[英]PHP- How to make it so someone can't change parameters in url and dont run script again on refresh on a page?
I have a page where any user gets directed to after a payment was made, and in that page there is PHP code to send a confirmation email and some certain other tasks. 我有一个页面,在付款后所有用户都会被定向到该页面,并且该页面中有PHP代码可发送确认电子邮件和某些其他任务。 So I don't want user to be able to refresh that page so the script is run again and I also don't want them to be able to change the parameters in the url for example: www.idk.com?name=eij&age=39 I had this working before but that was when there were only 2 pages I could use
因此,我不希望用户能够刷新该页面以便再次运行该脚本,并且我也不希望他们能够更改url中的参数,例如:www.idk.com?name=eij&age = 39我之前曾做过这项工作,但是那时候我只能使用2页
if ( !isset( $_SESSION["origURL"] ) )
$_SESSION["origURL"] = $_SERVER["HTTP_REFERER"];
And used the if user is from ... then run script and if they refreshed it wouldn't run and also couldn't change the url. 并使用了if用户来自...然后运行脚本,如果他们刷新,它将无法运行,也无法更改url。 the problem is that i made a 3rd page the url didn't show up anymore with this code there was nog http referer found.
问题是我用此代码制作了第3页,但该网址不再显示了,没有找到Nog http Referer。
I really need this to work i hope that anyone can help me 我真的需要这个来工作,我希望任何人都可以帮助我
One way to prevent to load the same page twice after a payment is like: 付款后避免两次加载同一页面的一种方法是:
For that you need a unique identifier and validate that the payment is legit, that depends in your payment provider. 为此,您需要一个唯一的标识符并验证付款是否合法,这取决于您的付款提供商。
Sounds like a design problem. 听起来像是设计问题。
A quick fix: 快速修复:
Use POST
instead of GET
to prevent people from changing parameters and redirect them as soon as they are done to a new page or the same with no POST
parameters. 使用
POST
而不是GET
可以防止人们更改参数,并在完成操作后将其重定向到新页面或没有POST
参数的页面。
You could look into checksums so you can validate the request is coming from your site. 您可以调查校验和,以便可以验证请求是否来自您的站点。
its as easy as 它就像
$checksum = md5(json_encode($array));
just make sure you have some secret element in the array. 只要确保您在数组中有一些秘密元素即可。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.