Create method and automatic token validation instance in thinkphp

This article mainly introduces the Create method in thinkphp and the implementation method of automatic token verification, has very important use, the need for friends can refer to the following

In this paper, the method of the Create method and automatic token verification in thinkphp is presented, with the following steps:

First, the data table structure

The user table is structured as follows:

ID Username password

Second, view template part

The \aoli\home\tpl\default\user\create.html page is as follows:

<form action= "__url__/addit" method= "POST" > <input type= "text" name= "id"/> <input type= "text" Name= " Username "/> <input type=" password "name=" password "/> <input type=" Submit "Name=" sub "value=" Commit "/></ Form>

Third, action part:

The \aoli\home\lib\action.php page is as follows:

<?php class Useraction extends Action {  function Create () {     $this->display ();      }      function Addit () {     //Add form content to table user     $user =m (' user ');     $user->create ();     $user->add ();     Determine if there is a token validation     if (! $user->autochecktoken ($_post)) {       dump (' no ');      } else{       dump (' yes ');}        }? >

1, before the data submitted by the form to operate, we often need to manually create the required data, such as the above submitted form data:

Instantiate the user model  $user =m (' user ');  Get the POST data for the form  $data [' username ']=$_post[' username ']  $data [' Password ']=$_post[' password ']  // Write to Database   $user->data ($data)->add ();

Attached: Data objects created with the data method do not automatically validate and filter, need to handle themselves, if you simply want to create a data object, and do not need to complete some additional functions, you can use the data method to create a simple database object.

2, thinkphp can help us to quickly create data objects, the most typical application is to automatically create data objects based on form data. The Create method creates a data object that is stored in memory and is not actually written to the database.

   Instantiate the user model    $user =m (' user ');     The data object is created based on the post data submitted by the form and is stored in memory and can be viewed    $user =create () via Dump ($user);   Writes the created data object to the database    $user->add ();

3. The Create method supports the creation of data objects from other means, such as from other data objects or arrays.

   $data [' name ']= ' thinkphp ';   $data [' eamil ']= ' ThinkPHP@gmail.com ';   $user->create ($data);   You can even support creating new data objects from objects, such as creating a new member data object from a user data object   $user =m (' user ');   $user->find (1);   $member =m (' member ');   $member->create ($user);

4, create method in the creation of data objects at the same time, but also completed some very meaningful work, including token verification, data validation, field type lookup, automatic data completion and so on.

As a result, we are familiar with token validation, auto-validation, and auto-completion, which in fact must be done through the Create method.

5. Token Verification:

Function: It can effectively prevent the remote submission of forms and other security protection.

The following configuration is added to the config.php:

   ' token_on '   +  true,//whether to turn on token validation   ' token_name ' = ' token  ',//token-validated form hidden field name   ' Token_type '  = '  md5 ',//token validation hash rule

The automatic token puts a MD5 encrypted string into the current session. and inserts the string as a hidden field before the form's form. This string appears in two places, one in the session and the other in the form. When you submit a form, the server first thing is to compare this session information, if correct, allow the form to submit, otherwise it is not allowed to commit.

Viewing the source code of the create.html will see an auto-generated hidden field before the end flag of the form form

<input type= "hidden" name= "token" value= "Eef419c3d14c9c93caa7627eedaba4a5"/>

(1), if you want to control the location of the hidden domain, you can manually add the {__token__} identity on the form page, the system will be automatically replaced when the template is output.

(2), if the form token authentication is turned on, individual forms do not need to use token authentication
feature, you can add {__notoken__} to the form page, and the system ignores token validation for the current form.

(3), if more than one form exists on the page, it is recommended to add the {__token__} identity and ensure that only one form requires token validation.

(4), if the creation method is used to create the data object, the form validation will be done at the same time, if the method is not used, you need to manually call the model's Autochecktoken method for form validation.

if (! $User->autochecktoken ($_post)) {//token validation Error}