//1 $_SESSION['token'] = time() . rand(1, 10000000); //2 "> //3 if(isset($_SESSION['token']) && $_SESSION['token'] == $_POST['token']){ unset($_SESSION['token']); //表单提交成功 }else{ //表单提交失败 }
$this->_tpl->assign('quid', $_SESSION['unquid']=$_uniqid= Tool::_unquid()); static public function _unquid() {//生成唯一标识符 return sha1(uniqid(rand(),true); }
public function check_unqid() { if (!self::checkStrEquals($_SESSION['unquid'], $_POST['token'])) { return exit( Tool::_json_log(-3,'防跨站提交,请刷新网页重试',2)); } }