Community
Learn
Tools Library
AI Tools
Leisure
search
English
Home Backend Development PHP Tutorial 分享DEDECMS 验证码的一个细节有关问题。附提问一个疑惑,有关SESSION的

分享DEDECMS 验证码的一个细节有关问题。附提问一个疑惑,有关SESSION的

WBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWB
WBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWB
Jun 13, 2016 pm 12:59 PM
cookie nbsp session

分享DEDECMS 验证码的一个细节问题。附提问一个疑惑,有关SESSION的

本帖最后由 default7 于 2012-12-01 15:54:51 编辑
问题:重复提交问题。表单提交成功了,发现页面单击右键点击返回上一页,浏览器提示“此页面不可用”,按下F5重新刷新,结果又提交成功了。导致“如果不停地刷新”就可以不停地提交成功!验证码的问题。
代码:
<br />
if($dopost == 'add'){<br />
  $svali = GetCkVdValue();<br />
  if(strtolower($vdcode)!=$svali || $svali=='')<br />
  {<br />
      ResetVdValue();<br />
      ShowMsg('验证码错误!', '-1');<br />
      exit();<br />
  }<br />
}<br />
Copy after login

解决: 一开始以为是ResetVdValue();这个函数的问题,最后才发现是执行顺序的问题,把 ResetVdValue(); 放到判断“提交的验证码是否正确”的代码之前就可以了。
<br />
if($dopost == 'add'){<br />
  $svali = GetCkVdValue();<br />
  ResetVdValue(); //位置移前<br />
  if(strtolower($vdcode)!=$svali || $svali=='')<br />
  {<br />
      ShowMsg('验证码错误!', '-1');<br />
      exit();<br />
  }<br />
}<br />
Copy after login




后来看了验证码方面的获取和销毁的函数,有一个疑问的地方:
1.未改动前的文件:/include/common.func.php,函数GetCkVdValue()和ResetVdValue()
<br />
/**<br />
 *  获取验证码的session值<br />
 *<br />
 * @return    string<br />
 */<br />
function GetCkVdValue()<br />
{<br />
    @session_id($_COOKIE['PHPSESSID']);<br />
    @session_start();<br />
    return isset($_SESSION['securimage_code_value']) ? $_SESSION['securimage_code_value'] : '';<br />
}<br />
<br />
/**<br />
 *  PHP某些版本有Bug,不能在同一作用域中同时读session并改注销它,因此调用后需执行本函数<br />
 *<br />
 * @return    void<br />
 */<br />
function ResetVdValue()<br />
{<br />
    @session_start();<br />
    $_SESSION['securimage_code_value'] = '';<br />
}<br />
Copy after login


2.未改动前的验证码生成程序:/include/vdimgck.php 开头的地方有写
<br />
$sessSavePath = DEDEDATA."/sessions/";<br />
<br />
// Session保存路径<br />
if(is_writeable($sessSavePath) && is_readable($sessSavePath)){ session_save_path($sessSavePath); }<br />
if(!empty($cfg_domain_cookie)) session_set_cookie_params(0,'/',$cfg_domain_cookie);<br />
<br />
session_start();<br />
Copy after login



个人将代码修改成如下,文件/include/common.func.php
<br>
<br>
/**<br>
 *  获取验证码的session值<br>
 *<br>
 * @return    string<br>
 */<br>
function GetCkVdValue()<br>
{<br>
    $sessSavePath = DEDEDATA."/sessions/";<br>
    if(is_writeable($sessSavePath) && is_readable($sessSavePath)){ session_save_path($sessSavePath); }<br>
    if(!empty($GLOBALS['cfg_domain_cookie'])) session_set_cookie_params(0,'/',$GLOBALS['cfg_domain_cookie']);<br>
<br>
    @session_id($_COOKIE['PHPSESSID']);<br>
    @session_start();<br>
    return isset($_SESSION['securimage_code_value']) ? $_SESSION['securimage_code_value'] : '';<br>
}<br>
<br>
/**<br>
 *  PHP某些版本有Bug,不能在同一作用域中同时读session并改注销它,因此调用后需执行本函数<br>
 *<br>
 * @return    void<br>
 */<br>
function ResetVdValue()<br>
{<br>
    $sessSavePath = DEDEDATA."/sessions/";<br>
    if(is_writeable($sessSavePath) && is_readable($sessSavePath)){ session_save_path($sessSavePath); } <div class="clear">
                 
              
              
        
            </div>
Copy after login
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

Hot AI Tools

Undresser.AI Undress

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

AI Clothes Remover

Online AI tool for removing clothes from photos.

Undress AI Tool

Undress AI Tool

Undress images for free

Clothoff.io

Clothoff.io

AI clothes remover

AI Hentai Generator

AI Hentai Generator

Generate AI Hentai for free.

