php method to prevent malicious refreshing and ticket brushing, php refresh ticket brushing
The example in this article describes how PHP prevents malicious refreshes and ticket fraud. Share it with everyone for your reference. The specific implementation method is as follows:
Generally speaking, malicious refreshing means constantly refreshing the submission page, resulting in a large amount of invalid data. Let's summarize the methods of preventing malicious page refreshing in PHP.
The principle of preventing malicious page brushing is:
Requires a verification string to be passed between pages,
When generating the page, randomly generate a string,
Passed as a required parameter in all connections. At the same time, save this string in the session.
After clicking the link or form to enter the page, it is judged whether the verification code in the session is the same as that submitted by the user. If it is the same, it will be processed. If it is not the same, it will be considered as repeated refresh.
After the processing is completed, a verification code will be regenerated for the generation of a new page
The PHP implementation code is as follows:
Copy code The code is as follows:
session_start();
$k=$_GET['k'];
$t=$_GET['t'];
$allowTime = 1800;//Anti-refresh time
$ip = get_client_ip();
$allowT = md5($ip.$k.$t);
if(!isset($_SESSION[$allowT]))
{
$refresh = true;
$_SESSION[$allowT] = time();
}elseif(time() - $_SESSION[$allowT]>$allowTime){
$refresh = true;
$_SESSION[$allowT] = time();
}else{
$refresh = false;
}
?>
I have also encountered submission twice in ie6. It is roughly when using a picture instead of submit. There is a submit() on the picture, which will submit twice. If it is just a submit button, I have not encountered the situation of submitting twice. Now to sort it out:
The method is basically the same as mentioned by the previous ones
The received page is 2.php is divided into two parts, one part processes the submitted variables, and the other part displays the page
After processing the variables, use header( "location: ".$_SERVER[ 'PHP_SELF ']) to jump to the own page
This part needs to be judged. If there is no post variable, skip it. Of course, you can also jump to other pages.
There will be problems when jumping to other pages and returning. It is recommended to do it in a php file.
If the variables passed through the previous page do not meet the requirements, you can force the return to <script> history.go(-1); </script>
I just talked about the general idea. Maybe experts will not encounter such problems, but not everyone is an expert.
Copy code The code is as follows:
if(isset($_POST))
{
if (variable does not meet the requirements)
<script> history.go(-1); </script>
else
//Operation data
...
if (operation completed)
header( "location: ".$_SERVER[ 'PHP_SELF ']);
}
You can also
use COOKIE
Copy code The code is as follows:
$c_file="counter.txt"; //Assign the file name to the variable
if(!file_exists($c_file)) //Operation if the file does not exist
{
$myfile=fopen($c_file,"w"); //Create file
fwrite($myfile,"0"); //Place "0"
fclose($myfile); //Close the file
}
$t_num=file($c_file); //Read the file content into the variable
if($_COOKIE["date"]!="date(Y year m month d day)") //Judge whether the COOKIE content is consistent with the current date
{
$t_num[0]++; //The original data increases by 1
$myfile=fopen($c_file,"w"); //Open the file in writing mode
fwrite($myfile,$t_num[0]); //Write new value
fclose($myfile); //Close the file
//Re-write the current date into the COOKIE and set the validity period of the COOKIE to 24 hours
setcookie("date","date(Y year m month d day)",time()+60*60*24);
}
?>
Use session:
Main page file index.php code:
Copy code The code is as follows:
session_start();
?>
Disable page refresh through session
//Use text to store data
If($_SESSION[temp]==""){
if(($fp=fopen("counter.txt","r"))==false){
echo "Failed to open file!";
}else{ $counter=fgets($fp,1024); //Read the data in the file
$fp=fopen("counter.txt","w"); //Open the text file in writing
fputs($fp,$counter); //Increase new statistics by 1
fclose($fp); }
//Read statistical data from text file
If(($fp=fopen("counter.txt","r"))==false){
echo "Failed to open file!";
}else{
$counter=fgets($fp,1024);
fclose($fp);
echo "Digital counter: " .$counter ;
} } //Output the number of visits
$_SESSION[temp]=1; //After logging in, the value of $_SESSION[temp] is not empty, assign a value of 1
to $_SESSION[temp]
}else{
echo "<script>alert('You cannot refresh this page!!'); history.back();</script>";
}
?>
Disable page refresh through session |
echo "Failed to open file!";
}else{
$counter=fgets($fp,1024);
fclose($fp);
with with with with with echo "Web page visits: " .$counter;
} } //Output the number of visits
?>
|
|
Among them:
The counter.txt file is a file recording login numbers in the same directory.
$counter=fgets($fp,1024); is a method for reading numerical values in files (can include decimal point values)
I hope this article will be helpful to everyone’s PHP programming design.
http://www.bkjia.com/PHPjc/915432.html
www.bkjia.comtruehttp: //www.bkjia.com/PHPjc/915432.htmlTechArticlephp method to prevent malicious refreshing and ticket brushing, php refresh ticket brushing This article tells the example of php method to prevent malicious refreshing and ticket brushing . Share it with everyone for your reference. The specific implementation method is as follows:...