Home  >  Article  >  Backend Development  >  How to prevent page refresh in php

How to prevent page refresh in php

墨辰丷
墨辰丷Original
2018-06-05 16:17:412772browse

This article mainly introduces how to prevent page refreshes repeatedly in PHP. Interested friends can refer to it. I hope it will be helpful to everyone.

How to prevent the page from being refreshed repeatedly can be easily achieved by using session in the PHP environment.

b.php code

<?php

//只能通过post方式访问 
if ($_SERVER[&#39;REQUEST_METHOD&#39;] == &#39;GET&#39;) 
{header(&#39;HTTP/1.1 404 Not Found&#39;); die(&#39;亲,页面不存在&#39;);} 
session_start(); 
$fs1=$_POST[&#39;a&#39;]; 
$fs2=$_POST[&#39;b&#39;]; 
//防刷新时间,单位为秒 
$allowTime = 30; 
//读取访客ip,以便于针对ip限制刷新 
/*获取真实ip开始*/ 
if ( ! function_exists(&#39;GetIP&#39;)) 
{ 
function GetIP() 
{ 
static $ip = NULL; 
if ($ip !== NULL) 
{ 
return $ip; 
} 
if (isset($_SERVER)) 
{ 
if (isset($_SERVER[&#39;HTTP_X_FORWARDED_FOR&#39;])) 
{ 
$arr = explode(&#39;,&#39;, $_SERVER[&#39;HTTP_X_FORWARDED_FOR&#39;]); 
/* 取X-Forwarded-For中第x个非unknown的有效IP字符? */ 
foreach ($arr as $xip) 
{ 
$xip = trim($xip); 
if ($xip != &#39;unknown&#39;) 
{ 
$ip = $xip; 
break; 
} 
} 
} 
elseif (isset($_SERVER[&#39;HTTP_CLIENT_IP&#39;])) 
{ 
$ip = $_SERVER[&#39;HTTP_CLIENT_IP&#39;]; 
} 
else 
{ 
if (isset($_SERVER[&#39;REMOTE_ADDR&#39;])) 
{ 
$ip = $_SERVER[&#39;REMOTE_ADDR&#39;]; 
} 
else 
{ 
$ip = &#39;0.0.0.0&#39;; 
} 
} 
} 
else 
{ 
if (getenv(&#39;HTTP_X_FORWARDED_FOR&#39;)) 
{ 
$ip = getenv(&#39;HTTP_X_FORWARDED_FOR&#39;); 
} 
elseif (getenv(&#39;HTTP_CLIENT_IP&#39;)) 
{ 
$ip = getenv(&#39;HTTP_CLIENT_IP&#39;); 
} 
else 
{ 
$ip = getenv(&#39;REMOTE_ADDR&#39;); 
} 
} 
preg_match("/[\d\.]{7,15}/", $ip, $onlineip); 
$ip = ! empty($onlineip[0]) ? $onlineip[0] : &#39;0.0.0.0&#39;; 
return $ip; 
} 
} 
/*获取真实ip结束*/ 
$reip = GetIP(); 
//相关参数md5加密 
$allowT = md5($reip.$fs1.$fs2); 
if(!isset($_SESSION[$allowT])){ 
$_SESSION[$allowT] = time(); 
} 
else if(time() - $_SESSION[$allowT]-->$allowTime){ 
$_SESSION[$allowT] = time(); 
} 
//如果刷新过快,则直接给出404header头以及提示 
else {header(&#39;HTTP/1.1 404 Not Found&#39;); die(&#39;来自&#39;.$ip.&#39;的亲,您刷新过快了&#39;);} 
?>

The code is very simple. It is nothing more than encrypting the ip and the data submitted to the page that needs to be refreshed through POST, then writing it into the session through md5 encryption, and then passing The stored session is used to determine the refresh interval to determine whether to allow refresh. It should be noted that the two parameters "$fs1=$_POST['a'];" and "$fs1=$_POST['a'];" refer to the parameters that other pages submit to the page that needs to be refreshed through the post method. The reason why these parameters are added in addition to IP is to distinguish different post results. (In fact, the so-called anti-refresh is to prevent a certain page from being submitted repeatedly.)

More specifically, for example, if the above code is placed at the beginning of the b.php page, we have the following on the a.html page Form:

Code:

<!DOCTYPE> 
<html> 
<head> 
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> 
<title>b.html</title> 
</head> 
<body> 
<form action="b.php" method="post" > 
<input type="hidden" id="a" name="a" value="a"/> 
<input type="hidden" id="b" name="b" value="b"/> 
<button name="" type="submit" >提交</button> 
</form> 
</body> 
</html>

You can see that the two parameters a and b submitted by this page are exactly the two parameters in b.php (actually it should be said the other way around, by Determined by the parameters of the submission page). In the previous PHP code, it has been determined that the page where the data is submitted can only be accessed through post, so directly entering the address will get a 404 header error page. The page can only be obtained through post. At the same time, when the post is refreshed, it will bring its own On the parameter address, this achieves the effect of preventing refresh of each IP on the same page.

In addition, we can add a referer to the page being posted to determine the source website to prevent cross-site submission. However, the referer can be forged, and firefox and ie8 often lose the referer inexplicably, so we will not add this for the time being. code.

Summary: The above is the entire content of this article, I hope it will be helpful to everyone's study.

Related recommendations:

PHP implements a method of forcing the specified callback type based on Callable

php method to solve and avoid repeated submission of form forms

PHP simple string filtering method example sharing

The above is the detailed content of How to prevent page refresh in php. For more information, please follow other related articles on the PHP Chinese website!

Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn