How to prevent repeated page refreshes can be easily achieved using sessions in the PHP environment.
Code of b.php
<?php //只能通过post方式访问 if ($_SERVER['REQUEST_METHOD'] == 'GET') {header('HTTP/1.1 404 Not Found'); die('亲,页面不存在');} session_start(); $fs1=$_POST['a']; $fs2=$_POST['b']; //防刷新时间,单位为秒 $allowTime = 30; //读取访客ip,以便于针对ip限制刷新 /*获取真实ip开始*/ if ( ! function_exists('GetIP')) { function GetIP() { static $ip = NULL; if ($ip !== NULL) { return $ip; } if (isset($_SERVER)) { if (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) { $arr = explode(',', $_SERVER['HTTP_X_FORWARDED_FOR']); /* 取X-Forwarded-For中第x个非unknown的有效IP字符? */ foreach ($arr as $xip) { $xip = trim($xip); if ($xip != 'unknown') { $ip = $xip; break; } } } elseif (isset($_SERVER['HTTP_CLIENT_IP'])) { $ip = $_SERVER['HTTP_CLIENT_IP']; } else { if (isset($_SERVER['REMOTE_ADDR'])) { $ip = $_SERVER['REMOTE_ADDR']; } else { $ip = '0.0.0.0'; } } } else { if (getenv('HTTP_X_FORWARDED_FOR')) { $ip = getenv('HTTP_X_FORWARDED_FOR'); } elseif (getenv('HTTP_CLIENT_IP')) { $ip = getenv('HTTP_CLIENT_IP'); } else { $ip = getenv('REMOTE_ADDR'); } } preg_match("/[\d\.]{7,15}/", $ip, $onlineip); $ip = ! empty($onlineip[0]) ? $onlineip[0] : '0.0.0.0'; return $ip; } } /*获取真实ip结束*/ $reip = GetIP(); //相关参数md5加密 $allowT = md5($reip.$fs1.$fs2); if(!isset($_SESSION[$allowT])){ $_SESSION[$allowT] = time(); } else if(time() - $_SESSION[$allowT]-->$allowTime){ $_SESSION[$allowT] = time(); } //如果刷新过快,则直接给出404header头以及提示 else {header('HTTP/1.1 404 Not Found'); die('来自'.$ip.'的亲,您刷新过快了');} ?>
The code is very simple. It is nothing more than encrypting the IP and the data submitted to the page that needs to be refreshed through POST and writing it into the session after md5 encryption. Then the refresh time interval is judged through the stored session to decide whether to allow refresh. It should be noted that the two parameters "$fs1=$_POST['a'];" and "$fs1=$_POST['a'];" refer to the parameters that other pages submit to the page that needs to be refreshed through the post method. The reason why these parameters are added in addition to IP is to distinguish different post results. (In fact, the so-called anti-refresh is to prevent a certain page from being submitted repeatedly.)
To be more specific, for example, if the above code is placed at the beginning of the b.php page, we have the following form on the a.html page:
Code:
<!DOCTYPE> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>b.html</title> </head> <body> <form action="b.php" method="post" > <input type="hidden" id="a" name="a" value="a"/> <input type="hidden" id="b" name="b" value="b"/> <button name="" type="submit" >提交</button> </form> </body> </html>
You can see that the two parameters a and b submitted by this page are exactly the two parameters in b.php (actually it should be the other way around, determined by the parameters of the submitted page). In the previous PHP code, it has been determined that the page where the data is submitted can only be accessed through post, so directly entering the address will get a 404 header error page. The page can only be obtained through post. At the same time, when the post is refreshed, it will bring its own On the parameter address, this achieves the effect of preventing refresh of each IP on the same page.
In addition, we can add a referer to the page being posted to determine the source website to prevent cross-site submission. However, the referer can be forged, and firefox and IE8 often lose the referer inexplicably, so we will not add this code for the time being.