Prevent direct access and prevent repeated submissions-PHP Tutorial-php.cn

Home

Backend Development

PHP Tutorial

Prevent direct access and prevent repeated submissions

巴扎黑

Dec 01, 2016 am 09:45 AM

Prevent direct access to the PHP page
1. You can add COOKIE to A, and delete the COOKIE after using it after B determines the COOKIE
2. Use $_SERVER['HTTP_REFERER'] to get the address of the previous page linked to the current page
3.token Token

<?php
/*
* PHP简单利用token防止表单重复提交
* 此处理方法纯粹是为了给初学者参考
*/
session_start();
function set_token()
{
    $_SESSION[&#39;token&#39;] = md5(microtime(true));
}
function valid_token()
{
    $return = $_REQUEST[&#39;token&#39;] === $_SESSION[&#39;token&#39;] ? true : false;
    set_token();
    return $return;
}
//如果token为空则生成一个token
if (!isset($_SESSION[&#39;token&#39;]) || $_SESSION[&#39;token&#39;] == &#39;&#39;) {
    set_token();
}
if (isset($_POST[&#39;test&#39;])) {
    if (!valid_token()) {
        echo "token error";
    } else {
        echo &#39;成功提交，Value:&#39; . $_POST[&#39;test&#39;];
    }
}
?>
<form method="post" action="">
    <input type="hidden" name="token" value="<?php echo $_SESSION[&#39;token&#39;] ?>">
    <input type="text" name="test" value="Default">
    <input type="submit" value="提交"/>
</form>

ajax token prevents repeated submission

$.ajax({
    type: "POST",
    url: do_order_url,
    data: {
        &#39;_csrf_token&#39;:_csrf_token, //token
        &#39;item_id&#39;:item_id,
    },

Business-based control

1) Verification based on refund order status in DB

2) Verification using database unique index mechanism

3) Cache-based counter Verification:

Since database operations consume performance, we learned that redis counters are also atomic operations. Use counters decisively. It can not only improve performance, but also eliminate the need for storage, and can increase the peak qps. Let's take the order refund as an example:
Every time a request comes in, a new counter with orderId as the key is created, and then +1. If >1 (cannot obtain lock): It means there is an operation in progress, delete it. If =1 (obtain lock): Can operate. End of operation (delete lock): delete this counter.

Front-end prevents repeated submissions, disabling buttons or links

Java code

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">  
<html>  
<head>  
<title>测试</title>  
</head>  
<script language="javascript">  
var t = null;  
var flag = true;  
function check(obj) {  
    if (flag) {  
        obj.disabled = flag;  
        flag = false;  
        t = setTimeout(function(){disable(obj)}, 5000); // 5秒间隔  
        window.open("http://www.baidu.com", "newWindow");  
    }  
}  
  
function disable(obj) {  
    obj.disabled = flag;  
    flag = true;  
    if (t != null)  
    clearTimeout(t);  
}  
</script>  
<body>  
<a href="#" onclick="check(this)">ceshi1</a>  
</body>  
</html>

Button activation code after 9 seconds

<input class="button" type="submit" name="rulesubmit" value="同 意" style="height: 23px">  
<input class="button" type="button" name="return" value="不同意" style="height: 23px" onclick="javascript:history.go(-1);">  
</center>  
</form>  
  
<script type="text/javascript">  
var secs = 9;  
var wait = secs * 1000;  
document.bbrules.rulesubmit.value = "同 意(" + secs + ")";  
document.bbrules.rulesubmit.disabled = true;  
for(i = 1; i <= secs; i++) {  
        window.setTimeout("update(" + i + ")", i * 1000);  
}  
window.setTimeout("timer()", wait);  
function update(num, value) {  
        if(num == (wait/1000)) {  
                document.bbrules.rulesubmit.value = "同 意";  
        } else {  
                printnr = (wait / 1000) - num;  
                document.bbrules.rulesubmit.value = "同 意(" + printnr + ")";  
        }  
}  
function timer() {  
        document.bbrules.rulesubmit.disabled = false;  
        document.bbrules.rulesubmit.value = "同 意";  
}  
</script>

Jquery one When using the one() method, each element can only run the event handler function once

$("p").one("click",function(){    
});

Statement

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

Optimize PHP Code: Reducing Memory Usage & Execution TimeMay 10, 2025 am 12:04 AM

TooptimizePHPcodeforreducedmemoryusageandexecutiontime,followthesesteps:1)Usereferencesinsteadofcopyinglargedatastructurestoreducememoryconsumption.2)LeveragePHP'sbuilt-infunctionslikearray_mapforfasterexecution.3)Implementcachingmechanisms,suchasAPC

PHP Email: Step-by-Step Sending GuideMay 09, 2025 am 12:14 AM

PHPisusedforsendingemailsduetoitsintegrationwithservermailservicesandexternalSMTPproviders,automatingnotificationsandmarketingcampaigns.1)SetupyourPHPenvironmentwithawebserverandPHP,ensuringthemailfunctionisenabled.2)UseabasicscriptwithPHP'smailfunct

How to Send Email via PHP: Examples & CodeMay 09, 2025 am 12:13 AM

The best way to send emails is to use the PHPMailer library. 1) Using the mail() function is simple but unreliable, which may cause emails to enter spam or cannot be delivered. 2) PHPMailer provides better control and reliability, and supports HTML mail, attachments and SMTP authentication. 3) Make sure SMTP settings are configured correctly and encryption (such as STARTTLS or SSL/TLS) is used to enhance security. 4) For large amounts of emails, consider using a mail queue system to optimize performance.

Advanced PHP Email: Custom Headers & FeaturesMay 09, 2025 am 12:13 AM

CustomheadersandadvancedfeaturesinPHPemailenhancefunctionalityandreliability.1)Customheadersaddmetadatafortrackingandcategorization.2)HTMLemailsallowformattingandinteractivity.3)AttachmentscanbesentusinglibrarieslikePHPMailer.4)SMTPauthenticationimpr

Guide to Sending Emails with PHP & SMTPMay 09, 2025 am 12:06 AM

Sending mail using PHP and SMTP can be achieved through the PHPMailer library. 1) Install and configure PHPMailer, 2) Set SMTP server details, 3) Define the email content, 4) Send emails and handle errors. Use this method to ensure the reliability and security of emails.

What is the best way to send an email using PHP?May 08, 2025 am 12:21 AM

ThebestapproachforsendingemailsinPHPisusingthePHPMailerlibraryduetoitsreliability,featurerichness,andeaseofuse.PHPMailersupportsSMTP,providesdetailederrorhandling,allowssendingHTMLandplaintextemails,supportsattachments,andenhancessecurity.Foroptimalu

Best Practices for Dependency Injection in PHPMay 08, 2025 am 12:21 AM

The reason for using Dependency Injection (DI) is that it promotes loose coupling, testability, and maintainability of the code. 1) Use constructor to inject dependencies, 2) Avoid using service locators, 3) Use dependency injection containers to manage dependencies, 4) Improve testability through injecting dependencies, 5) Avoid over-injection dependencies, 6) Consider the impact of DI on performance.

PHP performance tuning tips and tricksMay 08, 2025 am 12:20 AM

PHPperformancetuningiscrucialbecauseitenhancesspeedandefficiency,whicharevitalforwebapplications.1)CachingwithAPCureducesdatabaseloadandimprovesresponsetimes.2)Optimizingdatabasequeriesbyselectingnecessarycolumnsandusingindexingspeedsupdataretrieval.

See all articles