防止csrf

//防csrf攻击
        $csrf_hash = md5(uniqid(rand(), TRUE));
        set_cookie("my_csrf_name", $csrf_hash, 0, get_public_domain());
        $this->data['csrf_hash'] = $csrf_hash;



  //防csrf
        if(isset($requestData['my_csrf_token'])) {
            $cookie_csrf_hash = get_cookie("my_csrf_name");
            $form_csrf_hash = $requestData['my_csrf_token'];
            if($cookie_csrf_hash !== $form_csrf_hash) {
                echo json_encode(array('success' => 0, 'msg' => lang('try_again')));
                exit;
            }
        }

  

posted @ 2017-12-09 17:51  brady-wang  阅读(284)  评论(0编辑  收藏  举报