Home > Backend Development > PHP Tutorial > PHP uses session to prevent repeated page refreshes, _PHP tutorial

PHP uses session to prevent repeated page refreshes, _PHP tutorial

WBOY
Release: 2016-07-12 09:02:42
Original
801 people have browsed it

PHP uses sessions to prevent repeated page refreshes.

How to prevent repeated page refreshes can be easily achieved using sessions in the PHP environment.

Code of b.php

<&#63;php

//只能通过post方式访问 
if ($_SERVER['REQUEST_METHOD'] == 'GET') 
{header('HTTP/1.1 404 Not Found'); die('亲,页面不存在');} 
session_start(); 
$fs1=$_POST['a']; 
$fs2=$_POST['b']; 
//防刷新时间,单位为秒 
$allowTime = 30; 
//读取访客ip,以便于针对ip限制刷新 
/*获取真实ip开始*/ 
if ( ! function_exists('GetIP')) 
{ 
function GetIP() 
{ 
static $ip = NULL; 
if ($ip !== NULL) 
{ 
return $ip; 
} 
if (isset($_SERVER)) 
{ 
if (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) 
{ 
$arr = explode(',', $_SERVER['HTTP_X_FORWARDED_FOR']); 
/* 取X-Forwarded-For中第x个非unknown的有效IP字符&#63; */ 
foreach ($arr as $xip) 
{ 
$xip = trim($xip); 
if ($xip != 'unknown') 
{ 
$ip = $xip; 
break; 
} 
} 
} 
elseif (isset($_SERVER['HTTP_CLIENT_IP'])) 
{ 
$ip = $_SERVER['HTTP_CLIENT_IP']; 
} 
else 
{ 
if (isset($_SERVER['REMOTE_ADDR'])) 
{ 
$ip = $_SERVER['REMOTE_ADDR']; 
} 
else 
{ 
$ip = '0.0.0.0'; 
} 
} 
} 
else 
{ 
if (getenv('HTTP_X_FORWARDED_FOR')) 
{ 
$ip = getenv('HTTP_X_FORWARDED_FOR'); 
} 
elseif (getenv('HTTP_CLIENT_IP')) 
{ 
$ip = getenv('HTTP_CLIENT_IP'); 
} 
else 
{ 
$ip = getenv('REMOTE_ADDR'); 
} 
} 
preg_match("/[\d\.]{7,15}/", $ip, $onlineip); 
$ip = ! empty($onlineip[0]) &#63; $onlineip[0] : '0.0.0.0'; 
return $ip; 
} 
} 
/*获取真实ip结束*/ 
$reip = GetIP(); 
//相关参数md5加密 
$allowT = md5($reip.$fs1.$fs2); 
if(!isset($_SESSION[$allowT])){ 
$_SESSION[$allowT] = time(); 
} 
else if(time() - $_SESSION[$allowT]-->$allowTime){ 
$_SESSION[$allowT] = time(); 
} 
//如果刷新过快,则直接给出404header头以及提示 
else {header('HTTP/1.1 404 Not Found'); die('来自'.$ip.'的亲,您刷新过快了');} 
&#63;>

Copy after login

The code is very simple. It is nothing more than encrypting the IP and the data submitted to the page that needs to be refreshed through POST and writing it into the session after md5 encryption. Then the refresh time interval is judged through the stored session to decide whether to allow refresh. It should be noted that the two parameters "$fs1=$_POST['a'];" and "$fs1=$_POST['a'];" refer to the parameters that other pages submit to the page that needs to be refreshed through the post method. The reason why these parameters are added in addition to IP is to distinguish different post results. (In fact, the so-called anti-refresh is to prevent a certain page from being submitted repeatedly.)

To be more specific, for example, if the above code is placed at the beginning of the b.php page, we have the following form on the a.html page:

Code:

<!DOCTYPE> 
<html> 
<head> 
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> 
<title>b.html</title> 
</head> 
<body> 
<form action="b.php" method="post" > 
<input type="hidden" id="a" name="a" value="a"/> 
<input type="hidden" id="b" name="b" value="b"/> 
<button name="" type="submit" >提交</button> 
</form> 
</body> 
</html>

Copy after login

You can see that the two parameters a and b submitted by this page are exactly the two parameters in b.php (actually it should be the other way around, determined by the parameters of the submitted page). In the previous PHP code, it has been determined that the page where the data is submitted can only be accessed through post, so directly entering the address will get a 404 header error page. The page can only be obtained through post. At the same time, when the post is refreshed, it will bring its own On the parameter address, this achieves the effect of preventing refresh of each IP on the same page.

In addition, we can add a referer to the page being posted to determine the source website to prevent cross-site submission. However, the referer can be forged, and firefox and IE8 often lose the referer inexplicably, so we will not add this code for the time being.

Articles you may be interested in:

  • Let PHP COOKIE take effect immediately and use it without refreshing
  • Summary of the code in php to prevent malicious page refreshes
  • PHP methods to prevent malicious refreshes and ticket fraud
  • A summary of PHP methods to prevent the website from being refreshed
  • Refresh the PHP buffer to speed up your site
  • PHP prevents refreshing of repeatedly submitted pages Sample code
  • php to prevent CC attack code php to prevent frequent page refreshes

www.bkjia.comtruehttp: //www.bkjia.com/PHPjc/1084553.htmlTechArticlephp uses session to prevent the page from being refreshed repeatedly. How to prevent the page from being refreshed repeatedly? In the php environment, you can use session to easily accomplish. The code of b.php php//can only be accessed through post...
Related labels:
php
source:php.cn
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template