Home > Article > Backend Development > Prevent direct access and prevent repeated submissions
Prevent direct access and prevent repeated submissions
- 巴扎黑Original
- 2016-12-01 09:45:04882browse
Prevent direct access to the PHP page
1. You can add COOKIE to A, and delete the COOKIE after using it after B determines the COOKIE
2. Use $_SERVER['HTTP_REFERER'] to get the address of the previous page linked to the current page
3.token Token
<?php
/*
* PHP简单利用token防止表单重复提交
* 此处理方法纯粹是为了给初学者参考
*/
session_start();
function set_token()
{
$_SESSION['token'] = md5(microtime(true));
}
function valid_token()
{
$return = $_REQUEST['token'] === $_SESSION['token'] ? true : false;
set_token();
return $return;
}
//如果token为空则生成一个token
if (!isset($_SESSION['token']) || $_SESSION['token'] == '') {
set_token();
}
if (isset($_POST['test'])) {
if (!valid_token()) {
echo "token error";
} else {
echo '成功提交,Value:' . $_POST['test'];
}
}
?>
<form method="post" action="">
<input type="hidden" name="token" value="<?php echo $_SESSION['token'] ?>">
<input type="text" name="test" value="Default">
<input type="submit" value="提交"/>
</form>ajax token prevents repeated submission
$.ajax({
type: "POST",
url: do_order_url,
data: {
'_csrf_token':_csrf_token, //token
'item_id':item_id,
},Business-based control
1) Verification based on refund order status in DB
2) Verification using database unique index mechanism
3) Cache-based counter Verification:
Since database operations consume performance, we learned that redis counters are also atomic operations. Use counters decisively. It can not only improve performance, but also eliminate the need for storage, and can increase the peak qps. Let's take the order refund as an example:
Every time a request comes in, a new counter with orderId as the key is created, and then +1. If >1 (cannot obtain lock): It means there is an operation in progress, delete it. If =1 (obtain lock): Can operate. End of operation (delete lock): delete this counter.
Front-end prevents repeated submissions, disabling buttons or links
Java code
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<title>测试</title>
</head>
<script language="javascript">
var t = null;
var flag = true;
function check(obj) {
if (flag) {
obj.disabled = flag;
flag = false;
t = setTimeout(function(){disable(obj)}, 5000); // 5秒间隔
window.open("http://www.baidu.com", "newWindow");
}
}
function disable(obj) {
obj.disabled = flag;
flag = true;
if (t != null)
clearTimeout(t);
}
</script>
<body>
<a href="#" onclick="check(this)">ceshi1</a>
</body>
</html>Button activation code after 9 seconds
<input class="button" type="submit" name="rulesubmit" value="同 意" style="height: 23px">
<input class="button" type="button" name="return" value="不同意" style="height: 23px" onclick="javascript:history.go(-1);">
</center>
</form>
<script type="text/javascript">
var secs = 9;
var wait = secs * 1000;
document.bbrules.rulesubmit.value = "同 意(" + secs + ")";
document.bbrules.rulesubmit.disabled = true;
for(i = 1; i <= secs; i++) {
window.setTimeout("update(" + i + ")", i * 1000);
}
window.setTimeout("timer()", wait);
function update(num, value) {
if(num == (wait/1000)) {
document.bbrules.rulesubmit.value = "同 意";
} else {
printnr = (wait / 1000) - num;
document.bbrules.rulesubmit.value = "同 意(" + printnr + ")";
}
}
function timer() {
document.bbrules.rulesubmit.disabled = false;
document.bbrules.rulesubmit.value = "同 意";
}
</script>Jquery one When using the one() method, each element can only run the event handler function once
$("p").one("click",function(){
});