## æ·»å 令ç`Token`éªè¯
éªè¯è§åæ¯æ对表åç令çéªè¯ï¼é¦å
éè¦å¨ä½ ç表åéé¢å¢å ä¸é¢éèåï¼
```
<input type="hidden" name="__token__" value="{:token()}" />
```
ä¹å¯ä»¥ç´æ¥ä½¿ç¨
~~~
{:token_field()}
~~~
é»è®¤ç令çTokenå称æ¯`__token__`ï¼å¦æéè¦èªå®ä¹å称å令ççæè§åå¯ä»¥ä½¿ç¨
~~~
{:token_field('__hash__', 'md5')}
~~~
第äºä¸ªåæ°è¡¨ç¤ºtokenççæè§åï¼ä¹å¯ä»¥ä½¿ç¨éå
ã
å¦æä½ æ²¡æ使ç¨é»è®¤ç模æ¿å¼æï¼åéè¦èªå·±çæ表åéèå
~~~
namespace app\controller;
use think\Request;
use think\facade\View;
class Index
{
public function index(Request $request)
{
$token = $request->buildToken('__token__', 'sha1');
View::assign('token', $token);
return View::fetch();
}
}
~~~
ç¶åå¨æ¨¡æ¿è¡¨åä¸ä½¿ç¨ï¼
~~~
<input type="hidden" name="__token__" value="{$token}" />
~~~
## AJAXæ交
å¦ææ¯AJAXæ交ç表åï¼å¯ä»¥å°`token`设置å¨`meta`ä¸
```
<meta name="csrf-token" content="{:token()}">
```
æè
ç´æ¥ä½¿ç¨
```
{:token_meta()}
```
ç¶åå¨å
¨å±Ajaxä¸ä½¿ç¨è¿ç§æ¹å¼è®¾ç½®`X-CSRF-Token`请æ±å¤´å¹¶æ交ï¼
~~~
$.ajaxSetup({
headers: {
'X-CSRF-TOKEN': $('meta[name="csrf-token"]').attr('content')
}
});
~~~
## è·¯ç±éªè¯
ç¶åå¨è·¯ç±è§åå®ä¹ä¸ï¼ä½¿ç¨
~~~
Route::post('blog/save','blog/save')->token();
~~~
å¦æèªå®ä¹äº`token`å称ï¼éè¦æ¹æ
~~~
Route::post('blog/save','blog/save')->token('__hash__');
~~~
令çæ£æµå¦æä¸éè¿ï¼ä¼æåº`think\exception\ValidateException`å¼å¸¸ã
## æ§å¶å¨éªè¯
å¦æ没æ使ç¨è·¯ç±å®ä¹ï¼å¯ä»¥å¨æ§å¶å¨éé¢æå¨è¿è¡ä»¤çéªè¯
~~~
namespace app\controller;
use think\exception\ValidateException;
use think\Request;
class Index
{
public function index(Request $request)
{
$check = $request->checkToken('__token__');
if(false === $check) {
throw new ValidateException('invalid token');
}
// ...
}
}
~~~
æ交æ°æ®é»è®¤è·å`post`æ°æ®ï¼æ¯ææå®æ°æ®è¿è¡`Token`éªè¯ã
~~~
namespace app\controller;
use think\exception\ValidateException;
use think\Request;
class Index
{
public function index(Request $request)
{
$check = $request->checkToken('__token__', $request->param());
if(false === $check) {
throw new ValidateException('invalid token');
}
// ...
