我有一个 Joomla 组件,我正在尝试为其添加一些功能。我发现如果我直接通过http://mysite.com/index.php?option=com_mycom&view=unsubscribe表单提交调用组件就可以了。
但是,如果我在文章中包含组件{component url='index.php?option=com_mycom&view=unsubscribe'}以使页面简单地成为http://mysite.com/unsubscribe令牌似乎没有正确存储,我将收到有关“无效或过期令牌”的错误消息,其中包含空白$stored_token值或值从上次通过长而直接的 URL 加载页面的时间开始。
我该如何纠正这种行为?
$confirm = JRequest::getVar('unsubscribe_confirm', NULL);
$sess = JFactory::getSession();
if( is_null($confirm) ) {
// generate random token to prevent accident/malicious use
$token = md5(rand().time().$sub_info['id_joomla_user']);
$sess->set('unsubscribe_token', $token, 'mycom_unsubscribe');
$frm = <<<_E_
<form action="%sindex.php?option=com_mycom&view=unsubscribe" method="POST">
<input type="hidden" name="unsubscribe_token" value="%s" />
<input type="submit" name="unsubscribe_confirm" value="Yes, please cancel my subscription." />
</form>
_E_;
$output = sprintf(JURI::root(), $token);
} else {
$token_stored = $sess->get('unsubscribe_token', NULL, 'mycom_unsubscribe');
$token_passed = JRequest::getVar('unsubscribe_token', NULL);
// make sure tokens have been set, and that they match
if( (is_null($token_stored) || is_null($token_passed)) || ($token_stored !== $token_passed) ) {
JFactory::getApplication()->redirect(
'profile',
'Cannot process unsubscribe request: expired or invalid session token.' .
' S:' . $token_stored . ' P:' . $token_passed,
'error'
);
} else {
// valid unsubscribe request has been given, unset token to prevent multiple requests.
$sess->clear('unsubscribe_token', 'mycom_unsubscribe');
// more code normally happens here...
}
}