Tutorial on the Create method and automatic token validation example in thinkphp, thinkphpcreate_php tutorial

Source: Internet
Author: User

The Create method and automatic token validation example tutorial in thinkphp, thinkphpcreate


In this paper, the method of the Create method and automatic token verification in thinkphp is presented, with the following steps:

First, the data table structure

The user table is structured as follows:

ID Username password

Second, view template part

The \aoli\home\tpl\default\user\create.html page is as follows:

Third, action part:

The \aoli\home\lib\action.php page is as follows:

<?php class Useraction extends Action {  function Create () {     $this->display ();      }      function Addit () {     //Add form content to table user     $user =m (' user ');     $user->create ();     $user->add ();     Determine if there is a token validation     if (! $user->autochecktoken ($_post)) {       dump (' no ');      } else{       dump (' yes ');}        }? >

1, before the data submitted by the form to operate, we often need to manually create the required data, such as the above submitted form data:

Instantiate the user model  $user =m (' user ');  Get the POST data for the form  $data [' username ']=$_post[' username ']  $data [' Password ']=$_post[' password ']  //write to Database   $user->data ($data)->add ();

Attached: Data objects created with the data method do not automatically validate and filter, need to handle themselves, if you simply want to create a data object, and do not need to complete some additional functions, you can use the data method to create a simple database object.

2, thinkphp can help us to quickly create data objects, the most typical application is to automatically create data objects based on form data. The Create method creates a data object that is stored in memory and is not actually written to the database.

   Instantiate the user model    $user =m (' user ');     The data object is created based on the post data submitted by the form and is stored in memory and can be viewed    $user =create () via Dump ($user);   Writes the created data object to the database    $user->add ();

3. The Create method supports the creation of data objects from other means, such as from other data objects or arrays.

   $data [' name ']= ' thinkphp ';   $data [' eamil ']= ' ThinkPHP@gmail.com ';   $user->create ($data);   You can even support creating new data objects from objects, such as creating a new member data object from a user data object   $user =m (' user ');   $user->find (1);   $member =m (' member ');   $member->create ($user);

4, create method in the creation of data objects at the same time, but also completed some very meaningful work, including token verification, data validation, field type lookup, automatic data completion and so on.

As a result, we are familiar with token validation, auto-validation, and auto-completion, which in fact must be done through the Create method.

5. Token Verification:

Function: It can effectively prevent the remote submission of forms and other security protection.

The following configuration is added to the config.php:

   ' token_on '   =  true,//whether to turn on token validation   ' token_name ' = ' token  ',//token-validated form hidden field name   ' Token_ TYPE '  = '  md5 ',//token validation hash rule

The automatic token puts a MD5 encrypted string into the current session. and inserts the string as a hidden field before the form's form. This string appears in two places, one in the session and the other in the form. When you submit a form, the server first thing is to compare this session information, if correct, allow the form to submit, otherwise it is not allowed to commit.

Viewing the source code of the create.html will see an auto-generated hidden field before the end flag of the form form

(1), if you want to control the location of the hidden domain, you can manually add the {__token__} identity on the form page, the system will be automatically replaced when the template is output.

(2), if the form token authentication is turned on, individual forms do not need to use token authentication
feature, you can add {__notoken__} to the form page, and the system ignores token validation for the current form.

(3), if more than one form exists on the page, it is recommended to add the {__token__} identity and ensure that only one form requires token validation.

(4), if the creation method is used to create the data object, the form validation will be done at the same time, if the method is not used, you need to manually call the model's Autochecktoken method for form validation.

if (! $User->autochecktoken ($_post)) {//token validation Error}

It is hoped that the example shown in this article will be helpful to thinkphp program design.


What is the use of the Thinkphp:create () method?

The 1.create method can process the data that is submitted by the post (the data instance is automatically encapsulated by the field name in the table and the form's name that is submitted), such as a field in the user table called "username" if there is a, then $user = M (' User '); $data = $User->create (); echo $data [' username '], will output "Xiao Ming", do not use $_post[' username ' to receive.
2. Use the Create method to make token validation of the form, preventing the form from repeating the submission.
3. Data can be automatically verified, provided that you have to manually create a UserModel.class.php file in the Model folder, in which to add validation
Protected $_validate = Array (
Array (' username ', ' require ', ' username must ', 1),
);
4. You can automatically assign a value to a field, if you have to manually create a UserModel.class.php file in the Model folder, in which you add
Protected $_auto = Array (
Array (' Create_time ', ' time ', Self::model_insert, ' function '),
);
Then the user's registration time will be automatically assigned to the current time

Attach the source code of the Create method:
/**
* Create data Objects but not save to database
* @access Public
* @param mixed $data Create data
* @param string $type status
* @return Mixed
*/
Public Function Create ($data = ', $type = ') {
If no value is passed by default for post data
if (empty ($data)) {
$data = $_post;
}elseif (Is_object ($data)) {
$data = Get_object_vars ($data);
}
Validating data
if (Empty ($data) | |!is_array ($DATA)) {
$this->error = L (' _data_type_invalid_ ');
return false;
}

Check field mappings
$data = $this->parsefieldsmap ($data, 0);

State
$type = $type? $type:(!empty ($data [$this->ge ... Remaining full text >>

Thinkphp automatically verifies that the error message appears: What does _token_error_ mean?

thinkphp The new version has built-in form token verification function, which can effectively prevent the form from remote submission and other security protection.

Form token validation related configuration parameters are: ' token_on ' =>true,//whether to turn on token validation ' token_name ' = ' __hash__ ',//token-Validated form-hidden field name ' Token_type ' = > ' MD5 ',//token hash validation rule defaults to MD5 if the form token validation feature is turned on, the system automatically generates a hidden field with the Token_name name in the template file with the form, whose value is the hash string generated by the Token_type method. Automatic token validation that is used to implement the form. Automatically generated hidden fields before the form form end flag, if you want to control the location of the hidden field, you can manually add an identity to the form page and the system will automatically replace it when the template is output. If the token validation feature is not required for individual forms when you turn on form token validation, you can add {__notoken__} on the form page, and the system ignores token validation for the current form. If more than one form exists on the page, it is recommended to add identities and ensure that only one form requires token validation. Model classes automatically perform form token validation operations while creating data objects, and you need to manually invoke the model's Autochecktoken method for form token validation If you are not creating a data object using the Create method. If False is returned, the form token validation error is indicated. For example: $User = M ("User"); Instantiate the User object//Manually perform token validation if (! $User->autochecktoken ($_post)) {//token validation error
 

http://www.bkjia.com/PHPjc/868237.html www.bkjia.com true http://www.bkjia.com/PHPjc/868237.html techarticle thinkphp in the Create method and automatic token Validation example tutorial, thinkphpcreate This article shows the form of the thinkphp in the Create method and automatic token verification implementation method, specific steps such as ...

  • Contact Us

    The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

    If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

    A Free Trial That Lets You Build Big!

    Start building with 50+ products and up to 12 months usage for Elastic Compute Service

    • Sales Support

      1 on 1 presale consultation

    • After-Sales Support

      24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.