定制 http header

YComputer · YComputer · commit e80cc02b0ccd · 2018-12-19T09:20:28.000+08:00
diff --git a/application/controllers/Login.php b/application/controllers/Login.php
@@ -55,12 +55,12 @@ public function Login() {
                 );
                 // set cookie + set session
                 $this->input->set_cookie($cookie);
-                if ($_SESSION['nonces']==$post['nonces']) {
+                if ($_SESSION['nonces']==$post['nonces'] && $this->input->get_request_header('login-custom-header', TRUE)=='login-csrf') {
                     // VALID TOKEN PROVIDED - PROCEED WITH PROCESS
                     $response = array('status'=>'2','msg'=>'success','data'=>$user['data']);
                     echo json_encode($response);
                   } else {
-                    $response = array('status'=>'0','msg'=>'failed','data'=>'nonces error');
+                    $response = array('status'=>'0','msg'=>'failed','data'=>'nonces error or login-custom-header error');
                     echo json_encode($response);
                   }
             }else {
diff --git a/application/views/login.php b/application/views/login.php
@@ -47,6 +47,7 @@
                     type: "post",
                     data: values,
                     url: "./Login/Login",
+                    headers: { 'login-custom-header': 'login-csrf' },
                     dataType: 'json',
                     success: function(data) {
                         if(data.status == 2){
