我有这个jquery / ajax
var uploaded=0;
if (uploaded!=0) {
setInterval(function() {
uploaded--;
}, 60000);
alert(uploaded);
}
$(".UploadMSub").click(function(event){
event.preventDefault();
var form_data = new FormData($('.SubmUploadFu')[0]);
if (uploaded<=5) {
$.ajax({
url: '../connect.php',
type: 'post',
cache: false,
contentType: false,
processData: false,
data: form_data,
success: function(data)
{
var json_x = $.parseJSON(data);
var classRes = json_x[0].substring(0, 1);
$(".Result").html(json_x[0]).addClass(classRes).fadeIn(500).delay(2500).fadeOut(500,function() {
$(this).removeClass(classRes);
});
$(".Posts").children(".NumberOf").html(json_x[1]);
$(".Text").val("");
$("#Nameupload").val("");
$(".PhotShow").slideUp(500);
uploaded++;
}
});
}else{
$(".Result").html("You can upload up to 5 posts in one minute").addClass("E").fadeIn(500).delay(2500).fadeOut(500);
}
});
这个php
function isFileUploadAllowed() {
$isAllowed = true;
$timeNow = time();
$timeFrameInSeconds = 30;
$maxUploadsInTimeFrame = 5;
$firstUploadTime = $_SESSION['firstUploadTime'] ? intval($_SESSION['firstUploadTime']) : $timeNow;
$numberOfUploadsInTimeFrame = $_SESSION['numberOfUploadsInTimeFrame'] ? intval($_SESSION['numberOfUploadsInTimeFrame']) : 0;
$givenTimeFrameExpired = (($firstUploadTime + $timeFrameInSeconds) < $timeNow);
if (!$givenTimeFrameExpired) {
if ($numberOfUploadsInTimeFrame + 1 > $maxUploadsInTimeFrame) {
$isAllowed = false;
}
}
if ($isAllowed === true) {
if ($givenTimeFrameExpired) {
$_SESSION['firstUploadTime'] = $timeNow;
$_SESSION['numberOfUploadsInTimeFrame'] = 0;
}
$_SESSION['numberOfUploadsInTimeFrame']++;
}
return $isAllowed;
}
if(isset($_POST['new_post'])){
$Text=htmlspecialchars($_POST['new_post'],ENT_QUOTES);
$Text=trim($Text);
if (is_uploaded_file($_FILES['Upload_f']['tmp_name'])) {
if (isFileUploadAllowed()) {
$fileP=$_FILES['Upload_f'];
$fileP_name=$fileP['name'];
$fileP_tmp=$fileP['tmp_name'];
$fileP_size=$fileP['size'];
$fileP_error=$fileP['error'];
$fileP_extension=explode('.', $fileP_name);
$fileP_extension=strtolower(end($fileP_extension));
$allowed=array('jpg','png');
if (in_array($fileP_extension, $allowed)){
if ($fileP_error===0) {
if ($fileP_size<=2097152){
$fileP_new_name=uniqid().'.'.$fileP_extension;
}
}
$NotInarray=false;
}else{
$fileP_new_name="";
$NotInarray=true;
}
$Fileuploaded=true;
}
}else{
$fileP_new_name="";
$fileP=0;
$Fileuploaded=false;
$NotInarray=false;
}
$Posts=$con->query("SELECT Posts FROM user_opt WHERE Username='$NameId'");
$row=$Posts->fetch_row();
if (strlen($Text)>400) {
$Res="Error occurred.Please try again";
$PostNum=$row[0];
}elseif(strlen($Text)==0 && $fileP==0){
$Res="Both fields are empty";
$PostNum=$row[0];
}elseif($Fileuploaded===true){
if ($NotInarray==true) {
$Res="Only jpg and png files are allowed";
$PostNum=$row[0];
}elseif ($fileP_error!=0) {
$Res="Error occurred.Please try again";
$PostNum=$row[0];
}else{
$Res="Success";
$PostNum=$row[0]+1;
}
}else{
$Rand=generateRandomString(100);
$query=$con->query("INSERT INTO uploads (Rand,Username,image,`Text`,`Date`) VALUES('$Rand','$NameId','$fileP_new_name','$Text',NOW())");
$querya=$con->query("UPDATE user_opt SET posts=posts+1 WHERE Username='$NameId'");
$PostNum=$row[0]+1;
$Res="Success";
}
echo json_encode(array($Res,$PostNum));
}
但问题是,当用户使用开发工具时,他可以轻松更改
if (uploaded<=5) {
要
if (uploaded<=50) {
jquery会将限制增加到50.如何防止这种情况? 问题也可能在php函数中?如果我的php函数正常工作它不应该将数据插入数据库但它确实
答案 0 :(得分:1)
else没有if (isFileUploadAllowed())条款,因此您不会清除变量。您可以将该测试与外部测试结合起来:
if (is_uploaded_file($_FILES['Upload_f']['tmp_name'] && isFileUploadAllowed())