84669 person learning
152542 person learning
20005 person learning
5487 person learning
7821 person learning
359900 person learning
3350 person learning
180660 person learning
48569 person learning
18603 person learning
40936 person learning
1549 person learning
1183 person learning
32909 person learning
手机网站提交页面,网络好的时候正常,网络慢的时候手机页面会一直在加载状态,但是Fiddler抓取却有两次相同内容的提交,如何避免这种情况发生?
拥有18年软件开发和IT教学经验。曾任多家上市公司技术总监、架构师、项目经理、高级软件工程师等职务。 网络人气名人讲师,...
我的做法是在服务端生成一个token,提交的时候验证token,这是第一道验证,第二道验证为在表单提交时将提交按钮设置为disabled,一般做个第二种验证就可以了
// 提交表单数据到后台处理 $.ajax({ type: "post", data: studentInfo, contentType: "application/json", url: "/Home/Submit", beforeSend: function () { // 禁用按钮防止重复提交 $("#submit").attr({ disabled: "disabled" }); }, success: function (data) { if (data == "Success") { //清空输入框 clearBox(); } }, complete: function () { $("#submit").removeAttr("disabled"); }, error: function (data) { console.info("error: " + data.responseText); } });
Csrf 验证类
getRequest()->isPost()) { // | // | try { // | ##验证TOKEN // | NoCSRF::check( 'csrf_token', $_POST, true, 60*10, false ); //60*10为10分钟(null为不验证时间) // | $result = 'CSRF check passed. Form parsed.'; // | //$this->getRequest()->getPost('field'); // | echo $result; // | } catch ( Exception $e ) { // | echo $e->getMessage() . ' Form ignored.'; // | } // | } else { // | #生成TOKEN // | $token = NoCSRF::generate( 'csrf_token' ); // | $this->getView()->assign('token', $token); // | $this->getView()->display('页面'); // | } // | // 前端 // | // +---------------------------------------------------------------------- class NoCSRF { protected static $doOriginCheck = false; /** * Check CSRF tokens match between session and $origin. * Make sure you generated a token in the form before checking it. * * @param String $key The session and $origin key where to find the token. * @param Mixed $origin The object/associative array to retreive the token data from (usually $_POST). * @param Boolean $throwException (Facultative) TRUE to throw exception on check fail, FALSE or default to return false. * @param Integer $timespan (Facultative) Makes the token expire after $timespan seconds. (null = never) * @param Boolean $multiple (Facultative) Makes the token reusable and not one-time. (Useful for ajax-heavy requests). * * @return Boolean Returns FALSE if a CSRF attack is detected, TRUE otherwise. */ public static function check( $key, $origin, $throwException=false, $timespan=null, $multiple=false ) { $session = Session::getInstance(); if ( !$session->has( 'csrf_' . $key ) ) if($throwException) throw new \Exception( 'Missing CSRF session token.' ); else return false; if ( !isset( $origin[ $key ] ) ) if($throwException) throw new \Exception( 'Missing CSRF form token.' ); else return false; // Get valid token from session $hash = $session->get('csrf_' . $key); // Free up session token for one-time CSRF token usage. if(!$multiple) $session->forget('csrf_' . $key); // Origin checks if( self::$doOriginCheck && sha1( $_SERVER['REMOTE_ADDR'] . $_SERVER['HTTP_USER_AGENT'] ) != substr( base64_decode( $hash ), 10, 40 ) ) { if($throwException) throw new \Exception( 'Form origin does not match token origin.' ); else return false; } // Check if session token matches form token if ( $origin[ $key ] != $hash ) if($throwException) throw new \Exception( 'Invalid CSRF token.' ); else return false; // Check for token expiration if ( $timespan != null && is_int( $timespan ) && intval( substr( base64_decode( $hash ), 0, 10 ) ) + $timespan put('csrf_' . $key, $token); return $token; } /** * Generates a random string of given $length. * * @param Integer $length The string length. * @return String The randomly generated string. */ protected static function randomString( $length ) { $seed = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijqlmnopqrtsuvwxyz0123456789'; $max = strlen( $seed ) - 1; $string = ''; for ( $i = 0; $i
我的做法是在服务端生成一个token,提交的时候验证token,这是第一道验证,第二道验证为在表单提交时将提交按钮设置为disabled,一般做个第二种验证就可以了
Csrf 验证类