}
}
~~~
## 使ç¨éªè¯å¨éªè¯
å¨ä½ çéªè¯è§åä¸ï¼æ·»å `token`éªè¯è§åå³å¯ï¼ä¾å¦ï¼å¦æ使ç¨çæ¯éªè¯å¨çè¯ï¼å¯ä»¥æ¹ä¸ºï¼
~~~
protected $rule = [
'name' => 'require|max:25|token',
'email' => 'email',
];
~~~
å¦æä½ ç令çå称ä¸æ¯`__token__`ï¼å设æ¯`__hash__`)ï¼éªè¯å¨ä¸éè¦æ¹ä¸ºï¼
~~~
protected $rule = [
'name' => 'require|max:25|token:__hash__',
'email' => 'email',
];
~~~
- åºè¨
- åºç¡
- å®è£
- å¼åè§è
- ç®å½ç»æ
- é ç½®
- æ¶æ
- 请æ±æµç¨
- æ¶ææ»è§
- å ¥å£æ件
- å¤åºç¨æ¨¡å¼
- URL访é®
- 容å¨åä¾èµæ³¨å ¥
- æå¡
- é¨é¢
- ä¸é´ä»¶
- äºä»¶
- è·¯ç±
- è·¯ç±å®ä¹
- åéè§å
- è·¯ç±å°å
- è·¯ç±åæ°
- è·¯ç±ä¸é´ä»¶
- è·¯ç±åç»
- èµæºè·¯ç±
- 注解路ç±
- è·¯ç±ç»å®
- ååè·¯ç±
- MISSè·¯ç±
- è·¨å请æ±
- URLçæ
- æ§å¶å¨
- æ§å¶å¨å®ä¹
- åºç¡æ§å¶å¨
- 空æ§å¶å¨
- èµæºæ§å¶å¨
- æ§å¶å¨ä¸é´ä»¶
- 请æ±
- 请æ±å¯¹è±¡
- 请æ±ä¿¡æ¯
- è¾å ¥åé
- 请æ±ç±»å
- HTTP头信æ¯
- 伪éæ
- åæ°ç»å®
- 请æ±ç¼å
- ååº
- ååºè¾åº
- ååºåæ°
- éå®å
- æ件ä¸è½½
- æ°æ®åº
- è¿æ¥æ°æ®åº
- åå¸å¼æ°æ®åº
- æ¥è¯¢æé å¨
- æ¥è¯¢æ°æ®
- æ·»å æ°æ®
- æ´æ°æ°æ®
- å é¤æ°æ®
- æ¥è¯¢è¡¨è¾¾å¼
- é¾å¼æä½
- where
- table
- alias
- field
- strict
- limit
- page
- order
- group
- having
- join
- union
- distinct
- lock
- cache
- comment
- fetchSql
- force
- partition
- failException
- sequence
- replace
- extra
- duplicate
- procedure
- èåæ¥è¯¢
- å页æ¥è¯¢
- æ¶é´æ¥è¯¢
- é«çº§æ¥è¯¢
- è§å¾æ¥è¯¢
- JSONå段
- åæ¥è¯¢
- åçæ¥è¯¢
- æ¥è¯¢äºä»¶
- è·åå¨
- äºå¡æä½
- åå¨è¿ç¨
- æ°æ®é
- æ°æ®åºé©±å¨
- 模å
- å®ä¹
- 模åå段
- æ°å¢
- æ´æ°
- å é¤
- æ¥è¯¢
- æ¥è¯¢èå´
- JSONå段
- è·åå¨
- ä¿®æ¹å¨
- æç´¢å¨
- æ°æ®é
- èªå¨æ¶é´æ³
- åªè¯»å段
- 软å é¤
- ç±»å转æ¢
- 模åè¾åº
- 模åäºä»¶
- 模åå ³è
- ä¸å¯¹ä¸å ³è
- ä¸å¯¹å¤å ³è
- è¿ç¨ä¸å¯¹å¤
- è¿ç¨ä¸å¯¹ä¸
- å¤å¯¹å¤å ³è
- å¤æå ³è
- å ³èé¢è½½å ¥
- å ³èç»è®¡
- å ³èè¾åº
- è§å¾
- 模æ¿åé
- è§å¾è¿æ»¤
- 模æ¿æ¸²æ
- 模æ¿å¼æ
- è§å¾é©±å¨
- é误åæ¥å¿
- å¼å¸¸å¤ç
- æ¥å¿å¤ç
- è°è¯
- è°è¯æ¨¡å¼
- Traceè°è¯
- SQLè°è¯
- åéè°è¯
- è¿ç¨è°è¯
- éªè¯
- éªè¯å¨
- éªè¯è§å
- é误信æ¯
- éªè¯åºæ¯
- è·¯ç±éªè¯
- å ç½®è§å
- 表å令ç
- 注解éªè¯
- æ项
- ç¼å
- Session
- Cookie
- å¤è¯è¨
- ä¸ä¼
- å½ä»¤è¡
- å¯å¨å ç½®æå¡å¨
- æ¥ççæ¬
- èªå¨çæåºç¨ç®å½
- å建类åºæ件
- æ¸ é¤ç¼åæ件
- çææ°æ®è¡¨å段ç¼å
- çæè·¯ç±æ å°ç¼å
- è¾åºè·¯ç±å®ä¹
- èªå®ä¹æ令
- æ©å±åº
- æ°æ®åºè¿ç§»å·¥å ·
- Workerman
- thinkå©æå·¥å ·åº
- éªè¯ç
- Swoole
- éå½
- å©æå½æ°
- å级æ导
- æ´æ°æ¥å¿