UCHome进行表单提交时做了有效性检查,保证所有的提交都来源于本站。
1. 表单实现
UCHome的所有表单都有一个隐藏的栏位formhash,用来保存由本地服务器产生一个Hash值。formhash的值由函数formhash()产生。
<form method="post" action="admincp.php?ac=ip">
......
<div class="footactions">
<input type="submit" name="thevaluesubmit" value="提交" class="submit">
</div>
<input type="hidden" name="formhash" value="<!--{eval echo formhash();}-->" />
</form>
2. 提交检查
表单里面的formhash栏位在提交时被传送到服务器,服务器检查此次提交是否是一个有效的提交:
if(submitcheck('thevaluesubmit')) {
......
}
3. formhash()函数
function formhash() {
global $_SGLOBAL, $_SCONFIG;
if(empty($_SGLOBAL['formhash'])) {
$hashadd = defined('IN_ADMINCP') ? 'Only For UCenter Home AdminCP' : '';
$_SGLOBAL['formhash'] = substr(md5(substr($_SGLOBAL['timestamp'], 0, -7).'|'.$_SGLOBAL['supe_uid'].'|'.md5($_SCONFIG['sitekey']).'|'.$hashadd), 8, 8);
}
return $_SGLOBAL['formhash'];
}
4. submitcheck()函数
function submitcheck($var) {
if(!empty($_POST[$var]) && $_SERVER['REQUEST_METHOD'] == 'POST') {
if((empty($_SERVER['HTTP_REFERER']) || preg_replace("/https?:\/\/([^\:\/]+).*/i", "\\1", $_SERVER['HTTP_REFERER']) == preg_replace("/([^\:]+).*/", "\\1", $_SERVER['HTTP_HOST'])) && $_POST['formhash'] == formhash()) {
return true;
} else {
showmessage('submit_invalid');
}
} else {
return false;
}
}