CSRF token 无法被验证. ----Yii连接数据库后数据库错误日志报错

CSRF token 无法被验证.

我使用的是mongodb+ yii1.1

What is CSRF, please see the details here.  http://en.wikipedia.org/wiki/Cross-site_request_forgery

In Yii, how to start the CSRF authorization? It is very easy to do that.

Just add this to main.php

'components'=>array(  
    'request'=>array(  
      'enableCsrfValidation'=>true,  
    ),  
),  

 

And then, do something else to send a request to the server, you have to provide the  YII_CSRF_TOKEN ( the browser will do for us when click a link), otherwise, you will get this message

The CSRF token could not be verified.

 

when you post a form, if you do not use CActiveForm or its children, you have to provide a hidden field to store the YII_CSRF_TOKEN.

<input type="hidden" name="YII_CSRF_TOKEN" value="<?php echo Yii::app()->request->csrfToken; ?>" />  

 

If you use CActiveForm or its children, you just use the same code no matter you set enableCsrfValidation to true or false.

如果你使用CActiveForm类或其继承的子类进行创建表单时,在POST提交数据的时候会有一个$_POST['YII_CSRF_TOKEN'] 字段,让程序识别这是程序合法的提交数据。

<?php $form=$this->beginWidget('CActiveForm'); ?>  
<--表单信息--> <?php $this->endWidget(); ?>

 顺便补充一下:在使用CActiveForm时,可以自定义设置参数,

 

<?php $form = $this->beginWidget('CActiveForm', array(
  'id' => 'register-form',
  'action' => ['test/register'],
));?>

 通过action选项设置当前表单数据的提交处理url. 详细参数可以参考参考手册

 

 

 

感谢原作者:http://www.cnblogs.com/davidhhuan/archive/2011/01/19/1939253.html

友情参考:http://blog.csdn.net/zm2714/article/details/8814663

posted @ 2016-12-26 16:11  程序小工  阅读(594)  评论(0编辑  收藏  举报