Show More

Hot Article

R.E.P.O. Energy Crystals Explained and What They Do (Yellow Crystal)
2 weeks ago By 尊渡假赌尊渡假赌尊渡假赌
Repo: How To Revive Teammates
4 weeks ago By 尊渡假赌尊渡假赌尊渡假赌
Hello Kitty Island Adventure: How To Get Giant Seeds
3 weeks ago By 尊渡假赌尊渡假赌尊渡假赌
How Long Does It Take To Beat Split Fiction?
3 weeks ago By DDD
R.E.P.O. Save File Location: Where Is It & How to Protect It?
3 weeks ago By DDD
Show More

Hot Tools

Notepad++7.3.1

Notepad++7.3.1

Easy-to-use and free code editor

SublimeText3 Chinese version

SublimeText3 Chinese version

Chinese version, very easy to use

Zend Studio 13.0.1

Zend Studio 13.0.1

Powerful PHP integrated development environment

Dreamweaver CS6

Dreamweaver CS6

Visual web development tools

SublimeText3 Mac version

SublimeText3 Mac version

God-level code editing software (SublimeText3)

Show More

Hot Topics

Where is the login entrance for gmail email?
7317
9
Java Tutorial
1625
14
CakePHP Tutorial
1349
46
Laravel Tutorial
1261
25
PHP Tutorial
1209
29
Show More
Related knowledge
Solution: Your organization requires you to change your PIN Solution: Your organization requires you to change your PIN Oct 04, 2023 pm 05:45 PM

The message "Your organization has asked you to change your PIN" will appear on the login screen. This happens when the PIN expiration limit is reached on a computer using organization-based account settings, where they have control over personal devices. However, if you set up Windows using a personal account, the error message should ideally not appear. Although this is not always the case. Most users who encounter errors report using their personal accounts. Why does my organization ask me to change my PIN on Windows 11? It's possible that your account is associated with an organization, and your primary approach should be to verify this. Contacting your domain administrator can help! Additionally, misconfigured local policy settings or incorrect registry keys can cause errors. Right now

10 Ways to Adjust Brightness on Windows 11 10 Ways to Adjust Brightness on Windows 11 Dec 18, 2023 pm 02:21 PM

Screen brightness is an integral part of using modern computing devices, especially when you look at the screen for long periods of time. It helps you reduce eye strain, improve legibility, and view content easily and efficiently. However, depending on your settings, it can sometimes be difficult to manage brightness, especially on Windows 11 with the new UI changes. If you're having trouble adjusting brightness, here are all the ways to manage brightness on Windows 11. How to Change Brightness on Windows 11 [10 Ways Explained] Single monitor users can use the following methods to adjust brightness on Windows 11. This includes desktop systems using a single monitor as well as laptops. let's start. Method 1: Use the Action Center The Action Center is accessible

How to turn off private browsing authentication for iPhone in Safari? How to turn off private browsing authentication for iPhone in Safari? Nov 29, 2023 pm 11:21 PM

In iOS 17, Apple introduced several new privacy and security features to its mobile operating system, one of which is the ability to require two-step authentication for private browsing tabs in Safari. Here's how it works and how to turn it off. On an iPhone or iPad running iOS 17 or iPadOS 17, Apple's browser now requires Face ID/Touch ID authentication or a passcode if you have any Private Browsing tab open in Safari and then exit the session or app to access them again. In other words, if someone gets their hands on your iPhone or iPad while it's unlocked, they still won't be able to view your privacy without knowing your passcode

Win10/11 digital activation script MAS version 2.2 re-supports digital activation Win10/11 digital activation script MAS version 2.2 re-supports digital activation Oct 16, 2023 am 08:13 AM

The famous activation script MAS2.2 version supports digital activation again. The method originated from @asdcorp and the team. The MAS author calls it HWID2. Download gatherosstate.exe (not original, modified) from https://github.com/massgravel/Microsoft-Activation-Scripts, run it with parameters, and generate GenuineTicket.xml. First take a look at the original method: gatherosstate.exePfn=xxxxxxx;DownlevelGenuineState=1 and then compare with the latest method: gatheros

How to solve session failure How to solve session failure Oct 18, 2023 pm 05:19 PM

Session failure is usually caused by the session lifetime expiration or server shutdown. The solutions: 1. Extend the lifetime of the session; 2. Use persistent storage; 3. Use cookies; 4. Update the session asynchronously; 5. Use session management middleware.

Where are the cookies on your computer? Where are the cookies on your computer? Dec 22, 2023 pm 03:46 PM

Cookies on your computer are stored in specific locations on your browser, depending on the browser and operating system used: 1. Google Chrome, stored in C:\Users\YourUsername\AppData\Local\Google\Chrome\User Data\Default \Cookies etc.

Where are cookies stored? Where are cookies stored? Dec 20, 2023 pm 03:07 PM

Cookies are usually stored in the cookie folder of the browser. Cookie files in the browser are usually stored in binary or SQLite format. If you open the cookie file directly, you may see some garbled or unreadable content, so it is best to use Use the cookie management interface provided by your browser to view and manage cookies.

Solution to PHP Session cross-domain problem Solution to PHP Session cross-domain problem Oct 12, 2023 pm 03:00 PM

Solution to the cross-domain problem of PHPSession In the development of front-end and back-end separation, cross-domain requests have become the norm. When dealing with cross-domain issues, we usually involve the use and management of sessions. However, due to browser origin policy restrictions, sessions cannot be shared by default across domains. In order to solve this problem, we need to use some techniques and methods to achieve cross-domain sharing of sessions. 1. The most common use of cookies to share sessions across domains

See all articles