PHP token (token) design goal: avoid repeating data submissions. Check the routing, whether it is an external commit match to perform the action (if there are multiple logic in the same page implementation, such as new, delete, modify and put into a PHP file operation) Here the token is in the page display, write to the form of a hidden form item (Type=hidden). Token is not clear, if it is clear, it is too dangerous, so to use a certain encryption. Ciphertext to be reversible. I'm an idiot, so I used a ready-made method on the Web.
How do I avoid repeating submissions?
In the session, an array is stored with the token that was successfully submitted. In the background processing, the first to determine whether the token is in this array, if present, the description is repeated commit.
How do I check the route?
Optional, this token is added to the current session_id when it is generated. If someone copied your HTML (token a copy), in the case of the submission, the theoretical token contains the session_id is not equal to the current session_id, You can tell that this commit is an external submission.
How do I match the action to be performed?
In token, the action name of this token is written into this token, so that, in the process of processing, the action is solved to compare on the line.
GEncrypt.inc.php:
Method:
GToken.inc.php
If you want to determine whether the execution of the matching action, you can change the Istoken in the FormName, run, very good, no match. Prove this success.
The above describes the PHP token (token) design, including the aspects of the content, I hope the PHP tutorial interested in a friend helpful.
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
