如何使用Zend框架的哈希表（标记）与AJAX [英] How to use Zend Framework Form Hash (token) with AJAX

问题描述

我已经包括Zend_Form_Element_Hash到表单multiplecheckbox形式。我有jQuery的集火过一个AJAX请求复选框被点击时，我通过令牌与此AJAX请求。第一个Ajax请求的伟大工程，但后来的失败。

I have included Zend_Form_Element_Hash into a form multiplecheckbox form. I have jQuery set to fire off an AJAX request when a checkbox is clicked, I pass the token with this AJAX request. The first AJAX request works great, but the subsequent ones fail.

我怀疑这可能是一旦令牌已经被验证它接着从会议（一跳= 1）删除。

I suspect it may be once the token has been validated it is then removed from the session (hop = 1).

什么是你的攻击计划与Zend框架哈希固定形式尚未使用AJAX来完成一些要求？

What would be your plan of attack for securing a form with Zend Framework Hash yet using AJAX to complete some of these requests?

推荐答案

我最终放弃使用Zend_Form_Element_Hash，只是手动创建一个道理，和Zend_Session注册，然后在提交签。

I finally abandoned using Zend_Form_Element_Hash and just created a token manually, registered it with Zend_Session and then checked it upon submission.

form.php的的

$myNamespace = new Zend_Session_Namespace('authtoken');
$myNamespace->setExpirationSeconds(900);
$myNamespace->authtoken = $hash = md5(uniqid(rand(),1));
$auth = new Zend_Form_Element_Hidden('authtoken');
$auth->setValue($hash)
     ->setRequired('true')
     ->removeDecorator('HtmlTag')
     ->removeDecorator('Label');    

Controller.php这样的

$mysession = new Zend_Session_Namespace('authtoken');
$hash = $mysession->authtoken;
if($hash == $data['authtoken']){
    print "success";
} else {
    print "you fail";
}

这似乎工作，仍然让事情比较理智和安全。我还是宁愿使用哈希元素，但我似乎无法使其与AJAX工作。

This seems to work and still keeps things relatively sane and secure. I'd still rather use the Hash element, but I can't seem to make it work with AJAX.

谢谢大家。

这篇关于如何使用Zend框架的哈希表（标记）与AJAX的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！