Code summary to prevent malicious page refresh in php_PHP tutorial

The principle of preventing malicious page brushing is that

requires a verification string to be passed between pages,
randomly generates a string when generating the page,
is used as a required parameter in all passed in the connection. At the same time, save this string in the session.

After clicking the link or entering the form, it will be judged whether the verification code in the session is the same as the one submitted by the user. If it is the same, it will be processed. If it is not the same, it will be considered as a repeated refresh.
After the processing is completed, a verification code will be regenerated for the generation of a new page

Code

Copy code The code is as follows:

session_start();
$k=$_GET['k'];
$t=$_GET['t'] ;
$allowTime = 1800; // Anti-refresh time
$ip = get_client_ip();
$allowT = md5($ip.$k.$t);
if(!isset( $_SESSION[$allowT]))
{
$refresh = true;
$_SESSION[$allowT] = time();
}elseif(time() - $_SESSION[$allowT] >$allowTime){
$refresh = true;
$_SESSION[$allowT] = time();
}else{
$refresh = false;
}
? >

I have also encountered it when ie6 submits twice. It is roughly when using a picture instead of submit. There is a submit() on the picture, which will be submitted twice. If it is just a submit button I have never encountered a situation where I submitted twice.

Now let’s sort it out:
The method is basically the same as the previous ones
The received page is 2.php is divided into two parts, one part processes the submitted variables, and the other part displays the page
After processing the variables, use header( "location: ".$_SERVER[ 'PHP_SELF ']) to jump to the own page
This part needs to be judged. If there are no post variables, skip it. Of course, you can also jump to other pages.
There will be problems when jumping to other pages and returning. It is recommended to do it in a php file.
If the variables passed through the previous page do not meet the requirements, you can force the return

Copy the code The code is as follows:

<script> <br>history.go(-1); <br></script>

I just gave a general idea, maybe experts will not encounter it But not everyone is an expert on this kind of problem.
2.php process

Copy code The code is as follows:

if(isset($_POST) )
{Receive variable
if (variable does not meet the requirements)
<script> history.go(-1); </script>
else
Operation data
. ..
if (operation completed)
header( "location: ".$_SERVER[ 'PHP_SELF ']);
}

http://www.bkjia.com/PHPjc/326178.htmlwww.bkjia.comtruehttp: //www.bkjia.com/PHPjc/326178.htmlTechArticleThe principle of preventing malicious page brushing is to require a verification string to be passed between pages, which is randomly generated when the page is generated. A string, passed as a required parameter in all connections...