php 防御 跨站点请求伪造

//跨站点请求伪造处理,判断是否有来源页,有就和当前域名判断是否匹配

        if(isset($_SERVER["HTTP_REFERER"]))
        {
            $SERVER_NAME = $_SERVER["SERVER_NAME"];
            $HTTP_REFERER = str_replace("http://","",$_SERVER["HTTP_REFERER"]);
            $domain = explode("/",$HTTP_REFERER);
            $source_host = $domain[0];
            if(strncmp($source_host, $SERVER_NAME, strlen($SERVER_NAME)))
            {
                $this->error("数据来源异常");
            }
        }

你可能感兴趣的:(php 防御 跨站点请求伪造)