In the php environment, session is used to prevent repeated page refreshes. B. The php code copy code is as follows :? Php can only access if ($ _ SERVER [REQUEST_METHOD] GET) {header (HTTP1.1404NotFound); die (parent, the page does not exist); B. php code through post.
The code is as follows:
// Access only through post
If ($ _ SERVER ['request _ method'] = 'get ')
{Header ('http/1.1 404 Not Found '); die ('parent, the page does Not exist ');}
Session_start ();
$ Fs1 = $ _ POST ['A'];
$ Fs2 = $ _ POST ['B'];
// Anti-refresh time, in seconds
$ AllowTime = 30;
// Read the visitor's ip address to facilitate refresh of ip address restrictions
/* Start to obtain the real ip address */
If (! Function_exists ('getip '))
{
Function GetIP ()
{
Static $ ip = NULL;
If ($ ip! = NULL)
{
Return $ ip;
}
If (isset ($ _ SERVER ))
{
If (isset ($ _ SERVER ['http _ X_FORWARDED_FOR '])
{
$ Arr = explode (',', $ _ SERVER ['http _ X_FORWARDED_FOR ']);
/* Take the X-Forwarded-For column as the valid IP character other than unknown? */
Foreach ($ arr as $ xip)
{
$ Xip = trim ($ xip );
If ($ xip! = 'Unknown ')
{
$ Ip = $ xip;
Break;
}
}
}
Elseif (isset ($ _ SERVER ['http _ CLIENT_IP '])
{
$ Ip = $ _ SERVER ['http _ CLIENT_IP '];
}
Else
{
If (isset ($ _ SERVER ['remote _ ADDR '])
{
$ Ip = $ _ SERVER ['remote _ ADDR '];
}
Else
{
$ Ip = '0. 0.0.0 ';
}
}
}
Else
{
If (getenv ('http _ X_FORWARDED_FOR '))
{
$ Ip = getenv ('http _ X_FORWARDED_FOR ');
}
Elseif (getenv ('http _ CLIENT_IP '))
{
$ Ip = getenv ('http _ CLIENT_IP ');
}
Else
{
$ Ip = getenv ('remote _ ADDR ');
}
}
Preg_match ("/[\ d \.] {7, 15}/", $ ip, $ onlineip );
$ Ip =! Empty ($ onlineip [0])? $ Onlineip [0]: '0. 0.0.0 ';
Return $ ip;
}
}
/* Get the real ip address */
$ Reip = GetIP ();
// Related parameter md5 encryption
$ AllowT = md5 ($ reip. $ fs1. $ fs2 );
If (! Isset ($ _ SESSION [$ allowT]) {
$ _ SESSION [$ allowT] = time ();
}
Else if (time ()-$ _ SESSION [$ allowT] --> $ allowTime ){
$ _ SESSION [$ allowT] = time ();
}
// If the refresh speed is too high, the 404header header and prompt will be given directly.
Else {header ('http/1.1 404 Not Found '); die ('From'. $ ip. ', you have refreshed too quickly ');}
?>
The code is very simple. it is nothing more than to write the ip address and the data submitted to the anti-refresh page in POST mode into the session after md5 encryption, the refresh interval is determined by the stored session to determine whether refresh is allowed. It must be noted that "$ fs1 =$ _ POST ['A'];", "$ fs1 =$ _ POST ['A']; "Two parameters refer to the parameters for submitting other pages to pages that require anti-refresh by post. The reason for adding these parameters besides ip addresses is to distinguish different post results. (In fact, the so-called anti-refresh mechanism prevents repeated submission of a page .)
To put it more specifically, we have the following form on the.html page, as the example code is opened on the B .php page:
The code is as follows:
B .html
We can see that the parameters a and B submitted on this page are exactly the two parameters in B. php. (in fact, it should be decided by the parameters on the submit page ). In the preceding php code, it has been determined that only the pages for submitted data can be accessed through post. Therefore, if you enter the address directly, you will get a 404-Header error page, which can only be obtained through post, at the same time, the parameter address will be added when the post is refreshed, so that each ip address on the same page can be refreshed.
In addition, we can add a website that uses referer to identify the source on the post page to prevent cross-site submission. However, referer can be forged, and firefox and ie8 often encounter referer loss for some reason, so this code is not added for the moment.
The pipeline code is as follows :? Php // You can only access if ($ _ SERVER ['request _ method'] = 'get') {header ('http/1.1 404 Not Found ') through post '); die ('kiss, page does not exist ');...