Zend Framework Tips: Form ticket

This makes sure that the submitted form is from the same server.

class New_Form extends Zend_Form
{
public function init() {
$ticket = $this->_ticket();
$sessionZendForm = new Zend_Session_Namespace('Zend_Form');
$sessionZendForm->ticket = $ticket;
$ticketElement = new Zend_Form_Element_Hidden('Form_Session_Ticket');
$ticketElement->setValue($ticket);
$this->addElement($ticketElement);
}
public function isValid($data) {
$ticketElement = $this->getElement('Form_Session_Ticket');
if ($ticketElement != NULL) {
$sessionZendForm = new Zend_Session_Namespace('Zend_Form');
if ($sessionZendForm->ticket != $ticketElement->getValue()) {
throw new Zend_Form_Exception("Submitted form is not from this server.");
}
}
return parent::isValid($data);
}
protected function _ticket() {
return md5(uniqid(rand(), true));
}
}

 
class New_Form extends Zend_Form
{
    public function init() {
        $ticket = $this->_ticket();
        $sessionZendForm = new Zend_Session_Namespace('Zend_Form');
        $sessionZendForm->ticket = $ticket;
        $ticketElement = new Zend_Form_Element_Hidden('Form_Session_Ticket');
        $ticketElement->setValue($ticket);
        $this->addElement($ticketElement);
    }

    public function isValid($data) {
        $ticketElement = $this->getElement('Form_Session_Ticket');
        if ($ticketElement != NULL) {
            $sessionZendForm = new Zend_Session_Namespace('Zend_Form');
            if ($sessionZendForm->ticket != $ticketElement->getValue()) {
                throw new Zend_Form_Exception("Submitted form is not from this server.");
            }
        }
        return parent::isValid($data);
    }

    protected function _ticket() {
        return md5(uniqid(rand(), true));
    }
}

Zend Framework Tips

Thursday, February 26, 2009

Form ticket

No comments:

Blog Archive

About Me