我目前在阻止浏览器上的F5或Refresh事件刷新页面时遇到问题。
每当用户刷新页面代码更改并再次重新提交时。如何防止?
以下是我的PHP代码:
<?php
include('include/dbConnect.php');
function handle_forget(){
global $dbLink;
$username = $_POST['userName'];
$securityCode = $_POST['securityCode'];
if(empty($securityCode) || empty ($username)){
display_forget_form();
return;
}
$forgetPass = "SELECT * FROM Users WHERE user_name = '$username' AND user_security_passcode = '$securityCode'";
$stmt = sqlsrv_query ( $dbLink, $forgetPass) ;
if( $stmt === false){
die (print_r (sqlsrv_errors(), true ));
}
while( $row = sqlsrv_fetch_array ($stmt, SQLSRV_FETCH_ASSOC )){
display_success_forget($username);
return;
}
if( empty($row) ){
display_failed_forget();
}
sqlsrv_free_stmt ( $stmt );
}
function display_success_forget($username){
global $dbLink;
echo
<<<SUCCESSFORM
<!DOCTYPE html>
<!--[if IE 8]><html class="ie8" lang="en"><![endif]-->
<!--[if IE 9]><html class="ie9" lang="en"><![endif]-->
<!--[if !IE]><!-->
<html lang="en">
<!--<![endif]-->
<!-- start: HEAD -->
<!-- start: HEAD -->
<head>
<title>TESTING</title>
<!-- start: META -->
<!--[if IE]><meta http-equiv='X-UA-Compatible' content="IE=edge,IE=9,IE=8,chrome=1" /><![endif]-->
<meta charset="utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0, user-scalable=0, minimum-scale=1.0, maximum-scale=1.0">
<meta name="apple-mobile-web-app-capable" content="yes">
<meta name="apple-mobile-web-app-status-bar-style" content="black">
<meta content="" name="description" />
<meta content="" name="author" />
<!-- end: META -->
<!-- start: GOOGLE FONTS -->
<link href="http://fonts.googleapis.com/css?family=Lato:300,400,400italic,600,700|Raleway:300,400,500,600,700|Crete+Round:400italic" rel="stylesheet" type="text/css" />
<!-- end: GOOGLE FONTS -->
<!-- start: MAIN CSS -->
<link rel="stylesheet" href="vendor/bootstrap/css/bootstrap.min.css">
<link rel="stylesheet" href="vendor/fontawesome/css/font-awesome.min.css">
<link rel="stylesheet" href="vendor/themify-icons/themify-icons.min.css">
<link href="vendor/animate.css/animate.min.css" rel="stylesheet" media="screen">
<link href="vendor/perfect-scrollbar/perfect-scrollbar.min.css" rel="stylesheet" media="screen">
<link href="vendor/switchery/switchery.min.css" rel="stylesheet" media="screen">
<!-- end: MAIN CSS -->
<!-- start: CLIP-TWO CSS -->
<link rel="stylesheet" href="assets/css/styles.css">
<link rel="stylesheet" href="assets/css/plugins.css">
<link rel="stylesheet" href="assets/css/themes/theme-1.css" id="skin_color" />
<!-- end: CLIP-TWO CSS -->
<!-- start: CSS REQUIRED FOR THIS PAGE ONLY -->
<!-- end: CSS REQUIRED FOR THIS PAGE ONLY -->
</head>
<!-- end: HEAD -->
<!-- start: BODY -->
<body class="login">
<!-- start: FORGOT -->
<div class="row">
<div class="main-login col-xs-10 col-xs-offset-1 col-sm-8 col-sm-offset-2 col-md-4 col-md-offset-4">
<div class="logo margin-top-30">
<center/><h3>Lembaga Tabung Angkatan Tentera CMS</h3>
</div>
<!-- start: FORGOT BOX -->
<div class="box-forgot">
SUCCESSFORM;
$characters = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
$charactersLength = strlen($characters);
$randomString = '';
for ($i = 0; $i < 6; $i++) {
$randomString .= $characters[rand(0, $charactersLength - 1)];
}
$updatePassword = "UPDATE Users SET user_password = '$randomString' WHERE user_name = '$username'";
$stmt = sqlsrv_query ($dbLink, $updatePassword);
echo
<<<SUCCESSFORM1
<fieldset>
<div class="alert alert-block alert-danger fade in">
<h4 class="alert-heading margin-bottom-10"><i class="ti-close"></i> Warning!</h4>
<p class="margin-bottom-10">
*Please Keep Your Password Carefully.<br/><br/>
*Don't Share Your Password With Others. <br/><br/>
*You May Now Login With New Password.
