PHP prevents malicious refresh and ticket brushing implementation code_PHP tutorial

Malicious refresh means constantly refreshing the submission page, resulting in a large amount of invalid data. Let’s summarize the methods of preventing malicious page refresh in PHP. The principle of preventing malicious page brushing is

Requires a verification string to be passed between pages,
When generating the page, randomly generate a string,
Passed as a required parameter in all connections. At the same time, save this string in the session.

After clicking the link or entering the form, it will be judged whether the verification code in the session is the same as the one submitted by the user. If it is the same, it will be processed. If it is not the same, it will be considered as repeated refresh.
After the processing is completed, a verification code will be regenerated for the generation of a new page

The code is as follows

Copy code

代码如下	复制代码
session_start(); $k=$_GET['k']; $t=$_GET['t']; $allowTime = 1800;//防刷新时间 $ip = get_client_ip(); $allowT = md5($ip.$k.$t); if(!isset($_SESSION[$allowT])) { $refresh = true; $_SESSION[$allowT] = time(); }elseif(time() - $_SESSION[$allowT]>$allowTime){ $refresh = true; $_SESSION[$allowT] = time(); }else{ $refresh = false; } ?>

session_start();
$k=$_GET['k'];
$t=$_GET['t'];
$allowTime = 1800;//Anti-refresh time
$ip = get_client_ip();
$allowT = md5($ip.$k.$t);
if(!isset($_SESSION[$allowT]))
{
$refresh = true;

$_SESSION[$allowT] = time();

代码如下	复制代码
if(isset($_POST)) { if(变量不符合要求) <script> history.go(-1); </script> else 操作数据 ... if(操作完成) header( "location: ".$_SERVER[ 'PHP_SELF ']); }

}elseif(time() - $_SESSION[$allowT]>$allowTime){

$refresh = true;

$_SESSION[$allowT] = time();

代码如下

复制代码

$c_file="counter.txt"; //文件名赋值给变量 if(!file_exists($c_file)) //如果文件不存在的操作 { $myfile=fopen($c_file,"w"); //创建文件 fwrite($myfile,"0"); //置入“0” fclose($myfile); //关闭文件 } $t_num=file($c_file); //把文件内容读入变量 if($_COOKIE["date"]!="date(Y年m月d日)") //判断COOKIE内容与当前日期是否一致 { $t_num[0]++; //原始数据自增1 $myfile=fopen($c_file,"w"); //写入方式打开文件 fwrite($myfile,$t_num[0]); //写入新数值 fclose($myfile); //关闭文件 //重新将当前日期写入COOKIE并设定COOKIE的有效期为24小时 setcookie("date","date(Y年m月d日)",time()+60*60*24); } ?>

}else{ $refresh = false; } ?> I have also encountered ie6 submitting twice. Generally speaking, when using a picture instead of submit, there is a submit() on the picture, which will submit twice. If it is just a submit button, I have not encountered the situation of submitting twice. Now to sort it out: The method is basically the same as the previous ones The received page 2.php is divided into two parts, one part processes the submitted variables, and the other part displays the page After processing the variables, use header( "location: ".$_SERVER[ 'PHP_SELF ']) to jump to the own page This part needs to be judged. If there is no post variable, skip it. Of course, you can also jump to other pages. There will be problems when jumping to other pages and returning. It is recommended to do it in a php file. If the variables passed through the previous page do not meet the requirements, you can force the return to <script> history.go(-1); </script> I just talked about the general idea. Maybe masters will not encounter such problems, but not everyone is a master.

The code is as follows	Copy code
if(isset($_POST)) { if (variable does not meet the requirements) <script> history.go(-1); </script> else Operation data ... if (operation completed) header( "location: ".$_SERVER[ 'PHP_SELF ']); }

You can also use COOKIE

The code is as follows

Copy code

$c_file="counter.txt"; //Assign the file name to the variable<🎜> if(!file_exists($c_file)) //Operation if the file does not exist<🎜> {<🎜> $myfile=fopen($c_file,"w"); //Create file<🎜> fwrite($myfile,"0"); //Place "0"<🎜> fclose($myfile); //Close the file<🎜> }<🎜> $t_num=file($c_file); //Read the file content into the variable<🎜> if($_COOKIE["date"]!="date(Y year m month d day)") //Judge whether the COOKIE content is consistent with the current date<🎜> {<🎜> $t_num[0]++; //The original data increases by 1<🎜> $myfile=fopen($c_file,"w"); //Open the file in writing mode<🎜> fwrite($myfile,$t_num[0]); //Write new value<🎜> fclose($myfile); //Close the file<🎜> //Re-write the current date into the COOKIE and set the validity period of the COOKIE to 24 hours<🎜> setcookie("date","date(Y year m month d day)",time()+60*60*24);<🎜> }<🎜> ?>

session

Main page file index.php code:

代码如下

复制代码

//使用文本存储数据    if($_SESSION[temp]==""){    if(($fp=fopen("counter.txt","r"))==false){ echo "打开文件失败!";      }else{ $counter=fgets($fp,1024);   //读取文件中数据      fclose($fp);                        //关闭文本文件      $counter++;                         //计数器增加1      $fp=fopen("counter.txt","w");       //以写的方式打开文本文件        fputs($fp,$counter);                //将新的统计数据增加1      fclose($fp);    }                   //关闭文 //从文本文件中读取统计数据        if(($fp=fopen("counter.txt","r"))==false){echo "打开文件失败!";}else{         $counter=fgets($fp,1024);         fclose($fp);            echo "数字计数器: " .$counter ; }   //输出访问次数      $_SESSION[temp]=1; //登录以后,$_SESSION[temp]的值不为空,给$_SESSION[temp]赋一个值1      }else{      echo "<script>alert('您不可以刷新本页!!'); history.back();</script>";      } ?>             通过session禁止页面刷新       $counter=fgets($fp,1024); fclose($fp); echo "网页访问量: " .$counter ; } //输出访问次数?>

The counter.txt file is a file that records the number of logins in the same directory...
$counter=fgets($fp,1024); is a method for reading numerical values ​​in files (can include decimal point values)...

http://www.bkjia.com/PHPjc/629624.htmlwww.bkjia.comtruehttp: //www.bkjia.com/PHPjc/629624.htmlTechArticleMalicious refresh means constantly refreshing the submission page, resulting in a large amount of invalid data. Let’s summarize PHP prevention Summary of malicious page refresh methods The principle of preventing malicious page refresh is...

