutions for MinIO installation under CentOS system When deploying MinIO in CentOS environment, permission issues are common problems. This article will introduce several common permission problems and their solutions to help you complete the installation and configuration of MinIO smoothly. Modify the default account and password: You can modify the default username and password by setting the environment variables MINIO_ROOT_USER and MINIO_ROOT_PASSWORD. After modification, restarting the MinIO service will take effect. Configure bucket access permissions: Setting the bucket to public will cause the directory to be traversed, which poses a security risk. It is recommended to customize the bucket access policy. You can use MinIO
What are the common misunderstandings in CentOS HDFS configuration?
Apr 14, 2025 pm 07:12 PM
Common problems and solutions for Hadoop Distributed File System (HDFS) configuration under CentOS When building a HadoopHDFS cluster on CentOS, some common misconfigurations may lead to performance degradation, data loss and even the cluster cannot start. This article summarizes these common problems and their solutions to help you avoid these pitfalls and ensure the stability and efficient operation of your HDFS cluster. Rack-aware configuration error: Problem: Rack-aware information is not configured correctly, resulting in uneven distribution of data block replicas and increasing network load. Solution: Double check the rack-aware configuration in the hdfs-site.xml file and use hdfsdfsadmin-printTopo
Can vs code run in Windows 8
Apr 15, 2025 pm 07:24 PM
VS Code can run on Windows 8, but the experience may not be great. First make sure the system has been updated to the latest patch, then download the VS Code installation package that matches the system architecture and install it as prompted. After installation, be aware that some extensions may be incompatible with Windows 8 and need to look for alternative extensions or use newer Windows systems in a virtual machine. Install the necessary extensions to check whether they work properly. Although VS Code is feasible on Windows 8, it is recommended to upgrade to a newer Windows system for a better development experience and security.
How to create Mysql database using phpMyadmin
Apr 10, 2025 pm 10:48 PM
phpMyAdmin can be used to create databases in PHP projects. The specific steps are as follows: Log in to phpMyAdmin and click the "New" button. Enter the name of the database you want to create, and note that it complies with the MySQL naming rules. Set character sets, such as UTF-8, to avoid garbled problems.
How to deal with Redis memory fragmentation?
Apr 10, 2025 pm 02:24 PM
Redis memory fragmentation refers to the existence of small free areas in the allocated memory that cannot be reassigned. Coping strategies include: Restart Redis: completely clear the memory, but interrupt service. Optimize data structures: Use a structure that is more suitable for Redis to reduce the number of memory allocations and releases. Adjust configuration parameters: Use the policy to eliminate the least recently used key-value pairs. Use persistence mechanism: Back up data regularly and restart Redis to clean up fragments. Monitor memory usage: Discover problems in a timely manner and take measures.