</p>
</div>
<i class="fa fa-arrow-circle-right"></i> Username: $username <br/><br/>
<i class="fa fa-arrow-circle-right"></i> New Password: $randomString
</fieldset>
<div class="form-actions">
<a class="btn btn-primary btn-o" href="login.php">
<i class="fa fa-chevron-circle-left"></i> Log-In
</a>
</div>
<!-- start: COPYRIGHT -->
<div class="copyright">
© <span class="current-year"></span><span class="text-bold text-uppercase"> Xyreon Technology Sdn Bhd</span>. <span>All rights reserved</span>
</div>
<!-- end: COPYRIGHT -->
</div>
<!-- end: FORGOT BOX -->
</div>
</div>
<!-- end: FORGOT -->
<!-- start: MAIN JAVASCRIPTS -->
<script src="vendor/jquery/jquery.min.js"></script>
<script src="vendor/bootstrap/js/bootstrap.min.js"></script>
<script src="vendor/modernizr/modernizr.js"></script>
<script src="vendor/jquery-cookie/jquery.cookie.js"></script>
<script src="vendor/perfect-scrollbar/perfect-scrollbar.min.js"></script>
<script src="vendor/switchery/switchery.min.js"></script>
<!-- end: MAIN JAVASCRIPTS -->
<!-- start: JAVASCRIPTS REQUIRED FOR THIS PAGE ONLY -->
<script src="vendor/jquery-validation/jquery.validate.min.js"></script>
<!-- end: JAVASCRIPTS REQUIRED FOR THIS PAGE ONLY -->
<!-- start: CLIP-TWO JAVASCRIPTS -->
<script src="assets/js/main.js"></script>
<!-- start: JavaScript Event Handlers for this page -->
<script src="assets/js/login.js"></script>
<script>
jQuery(document).ready(function() {
Main.init();
Login.init();
});
</script>
<!-- end: JavaScript Event Handlers for this page -->
<!-- end: CLIP-TWO JAVASCRIPTS -->
</body>
<!-- end: BODY -->
</html>
SUCCESSFORM1;
}
function display_failed_forget(){
$phpself = $_SERVER ["PHP_SELF"];
echo
<<<FORGETFORM
<!DOCTYPE html>
<!--[if IE 8]><html class="ie8" lang="en"><![endif]-->
<!--[if IE 9]><html class="ie9" lang="en"><![endif]-->
<!--[if !IE]><!-->
<html lang="en">
<!--<![endif]-->
<!-- start: HEAD -->
<!-- start: HEAD -->
<head>
<title>TESTING</title>
<!-- start: META -->
<!--[if IE]><meta http-equiv='X-UA-Compatible' content="IE=edge,IE=9,IE=8,chrome=1" /><![endif]-->
<meta charset="utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0, user-scalable=0, minimum-scale=1.0, maximum-scale=1.0">
<meta name="apple-mobile-web-app-capable" content="yes">
<meta name="apple-mobile-web-app-status-bar-style" content="black">
<meta content="" name="description" />
<meta content="" name="author" />
<!-- end: META -->
<!-- start: GOOGLE FONTS -->
<link href="http://fonts.googleapis.com/css?family=Lato:300,400,400italic,600,700|Raleway:300,400,500,600,700|Crete+Round:400italic" rel="stylesheet" type="text/css" />
<!-- end: GOOGLE FONTS -->
<!-- start: MAIN CSS -->
<link rel="stylesheet" href="vendor/bootstrap/css/bootstrap.min.css">
<link rel="stylesheet" href="vendor/fontawesome/css/font-awesome.min.css">
<link rel="stylesheet" href="vendor/themify-icons/themify-icons.min.css">
<link href="vendor/animate.css/animate.min.css" rel="stylesheet" media="screen">
<link href="vendor/perfect-scrollbar/perfect-scrollbar.min.css" rel="stylesheet" media="screen">
<link href="vendor/switchery/switchery.min.css" rel="stylesheet" media="screen">
<!-- end: MAIN CSS -->
<!-- start: CLIP-TWO CSS -->
<link rel="stylesheet" href="assets/css/styles.css">
<link rel="stylesheet" href="assets/css/plugins.css">
<link rel="stylesheet" href="assets/css/themes/theme-1.css" id="skin_color" />
<!-- end: CLIP-TWO CSS -->
<!-- start: CSS REQUIRED FOR THIS PAGE ONLY -->
<!-- end: CSS REQUIRED FOR THIS PAGE ONLY -->
</head>
<!-- end: HEAD -->
<!-- start: BODY -->
<body class="login">
<!-- start: FORGOT -->
<div class="row">
<div class="main-login col-xs-10 col-xs-offset-1 col-sm-8 col-sm-offset-2 col-md-4 col-md-offset-4">
<div class="logo margin-top-30">
<center/><h3>Lembaga Tabung Angkatan Tentera CMS</h3>
</div>
<!-- start: FORGOT BOX -->
<div class="box-forgot">
<form class="form-login" method="post" action="$phpself">
<fieldset>
<legend>
Forget Password?
