PHP prevent malicious refresh and swipe ticket method, PHP refresh Brush ticket _php Tutorial

PHP to prevent malicious refresh and swipe the ticket method, PHP refresh Brush ticket

This article explains how PHP prevents malicious refreshes and swipe tickets. Share to everyone for your reference. The implementation method is as follows:

In general, malicious refresh is constantly to refresh the submission page, resulting in a large number of invalid data, below we summarize the PHP prevent malicious Refresh page Method summary.

The principle of preventing a malicious page from being brushed is:

Requires a validation string to be passed between pages,
Randomly generates a string when the page is generated,
As a must parameter is passed in all connections. This string is also stored in the session.
Point connection or form into the page, to determine whether the session verification code is the same as the user submitted, if the same, then the processing, not the same is considered a repeating refresh.
A verification code will be regenerated after processing is completed for the generation of the new page

The PHP implementation code is as follows:
Copy the Code code as follows: <?php
Session_Start ();
$k =$_get[' K '];
$t =$_get[' t '];
$allowTime = 1800;//anti-refresh Time
$ip = Get_client_ip ();
$allowT = MD5 ($ip. $k. $t);
if (!isset ($_session[$allowT]))
{
$refresh = true;
$_session[$allowT] = time ();
}elseif (Time ()-$_session[$allowT]> $allowTime) {
$refresh = true;
$_session[$allowT] = time ();
}else{
$refresh = false;
}
?>

IE6 submitted two times I have also encountered, is generally used in the picture instead of submit, the picture has a submit (), this will be submitted two times, if only submit button I did not encounter the submission two times the situation. Now tidy up:
The method is basically the same as the previous few.

The received page is 2.php divided into two parts, part of the processing of the variables submitted, part of the display page
The processing variable is completed with the header ("Location:". $_server[' php_self ') to jump to its own page
This section has to be judged if there are no post variables to skip. Of course, you can also jump to other pages.
Jumping to another page will have a problem when you return, it is recommended to do in a PHP file.

If the previous page passes through the variable does not meet the requirements can be forced to return

Only said a general idea, perhaps the master will not encounter such problems, but not everyone is a master.
Copy CodeThe code is as follows: if (Isset ($_post))
{
If (variable does not meet the requirements)

Else
Manipulating data
...
if (operation completed)
Header ("Location:". $_server[' php_self ');
}

can alsoUsing cookies
Copy CodeThe code is as follows: <?php
$c _file= "Counter.txt"; Assigning a file name to a variable
if (!file_exists ($c _file))//action if the file does not exist
{
$myfile =fopen ($c _file, "w"); Create a file
Fwrite ($myfile, "0"); Place "0"
Fclose ($myfile); Close File
}
$t _num=file ($c _file); Read the contents of a file into a variable
if ($_cookie["date"]!= "date (y years m D Day)")//determine if the COOKIE content is consistent with the current date
{
$t _num[0]++; Raw data self-increment 1
$myfile =fopen ($c _file, "w"); Write Open File
Fwrite ($myfile, $t _num[0]); Write new value
Fclose ($myfile); Close File
Re-write the current date to a cookie and set the cookie to be valid for 24 hours
Setcookie ("date", "Date (Y year m D Day)", Time () +60*60*24);
}
?>
Use session:
Main Page File index.php code:
Copy CodeThe code is as follows: <?php
Session_Start ();
?>



<title>Disable page Refresh via session</title>



<?php
Storing data using text
if ($_session[temp]== "") {
if ($fp =fopen ("Counter.txt", "R")) ==false) {
echo "Failed to open file!";
}else{$counter =fgets ($FP, 1024);//Read data in file
Fclose ($FP); Close a text file
$counter + +; Counter increased by 1
$FP =fopen ("Counter.txt", "w"); Open a text file in a written way

Fputs ($fp, $counter); Increase the new statistics by 1
Fclose ($FP); }//Close the text
Reading statistics from a text file
if ($fp =fopen ("Counter.txt", "R")) ==false) {
echo "Failed to open file!";
}else{
$counter =fgets ($FP, 1024);
Fclose ($FP);
echo "Digital counter:". $counter;
}//Output access count
$_session[temp]=1; After login, the value of $_session[temp] is not empty, assigning a value to $_session[temp] 1
}else{
echo "";
}
?>

Disable page Refresh via session

<?php if (($fp =fopen ("Counter.txt", "R") ==false) { echo "Failed to open file!"; }else{ $counter =fgets ($FP, 1024); Fclose ($FP); echo "Page access:". $counter; }//Output access count ?>

which
The Counter.txt file is the record login file for the same directory.
$counter =fgets ($FP, 1024); Method for reading numeric values in a file (can contain decimal values)

I hope this article is helpful to everyone's PHP programming.

http://www.bkjia.com/PHPjc/915432.html www.bkjia.com true http://www.bkjia.com/PHPjc/915432.html techarticle PHP to prevent malicious refresh and swipe the ticket method, PHP refresh Brush Ticket This example describes the PHP method to prevent malicious refresh and swipe tickets. Share to everyone for your reference. The concrete implementation method is as follows: ...

