Question

我有一个用户帖子系统，我正在使用ajax来获取数据，一旦用户滚动到页面底部就会获取数据，因此它会根据他们所在的页面对数据进行分页。 / p>

我的问题是，是否有更好，更安全的方法，因此用户无法通过控制台调用JS功能，并且可能使用无用的ajax调用向服务器发送垃圾邮件，而实际上并不喜欢帖子。

这是我在客户端发送ajax请求和保存数据的javascript代码;我在Home对象中保存当前页面，最大页面和每页项目。

Home.all = {
loader: $("div#allLoader"),
isLoading: false,
maxPosts: 0,
likedIcon: '<i class="red-text material-icons">favorite</i>',
unLikedIcon: '<i class="red-text material-icons">favorite_border</i>',
lastLike: 0,
liked: false,
isToLoad: false,
page: parseInt($("ul#posts-all").attr('data-page')),
per_page: parseInt($("ul#posts-all").attr('data-per')),
total_pages: parseInt($("ul#posts-all").attr('data-pages')),
likePost: function (post_id) {
    var post = $('#post-' + post_id);
    var likes = parseInt(post.find('a.post-likes span').html());
    var now = $.now() / 1000;
    if(now - Home.all.lastLike > 1 && Home.all.liked) {
        Home.all.liked = false;
        Home.all.lastLike = now;
        $.ajax({
            type: "POST",
            url: "/post/like/" + post_id,
            success: function (data) {
                if(data.status === 1) {
                    post.find('a.post-likes i').remove();
                    post.find('a.post-likes').prepend(Home.all.unLikedIcon);
                    Materialize.toast('You unliked this post.', 500);
                    likes -= 1;
                } else if (data.status === 2) {
                    post.find('a.post-likes i').remove();
                    post.find('a.post-likes').prepend(Home.all.likedIcon);
                    Materialize.toast('You liked this post.', 500);
                    likes += 1;
                }
                post.find('a.post-likes span').html(likes);
            }
        });
    }
},
updatePage: function (page, per_page, total_pages) {
    Home.all.page = parseInt(page);
    Home.all.per_page = parseInt(per_page);
    Home.all.total_pages = parseInt(total_pages);
    $("ul#posts-all").attr('data-page', page);
    $("ul#posts-all").attr('data-per', per_page);
    $("ul#posts-all").attr('data-pages', total_pages);
},
getPosts: function (page, per_page) {
    if(Home.all.isToLoad) {
        Home.all.isToLoad = false;
        Home.all.loader.show();
        Home.all.isLoading = true;
        Materialize.toast('Loading posts...', 1000);
        setTimeout(function () {
            $.ajax({
                type: "POST",
                url: "/post/all/" + parseInt(page) + "?per_page=" + parseInt(per_page),
                data: {},
                success: function (data) {
                    $("#posts-all").append(data.post_data);
                    Home.all.updatePage(page, per_page, data.total_pages);
                    Home.all.isLoading = false;
                },
                complete: function () {
                    Home.all.loader.hide();
                }
            });
        }, 1000);
    }
}};

这是我喜欢帖子和提取帖子的jquery事件;

$(document).on('scroll', function () {
    if(!Home.all.isLoading && Home.all.page != Home.all.total_pages) {
        var bottomPosts = $('#posts-all').offset().top + $('#posts-all').outerHeight() - window.innerHeight;
        if($(window).scrollTop() >= (bottomPosts) - 20) {
            Home.all.isToLoad = true;
            Home.all.getPosts(Home.all.page + 1, Home.all.per_page);
        }
    }
});

$("#posts-all").on('click', '.post a.post-likes', function ($event) {
    $event.preventDefault();
    Home.all.liked = true;
    var postID = parseInt($(this).parents('.post').attr('id').split('-')[1]);
    Home.all.likePost(postID);
});

我的home.all对象有一个'likes'和'isToLoad'变量，最初设置为false，然后如果用户触发了这些事件则设置为true（因此滚动到页面底部的isToLoad为true或点击.post-like链接集喜欢为true，然后根据ajax函数被调用到服务器。我还添加了一些服务器端检查以查看post_id是否实际存在，然后在post_likes表中添加like用户实际上不能通过控制台使用“Home.all.liked = true”然后使用随机帖子ID的“Home.all.likePost（4545454545）”垃圾邮件数据库。

