php采用session实现防止页面重复刷新_php技巧
如何防止页面重复刷新,在php环境下可以利用session来轻松实现。
b.php的代码
<?php
//只能通过post方式访问
if ($_SERVER['REQUEST_METHOD'] == 'GET')
{header('HTTP/1.1 404 Not Found'); die('亲,页面不存在');}
session_start();
$fs1=$_POST['a'];
$fs2=$_POST['b'];
//防刷新时间,单位为秒
$allowTime = 30;
//读取访客ip,以便于针对ip限制刷新
/*获取真实ip开始*/
if ( ! function_exists('GetIP'))
{
function GetIP()
{
static $ip = NULL;
if ($ip !== NULL)
{
return $ip;
}
if (isset($_SERVER))
{
if (isset($_SERVER['HTTP_X_FORWARDED_FOR']))
{
$arr = explode(',', $_SERVER['HTTP_X_FORWARDED_FOR']);
/* 取X-Forwarded-For中第x个非unknown的有效IP字符? */
foreach ($arr as $xip)
{
$xip = trim($xip);
if ($xip != 'unknown')
{
$ip = $xip;
break;
}
}
}
elseif (isset($_SERVER['HTTP_CLIENT_IP']))
{
$ip = $_SERVER['HTTP_CLIENT_IP'];
}
else
{
if (isset($_SERVER['REMOTE_ADDR']))
{
$ip = $_SERVER['REMOTE_ADDR'];
}
else
{
$ip = '0.0.0.0';
}
}
}
else
{
if (getenv('HTTP_X_FORWARDED_FOR'))
{
$ip = getenv('HTTP_X_FORWARDED_FOR');
}
elseif (getenv('HTTP_CLIENT_IP'))
{
$ip = getenv('HTTP_CLIENT_IP');
}
else
{
$ip = getenv('REMOTE_ADDR');
}
}
preg_match("/[\d\.]{7,15}/", $ip, $onlineip);
$ip = ! empty($onlineip[0]) ? $onlineip[0] : '0.0.0.0';
return $ip;
}
}
/*获取真实ip结束*/
$reip = GetIP();
//相关参数md5加密
$allowT = md5($reip.$fs1.$fs2);
if(!isset($_SESSION[$allowT])){
$_SESSION[$allowT] = time();
}
else if(time() - $_SESSION[$allowT]-->$allowTime){
$_SESSION[$allowT] = time();
}
//如果刷新过快,则直接给出404header头以及提示
else {header('HTTP/1.1 404 Not Found'); die('来自'.$ip.'的亲,您刷新过快了');}
?>
代码很简单,无非是把ip,以及通过POST方式提交到需要防刷新页面的数据经过md5加密后写入session中,再通过存储的session来判断刷新时间间隔从而决定是否允许刷新。需要说明的是"$fs1=$_POST['a'];"、"$fs1=$_POST['a'];"两个参数是指其他页面通过post方式提交到需要防刷新页的参数。之所以除了ip之外还要加这些参数的原因是为了区别不同的post结果。(实际上所谓的防刷新也就是防止某一页面被反复提交。)
更具体的说,比如上述代码放在b.php页面的开头,我们在a.html页面有一个如下表单:
代码:
<!DOCTYPE> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>b.html</title> </head> <body> <form action="b.php" method="post" > <input type="hidden" id="a" name="a" value="a"/> <input type="hidden" id="b" name="b" value="b"/> <button name="" type="submit" >提交</button> </form> </body> </html>
可以看到这个页面提交的a和b 2个参数正是前面b.php中的2个参数(实际上应该反过来说,由提交页面的参数来决定)。在前面的php代码中,已经确定只能通过post访问被提交数据的页面,所以直接输入地址会得到一个404头的错误页面,只能通过post方式来得到页面,同时post刷新的时候会自己带上参数地址,这样就实现了同一页面每个ip的防止刷新效果。
另外我们可以在被post的页面增加通过referer判定来源网站,防止跨站提交,不过referer可以伪造,而且firefox和ie8经常莫名其妙出现referer丢失的情况,所以暂时也就不加这个代码。
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
Alipay PHP SDK transfer error: How to solve the problem of 'Cannot declare class SignData'?
Apr 01, 2025 am 07:21 AM
Alipay PHP...
Explain JSON Web Tokens (JWT) and their use case in PHP APIs.
Apr 05, 2025 am 12:04 AM
JWT is an open standard based on JSON, used to securely transmit information between parties, mainly for identity authentication and information exchange. 1. JWT consists of three parts: Header, Payload and Signature. 2. The working principle of JWT includes three steps: generating JWT, verifying JWT and parsing Payload. 3. When using JWT for authentication in PHP, JWT can be generated and verified, and user role and permission information can be included in advanced usage. 4. Common errors include signature verification failure, token expiration, and payload oversized. Debugging skills include using debugging tools and logging. 5. Performance optimization and best practices include using appropriate signature algorithms, setting validity periods reasonably,
How does session hijacking work and how can you mitigate it in PHP?
Apr 06, 2025 am 12:02 AM
Session hijacking can be achieved through the following steps: 1. Obtain the session ID, 2. Use the session ID, 3. Keep the session active. The methods to prevent session hijacking in PHP include: 1. Use the session_regenerate_id() function to regenerate the session ID, 2. Store session data through the database, 3. Ensure that all session data is transmitted through HTTPS.
Describe the SOLID principles and how they apply to PHP development.
Apr 03, 2025 am 12:04 AM
The application of SOLID principle in PHP development includes: 1. Single responsibility principle (SRP): Each class is responsible for only one function. 2. Open and close principle (OCP): Changes are achieved through extension rather than modification. 3. Lisch's Substitution Principle (LSP): Subclasses can replace base classes without affecting program accuracy. 4. Interface isolation principle (ISP): Use fine-grained interfaces to avoid dependencies and unused methods. 5. Dependency inversion principle (DIP): High and low-level modules rely on abstraction and are implemented through dependency injection.
How to debug CLI mode in PHPStorm?
Apr 01, 2025 pm 02:57 PM
How to debug CLI mode in PHPStorm? When developing with PHPStorm, sometimes we need to debug PHP in command line interface (CLI) mode...
How to automatically set permissions of unixsocket after system restart?
Mar 31, 2025 pm 11:54 PM
How to automatically set the permissions of unixsocket after the system restarts. Every time the system restarts, we need to execute the following command to modify the permissions of unixsocket: sudo...
Explain late static binding in PHP (static::).
Apr 03, 2025 am 12:04 AM
Static binding (static::) implements late static binding (LSB) in PHP, allowing calling classes to be referenced in static contexts rather than defining classes. 1) The parsing process is performed at runtime, 2) Look up the call class in the inheritance relationship, 3) It may bring performance overhead.
How to send a POST request containing JSON data using PHP's cURL library?
Apr 01, 2025 pm 03:12 PM
Sending JSON data using PHP's cURL library In PHP development, it is often necessary to interact with external APIs. One of the common ways is to use cURL library to send POST�...
