如何使用Zend框架的哈希表(标记)与AJAX [英] How to use Zend Framework Form Hash (token) with AJAX
问题描述
我已经包括Zend_Form_Element_Hash到表单multiplecheckbox形式。我有jQuery的集火过一个AJAX请求复选框被点击时,我通过令牌与此AJAX请求。第一个Ajax请求的伟大工程,但后来的失败。
I have included Zend_Form_Element_Hash into a form multiplecheckbox form. I have jQuery set to fire off an AJAX request when a checkbox is clicked, I pass the token with this AJAX request. The first AJAX request works great, but the subsequent ones fail.
我怀疑这可能是一旦令牌已经被验证它接着从会议(一跳= 1)删除。
I suspect it may be once the token has been validated it is then removed from the session (hop = 1).
什么是你的攻击计划与Zend框架哈希固定形式尚未使用AJAX来完成一些要求?
What would be your plan of attack for securing a form with Zend Framework Hash yet using AJAX to complete some of these requests?
推荐答案
我最终放弃使用Zend_Form_Element_Hash,只是手动创建一个道理,和Zend_Session注册,然后在提交签。
I finally abandoned using Zend_Form_Element_Hash and just created a token manually, registered it with Zend_Session and then checked it upon submission.
form.php的的
$myNamespace = new Zend_Session_Namespace('authtoken');
$myNamespace->setExpirationSeconds(900);
$myNamespace->authtoken = $hash = md5(uniqid(rand(),1));
$auth = new Zend_Form_Element_Hidden('authtoken');
$auth->setValue($hash)
->setRequired('true')
->removeDecorator('HtmlTag')
->removeDecorator('Label');
Controller.php这样的
$mysession = new Zend_Session_Namespace('authtoken');
$hash = $mysession->authtoken;
if($hash == $data['authtoken']){
print "success";
} else {
print "you fail";
}
这似乎工作,仍然让事情比较理智和安全。我还是宁愿使用哈希元素,但我似乎无法使其与AJAX工作。
This seems to work and still keeps things relatively sane and secure. I'd still rather use the Hash element, but I can't seem to make it work with AJAX.
谢谢大家。
这篇关于如何使用Zend框架的哈希表(标记)与AJAX的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!