表单令牌

验证规则支持对表单的令牌进行验证,首先需要在表单中增加一个隐藏域:

  1. <input type="hidden" name="__token__" value="<?php echo $request->token(); ?>">

然后在验证规则中,添加 token 验证规则即可,例如:

  1. namespace app\index\validate;
  3. use ginkgo\Validate;
  5. class User extends Validate {
  7.     protected $rule = array(
  8.         'email' => array(
  9.             'format'  => 'email',
  10.         ),
  11.         '__token__' => array(
  12.             'require' => true,
  13.             'token'   => true,
  14.         ),
  15.     );
  17. }

如果令牌名称不是 __token__,则表单需要改为:

  1. <input type="hidden" name="__hash__" value="<?php echo $request->token(); ?>">

验证器中改为:

  1. namespace app\index\validate;
  3. use ginkgo\Validate;
  5. class User extends Validate {
  7.     protected $rule = array(
  8.         'email' => array(
  9.             'format'  => 'email',
  10.         ),
  11.         '__hash__' => array(
  12.             'require' => true,
  13.             'token'   => true,
  14.         ),
  15.     );
  17. }

如果需要自定义令牌生成规则,可以调用 Request 类的 token 方法,例如:

  1. namespace app\index\ctrl;
  3. use ginkgo\Ctrl;
  5. class Index extends Ctrl {
  7.     public function index() {
  8.         $token = $this->obj_request->token('__token__', 'sha1');
  9.         $this->assign('token', $token);
  10.         return $this->fetch();
  11.     }
  13. }

然后在模板表单中使用:

  1. <input type="hidden" name="__token__" value="<?php echo $token; ?>">