Php method to prevent malicious page refresh

Php method to prevent malicious page refresh

In general, malicious refresh is constantly to refresh the submission page, resulting in a large number of invalid data, below we summarize the PHP prevent malicious Refresh page Method summary.

the principle of preventing a malicious page from being brushed is:

Requires a validation string to be passed between pages,

Randomly generates a string when the page is generated,

As a must parameter is passed in all connections. This string is also stored in the session.

Point connection or form into the page, to determine whether the session verification code is the same as the user submitted, if the same, then the processing, not the same is considered a repeating refresh.

A verification code will be regenerated after processing is completed for the generation of the new page
The PHP implementation code is as follows:

<?php session_start (); $k =$_get[' K ']; $t =$_get[' t ']; $allowTime = 1800;//anti-refresh Time $ip = Get_client_ip (); $allowT = MD5 ($ip. $k. $t); if (!isset ($_session[$allowT])) {$refresh = true; $_session[$allowT] = time ();} ElseIf (Time ()-$_session[$allowT]> $allowTime) {$refresh = true; $_session[$allowT] = time ();} else{$refresh = false;}?>

IE6 submitted two times I have also encountered, is generally used in the picture instead of submit, the picture has a submit (), this will be submitted two times, if only submit button I did not encounter the submission two times the situation. Now tidy up:

The method is basically the same as the previous few.
The received page is 2.php divided into two parts, part of the processing of the variables submitted, part of the display page

The processing variable is completed with the header ("Location:". $_server[' php_self ') to jump to its own page

This section has to be judged if there are no post variables to skip. Of course, you can also jump to other pages.

Jumping to another page will have a problem when you return, it is recommended to do in a PHP file.
If the previous page through the variable does not meet the requirements can be forced to return <script> History.go (-1); </script>

Only said a general idea, perhaps the master will not encounter such problems, but not everyone is a master.

if (Isset ($_post)) {  if (variable does not meet requirements) <script> History.go ( -1); </script> else/Operation data ... if (Operation complete) header (" Location: ". $_server[' php_self ');} <script language= "JavaScript" > <!--javascript:window.history.forward (1); -</script>

can also Using cookies

<?php$c_file= "Counter.txt"; The file name is assigned to the variable if (!file_exists ($c _file))//If the file does not exist operation {$myfile =fopen ($c _file, "w");//Create File Fwrite ($myfile, "0");//place "0" Fclose ($myfile); Close file} $t _num=file ($c _file); Read the contents of the file into the variable if ($_cookie["date"]!= "date (y years m D Day)")//Determine whether the COOKIE content is consistent with the current date {$t _num[0]++;//RAW Data auto-increment 1$myfile=fopen ($c _ File, "W"); Write Open File fwrite ($myfile, $t _num[0]); Writes a new numeric fclose ($myfile); Close File//re-write the current date to a cookie and set the cookie to be valid for 24 hours setcookie ("date", "Date (Y year m D Day)", Time () +60*60*24);}? >

Use session:

Main Page File index.php code:

<?phpsession_start ();? >

which

The Counter.txt file is the record login file for the same directory.

$counter =fgets ($FP, 1024); Method for reading numeric values in a file (can contain decimal values)
I hope this article is helpful to everyone's PHP programming.

Reference Source:
How PHP prevents malicious refreshes and swipe tickets
Http://www.lai18.com/content/369326.html
Extended Reading
"PHP Security Programming series" series of technical Articles to organize the collection
PHP Security Programming Series Collection of knowledge about PHP security programming, to provide learning reference for PHP security programming
1PHP website Common Security loopholes, and corresponding preventive measures summary
Summary of 2PHP development security issues
3php Summary of ways to prevent web sites from being refreshed
4php method to prevent malicious refresh and swipe tickets
5PHP Safe Use Register Globals
6PHP Secure user-submitted data
7PHP Security Magic Quotes-what are magic quotes and how to use them
8PHP Security hidden PHP script extension
9PHP security file system security--null character issues
10PHP Security Error Report
11PHP Secure Database Security-design, connect, and encrypt
Safety--sql injection and preventive measures of 12PHP security database
13PHP security file system security and preventive measures
14PHP security attacks and workarounds that may be encountered when installing in Apache mode
15PHP security attacks and workarounds that may be encountered when installing in CGI mode
Introduction and general principles of 16PHP safety
17php Filter Paging parameter instance for preventing SQL injection
18php ways to prevent remote submission of forms outside the station
19php method of preventing forgery of data from address bar URL submission
20PHP summary of several common ways to prevent forms from repeating submissions
21php prevent forgery of data from URL submission method
22PHP Simple example of preventing post repeating data submission
23PHP security prevents your source code or important configuration information from being exposed
24php Preventing SQL Injection sample analysis and several common attack regular expressions
25php Preventing SQL Injection Code instances
26php prevent SQL injection from being detailed and protected
27PHP prevent cross-domain submission of forms
The incompatible of 28php safety
29 parsing PHP prevents form from repeating the submission method
30 What XSS attacks? PHP prevents XSS attack function
31php prevent vulnerability policy, create high-performance web
32php security directly with $ get value without $_get character escapes
33PHP secure Programming: Shared host source code security
34PHP Secure Programming: Better session data security
35PHP Secure Programming: Session Data injection
36PHP Secure Programming: Host file directory browsing
37PHP safe Programming: PHP Safe Mode
38PHP Secure Programming: Prevent file names from being manipulated
39PHP Secure Programming: file contains code injection attacks
40PHP Security Programming: File directory guessing vulnerability
41PHP secure Programming: Risk of opening remote files
42PHP Secure Programming: Shell command injection
43PHP Security Programming: Brute Force attack
44PHP Security Programming: Password sniffing and replay attacks
45PHP Secure Programming: Remember security practices for login status
46PHP Security Programming: The Defense of Session hijacking
47PHP safe Programming: Protection from source code exposure
48PHP secure Programming: Pay attention to the backdoor URL
49PHP Secure Programming: Session fixed to get legal session
50PHP Safe Programming: Cookie exposure causes session hijacking
51PHP secure Programming: Preventing SQL injection
52PHP secure programming: attacking from URL semantics
53PHP Security Programming: File Upload attack defense
54PHP Security Programming: The Defense of cross-site scripting attacks
55PHP Secure Programming: cross-site request forgery CSRF defense
56PHP secure programming: About forms Spoofing Submissions
57PHP safe Programming: forms and data security
58PHP Secure Programming: Do not expose database access rights
59PHP Secure Programming: HTTP request spoofing
60PHP safe Programming: Escaping the output
61PHP Safe Programming: Filter User input
62PHP Secure Programming: Some principles of website security design
63PHP safe programming: Do not let unrelated people see the error message
64PHP Security Programming: Register_globals Security
65PHP Security Programming: availability and Data tracking
66php ways to prevent XSS attacks
PHP 67discuz prevents SQL injection functions
 
Copyright NOTICE: This article for Bo Master original article, without Bo Master permission not reproduced.
 
Php method to prevent malicious page refresh