php hash防止表单

<?php

/**
* Created by PhpStorm.
* User: brady
* Desc:
* Date: 2017/7/12
* Time: 15:01
*/
class test extends MY_Controller
{
public function __construct()
{
parent::__construct();
}

public function index()
{
//防csrf攻击
$hash = md5(uniqid(rand(), TRUE));
set_cookie("__hash__", $hash, 0,get_public_domain());

$this->_viewData['__hash__'] = $hash;
parent::index();
}

public function do_submit()
{
$data = $this->input->post();
dump($data);
if(empty($data['__hash__'])){
echo "hacker";
}
echo $cookie_hash = get_cookie('__hash__');

if($cookie_hash === $data['__hash__']) {
echo "验证通过";

dump($_COOKIE);
} else {
echo "hacker";
}

}
}
posted @ 2017-07-12 15:52  brady-wang  阅读(285)  评论(0编辑  收藏  举报