PHP use the session to prevent page repeat refresh, phpsession prevent page _php tutorial

PHP uses the session to prevent pages from repeating the refresh, phpsession prevent page

How to prevent the page from repeating the refresh, in the PHP environment can use the session to easily implement.

B.php's Code

can only be accessed via post
if ($_server[' request_method '] = = ' GET ')
{header (' http/1.1 404 Not Found '); Die (' Pro, page not present ');}
Session_Start ();
$fs 1=$_post[' a '];
$fs 2=$_post[' B '];
Anti-refresh time in seconds
$allowTime = 30;
Read the guest IP so that it can be refreshed for IP throttling
/* Get real IP start */
if (! function_exists (' GetIP '))
{
function GetIP ()
{
static $IP = NULL;
if ($ip!== NULL)
{
return $IP;
}
if (Isset ($_server))
{
if (Isset ($_server[' http_x_forwarded_for '))
{
$arr = Explode (', ', $_server[' http_x_forwarded_for ');
/* Take a valid IP character of x-forwarded-for x non-unknown? */
foreach ($arr as $XIP)
{www.jbxue.com
$xip = Trim ($XIP);
if ($xip! = ' Unknown ')
{
$ip = $XIP;
Break
}
}
}
ElseIf (Isset ($_server[' http_client_ip '))
{
$ip = $_server[' http_client_ip ');
}
Else
{
if (Isset ($_server[' remote_addr '))
{
$ip = $_server[' remote_addr ');
}
Else
{
$ip = ' 0.0.0.0 ';
}
}
}
Else
{
if (getenv (' http_x_forwarded_for '))
{
$ip = getenv (' http_x_forwarded_for ');
}
ElseIf (getenv (' http_client_ip '))
{
$ip = getenv (' http_client_ip ');
}
Else
{
$ip = getenv (' remote_addr ');
}
}
Preg_match ("/[\d\.") {7,15}/", $ip, $ONLINEIP);
$IP =! Empty ($onlineip [0])? $ONLINEIP [0]: ' 0.0.0.0 ';
return $IP;
}
}
/* Get real IP End */
$reip = GetIP ();
Related parameters MD5 encryption
$allowT = MD5 ($REIP. $FS 1. $fs 2);
if (!isset ($_session[$allowT])) {
$_session[$allowT] = time ();
}
else if (time ()-$_session[$allowT]--> $allowTime) {
$_session[$allowT] = time ();
} www.jbxue.com
If the refresh is too fast, give the 404header header directly and prompt
else {header (' http/1.1 404 Not Found '), die (' from '. $ip. ' Pro, you refresh too fast ');}
?>

The code is simple, it is simply to put the IP, and through post to the need to prevent the refresh of the page data is MD5 encrypted after writing to the session, and then through the stored session to determine the refresh time interval to determine whether to allow the refresh. What needs to be stated is "$fs 1=$_post[' a '];", "$fs 1=$_post[' a '];" Two parameters refer to the other pages submitted by post to the parameters that require anti-refresh pages. The reason why these parameters are added in addition to IP is to differentiate between the different post results. (actually the so-called anti-refresh is to prevent a page from being repeatedly submitted.) ）

More specifically, for example, the above code is placed at the beginning of the b.php page, we have a following form on the a.html page:
Code:

B.html

You can see that the A and B 2 parameters submitted by this page are exactly the 2 parameters in the previous b.php (which should in fact be determined by the parameters of the submission page). In the previous PHP code, it has been determined that only through post access to the submitted data page, so the direct input address will be a 404-header error page, only through the post to get the page, while the post refresh itself with the parameter address, This enables the protection of each IP on the same page from the refresh effect.

In addition, we can add to the post page through the Referer to determine the source of the site, to prevent cross-site submissions, but Referer can forge, and Firefox and IE8 often inexplicably referer lost situation, so temporarily do not add this code.

http://www.bkjia.com/PHPjc/1083561.html www.bkjia.com true http://www.bkjia.com/PHPjc/1083561.html techarticle PHP uses the session to prevent the page from repeating the refresh, phpsession prevent the page to prevent the page from repeating the refresh, in the PHP environment can use the session to easily implement. b.php code? PHP//Can only pass ...

