zhphp framework(十六) Appcontroller

<?php
/**
* Created by JetBrains PhpStorm.
* User: 张华
* Date: 14-3-8
* Time: 下午12:21
* QQ: 746502560@qq.com
* To change this template use File | Settings | File Templates.
*/
defined('IN_ZHPHP')?NULL:die('attempts to hack the system');
class AppController extends controller   {
protected  function  checkform($formhash){
if($this->xssFromActivt()){
$hash=$this->createFormHash();
if($formhash == $hash){
return true;
}
return false;
}else{
return false;
}
}

protected   function  createFormHash($referer=''){
if($referer == ''){
$router=engine::load('router');
$module=$router->getModule();
$control=$router->getControl();
$action=$router->getAction();
$module=empty($module)?null:$module.'/';
$strrchr=strrchr($_SERVER['REQUEST_URI'],'.html');
if($strrchr === false){
$url=HTTP_URL.$module.$control.'/'.$action;
}else{
$url=HTTP_URL.$module.$control.'/'.$action.'.html';
}
}else{
$url=$referer;
}
$key=$key=config::readConfig('session','key_token').substr($_SERVER['REQUEST_TIME'],0,-7);
$hash=token::encrypt($url, $key);
return $hash;
}

protected function xssFromActivt(){
$referer = isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : NULL;
$host = $_SERVER['HTTP_HOST'];
if(substr($referer,7,strlen($host)) != $host){
return false;
}else{
return true;
}
}

}