How to use Zend_Form_Element_Hash?

Question

How to use Zend_Form_Element_Hash?

Then I try to use Zend_Form_Element_Hash, it regenerates the hash of each request.

In my code:

 // form
 $this->addElement('hash', 'hihacker', array('salt' => 'thesal'));

Then I flush $ _SESSION. I see a new value that reloads every page.

Then I submit a form reporting the error "Token 28a5e0e2a50a3d4afaa654468fd29420" does not match the specified token "a64407cc11376dac1916d2101de90d29", each time a new pair of tokens

+3

zend-framework csrf

Valentin golev Oct 26 '09 at 10:36

source share

3 answers

tawfekov · Answer 1 · 2009-10-29T18:49:24+0000

$form = new Form();
$form->addElement('hash', 'hihacker',
    array('salt' => 'YOUR TOO MUCH SALTY TEXT !!@@'));
if ($this->_request->isPost() && $form->isValid($this->_request->getPost())) {
    // Valid ! you are safe do what ever you want .
} else if (count($form->getErrors('request_token')) > 0) {

    ///get him to the error controller 
    $this->_forward('csrf-forbidden', 'error');
    return;
}

its work is very good for me, but double check the session settings

" Zend_Session_Namespace ( , TTL ). " " , . formHidden . " ZF docs

twunde · Answer 2 · 2012-08-14T04:31:25+0000

Zend_Form_Element_Hash . , , , . /.

ajax - , ( )

$- > hash- > initCsrfToken();
$this- > view- > hash = $form- > hash- > getValue();

, ajax, .replaceWith().

, , -, - , Zend. ,

Steve · Answer 3 · 2010-03-02T07:28:56+0000

, - script... 1, .

FWIW , ZF. , = 2. ZF, .

How to use Zend_Form_Element_Hash?

More articles: