PHP anti-CC attack method (to prevent quick refresh)

1. session records

Submit. php sets a session variable on the sending page and sends it together as a hidden field and form. submitdeal. php page. on the server side, the hidden variables in the post are compared with the session variables recorded on the server side. For example, if the same, the hidden variables are written to the database and the session is cleared. In this way, the user refreshes the page, if the two values are not equal, an error or jump is prompted.

Advantage: you do not need to enter the verification code.

Disadvantage: forms are easily copied.

2. Verification Code
The principle is the same as the first one, except that the session data is not submitted as a hidden domain. Instead, users are allowed to enter the data, which is used by most websites. The text verification code and image verification code are provided. The image verification code is highly secure .. other

3. IP binding
After the data is submitted, the Client IP address is retrieved from the IP address table. If the IP address does not expire, an error is returned. Otherwise, the IP address is written to the database, and then the IP address of the room is taken to write the IP address to the database.

4. cookie
After the customer submits the post-processing program, it first retrieves whether the client has set cookies. If so, it does not submit them repeatedly. If not, it writes data and then writes a cookie;

Example:

Method 1:

<? Php
Session_start ();
$ K = $ _ GET ['K'];
$ T = $ _ GET ['T'];
$ AllowTime = 1800; // anti-Refresh time
$ Ip = get_client_ip ();
$ AllowT = md5 ($ ip. $ k. $ t );
If (! Isset ($ _ SESSION [$ allowT])
{
$ Refresh = true;
$ _ SESSION [$ allowT] = time ();
} Elseif (time ()-$ _ SESSION [$ allowT]> $ allowTime ){
$ Refresh = true;
$ _ SESSION [$ allowT] = time ();
} Else {
$ Refresh = false;
}
?>

 

Method 2:

<? Php
Session_start ();
$ Allow_sep = "30000 ";
If (isset ($ _ SESSION ["post_sep"])
{
If (time ()-$ _ SESSION ["post_sep"] <$ allow_sep)
{
Exit ("Please do not refresh repeatedly ");
}
Else
{
$ _ SESSION ["post_sep"] = time ();
}
}
Else
{
$ _ SESSION ["post_sep"] = time ();
}
?>

Www.2cto.com

Method 3:

<?
Session_start ();
If (! Emptyempty ($ _ POST [name]) {
$ Data = $ _ POST [name];
$ Tag = $ _ POST [tag];
If ($ _ SESSION [status] ==$ tag ){
Echo $ data;
} Else {
Echo "Refresh not allowed! ";
}
}
$ V = mt_rand (1,10000 );
?>
<Form method = "post" name = "magic" action = "f5.php"> <input type = "hidden"
Name = "tag" value = "<? = $ V?> "> <Input type = text name =" name "> <input type =" submit "value =" submit ">
</Form>
<?
Echo $ v;
$ _ SESSION [status] = $ v;
?>

Download: http://up.2cto.com/2012/0805/20120805113930246.rar