Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I have added following code to my login form
$csrf = $this->createElement('hash', 'csrf', array('salt' => 'unique'));
And in controller action i have
if (!$admin_login_form->isValid($_POST)) {
//Throw Error
}else{
// Redirect to index
}
Now Question is that does Zend handle hash code checking automatically or do we have to code something manually to verify it?
The answer is no. You don’t have to do anything to check wether the hash is valid or not.
When you create a
Zend_Form_Element_Hashelement, it automatically adds a validator (usingZend_Validate_Identical) to your form and register your hash into a new namespace session.Afterwards, once you call
isValid()method, if the CSRF stored in the session when the page was rendered is not the same than the one sent in the last request, the Identical validator will fail and return an error.Edit:
Additionally, you can add a salt to your element and a hash will be generate according to the following encryption:
md5(mt_rand(1,1000000) . $this->getSalt() . $this->getName() . mt_rand(1,1000000).To answer your second question in your comment, two elements won’t cause any session conflicts since the namespace used to store the hash is define by three criteria:
For example, your element would probably be stored under this namespace: “Zend_Form_Element_Hash_unique_ hash” where “unique” is the salt value and hash you element name.