Statement of this Website

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

Hot AI Tools

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

Online AI tool for removing clothes from photos.

Undress AI Tool

Undress images for free

Clothoff.io

AI clothes remover

Video Face Swap

Swap faces in any video effortlessly with our completely free AI face swap tool!

Show More

Hot Article

Assassin's Creed Shadows: Seashell Riddle Solution

3 weeks ago By DDD

What's New in Windows 11 KB5054979 & How to Fix Update Issues

2 weeks ago By DDD

Where to find the Crane Control Keycard in Atomfall

3 weeks ago By DDD

Assassin's Creed Shadows - How To Find The Blacksmith And Unlock Weapon And Armour Customisation

4 weeks ago By DDD

Roblox: Dead Rails - How To Complete Every Challenge

3 weeks ago By DDD

Show More

Hot Tools

Notepad++7.3.1

Easy-to-use and free code editor

SublimeText3 Chinese version

Chinese version, very easy to use

Zend Studio 13.0.1

Powerful PHP integrated development environment

Dreamweaver CS6

Visual web development tools

SublimeText3 Mac version

God-level code editing software (SublimeText3)

Show More

Hot Topics

Where is the login entrance for gmail email?

7589

15

CakePHP Tutorial

1386

52

What is the format of the account name of steam

88

11

win11 activation key permanent

66

19

nyt connections hints and answers

28

123

Show More

Related knowledge

PHP 8.4 Installation and Upgrade guide for Ubuntu and Debian Dec 24, 2024 pm 04:42 PM

PHP 8.4 brings several new features, security improvements, and performance improvements with healthy amounts of feature deprecations and removals. This guide explains how to install PHP 8.4 or upgrade to PHP 8.4 on Ubuntu, Debian, or their derivati

How To Set Up Visual Studio Code (VS Code) for PHP Development Dec 20, 2024 am 11:31 AM

Visual Studio Code, also known as VS Code, is a free source code editor — or integrated development environment (IDE) — available for all major operating systems. With a large collection of extensions for many programming languages, VS Code can be c

7 PHP Functions I Regret I Didn't Know Before Nov 13, 2024 am 09:42 AM

If you are an experienced PHP developer, you might have the feeling that you’ve been there and done that already.You have developed a significant number of applications, debugged millions of lines of code, and tweaked a bunch of scripts to achieve op

Explain JSON Web Tokens (JWT) and their use case in PHP APIs. Apr 05, 2025 am 12:04 AM

JWT is an open standard based on JSON, used to securely transmit information between parties, mainly for identity authentication and information exchange. 1. JWT consists of three parts: Header, Payload and Signature. 2. The working principle of JWT includes three steps: generating JWT, verifying JWT and parsing Payload. 3. When using JWT for authentication in PHP, JWT can be generated and verified, and user role and permission information can be included in advanced usage. 4. Common errors include signature verification failure, token expiration, and payload oversized. Debugging skills include using debugging tools and logging. 5. Performance optimization and best practices include using appropriate signature algorithms, setting validity periods reasonably,

How do you parse and process HTML/XML in PHP? Feb 07, 2025 am 11:57 AM

This tutorial demonstrates how to efficiently process XML documents using PHP. XML (eXtensible Markup Language) is a versatile text-based markup language designed for both human readability and machine parsing. It's commonly used for data storage an

PHP Program to Count Vowels in a String Feb 07, 2025 pm 12:12 PM

A string is a sequence of characters, including letters, numbers, and symbols. This tutorial will learn how to calculate the number of vowels in a given string in PHP using different methods. The vowels in English are a, e, i, o, u, and they can be uppercase or lowercase. What is a vowel? Vowels are alphabetic characters that represent a specific pronunciation. There are five vowels in English, including uppercase and lowercase: a, e, i, o, u Example 1 Input: String = "Tutorialspoint" Output: 6 explain The vowels in the string "Tutorialspoint" are u, o, i, a, o, i. There are 6 yuan in total

Explain late static binding in PHP (static::). Apr 03, 2025 am 12:04 AM

Static binding (static::) implements late static binding (LSB) in PHP, allowing calling classes to be referenced in static contexts rather than defining classes. 1) The parsing process is performed at runtime, 2) Look up the call class in the inheritance relationship, 3) It may bring performance overhead.

What are PHP magic methods (__construct, __destruct, __call, __get, __set, etc.) and provide use cases? Apr 03, 2025 am 12:03 AM

What are the magic methods of PHP? PHP's magic methods include: 1.\_\_construct, used to initialize objects; 2.\_\_destruct, used to clean up resources; 3.\_\_call, handle non-existent method calls; 4.\_\_get, implement dynamic attribute access; 5.\_\_set, implement dynamic attribute settings. These methods are automatically called in certain situations, improving code flexibility and efficiency.

See all articles

Public welfare online PHP training，Help PHP learners grow quickly！

About us Disclaimer Sitemap

© php.cn All rights reserved