The realization of preventing pages from repeating refresh by using session in PHP environment

  How to prevent the page from recurring refresh, in the PHP environment can use the session to easily implement, the following is the specific code, the need for friends can refer to the following

B.php's code   code is as follows: 

<?php
 
/ / can only be accessed by post
If ($_SERVER['REQUEST_METHOD'] == 'GET')
{header('HTTP/1.1 404 Not Found'); die('pro, page does not exist');}
Session_start();
$fs1=$_POST['a'];
$fs2=$_POST['b'];
/ / Anti-refresh time, the unit is seconds
$allowTime = 30;
/ / Read the visitor ip, in order to refresh for the ip limit
/*Get real ip start*/
If ( ! function_exists('GetIP'))
{
Function GetIP()
{
Static $ip = NULL;
If ($ip !== NULL)
{
Return $ip;
}
If (isset($_SERVER))
{
If (isset($_SERVER['HTTP_X_FORWARDED_FOR']))
{
$arr = explode(',', $_SERVER['HTTP_X_FORWARDED_FOR']);
/* Take the xth non-unknown valid IP character in X-Forwarded-For? */
Foreach ($arr as $xip)
{
$xip = trim($xip);
If ($xip != 'unknown')
{
$ip = $xip;
Break;
}
}
}
Elseif (isset($_SERVER['HTTP_CLIENT_IP']))
{
$ip = $_SERVER['HTTP_CLIENT_IP'];
}
Else
{
If (isset($_SERVER['REMOTE_ADDR']))
{
$ip = $_SERVER['REMOTE_ADDR'];
}
Else
{
$ip = '0.0.0.0';
}
}
}
Else
{
If (getenv('HTTP_X_FORWARDED_FOR'))
{
$ip = getenv('HTTP_X_FORWARDED_FOR');
}
Elseif (getenv('HTTP_CLIENT_IP'))
{
$ip = getenv('HTTP_CLIENT_IP');
}
Else
{
$ip = getenv('REMOTE_ADDR');
}
}
Preg_match("/[\d\.]{7,15}/", $ip, $onlineip);
$ip = ! empty($onlineip[0]) ? $onlineip[0] : '0.0.0.0';
Return $ip;
}
}
/*Get the real ip end*/
$reip = GetIP();
/ / Related parameters md5 encryption
$allowT = md5($reip.$fs1.$fs2);
If(!isset($_SESSION[$allowT])){
$_SESSION[$allowT] = time();
}
Else if(time() - $_SESSION[$allowT]-->$allowTime){
$_SESSION[$allowT] = time();
}
/ / If the refresh is too fast, then directly give the 404header header and prompt
Else {header('HTTP/1.1 404 Not Found'); die('from the '.$ip.' pro, you refreshed too fast');}
?>

The code is very simple, nothing more than ip, and POST to submit the data that needs to be anti-refresh page after md5 encryption and then write to the session, and then through the stored session to determine the refresh interval to determine whether to allow refresh. It should be noted that "$fs1=$_POST['a'];", "$fs1=$_POST['a'];"Two parameters refer to the parameters that other pages submit to the page that needs to be refreshed by post. The reason why these parameters are added in addition to ip is to distinguish different post results. (In fact, the so-called anti-refresh is to prevent a page from being submitted repeatedly.)

More specifically, for example, the above code is placed at the beginning of the b.php page. We have a form on the a.html page:
Code:

<!DOCTYPE>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>b.html</title>
</head>
<body>
<form action="b.php" method="post" >
<input type="hidden" id="a" name="a" value="a"/>
<input type="hidden" id="b" name="b" value="b"/>
<button name="" type="submit" >submit</button>
</form>
</body>
</html>

You can see that the a and b parameters submitted by this page are exactly the two parameters in the previous b.php (in fact, it should be reversed, determined by the parameters of the submit page). In the previous php code, it has been determined that the page that submitted the data can only be accessed through the post, so directly entering the address will get a 404 error page, and the page can only be obtained through the post method, and the post will be taken when the post is refreshed. The parameter address is on, so that the anti-refresh effect of each ip of the same page is realized.

In addition, we can increase the source website through the referer on the post page to prevent cross-site submission, but the referer can be forged, and firefox and ie8 often inexplicably lose referer, so this code is not added for the time being.