php采用session实现防止页面重复刷新,
php采用session实现防止页面重复刷新,
如何防止页面重复刷新,在php环境下可以利用session来轻松实现。
b.php的代码
<?php //只能通过post方式访问 if ($_SERVER['REQUEST_METHOD'] == 'GET') {header('HTTP/1.1 404 Not Found'); die('亲,页面不存在');} session_start(); $fs1=$_POST['a']; $fs2=$_POST['b']; //防刷新时间,单位为秒 $allowTime = 30; //读取访客ip,以便于针对ip限制刷新 /*获取真实ip开始*/ if ( ! function_exists('GetIP')) { function GetIP() { static $ip = NULL; if ($ip !== NULL) { return $ip; } if (isset($_SERVER)) { if (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) { $arr = explode(',', $_SERVER['HTTP_X_FORWARDED_FOR']); /* 取X-Forwarded-For中第x个非unknown的有效IP字符? */ foreach ($arr as $xip) { $xip = trim($xip); if ($xip != 'unknown') { $ip = $xip; break; } } } elseif (isset($_SERVER['HTTP_CLIENT_IP'])) { $ip = $_SERVER['HTTP_CLIENT_IP']; } else { if (isset($_SERVER['REMOTE_ADDR'])) { $ip = $_SERVER['REMOTE_ADDR']; } else { $ip = '0.0.0.0'; } } } else { if (getenv('HTTP_X_FORWARDED_FOR')) { $ip = getenv('HTTP_X_FORWARDED_FOR'); } elseif (getenv('HTTP_CLIENT_IP')) { $ip = getenv('HTTP_CLIENT_IP'); } else { $ip = getenv('REMOTE_ADDR'); } } preg_match("/[\d\.]{7,15}/", $ip, $onlineip); $ip = ! empty($onlineip[0]) ? $onlineip[0] : '0.0.0.0'; return $ip; } } /*获取真实ip结束*/ $reip = GetIP(); //相关参数md5加密 $allowT = md5($reip.$fs1.$fs2); if(!isset($_SESSION[$allowT])){ $_SESSION[$allowT] = time(); } else if(time() - $_SESSION[$allowT]-->$allowTime){ $_SESSION[$allowT] = time(); } //如果刷新过快,则直接给出404header头以及提示 else {header('HTTP/1.1 404 Not Found'); die('来自'.$ip.'的亲,您刷新过快了');} ?>
代码很简单,无非是把ip,以及通过POST方式提交到需要防刷新页面的数据经过md5加密后写入session中,再通过存储的session来判断刷新时间间隔从而决定是否允许刷新。需要说明的是"$fs1=$_POST['a'];"、"$fs1=$_POST['a'];"两个参数是指其他页面通过post方式提交到需要防刷新页的参数。之所以除了ip之外还要加这些参数的原因是为了区别不同的post结果。(实际上所谓的防刷新也就是防止某一页面被反复提交。)
更具体的说,比如上述代码放在b.php页面的开头,我们在a.html页面有一个如下表单:
代码:
<!DOCTYPE> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>b.html</title> </head> <body> <form action="b.php" method="post" > <input type="hidden" id="a" name="a" value="a"/> <input type="hidden" id="b" name="b" value="b"/> <button name="" type="submit" >提交</button> </form> </body> </html>
可以看到这个页面提交的a和b 2个参数正是前面b.php中的2个参数(实际上应该反过来说,由提交页面的参数来决定)。在前面的php代码中,已经确定只能通过post访问被提交数据的页面,所以直接输入地址会得到一个404头的错误页面,只能通过post方式来得到页面,同时post刷新的时候会自己带上参数地址,这样就实现了同一页面每个ip的防止刷新效果。
另外我们可以在被post的页面增加通过referer判定来源网站,防止跨站提交,不过referer可以伪造,而且firefox和ie8经常莫名其妙出现referer丢失的情况,所以暂时也就不加这个代码。
您可能感兴趣的文章:
- 让PHP COOKIE立即生效,不用刷新就可以使用
- php中防止恶意刷新页面的代码小结
- php防止恶意刷新与刷票的方法
- php防止网站被刷新的方法汇总
- 刷新PHP缓冲区为你的站点加速
- PHP防止刷新重复提交页面的示例代码
- php防止CC攻击代码 php防止网页频繁刷新

Hot AI Tools

Undresser.AI Undress
AI-powered app for creating realistic nude photos

AI Clothes Remover
Online AI tool for removing clothes from photos.

Undress AI Tool
Undress images for free

Clothoff.io
AI clothes remover

AI Hentai Generator
Generate AI Hentai for free.

Hot Article

Hot Tools

Notepad++7.3.1
Easy-to-use and free code editor

SublimeText3 Chinese version
Chinese version, very easy to use

Zend Studio 13.0.1
Powerful PHP integrated development environment

Dreamweaver CS6
Visual web development tools

SublimeText3 Mac version
God-level code editing software (SublimeText3)

Hot Topics

In this chapter, we will understand the Environment Variables, General Configuration, Database Configuration and Email Configuration in CakePHP.

PHP 8.4 brings several new features, security improvements, and performance improvements with healthy amounts of feature deprecations and removals. This guide explains how to install PHP 8.4 or upgrade to PHP 8.4 on Ubuntu, Debian, or their derivati

To work with date and time in cakephp4, we are going to make use of the available FrozenTime class.

To work on file upload we are going to use the form helper. Here, is an example for file upload.

In this chapter, we are going to learn the following topics related to routing ?

CakePHP is an open-source framework for PHP. It is intended to make developing, deploying and maintaining applications much easier. CakePHP is based on a MVC-like architecture that is both powerful and easy to grasp. Models, Views, and Controllers gu

Visual Studio Code, also known as VS Code, is a free source code editor — or integrated development environment (IDE) — available for all major operating systems. With a large collection of extensions for many programming languages, VS Code can be c

Validator can be created by adding the following two lines in the controller.
