class.core.php中
$this->var['formhash'] = formhash();
define('FORMHASH', $this->var['formhash']);
hash值生成方法
function formhash() {
return substr(md5(substr($this->time, 0, -4).UC_KEY), 16);
}
在表单中使用
<input type="hidden" name="formhash" value="<?php echo FORMHASH;?>" />function submitcheck($var, $allowget = 0, $seccodecheck = 0, $secqaacheck = 0) {
if(!getgpc($var)) {
return FALSE;
} else {
global $_G;
if(!empty($_G['gp_mobiledata'])) {
require_once libfile('class/mobiledata');
$mobiledata = new mobiledata();
if($mobiledata->validator()) {
return TRUE;
}
}
if($allowget || ($_SERVER['REQUEST_METHOD'] == 'POST' && !empty($_G['gp_formhash']) && $_G['gp_formhash'] == formhash() && empty($_SERVER['HTTP_X_FLASH_VERSION']) && (empty($_SERVER['HTTP_REFERER']) ||
preg_replace("/https?://([^:/]+).*/i", "\1", $_SERVER['HTTP_REFERER']) == preg_replace("/([^:]+).*/", "\1", $_SERVER['HTTP_HOST'])))) {
if(checkperm('seccode')) {
if($secqaacheck && !check_secqaa($_G['gp_secanswer'], $_G['gp_sechash'])) {
showmessage('submit_secqaa_invalid');
}
if($seccodecheck && !check_seccode($_G['gp_seccodeverify'], $_G['gp_sechash'])) {
showmessage('submit_seccode_invalid');
}
}
return TRUE;
} else {
showmessage('submit_invalid');
}
}
}
表单提交验证