1验证码
2token令牌。(同理随机input的name )
Java代码 
- <?php
- session_start();
- if ($_POST["submit"] == "go") {
- //check token
- if ($_POST["token"] == $_SESSION["token"]) {
- //continue processing….
- } else {
- //stop all processing! remote form posting attempt!
- }
- }
- $token = md5(uniqid(rand(), true));
- $_SESSION["token"] = $token;
- ?>
- <form action="" method="post">
- <p><label for="name">Name</label>
- <input type="text" name="name" id="name" size="20″ maxlength="40″/></p>
- <input type="hidden" name="token" value="<?php echo $token; ?>"/>
- <p><input type="submit" name="submit" value="go"/></p>
- </form>
3. 提交前客户端加密后台解密(如加密2中的token)http://hudeyong926.iteye.com/blog/1594892
4 IP及IP段进行访问限制
Java代码
- <?php
- $oblock_ip = new block_ip();
- $boolean = $oblock_ip->checkip();
- class block_ip {
- var $block_ip = array("192.168.1.1","210.10.2.1-20","222.34.4.*");
- function __construct(){
- }
- function __destruct(){
- }
- private function makepregip($str){
- if (strstr($str,"-")) {
- $aip = explode(".",$str);
- foreach ($aip as $k=>$v) {
- if (!strstr($v,"-")) {
- $preg_limit .= makepregip($v);
- } else{
- $aipnum = explode("-",$v);
- for($i=$aipnum[0];$i<=$aipnum[1];$i++){
- $preg .=$preg?"|".$i:"[".$i;
- }
- $preg_limit .=strrpos($preg_limit,".",1)==(strlen($preg_limit)-1)?$preg."]":".".$preg."]";
- }
- }
- }else{
- $preg_limit .= $str.".";
- }
- return $preg_limit;
- }
- private function getallblockip(){
- if ($this->block_ip) {
- foreach ($this->block_ip as $k=>$v) {
- $ipaddres = $this->makepregip($v->start_ip);
- $ip = str_ireplace(".","\.",$ipaddres);
- $ip = str_replace("*","[0-9]{1,3}",$ip);
- $ipaddres = "/".$ip."/";
- $ip_list[] = $ipaddres;
- }
- }
- return $ip_list;
- }
- public function checkip() {
- $iptable = $this->getallblockip();
- $isjoined = true;
- //取得用户ip
- $ip = $this->get_client_ip();
- $ip = trim($ip);
- //剔除黑名单中的ip区段
- if ($iptable) {
- foreach($iptable as $value) {
- if (preg_match("{$value}",$ip)) {
- $isjoined = false;
- break;
- }
- }
- }
- //如果在ip黑名单中就执行如下操作
- if( !$isjoined ){
- echo "ip error";
- exit;
- }
- }
- private function get_client_ip(){
- if (getenv("http_client_ip") && strcasecmp(getenv("http_client_ip"), "unknown"))
- $ip = getenv("http_client_ip");
- else if (getenv("http_x_forwarded_for") && strcasecmp(getenv("http_x_forwarded_for"), "unknown"))
- $ip = getenv("http_x_forwarded_for");
- else if (getenv("remote_addr") && strcasecmp(getenv("remote_addr"), "unknown"))
- $ip = getenv("remote_addr");
- else if (isset($_server['remote_addr']) && $_server['remote_addr'] && strcasecmp($_server['remote_addr'], "unknown"))
- $ip = $_server['remote_addr'];
- else
- $ip = "unknown";
- return($ip);
- }
- }
- ?>
时间: 2024-11-03 19:26:58