</legend>
<p>
Enter your username & security passcode to reset password.
</p>
<div class="form-group">
<label class="control-label">
Username <span class="symbol required"></span>
</label>
<input type="text" placeholder="Insert your Username" class="form-control" id="userName" name="userName" required>
</div>
<div class="form-group">
<label class="control-label">
Security Passcode <span class="symbol required"></span>
</label>
<input type="password" placeholder="Insert your Security Code" class="form-control" id="securityCode" name="securityCode" required>
</div>
<div class="form-actions">
<a class="btn btn-primary btn-o" href="login.php">
<i class="fa fa-chevron-circle-left"></i> Log-In
</a>
<button type="submit" class="btn btn-primary pull-right">
Submit <i class="fa fa-arrow-circle-right"></i>
</button>
</div>
</fieldset>
</form>
<!-- start: COPYRIGHT -->
<div class="copyright">
© <span class="current-year"></span><span class="text-bold text-uppercase"> Xyreon Technology Sdn Bhd</span>. <span>All rights reserved</span>
</div>
<!-- end: COPYRIGHT -->
</div>
<!-- end: FORGOT BOX -->
</div>
</div>
<!-- end: FORGOT -->
<!-- start: MAIN JAVASCRIPTS -->
<script src="vendor/jquery/jquery.min.js"></script>
<script src="vendor/bootstrap/js/bootstrap.min.js"></script>
<script src="vendor/modernizr/modernizr.js"></script>
<script src="vendor/jquery-cookie/jquery.cookie.js"></script>
<script src="vendor/perfect-scrollbar/perfect-scrollbar.min.js"></script>
<script src="vendor/switchery/switchery.min.js"></script>
<!-- end: MAIN JAVASCRIPTS -->
<!-- start: JAVASCRIPTS REQUIRED FOR THIS PAGE ONLY -->
<script src="vendor/jquery-validation/jquery.validate.min.js"></script>
<!-- end: JAVASCRIPTS REQUIRED FOR THIS PAGE ONLY -->
<!-- start: CLIP-TWO JAVASCRIPTS -->
<script src="assets/js/main.js"></script>
<!-- start: JavaScript Event Handlers for this page -->
<script src="assets/js/login.js"></script>
<script>
jQuery(document).ready(function() {
Main.init();
Login.init();
});
</script>
<!-- end: JavaScript Event Handlers for this page -->
<!-- end: CLIP-TWO JAVASCRIPTS -->
</body>
<!-- end: BODY -->
</html>
FORGETFORM;
}
function display_forget_form(){
$phpself = $_SERVER ["PHP_SELF"];
echo
<<<FORGETFORM
<!DOCTYPE html>
<!--[if IE 8]><html class="ie8" lang="en"><![endif]-->
<!--[if IE 9]><html class="ie9" lang="en"><![endif]-->
<!--[if !IE]><!-->
<html lang="en">
<!--<![endif]-->
<!-- start: HEAD -->
<!-- start: HEAD -->
<head>
<title>TESTING</title>
<!-- start: META -->
<!--[if IE]><meta http-equiv='X-UA-Compatible' content="IE=edge,IE=9,IE=8,chrome=1" /><![endif]-->
<meta charset="utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0, user-scalable=0, minimum-scale=1.0, maximum-scale=1.0">
<meta name="apple-mobile-web-app-capable" content="yes">
<meta name="apple-mobile-web-app-status-bar-style" content="black">
<meta content="" name="description" />
<meta content="" name="author" />
<!-- end: META -->
<!-- start: GOOGLE FONTS -->
<link href="http://fonts.googleapis.com/css?family=Lato:300,400,400italic,600,700|Raleway:300,400,500,600,700|Crete+Round:400italic" rel="stylesheet" type="text/css" />
<!-- end: GOOGLE FONTS -->
<!-- start: MAIN CSS -->
<link rel="stylesheet" href="vendor/bootstrap/css/bootstrap.min.css">
<link rel="stylesheet" href="vendor/fontawesome/css/font-awesome.min.css">
<link rel="stylesheet" href="vendor/themify-icons/themify-icons.min.css">
<link href="vendor/animate.css/animate.min.css" rel="stylesheet" media="screen">
<link href="vendor/perfect-scrollbar/perfect-scrollbar.min.css" rel="stylesheet" media="screen">
<link href="vendor/switchery/switchery.min.css" rel="stylesheet" media="screen">
<!-- end: MAIN CSS -->
<!-- start: CLIP-TWO CSS -->
<link rel="stylesheet" href="assets/css/styles.css">
<link rel="stylesheet" href="assets/css/plugins.css">
<link rel="stylesheet" href="assets/css/themes/theme-1.css" id="skin_color" />
<!-- end: CLIP-TWO CSS -->
<!-- start: CSS REQUIRED FOR THIS PAGE ONLY -->
<!-- end: CSS REQUIRED FOR THIS PAGE ONLY -->
</head>
<!-- end: HEAD -->
<!-- start: BODY -->
<body class="login">
<!-- start: FORGOT -->
<div class="row">
<div class="main-login col-xs-10 col-xs-offset-1 col-sm-8 col-sm-offset-2 col-md-4 col-md-offset-4">
<div class="logo margin-top-30">
<center/><h3>Lembaga Tabung Angkatan Tentera CMS</h3>
</div>
<!-- start: FORGOT BOX -->
<div class="box-forgot">
<form class="form-login" method="post" action="$phpself">
<fieldset>
<legend>
Forget Password?
</legend>
<p>
Enter your username & security passcode to reset password.
</p>
<div class="form-group">
<label class="control-label">
Username <span class="symbol required"></span>
</label>
<input type="text" placeholder="Insert your Username" class="form-control" id="userName" name="userName" required>
</div>
<div class="form-group">
<label class="control-label">
Security Passcode <span class="symbol required"></span>
</label>
<input type="password" placeholder="Insert your Security Code" class="form-control" id="securityCode" name="securityCode" required>
</div>
<div class="form-actions">
<a class="btn btn-primary btn-o" href="login.php">
<i class="fa fa-chevron-circle-left"></i> Log-In
</a>
<button type="submit" class="btn btn-primary pull-right">
Submit <i class="fa fa-arrow-circle-right"></i>
</button>
</div>
</fieldset>
</form>
<!-- start: COPYRIGHT -->
<div class="copyright">
© <span class="current-year"></span><span class="text-bold text-uppercase"> Xyreon Technology Sdn Bhd</span>. <span>All rights reserved</span>
</div>
<!-- end: COPYRIGHT -->
</div>
<!-- end: FORGOT BOX -->
</div>
</div>
<!-- end: FORGOT -->
<!-- start: MAIN JAVASCRIPTS -->
<script src="vendor/jquery/jquery.min.js"></script>
<script src="vendor/bootstrap/js/bootstrap.min.js"></script>
<script src="vendor/modernizr/modernizr.js"></script>
<script src="vendor/jquery-cookie/jquery.cookie.js"></script>
<script src="vendor/perfect-scrollbar/perfect-scrollbar.min.js"></script>
<script src="vendor/switchery/switchery.min.js"></script>
<!-- end: MAIN JAVASCRIPTS -->
<!-- start: JAVASCRIPTS REQUIRED FOR THIS PAGE ONLY -->
<script src="vendor/jquery-validation/jquery.validate.min.js"></script>
<!-- end: JAVASCRIPTS REQUIRED FOR THIS PAGE ONLY -->
<!-- start: CLIP-TWO JAVASCRIPTS -->
<script src="assets/js/main.js"></script>
<!-- start: JavaScript Event Handlers for this page -->
<script src="assets/js/login.js"></script>
<script>
jQuery(document).ready(function() {
Main.init();
Login.init();
});
</script>
<!-- end: JavaScript Event Handlers for this page -->
<!-- end: CLIP-TWO JAVASCRIPTS -->
</body>
<!-- end: BODY -->
</html>
FORGETFORM;
}
$method = $_SERVER["REQUEST_METHOD"];
if($method =="POST"){
handle_forget();
}
else{
display_forget_form();
}
?>
如果用户刷新页面并更新密码,则始终会调用display_success_forget函数,我想阻止它,无论如何这样做?我曾尝试搜索重定向功能,但需要有2页才能执行此操作。任何其他解决方案,以防止用户重新提交我的表单?感谢。
答案 0 :(得分:1)
将唯一值存储到$_SESSION以防止重新提交表单。将其添加到您的表单:
<input type="hidden" name="__req" value="1" />
<input type="hidden" name="key" value="<?php echo rand(100000,999999); ?>" />
基于您的脚本,其他用户可以发布任何内容并运行您的功能!像这样更改你的php脚本:
<?php
$method = $_SERVER["REQUEST_METHOD"];
if($method =="POST"){
if($_POST['key'] != $_SESSION['form_key'] && $_POST['__req']){
$_SESSION['form_key'] = $_POST['key'];
handle_forget();
}
else{
display_forget_form();
}
}
else{
display_forget_form();
}
?>
希望这会有所帮助:)
答案 1 :(得分:0)
在您的初始回发之后,使用以下内容将用户重定向回原始页面而不使用POST变量:
if(empty($securityCode) || empty ($username)){
display_forget_form();
header("Location:index.php");
}