Random string Code implementation
We follow this idea, cottage a crumb implementation, the code is as follows:
Copy the code code as follows:
!--? PHP class Crumb {
CONST SALT = "Your-secret-salt";
Static $ttl = 7200;
Static public Function Challenge ($data) {
return Hash_hmac (' MD5 ', $data, Self::salt);
}
Static public function Issuecrumb ($uid, $action =-1) {
$i = ceil (Time ()/self:: $TTL);
Return substr (Self::challenge ($i. $action. $uid),-12, 10);
}
Static public function Verifycrumb ($uid, $crumb, $action =-1) {
$i = ceil (Time ()/self:: $TTL);
if (substr (Self::challenge ($i. $action. $uid), -12) = = $crumb | |
substr (Self::challenge (($i-1). $action. $uid), -12,) = = $crumb)
return true;
return false;
}
}
The $uid in the code represents the user's unique identity, while $ttl represents the valid time of the random string.
Application examples
Construct a form
Insert a hidden random string in the form crumb
Copy the Code code as follows:
Working with Forms demo.php
Check the Crumb
Copy the Code code as follows:
if (Crumb::verifycrumb ($uid, $_post[' crumb ')) {
Process forms according to normal process
} else {
Crumb checksum failure, error message Flow
}
This article from the Bun Blog
http://www.bkjia.com/PHPjc/326620.html www.bkjia.com true http://www.bkjia.com/PHPjc/326620.html techarticle Yahoo's approach to forging cross-site requests is to add a random string called. Crumb to the form, and Facebook has a similar solution, and its table dropdowns often have post_form_id and FB_DTSG. ...
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
