PHP uses session to prevent repeated page refresh_PHP tutorial

B.php code

//Can only be accessed through post
if ($_SERVER['REQUEST_METHOD'] == 'GET')
{header('HTTP/1.1 404 Not Found'); die('Dear, The page does not exist');}
session_start();
$fs1=$_POST['a'];
$fs2=$_POST['b'];
//anti-refresh time , the unit is seconds
$allowTime = 30;
//Read the visitor ip to facilitate refreshing against ip restrictions
/*Get the real ip to start*/
if ( ! function_exists('GetIP' ))
{
function GetIP()
{
static $ip = NULL;
if ($ip !== NULL)
{
return $ip;
}
if (isset($_SERVER))
{
if (isset($_SERVER['HTTP_X_FORWARDED_FOR']))
{
$arr = explode(',', $_SERVER['HTTP_X_FORWARDED_FOR']);
/* Get the xth non-unknown valid IP character in X-Forwarded-For? */
foreach ($arr as $xip)
{ www. jbxue.com
$xip = trim($xip);
if ($xip != 'unknown')
{
$ip = $xip;
break;
}
}
}
elseif (isset($_SERVER['HTTP_CLIENT_IP']))
{
$ip = $_SERVER['HTTP_CLIENT_IP'];
}
else
{
if (isset($_SERVER['REMOTE_ADDR']))
{
$ip = $_SERVER['REMOTE_ADDR'];
}
else
{
$ip = '0.0.0.0';
}
}
}
else
{
if (getenv('HTTP_X_FORWARDED_FOR'))
{
$ip = getenv('HTTP_X_FORWARDED_FOR');
}
elseif (getenv('HTTP_CLIENT_IP'))
{
$ip = getenv('HTTP_CLIENT_IP');
}
else
{
$ip = getenv('REMOTE_ADDR');
}
}
preg_match("/[d.]{7,15}/", $ip, $ onlineip);
$ip = ! empty($onlineip[0]) ? $onlineip[0] : '0.0.0.0';
return $ip;
}
}
/ *End of getting real IP*/
$reip = GetIP();
//Relevant parameters md5 encryption
$allowT = md5($reip.$fs1.$fs2);
if(! isset($_SESSION[$allowT])){
$_SESSION[$allowT] = time();
}
else if(time() - $_SESSION[$allowT]-->$ allowTime){
$_SESSION[$allowT] = time();
} www.jbxue.com
//If the refresh is too fast, the 404 header and prompt will be given directly
else {header ('HTTP/1.1 404 Not Found'); die('Dear from '.$ip.', you refreshed too fast');}
?>

The code is very simple. It is nothing more than encrypting the IP and the data submitted to the page that needs to be refreshed through POST and writing it into the session after md5 encryption. Then, the refresh time interval is judged through the stored session to decide whether to allow refresh. It should be noted that the two parameters "$fs1=$_POST['a'];" and "$fs1=$_POST['a'];" refer to the parameters that other pages submit to the page that needs to be refreshed through the post method. The reason why these parameters are added in addition to IP is to distinguish different post results. (In fact, the so-called anti-refresh is to prevent a certain page from being submitted repeatedly.)

More specifically, for example, if the above code is placed at the beginning of the b.php page, we have the following form on the a.html page:
Code:

Submit

You can see that the two parameters a and b submitted by this page are exactly the two parameters in b.php (actually it should be the other way around, determined by the parameters of the submitted page). In the previous PHP code, it has been determined that the page where the data is submitted can only be accessed through post, so directly entering the address will get a 404 header error page. The page can only be obtained through post. At the same time, when the post is refreshed, it will bring its own On the parameter address, this achieves the effect of preventing refresh of each IP on the same page.

In addition, we can add a referer to the page being posted to determine the source website to prevent cross-site submission. However, the referer can be forged, and firefox and IE8 often lose the referer inexplicably, so we will not add this code for the time being.

http://www.bkjia.com/PHPjc/684115.htmlwww.bkjia.comtruehttp: //www.bkjia.com/PHPjc/684115.htmlTechArticleb.php code // can only be accessed through post if ($_SERVER['REQUEST_METHOD'] == 'GET') {header('HTTP/1.1 404 Not Found'); die('Dear, the page does not exist');} session_start(); $fs1=$_POST[...