PHP code to prevent malicious page refreshes

session_start();
$k=$_GET['k'];
$t=$_GET['t'];
$allowTime = 1800;//anti-refresh time
 $ip = get_client_ip();
$allowT = md5($ip.$k.$t);
if(!isset($_SESSION[$allowT]))
{
$refresh = true;
$_SESSION[$ allowT] = time();
}elseif(time() - $_SESSION[$allowT]>$allowTime){
$refresh = true;
$_SESSION[$allowT] = time();
}else{
 $refresh = false;
}
?>

ie6 I have also encountered it when submitting twice. It is roughly when using a picture instead of submit. There is a submit() on the picture, which will submit twice. times, if it is just a submit button, I have never encountered a situation where it was submitted twice.

Let’s sort it out now: The method is basically the same as mentioned by the previous ones. The received page 2.php is divided into two parts, one part processes the submitted variables, and the other part displays the page After processing the variables, use header( "location: ".$_SERVER[ 'PHP_SELF ']) to jump to the own page. This part needs to be judged. If there is no post variable, skip it. Of course, you can also jump to other pages. There will be problems when jumping to other pages and returning. It is recommended to do it in a php file. If the variables passed through the previous page do not meet the requirements, you can force a return

<script></li>
<li>history.go(-1);</li>
<li></script>

General idea. 2.php process

if(isset($_POST))
{Receive variable
if(variable does not meet the requirements)
<script> history.go(-1); </script>
 else
Operation data
...
if (operation completed)
header( "location: ".$_SERVER[ 'PHP_SELF ']);
}