Home > Article > Backend Development > How to prevent malicious refresh visits in php
The principle of preventing malicious page brushing (number of visits) is:
Requires a verification string to be passed between pages, and a string is randomly generated when the page is generated. , passed as a required parameter in all connections, and this string is saved in the session.
After clicking the link or entering the form, it is judged whether the verification code in the session is the same as that submitted by the user. If it is the same, it will be processed. If it is not the same, it will be considered as repeated refresh.
After the processing is completed, a verification code will be regenerated for the generation of a new page.
Recommended related learning video tutorials: php video tutorial
The PHP implementation code is as follows:
<?php
session_start();
$k=$_GET['k'];
$t=$_GET['t'];
$allowTime = 1800;//防刷新时间
$ip = get_client_ip();
$allowT = md5($ip.$k.$t);
if(!isset($_SESSION[$allowT]))
{
$refresh = true;
$_SESSION[$allowT] = time();
}elseif(time() - $_SESSION[$allowT]>$allowTime){
$refresh = true;
$_SESSION[$allowT] = time();
}else{
$refresh = false;
}
?>Recommended related article tutorials: php tutorial
The above is the detailed content of How to prevent malicious refresh visits in php. For more information, please follow other related articles on the PHP Chinese website!