Home > Backend Development > PHP Tutorial > PHP prevents malicious refresh and fast refresh code

PHP prevents malicious refresh and fast refresh code

WBOY
Release: 2016-07-25 09:00:15
Original
1106 people have browsed it
How to prevent php from being maliciously refreshed by others? This article provides three reference methods for everyone. Friends in need can take a look.

First, let’s analyze the several options available.

1. Session record submit.php is the sending page. Set a session variable on this page and send it as a hidden field together with the form to the submitdeal.php page. On the server, compare the hidden variable posted with the session variable recorded on the server side, for example If they are the same, write to the database and clear the session, so that the user refreshes the page. If the two values ​​are not equal, an error will be prompted or the page will jump to the specified page. Advantages: No need for users to enter verification codes Disadvantages: The form is easily copied

2.Verification code The principle is the same as above, except that the session data is not submitted as a hidden field, but is filled in by the user. Most websites use it. There are text verification codes and picture verification codes. The picture verification code is more secure.

3.IP binding After submitting the data, first retrieve the client IP from the IP table. If it exists and has not expired, an error will be reported. Otherwise, it will be written to the database. Then the guest room IP will be retrieved and the IP will be written to the database.

4.cookie After the client submits, the processing program first searches whether the client has set a cookie. If so, it will not submit again. If not, it will write the data, and then write a cookie;

The following three sample codes all use the first session control method because it is not sure whether the user will disable cookies.

Method 1:

<?php         
session_start();         
$k=$_GET['k'];         
$t=$_GET['t'];         
$allowTime = 1800;//防刷新时间         
$ip = get_client_ip();         
$allowT = md5($ip.$k.$t);         
if(!isset($_SESSION[$allowT]))         
{         
    $refresh = true;         
    $_SESSION[$allowT] = time();         
}elseif(time() - $_SESSION[$allowT]>$allowTime){         
    $refresh = true;         
    $_SESSION[$allowT] = time();         
}else{         
    $refresh = false;         
} //by bbs.it-home.org        
?> 
Copy after login

Method 2:

<?php  
session_start();  
$allow_sep = "30000";  
if (isset($_SESSION["post_sep"]))  
{  
if (time() - $_SESSION["post_sep"] < $allow_sep)  
{  
exit("哥们,吃撑着了吧,别点这么快得类");  
}  
else  
{  
$_SESSION["post_sep"] = time();  
}  
}  
else  
{  
$_SESSION["post_sep"] = time();  
} //by bbs.it-home.org 
?>  
Copy after login

Method 3:

<?  
session_start();  
if(!emptyempty($_POST[name])){  
   $data = $_POST[name];  
   $tag = $_POST[tag];  
   if($_SESSION[status]==$tag){  
     echo $data;  
   }else{  
     echo "请不要刷新!";  
   }  
}  
$v = mt_rand(1,10000);  
?>  
<form method="post" name="magic" action="f5.php"><input type="hidden"  
name="tag" value="<?=$v?>"><input type=text name="name"><input type="submit" value="submit">  
</form>  
<?  
echo $v;  
$_SESSION[status] = $v;  
?> 
Copy after login


source:php.cn
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template