This paper illustrates the method of create and automatic token verification in thinkphp, and the following steps are as follows:
First, the data table structure
The user table structure is as follows:
ID Username password
Ii. View Template Section
The \aoli\home\tpl\default\user\create.html page is as follows:
<form action= "__url__/addit" method= "POST" >
<input type= "text" name= "id"/>
<input type= "text "Name=" username "/> <input type=" password "name=" password "/> <input type="
Submit "Name=" Sub " Value= "Submit"/>
</form>
Third, the action part:
The \aoli\home\lib\action.php page is as follows:
<?php
class Useraction extends Action {
function Create () {
$this->display ();
}
function Addit () {
//Add form content to table user
$user =m (' user ');
$user->create ();
$user->add ();
Determines whether a token verification exists if
(! $user->autochecktoken ($_post)) {
dump (' no ');
else{
dump (' yes ');
}
? >
1, before the data submitted to the form to operate, we often need to manually create the required data, such as the form data submitted above:
Instantiate the user model
$user =m (' user ');
Gets the POST data for the form
$data [' username ']=$_post[' username ']
$data [' Password ']=$_post[' password ']
// Write to the database
$user->data ($data)->add ();
Attachment: Data objects created with the use of the date method are not automatically validated and filtered, need to be handled by themselves, and if you simply want to create a single data object and do not need to complete some additional functionality, you can use the data method to simply create the object.
2, thinkphp can help us to quickly create data objects, the most typical application is to automatically create data objects based on the form data. The Create method creates a data object that is stored in memory and is not actually written to the database.
Instantiate the user model
$user =m (' user ');
Creates a data object based on the post data submitted by the form and is saved in memory, and can be viewed by the dump ($user)
$user =create ();
Writes the created data object to the database
$user->add ();
3. The Create method supports creating data objects from other means, such as from other data objects or arrays.
$data [' name ']= ' thinkphp ';
$data [' eamil ']= ' ThinkPHP@gmail.com ';
$user->create ($data);
You can even support creating new data objects from objects, such as creating a new member data object from the user data object
$user =m (' user ');
$user->find (1);
$member =m (' member ');
$member->create ($user);
4, create method in the creation of data objects, but also completed a number of meaningful work, including token verification, automatic data validation, field type lookup, automatic data completion.
Because of this, we are familiar with the token verification, automatic verification and auto-complete function, in fact, must be the Create method to take effect.
5. Token Verification:
Function: Can effectively prevent the form of remote submission, such as security protection.
config.php, add the following configuration:
' token_on ' => true,//whether to open token authentication
' token_name ' => ' TOKEN ',//token-verified form hidden field name
' Token_ TYPE ' => ' MD5 ',//token verification hash rule
The automatic token places a MD5 encrypted string into the current session sessions. and insert this string before the form in the form of a hidden field. This string appears in two places, one in the session and the other in the form. When you submit the form, the first thing the server is to compare this session information, if correct, allow the form to submit, otherwise not allowed to submit.
Viewing create.html's source code will see that there is an automatically generated hidden field before the end sign of form form
<input type= "hidden" name= "token" value= "Eef419c3d14c9c93caa7627eedaba4a5"/>
(1), if you want to control the location of hidden fields, you can manually add the {__token__} identity in the form page, the system will be automatically replaced when the template output.
(2) If the form token verification is turned on, individual forms do not need to use token authentication
feature, you can add {__notoken__} to a form page, the system ignores token validation for the current form.
(3) If multiple forms exist on the page, it is recommended that you add the {__token__} identity and make sure that only one form requires token verification.
(4), if you create a data object using the creation method, the form validation will be done at the same time, and if the method is not used, you will need to manually invoke the model's Autochecktoken method for form validation.
if (! $User->autochecktoken ($_post)) {
//token validation error
}
I hope the examples shown in this article are helpful to the thinkphp program design.