我正在使用MVC，这是用于切换帖子的控制器方法，如：

public function likePost($params) {
    $response = ['status' => 0];
    $postID = (int) Input::sanitizeInt($params['postid']);
    $userID = $this->app->currentUser()->id;
    if($this->app->post()->UserLiked($postID, $userID)) {
        $response['status'] = 1;
        $this->app->post()->removePostLike($postID, $userID);
    } else {
        $response['status'] = 2;
        $this->app->post()->addPostLike($postID, $userID);
    }
    return response($response, 200);
}

这是正在生成的HTML;

<ul id="posts-all" data-page="1" data-per="5" data-pages="5" class="collection">
                <li id="post-5" class="post collection-item avatar">
                <img src="http://paul.dev/profile/img/default.png" alt="" class="circle">
            <span class="post-title">post</span>
    <p class="post-content">
        12312        </p>

                <a href="#" class="post-likes secondary-content">
        <i class="red-text material-icons">favorite_border</i>
    <span>1</span> likes</a>                            <p class="post-info">Posted by <a href="http://paul.dev/profile/view/AlexEY">Alex Makarov (AlexEY)</a> on Saturday 27th, July 2019 07:08 PM</p>
            <p class="post-info">Tags:
                        None
                </p>
</li>
    <li id="post-33" class="post collection-item avatar">
                <img src="http://paul.dev/profile/img/29-07-2017-01-24-03-82d02e07efaf4cf.png" alt="" class="circle">
            <span class="post-title">1</span>
    <p class="post-content">
        1        </p>

                <a href="#" class="post-likes secondary-content">
        <i class="red-text material-icons">favorite_border</i>
    <span>1</span> likes</a>                            <p class="post-info">Posted by <a href="http://paul.dev/profile/view/PauLeK">Paul Paul (PauLeK)</a> on Saturday 29th, July 2017 12:13 AM</p>
            <p class="post-info">Tags:
                        None
                </p>
</li>
    <li id="post-32" class="post collection-item avatar">
                <img src="http://paul.dev/profile/img/29-07-2017-01-24-03-82d02e07efaf4cf.png" alt="" class="circle">
            <span class="post-title">1</span>
    <p class="post-content">
        1        </p>

                <a href="#" class="post-likes secondary-content">
        <i class="red-text material-icons">favorite_border</i>
    <span>1</span> likes</a>                            <p class="post-info">Posted by <a href="http://paul.dev/profile/view/PauLeK">Paul Paul (PauLeK)</a> on Saturday 29th, July 2017 12:13 AM</p>
            <p class="post-info">Tags:
                        None
                </p>
</li>
    <li id="post-17" class="post collection-item avatar">
                <img src="http://paul.dev/profile/img/29-07-2017-01-24-03-82d02e07efaf4cf.png" alt="" class="circle">
            <span class="post-title">12312</span>
    <p class="post-content">
        23123        </p>

                <a href="#" class="post-likes secondary-content">
        <i class="red-text material-icons">favorite_border</i>
    <span>0</span> likes</a>                            <p class="post-info">Posted by <a href="http://paul.dev/profile/view/PauLeK">Paul Paul (PauLeK)</a> on Saturday 29th, July 2017 12:11 AM</p>
            <p class="post-info">Tags:
                        None
                </p>
</li>
    <li id="post-18" class="post collection-item avatar">
                <img src="http://paul.dev/profile/img/29-07-2017-01-24-03-82d02e07efaf4cf.png" alt="" class="circle">
            <span class="post-title">1123</span>
    <p class="post-content">
        sdgdfg        </p>

                <a href="#" class="post-likes secondary-content">
        <i class="red-text material-icons">favorite_border</i>
    <span>1</span> likes</a>                            <p class="post-info">Posted by <a href="http://paul.dev/profile/view/PauLeK">Paul Paul (PauLeK)</a> on Saturday 29th, July 2017 12:11 AM</p>
            <p class="post-info">Tags:
                        None
                </p>
</li>
    </ul>

Answer 1

Javascript是客户端，所以没有办法避免机器人引发垃圾邮件的可能性。用户可以在浏览器中执行的任何操作，机器人都可以自动执行。您想验证服务器端的ajax请求。如果您确实收到垃圾邮件，请根据IP或其他过滤器限制请求。

没有“安全”客户端这样的东西。这只是让事情变得更加模糊和自动化的问题。但这真的很好地利用了你的时间吗？

PHP和ajax，阻止用户调用dev控制台中的函数

1 个答案: