Home >
Article > Backend Development > PHP prevents malicious refresh and ticket brushing implementation code_PHP tutorial
PHP prevents malicious refresh and ticket brushing implementation code_PHP tutorial
WBOYOriginal
2016-07-13 17:10:521828browse
Malicious refresh means constantly refreshing the submission page, resulting in a large amount of invalid data. Let’s summarize the methods of preventing malicious page refresh in PHP.
The principle of preventing malicious page brushing is
Requires a verification string to be passed between pages,
When generating the page, randomly generate a string,
Passed as a required parameter in all connections. At the same time, save this string in the session.
After clicking the link or entering the form, it will be judged whether the verification code in the session is the same as the one submitted by the user. If it is the same, it will be processed. If it is not the same, it will be considered as repeated refresh.
After the processing is completed, a verification code will be regenerated for the generation of a new page
}else{
$refresh = false;
}
?>
I have also encountered ie6 submitting twice. Generally speaking, when using a picture instead of submit, there is a submit() on the picture, which will submit twice. If it is just a submit button, I have not encountered the situation of submitting twice. Now to sort it out:
The method is basically the same as the previous ones
The received page 2.php is divided into two parts, one part processes the submitted variables, and the other part displays the page
After processing the variables, use header( "location: ".$_SERVER[ 'PHP_SELF ']) to jump to the own page
This part needs to be judged. If there is no post variable, skip it. Of course, you can also jump to other pages.
There will be problems when jumping to other pages and returning. It is recommended to do it in a php file.
If the variables passed through the previous page do not meet the requirements, you can force the return to <script> history.go(-1); </script>
I just talked about the general idea. Maybe masters will not encounter such problems, but not everyone is a master.
The code is as follows
Copy code
if(isset($_POST))
{
if (variable does not meet the requirements)
<script> history.go(-1); </script>
else
Operation data
...
if (operation completed)
header( "location: ".$_SERVER[ 'PHP_SELF ']);
}
You can also use COOKIE
The code is as follows
Copy code
$c_file="counter.txt"; //Assign the file name to the variable<🎜>
if(!file_exists($c_file)) //Operation if the file does not exist<🎜>
{<🎜>
$myfile=fopen($c_file,"w"); //Create file<🎜>
fwrite($myfile,"0"); //Place "0"<🎜>
fclose($myfile); //Close the file<🎜>
}<🎜>
$t_num=file($c_file); //Read the file content into the variable<🎜>
if($_COOKIE["date"]!="date(Y year m month d day)") //Judge whether the COOKIE content is consistent with the current date<🎜>
{<🎜>
$t_num[0]++; //The original data increases by 1<🎜>
$myfile=fopen($c_file,"w"); //Open the file in writing mode<🎜>
fwrite($myfile,$t_num[0]); //Write new value<🎜>
fclose($myfile); //Close the file<🎜>
//Re-write the current date into the COOKIE and set the validity period of the COOKIE to 24 hours<🎜>
setcookie("date","date(Y year m month d day)",time()+60*60*24);<🎜>
}<🎜>
?>
The counter.txt file is a file that records the number of logins in the same directory...
$counter=fgets($fp,1024); is a method for reading numerical values in files (can include decimal point values)...
http://www.bkjia.com/PHPjc/629624.htmlwww.bkjia.comtruehttp: //www.bkjia.com/PHPjc/629624.htmlTechArticleMalicious refresh means constantly refreshing the submission page, resulting in a large amount of invalid data. Let’s summarize PHP prevention Summary of malicious page refresh methods The principle of preventing malicious page refresh is...
Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn