Php uses session to prevent page refresh _ php tips-php Tutorial

This article mainly introduces php's use of session to prevent repeated page refreshes. if you need it, you can refer to how to prevent repeated page refreshes, in the php environment, session can be easily implemented.

B. php code

<? Php // You can only access if ($ _ SERVER ['request _ method'] = 'get') {header ('http/1.1 404 Not Found ') through post '); die ('dear, the page does not exist');} session_start (); $ fs1 =$ _ POST ['A']; $ fs2 =$ _ POST ['B']; // Anti-refresh time, in seconds $ allowTime = 30; // read the visitor's ip address, so as to easily refresh the ip address limit/* get the real ip address start */if (! Function_exists ('getip ') {function GetIP () {static $ ip = NULL; if ($ ip! = NULL) {return $ ip;} if (isset ($ _ SERVER) {if (isset ($ _ SERVER ['http _ X_FORWARDED_FOR ']) {$ arr = explode (',', $ _ SERVER ['http _ X_FORWARDED_FOR ']); /* take the X-Forwarded-For column as the valid IP character other than unknown? */Foreach ($ arr as $ xip) {$ xip = trim ($ xip); if ($ xip! = 'Unknown ') {$ ip = $ xip; break ;}} elseif (isset ($ _ SERVER ['http _ CLIENT_IP']) {$ ip = $ _ SERVER ['http _ CLIENT_IP '];} else {if (isset ($ _ SERVER ['remote _ ADDR']) {$ ip = $ _ SERVER ['remote _ ADDR '];} else {$ ip = '0. 0.0.0 ';}} else {if (getenv ('http _ X_FORWARDED_FOR') {$ ip = getenv ('http _ X_FORWARDED_FOR ');} elseif (getenv ('http _ CLIENT_IP ') {$ ip = getenv ('http _ CLIENT_IP');} else {$ ip = gete Nv ('remote _ ADDR ') ;}} preg_match ("/[\ d \.] {7, 15}/", $ ip, $ onlineip); $ ip =! Empty ($ onlineip [0])? $ Onlineip [0]: '0. 0.0.0 '; return $ ip ;}}/* get real ip end */$ reip = GetIP (); // related parameter md5 encryption $ allowT = md5 ($ reip. $ fs1. $ fs2); if (! Isset ($ _ SESSION [$ allowT]) {$ _ SESSION [$ allowT] = time ();} else if (time () -$ _ SESSION [$ allowT] --> $ allowTime) {$ _ SESSION [$ allowT] = time () ;}// if the refresh speed is too fast, then the 404header header and the prompt else {header ('http/1.1 404 Not Found ') are provided directly; die ('From '. $ ip. ', you have refreshed too quickly') ;}?>

The code is very simple. it is nothing more than to write the ip address and the data submitted to the anti-refresh page in POST mode into the session after md5 encryption, the refresh interval is determined by the stored session to determine whether refresh is allowed. It must be noted that "$ fs1 =$ _ POST ['A'];", "$ fs1 =$ _ POST ['A']; "Two parameters refer to the parameters for submitting other pages to pages that require anti-refresh by post. The reason for adding these parameters besides ip addresses is to distinguish different post results. (In fact, the so-called anti-refresh mechanism prevents repeated submission of a page .)

To put it more specifically, we have the following form on the.html page, as the example code is opened on the B .php page:

Code:

   
  b.html     

We can see that the parameters a and B submitted on this page are exactly the two parameters in B. php. (in fact, it should be decided by the parameters on the submit page ). In the preceding php code, it has been determined that only the pages for submitted data can be accessed through post. Therefore, if you enter the address directly, you will get a 404-Header error page, which can only be obtained through post, at the same time, the parameter address will be added when the post is refreshed, so that each ip address on the same page can be refreshed.

In addition, we can add a website that uses referer to identify the source on the post page to prevent cross-site submission. However, referer can be forged, and firefox and ie8 often encounter referer loss for some reason, so this code is not added for the moment.