class New_Form extends Zend_Form
{
public function init() {
$ticket = $this->_ticket();
$sessionZendForm = new Zend_Session_Namespace('Zend_Form');
$sessionZendForm->ticket = $ticket;
$ticketElement = new Zend_Form_Element_Hidden('Form_Session_Ticket');
$ticketElement->setValue($ticket);
$this->addElement($ticketElement);
}
public function isValid($data) {
$ticketElement = $this->getElement('Form_Session_Ticket');
if ($ticketElement != NULL) {
$sessionZendForm = new Zend_Session_Namespace('Zend_Form');
if ($sessionZendForm->ticket != $ticketElement->getValue()) {
throw new Zend_Form_Exception("Submitted form is not from this server.");
}
}
return parent::isValid($data);
}
protected function _ticket() {
return md5(uniqid(rand(), true));
}
}
Thursday, February 26, 2009
Form ticket
This makes sure that the submitted form is from the same server.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment