PHP prevents malicious refresh and ticket brushing implementation code_PHP tutorial

Malicious refresh means constantly refreshing the submission page, resulting in a large amount of invalid data. Let’s summarize the methods of preventing malicious page refresh in PHP. The principle of preventing malicious page brushing is

Requires a verification string to be passed between pages,
When generating the page, randomly generate a string,
Passed as a required parameter in all connections. At the same time, save this string in the session.

After clicking the link or entering the form, it will be judged whether the verification code in the session is the same as the one submitted by the user. If it is the same, it will be processed. If it is not the same, it will be considered as repeated refresh.
After the processing is completed, a verification code will be regenerated for the generation of a new page

The code is as follows

Copy code

代码如下	复制代码
session_start(); $k=$_GET['k']; $t=$_GET['t']; $allowTime = 1800;//防刷新时间 $ip = get_client_ip(); $allowT = md5($ip.$k.$t); if(!isset($_SESSION[$allowT])) { $refresh = true; $_SESSION[$allowT] = time(); }elseif(time() - $_SESSION[$allowT]>$allowTime){ $refresh = true; $_SESSION[$allowT] = time(); }else{ $refresh = false; } ?>

session_start();
$k=$_GET['k'];
$t=$_GET['t'];
$allowTime = 1800;//Anti-refresh time
$ip = get_client_ip();
$allowT = md5($ip.$k.$t);
if(!isset($_SESSION[$allowT]))
{
$refresh = true; $_SESSION[$allowT] = time();

代码如下	复制代码
if(isset($_POST)) {  if(变量不符合要求) <script> history.go(-1); </script> else 操作数据 ... if(操作完成) header( "location: ".$_SERVER[ 'PHP_SELF ']); }

}elseif(time() - $_SESSION[$allowT]>$allowTime){

$refresh = true;

$_SESSION[$allowT] = time();

代码如下

复制代码

$c_file="counter.txt"; //文件名赋值给变量 if(!file_exists($c_file)) //如果文件不存在的操作 { $myfile=fopen($c_file,"w"); //创建文件 fwrite($myfile,"0"); //置入“0” fclose($myfile); //关闭文件 } $t_num=file($c_file); //把文件内容读入变量 if($_COOKIE["date"]!="date(Y年m月d日)") //判断COOKIE内容与当前日期是否一致 { $t_num[0]++; //原始数据自增1 $myfile=fopen($c_file,"w"); //写入方式打开文件 fwrite($myfile,$t_num[0]); //写入新数值 fclose($myfile); //关闭文件 //重新将当前日期写入COOKIE并设定COOKIE的有效期为24小时 setcookie("date","date(Y年m月d日)",time()+60*60*24); } ?>

}else{ $refresh = false; } ?>

I have also encountered ie6 submitting twice. Generally speaking, when using a picture instead of submit, there is a submit() on the picture, which will submit twice. If it is just a submit button, I have not encountered the situation of submitting twice. Now to sort it out: The method is basically the same as the previous ones The received page 2.php is divided into two parts, one part processes the submitted variables, and the other part displays the page After processing the variables, use header( "location: ".$_SERVER[ 'PHP_SELF ']) to jump to the own page This part needs to be judged. If there is no post variable, skip it. Of course, you can also jump to other pages. There will be problems when jumping to other pages and returning. It is recommended to do it in a php file. If the variables passed through the previous page do not meet the requirements, you can force the return to <script> history.go(-1); </script> I just talked about the general idea. Maybe masters will not encounter such problems, but not everyone is a master.

The code is as follows	Copy code
if(isset($_POST)) { if (variable does not meet the requirements) <script> history.go(-1); </script> else Operation data ... if (operation completed) header( "location: ".$_SERVER[ 'PHP_SELF ']); }

You can also use COOKIE

The code is as follows

Copy code

$c_file="counter.txt"; //Assign the file name to the variable if(!file_exists($c_file)) //Operation if the file does not exist { $myfile=fopen($c_file,"w"); //Create file fwrite($myfile,"0"); //Place "0" fclose($myfile); //Close the file } $t_num=file($c_file); //Read the file content into the variable if($_COOKIE["date"]!="date(Y year m month d day)") //Judge whether the COOKIE content is consistent with the current date { $t_num[0]++; //The original data increases by 1 $myfile=fopen($c_file,"w"); //Open the file in writing mode fwrite($myfile,$t_num[0]); //Write new value fclose($myfile); //Close the file //Re-write the current date into the COOKIE and set the validity period of the COOKIE to 24 hours setcookie("date","date(Y year m month d day)",time()+60*60*24); } ?>

session

Main page file index.php code:

代码如下	复制代码