PHP use the session to prevent page repeat refresh, phpsession prevent page _php tutorial

Source: Internet
Author: User

PHP uses the session to prevent pages from repeating the refresh, phpsession prevent page


How to prevent the page from repeating the refresh, in the PHP environment can use the session to easily implement.

B.php's Code

can only be accessed via post
if ($_server[' request_method '] = = ' GET ')
{header (' http/1.1 404 Not Found '); Die (' Pro, page not present ');}
Session_Start ();
$fs 1=$_post[' a '];
$fs 2=$_post[' B '];
Anti-refresh time in seconds
$allowTime = 30;
Read the guest IP so that it can be refreshed for IP throttling
/* Get real IP start */
if (! function_exists (' GetIP '))
{
function GetIP ()
{
static $IP = NULL;
if ($ip!== NULL)
{
return $IP;
}
if (Isset ($_server))
{
if (Isset ($_server[' http_x_forwarded_for '))
{
$arr = Explode (', ', $_server[' http_x_forwarded_for ');
/* Take a valid IP character of x-forwarded-for x non-unknown? */
foreach ($arr as $XIP)
{www.jbxue.com
$xip = Trim ($XIP);
if ($xip! = ' Unknown ')
{
$ip = $XIP;
Break
}
}
}
ElseIf (Isset ($_server[' http_client_ip '))
{
$ip = $_server[' http_client_ip ');
}
Else
{
if (Isset ($_server[' remote_addr '))
{
$ip = $_server[' remote_addr ');
}
Else
{
$ip = ' 0.0.0.0 ';
}
}
}
Else
{
if (getenv (' http_x_forwarded_for '))
{
$ip = getenv (' http_x_forwarded_for ');
}
ElseIf (getenv (' http_client_ip '))
{
$ip = getenv (' http_client_ip ');
}
Else
{
$ip = getenv (' remote_addr ');
}
}
Preg_match ("/[\d\.") {7,15}/", $ip, $ONLINEIP);
$IP =! Empty ($onlineip [0])? $ONLINEIP [0]: ' 0.0.0.0 ';
return $IP;
}
}
/* Get real IP End */
$reip = GetIP ();
Related parameters MD5 encryption
$allowT = MD5 ($REIP. $FS 1. $fs 2);
if (!isset ($_session[$allowT])) {
$_session[$allowT] = time ();
}
else if (time ()-$_session[$allowT]--> $allowTime) {
$_session[$allowT] = time ();
} www.jbxue.com
If the refresh is too fast, give the 404header header directly and prompt
else {header (' http/1.1 404 Not Found '), die (' from '. $ip. ' Pro, you refresh too fast ');}
?>

The code is simple, it is simply to put the IP, and through post to the need to prevent the refresh of the page data is MD5 encrypted after writing to the session, and then through the stored session to determine the refresh time interval to determine whether to allow the refresh. What needs to be stated is "$fs 1=$_post[' a '];", "$fs 1=$_post[' a '];" Two parameters refer to the other pages submitted by post to the parameters that require anti-refresh pages. The reason why these parameters are added in addition to IP is to differentiate between the different post results. (actually the so-called anti-refresh is to prevent a page from being repeatedly submitted.) )

More specifically, for example, the above code is placed at the beginning of the b.php page, we have a following form on the a.html page:
Code:





B.html




You can see that the A and B 2 parameters submitted by this page are exactly the 2 parameters in the previous b.php (which should in fact be determined by the parameters of the submission page). In the previous PHP code, it has been determined that only through post access to the submitted data page, so the direct input address will be a 404-header error page, only through the post to get the page, while the post refresh itself with the parameter address, This enables the protection of each IP on the same page from the refresh effect.

In addition, we can add to the post page through the Referer to determine the source of the site, to prevent cross-site submissions, but Referer can forge, and Firefox and IE8 often inexplicably referer lost situation, so temporarily do not add this code.

http://www.bkjia.com/PHPjc/1083561.html www.bkjia.com true http://www.bkjia.com/PHPjc/1083561.html techarticle PHP uses the session to prevent the page from repeating the refresh, phpsession prevent the page to prevent the page from repeating the refresh, in the PHP environment can use the session to easily implement. b.php code? PHP//Can only pass ...

  • Related Article

    Contact Us

    The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

    If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

    A Free Trial That Lets You Build Big!

    Start building with 50+ products and up to 12 months usage for Elastic Compute Service

    • Sales Support

      1 on 1 presale consultation

    • After-Sales Support

      24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.