Steps for PHP to prevent malicious page refreshes

Php method to prevent malicious page refresh

Php method to prevent malicious page refresh

In general, malicious refresh is constantly to refresh the submission page, resulting in a large number of invalid data, below we summarize the PHP prevent malicious Refresh page Method summary.

the principle of preventing a malicious page from being brushed is:

Requires a validation string to be passed between pages,

Randomly generates a string when the page is generated,

As a must parameter is passed in all connections. This string is also stored in the session.

Point connection or form into the page, to determine whether the session verification code is the same as the user submitted, if the same, then the processing, not the same is considered a repeating refresh.

A verification code will be regenerated after processing is completed for the generation of the new page
The PHP implementation code is as follows:

 
  $allowTime) {$refresh = true; $_session[$allowT] = time ();} else{$refresh = false;}?>

IE6 submitted two times I have also encountered, is generally used in the picture instead of submit, the picture has a submit (), this will be submitted two times, if only submit button I did not encounter the submission two times the situation. Now tidy up:

The method is basically the same as the previous few.
The received page is 2.php divided into two parts, part of the processing of the variables submitted, part of the display page

The processing variable is completed with the header ("Location:". $_server[' php_self ') to jump to its own page

This section has to be judged if there are no post variables to skip. Of course, you can also jump to other pages.

Jumping to another page will have a problem when you return, it is recommended to do in a PHP file.
If the previous page passes through the variable does not meet the requirements can be forced to return

Only said a general idea, perhaps the master will not encounter such problems, but not everyone is a master.

if (Isset ($_post)) {  if (variable does not meet the requirements)  

can also Using cookies

Use session:

Main Page File index.php code:

 
 
  
 <title>Disable page Refresh via session</title>
 
 
 

 
  
  
 
   
 
    
Disable page Refresh via session
 
   
 
   
 
    
  
 
   
 
   
 
    
 
   
 
  

 
 

which

The Counter.txt file is the record login file for the same directory.

$counter =fgets ($FP, 1024); Method for reading numeric values in a file (can contain decimal values)
I hope this article is helpful to everyone's PHP programming.

Reference Source:
How PHP prevents malicious refreshes and swipe tickets
Http://www.lai18.com/content/369326.html

Extended Reading

"PHP Security Programming series" series of technical Articles to organize the collection
PHP Security Programming Series Collection of knowledge about PHP security programming, to provide learning reference for PHP security programming

1PHP website Common Security loopholes, and corresponding preventive measures summary

Summary of 2PHP development security issues

3php Summary of ways to prevent web sites from being refreshed

4php method to prevent malicious refresh and swipe tickets

5PHP Safe Use Register Globals

6PHP Secure user-submitted data

7PHP Security Magic Quotes-what are magic quotes and how to use them

8PHP Security hidden PHP script extension

9PHP security file system security--null character issues

10PHP Security Error Report

11PHP Secure Database Security-design, connect, and encrypt

Safety--sql injection and preventive measures of 12PHP security database

13PHP security file system security and preventive measures

14PHP security attacks and workarounds that may be encountered when installing in Apache mode

15PHP security attacks and workarounds that may be encountered when installing in CGI mode

Introduction and general principles of 16PHP safety

17php Filter Paging parameter instance for preventing SQL injection

18php ways to prevent remote submission of forms outside the station

19php method of preventing forgery of data from address bar URL submission

20PHP summary of several common ways to prevent forms from repeating submissions

21php prevent forgery of data from URL submission method

22PHP Simple example of preventing post repeating data submission

23PHP security prevents your source code or important configuration information from being exposed

24php Preventing SQL Injection sample analysis and several common attack regular expressions

25php Preventing SQL Injection Code instances

26php prevent SQL injection from being detailed and protected

27PHP prevent cross-domain submission of forms

The incompatible of 28php safety

29 parsing PHP prevents form from repeating the submission method

30 What XSS attacks? PHP prevents XSS attack function

31php prevent vulnerability policy, create high-performance web

32php security directly with $ get value without $_get character escapes

33PHP secure Programming: Shared host source code security

34PHP Secure Programming: Better session data security

35PHP Secure Programming: Session Data injection

36PHP Secure Programming: Host file directory browsing

37PHP safe Programming: PHP Safe Mode

38PHP Secure Programming: Prevent file names from being manipulated

39PHP Secure Programming: file contains code injection attacks

40PHP Security Programming: File directory guessing vulnerability

41PHP secure Programming: Risk of opening remote files

42PHP Secure Programming: Shell command injection

43PHP Security Programming: Brute Force attack

44PHP Security Programming: Password sniffing and replay attacks

45PHP Secure Programming: Remember security practices for login status

46PHP Security Programming: The Defense of Session hijacking

47PHP safe Programming: Protection from source code exposure

48PHP secure Programming: Pay attention to the backdoor URL

49PHP Secure Programming: Session fixed to get legal session

50PHP Safe Programming: Cookie exposure causes session hijacking

51PHP secure Programming: Preventing SQL injection

52PHP secure programming: attacking from URL semantics

53PHP Security Programming: File Upload attack defense

54PHP Security Programming: The Defense of cross-site scripting attacks

55PHP Secure Programming: cross-site request forgery CSRF defense

56PHP secure programming: About forms Spoofing Submissions

57PHP safe Programming: forms and data security

58PHP Secure Programming: Do not expose database access rights

59PHP Secure Programming: HTTP request spoofing

60PHP safe Programming: Escaping the output

61PHP Safe Programming: Filter User input

62PHP Secure Programming: Some principles of website security design

63PHP safe programming: Do not let unrelated people see the error message

64PHP Security Programming: Register_globals Security

65PHP Security Programming: availability and Data tracking

66php ways to prevent XSS attacks

PHP 67discuz prevents SQL injection functions

Copyright NOTICE: This article for Bo Master original article, without Bo Master permission not reproduced.

3 floor sinat_26360227 yesterday 16:08

sssssssssgy

2 floor wowkk yesterday 14:05

Hello, would you like to work in Guangzhou?

1 floor ndsckm yesterday 09:33

I want to know how the general big Web site is handled

