生成CSRF令牌:(php7+)
session_start();
if (empty($_SESSION['token'])) {
$_SESSION['token'] = bin2hex(random_bytes(32));
}
$token = $_SESSION['token'];
验证CSRF令牌:
if (!empty($_POST['token'])) {
if (hash_equals($_SESSION['token'], $_POST['token'])) {
// 验证成功
//处理成功操作后销毁session
unset($_SESSION['token']);
} else {
// 验证失败
}
}