Home  >  Article  >  Backend Development  >  PHP code to prevent malicious page refreshes

PHP code to prevent malicious page refreshes

WBOY
WBOYOriginal
2016-07-25 09:03:371024browse
  1. session_start();
  2. $k=$_GET['k'];
  3. $t=$_GET['t'];
  4. $allowTime = 1800;//anti-refresh time
  5. $ip = get_client_ip();
  6. $allowT = md5($ip.$k.$t);
  7. if(!isset($_SESSION[$allowT]))
  8. {
  9. $refresh = true;
  10. $_SESSION[$ allowT] = time();
  11. }elseif(time() - $_SESSION[$allowT]>$allowTime){
  12. $refresh = true;
  13. $_SESSION[$allowT] = time();
  14. }else{
  15. $refresh = false;
  16. }
  17. ?>
Copy code

ie6 I have also encountered it when submitting twice. It is roughly when using a picture instead of submit. There is a submit() on the picture, which will submit twice. times, if it is just a submit button, I have never encountered a situation where it was submitted twice.

Let’s sort it out now: The method is basically the same as mentioned by the previous ones. The received page 2.php is divided into two parts, one part processes the submitted variables, and the other part displays the page After processing the variables, use header( "location: ".$_SERVER[ 'PHP_SELF ']) to jump to the own page. This part needs to be judged. If there is no post variable, skip it. Of course, you can also jump to other pages. There will be problems when jumping to other pages and returning. It is recommended to do it in a php file. If the variables passed through the previous page do not meet the requirements, you can force a return

  1. <script></li> <li>history.go(-1);</li> <li></script>
Copy the code

General idea. 2.php process

  1. if(isset($_POST))
  2. {Receive variable
  3. if(variable does not meet the requirements)
  4. <script> history.go(-1); </script>
  5. else
  6. Operation data
  7. ...
  8. if (operation completed)
  9. header( "location: ".$_SERVER[ 'PHP_SELF ']);
  10. }
Copy code


Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn