thinkphp Next Form token error and resolution method analysis

This article mainly introduces the Thinkphp form token error and solution, more detailed analysis of the thinkphp form token of the principle, configuration, error causes and corresponding solutions, the need for friends can refer to the following

The examples in this article describe the thinkphp of the following form token errors and workarounds. Share to everyone for your reference, as follows:

In the project development process, add, edit the data occasionally encounter system prompt "form token error", at the beginning did not care, until this afternoon QA put this issue mentioned bug system, just time also have spare, chase the source of TP3.13 to look down, a few minutes later, then know the cause.

To open a form token in a project, you typically configure it in the configuration file as follows

Whether to turn on token validation ' token_on ' + true,//token validation form hidden field name ' token_name ' = ' __hash__ ',//token hash validation rule default to MD5 ' token_type ' = ' MD5 ',//after token validation error whether resetting token defaults to True ' token_reset ' = True

To edit the data as an example, usually on the service side there is a model write the field filter rules, action write the code of the data detection, such as

$table = D (' table '), if (! $table->create ()) {  exit ($this->error ($table->geterror ()));}

At this point, double-click Create () on the IDE to navigate to the Create method in the Model.class.php in the TP frame

/*** create data Object but do not save to database * @access public* @param mixed $data Create data * @param string $type status * @return mixed*/public function Crea Te ($data = ', $type = ') {  ...  omit ... Form token validation  if (! $this->autochecktoken ($data)) {    $this->error = L (' _token_error_ ');    return false;  }  ...... Omit ...}

See the code to understand that when the Autochecktoken method fails to detect an error, then follow this method

Automatic form token verification//TODO AJAX No flush multiple commits can not meet public function Autochecktoken ($data) {  //support using token (false) to turn off token authentication  // If you write the D method in action, but do not have a corresponding model file, then $this->options is empty  if (isset ($this->options[' token ') &&! $this- >options[' token ') return true;  if (c (' token_on ')) {    $name  = C (' Token_name ');    if (!isset ($data [$name]) | |!isset ($_session[$name]) {//Token data Invalid      return false;    }    Token validation    list ($key, $value) = Explode (' _ ', $data [$name]);    if ($value && $_session[$name [$key] = = = $value) {//Prevent duplicate submissions      unset ($_session[$name] [$key]);// Validation completed destroying session      return true;    }    Turn on TOKEN reset    if (C (' Token_reset ')) unset ($_session[$name] [$key]);    return false;  }  return true;}

Look at this code, you will find the first judgment in the $_session[$name], then this seesion variable from where to come from, this also need to start from the generation of tokens, TokenBuildBehavior.class.php file positioning

Create a form token private function Buildtoken () {  $tokenName = C (' token_name ');  $tokenType = C (' Token_type ');  if (!isset ($_session[$tokenName])) {    $_session[$tokenName] = array ();  }  Identifies the current page uniqueness  $tokenKey  = MD5 ($_server[' Request_uri ');  if (Isset ($_session[$tokenName] [$tokenKey])) {//the same page does not repeat generation SESSION    $tokenValue = $_session[$tokenName] [$tokenKey ];  } else{    $tokenValue = $tokenType (Microtime (TRUE));    $_session[$tokenName] [$tokenKey]  = $tokenValue;  }  $token   = ' <input type= ' hidden "name=" '. $tokenName. ' value= '. $tokenKey. ' _ '. $tokenValue. '/> ';  return $token;}

This code is mainly in the case of TP open form verification, the Token_name and the current URI of the MD5 to build the token value, and then when the user submits the form, the first to verify the existence of the session, there is no return false, followed by and the form field Token_ Under name validation, if the session is first deleted (avoids the next commit-first form token error), returns ture, otherwise false.

OK, back to the topic, TP under the form submit the cause of a token error, then there are only two possible

1. In the status of the token, the submitted form, there is no token_name field or no corresponding session (the current submission form environment, not generate the corresponding session, this is mainly after the user submits an error, the user immediately after the current page refresh, Simultaneously edit the page and the presentation page is in the same method)

2. There is a session variable, but the value is not the same

Our project this error can be seen in the following configuration

Return Array (  ' token_on ' = ' false ',  ' token_name ' = ' __hash__ ',  ' token_type ' = ' md5 ',  ' Token_reset ' = ' ' true ',  ' db_fieldtype_check ' = ' true ');

Should have been written as a Boolean value of false, do not know which hero willful write a string of false, then of course will be judged by the logic to open the form token, and the project, add, edit and display are the same method, once the validation error, the general process logic will return to the original interface, Then it's the same form as the last time, and submitting the same form consecutively is the equivalent of repeating the submission, then the "form token error" will be reported.