token = $this->options->secret; if ($this->user->hasLogin()) { $this->token .= '&' . $this->user->authCode . '&' . $this->user->uid; } } /** * @param bool $enabled */ public function enable(bool $enabled = true) { $this->enabled = $enabled; } /** * 保护提交数据 */ public function protect() { if ($this->enabled && $this->request->get('_') != $this->getToken($this->request->getReferer())) { $this->response->goBack(); } } /** * 获取token * * @param string|null $suffix 后缀 * @return string */ public function getToken(?string $suffix): string { return md5($this->token . '&' . $suffix); } /** * 获取绝对路由路径 * * @param string|null $path * @return string */ public function getRootUrl(?string $path): string { return Common::url($this->getTokenUrl($path), $this->options->rootUrl); } /** * 生成带token的路径 * * @param $path * @param string|null $url * @return string */ public function getTokenUrl($path, ?string $url = null): string { $parts = parse_url($path); $params = []; if (!empty($parts['query'])) { parse_str($parts['query'], $params); } $params['_'] = $this->getToken($url ?: $this->request->getRequestUrl()); $parts['query'] = http_build_query($params); return Common::buildUrl($parts); } /** * 输出后台安全路径 * * @param $path */ public function adminUrl($path) { echo $this->getAdminUrl($path); } /** * 获取安全的后台路径 * * @param string $path * @return string */ public function getAdminUrl(string $path): string { return Common::url($this->getTokenUrl($path), $this->options->adminUrl); } /** * 输出安全的路由路径 * * @param $path */ public function index($path) { echo $this->getIndex($path); } /** * 获取安全的路由路径 * * @param $path * @return string */ public function getIndex($path): string { return Common::url($this->getTokenUrl($path), $this->options->index); } }