Home >Backend Development >PHP Tutorial >PHP prevents malicious refresh and ticket brushing implementation code_PHP tutorial
Malicious refresh means constantly refreshing the submission page, resulting in a large amount of invalid data. Let’s summarize the methods of preventing malicious page refresh in PHP. The principle of preventing malicious page brushing is
Requires a verification string to be passed between pages,
When generating the page, randomly generate a string,
Passed as a required parameter in all connections. At the same time, save this string in the session.
After clicking the link or entering the form, it will be judged whether the verification code in the session is the same as the one submitted by the user. If it is the same, it will be processed. If it is not the same, it will be considered as repeated refresh.
After the processing is completed, a verification code will be regenerated for the generation of a new page
The code is as follows | Copy code | ||||||||||||
$k=$_GET['k']; $t=$_GET['t']; $allowTime = 1800;//Anti-refresh time $ip = get_client_ip(); $allowT = md5($ip.$k.$t); if(!isset($_SESSION[$allowT])) { $refresh = true; $_SESSION[$allowT] = time();
$refresh = true; $_SESSION[$allowT] = time();
|
The code is as follows | Copy code |
if(isset($_POST)) { if (variable does not meet the requirements) <script> history.go(-1); </script> else Operation data ... if (operation completed) header( "location: ".$_SERVER[ 'PHP_SELF ']); } |
The code is as follows | Copy code |
$c_file="counter.txt"; //Assign the file name to the variable if(!file_exists($c_file)) //Operation if the file does not exist { $myfile=fopen($c_file,"w"); //Create file fwrite($myfile,"0"); //Place "0" fclose($myfile); //Close the file } $t_num=file($c_file); //Read the file content into the variable if($_COOKIE["date"]!="date(Y year m month d day)") //Judge whether the COOKIE content is consistent with the current date { $t_num[0]++; //The original data increases by 1 $myfile=fopen($c_file,"w"); //Open the file in writing mode fwrite($myfile,$t_num[0]); //Write new value fclose($myfile); //Close the file //Re-write the current date into the COOKIE and set the validity period of the COOKIE to 24 hours setcookie("date","date(Y year m month d day)",time()+60*60*24); } ?> |
session
Main page file index.php code:
代码如下 | 复制代码 |
|