php - 表单提交后的令牌会话为空
问题描述
如果用户请求 (GET) 联系站点,我会设置会话令牌。表单提交后,我将令牌与表单中的令牌进行比较,但我设置的令牌为空。这是我的代码:
<?php
session_start();
function debug_to_console($data)
{
$output = $data;
if (is_array($output)) {
$output = implode(',', $output);
}
echo "<script>console.log( 'Debug Objects: " . $output . "' );</script>";
}
//response generation function
$response = "";
function valid_spam_prevention($rob_email, $rob_website, $rob_phone)
{
debug_to_console($_POST['token']);
debug_to_console($_SESSION['royce']); // always empty
/* Please check me what is wrong with me
if ($_SESSION['token'] !== $_POST['token']) {
debug_to_console("Token false");
return false;
}
*/
if (empty($rob_email) && empty($rob_website) && empty($rob_phone)) {
return true;
}
return false;
}
//user posted variables
$name = $_POST['message_name'];
$email = $_POST['message_email'];
$message = $_POST['message_text'];
// rob posted variables
$rob_email = $_POST['email'];
$rob_website = $_POST['website'];
$rob_phone = $_POST['phone'];
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
if (valid_spam_prevention($rob_email, $rob_website, $rob_phone)) {
unset($_SESSION['royce']);
// validate email and send etc
} elseif ($_POST['submitted']) {
// missing content error
}
} else {
// user request site with GET
$token = bin2hex(random_bytes(32));
$_SESSION['royce'] = $token;
}
?>
表格代码:
<form action="/contact" method="post">
<input type="hidden" name="token" value="<?php echo (isset($_SESSION['token'])) ? $_SESSION['token'] : ''?>">
<div>
<label for="message_name">Name</label>
<input id="message_name" name="message_name" type="text" value="<?php echo esc_attr($_POST['message_name']); ?>">
</div>
<div>
<label for="message_email">Mail</label>
<input id="message_email" name="message_email" type="email" value="<?php echo esc_attr($_POST['message_email']); ?>">
</div>
<div>
<textarea id="message_text" name="message_text"><?php echo esc_textarea($_POST['message_text']); ?></textarea>
</div>
<input id="email" name="email" type="email" autocomplete="false">
<input id="website" name="website" type="text" autocomplete="false">
<input id="phone" name="phone" type="text" autocomplete="false">
<button type="submit">Send</button>
</form>
对此有什么建议我做错了什么?
PHP版本:7.0.30
解决方案
推荐阅读
- javascript - PixiJS 更新循环和增量
- java - 无法使用反射获取包的类
- php - 用于社交媒体抓取的 php .htaccess 重定向页面
- matplotlib - 如何在一个条形图中添加多条条/线?
- react-native - 在 React Native 中解码令牌
- spring - createIndex=true 不会在 Elasticsearch 中创建索引映射
- javascript - Mongo 将多个文档聚合为一个
- azure-data-explorer - Kusto:如何将表值转换为标量并从用户定义的函数返回
- angular - ERROR ReferenceError: M is not defined //Materialize//
- debugging - nexti gdb 和 _GetStdHandle@4 完成程序