84669 Lernen von Personen
152542 Lernen von Personen
20005 Lernen von Personen
5487 Lernen von Personen
7821 Lernen von Personen
359900 Lernen von Personen
3350 Lernen von Personen
180660 Lernen von Personen
48569 Lernen von Personen
18603 Lernen von Personen
40936 Lernen von Personen
1549 Lernen von Personen
1183 Lernen von Personen
32909 Lernen von Personen
手机网站提交页面,网络好的时候正常,网络慢的时候手机页面会一直在加载状态,但是Fiddler抓取却有两次相同内容的提交,如何避免这种情况发生?
拥有18年软件开发和IT教学经验。曾任多家上市公司技术总监、架构师、项目经理、高级软件工程师等职务。 网络人气名人讲师,...
我的做法是在服务端生成一个token,提交的时候验证token,这是第一道验证,第二道验证为在表单提交时将提交按钮设置为disabled,一般做个第二种验证就可以了
// 提交表单数据到后台处理 $.ajax({ type: "post", data: studentInfo, contentType: "application/json", url: "/Home/Submit", beforeSend: function () { // 禁用按钮防止重复提交 $("#submit").attr({ disabled: "disabled" }); }, success: function (data) { if (data == "Success") { //清空输入框 clearBox(); } }, complete: function () { $("#submit").removeAttr("disabled"); }, error: function (data) { console.info("error: " + data.responseText); } });
Csrf 验证类
getRequest()->isPost()) { // | // | try { // | ##验证TOKEN // | NoCSRF::check( 'csrf_token', $_POST, true, 60*10, false ); //60*10为10分钟(null为不验证时间) // | $result = 'CSRF check passed. Form parsed.'; // | //$this->getRequest()->getPost('field'); // | echo $result; // | } catch ( Exception $e ) { // | echo $e->getMessage() . ' Form ignored.'; // | } // | } else { // | #生成TOKEN // | $token = NoCSRF::generate( 'csrf_token' ); // | $this->getView()->assign('token', $token); // | $this->getView()->display('页面'); // | } // | // 前端 // | // +---------------------------------------------------------------------- class NoCSRF { protected static $doOriginCheck = false; /** * Check CSRF tokens match between session and $origin. * Make sure you generated a token in the form before checking it. * * @param String $key The session and $origin key where to find the token. * @param Mixed $origin The object/associative array to retreive the token data from (usually $_POST). * @param Boolean $throwException (Facultative) TRUE to throw exception on check fail, FALSE or default to return false. * @param Integer $timespan (Facultative) Makes the token expire after $timespan seconds. (null = never) * @param Boolean $multiple (Facultative) Makes the token reusable and not one-time. (Useful for ajax-heavy requests). * * @return Boolean Returns FALSE if a CSRF attack is detected, TRUE otherwise. */ public static function check( $key, $origin, $throwException=false, $timespan=null, $multiple=false ) { $session = Session::getInstance(); if ( !$session->has( 'csrf_' . $key ) ) if($throwException) throw new \Exception( 'Missing CSRF session token.' ); else return false; if ( !isset( $origin[ $key ] ) ) if($throwException) throw new \Exception( 'Missing CSRF form token.' ); else return false; // Get valid token from session $hash = $session->get('csrf_' . $key); // Free up session token for one-time CSRF token usage. if(!$multiple) $session->forget('csrf_' . $key); // Origin checks if( self::$doOriginCheck && sha1( $_SERVER['REMOTE_ADDR'] . $_SERVER['HTTP_USER_AGENT'] ) != substr( base64_decode( $hash ), 10, 40 ) ) { if($throwException) throw new \Exception( 'Form origin does not match token origin.' ); else return false; } // Check if session token matches form token if ( $origin[ $key ] != $hash ) if($throwException) throw new \Exception( 'Invalid CSRF token.' ); else return false; // Check for token expiration if ( $timespan != null && is_int( $timespan ) && intval( substr( base64_decode( $hash ), 0, 10 ) ) + $timespan put('csrf_' . $key, $token); return $token; } /** * Generates a random string of given $length. * * @param Integer $length The string length. * @return String The randomly generated string. */ protected static function randomString( $length ) { $seed = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijqlmnopqrtsuvwxyz0123456789'; $max = strlen( $seed ) - 1; $string = ''; for ( $i = 0; $i
我的做法是在服务端生成一个token,提交的时候验证token,这是第一道验证,第二道验证为在表单提交时将提交按钮设置为disabled,一般做个第二种验证就可以了
Csrf 验证类