PHP-如何做到这一点,以使某人无法更改url中的参数并且在刷新页面时不再次运行脚本?
[英]PHP- How to make it so someone can't change parameters in url and dont run script again on refresh on a page?
问题描述
I have a page where any user gets directed to after a payment was made, and in that page there is PHP code to send a confirmation email and some certain other tasks. 
我有一个页面,在付款后所有用户都会被定向到该页面,并且该页面中有PHP代码可发送确认电子邮件和某些其他任务。 So I don't want user to be able to refresh that page so the script is run again and I also don't want them to be able to change the parameters in the url for example: www.idk.com?name=eij&age=39 I had this working before but that was when there were only 2 pages I could use 因此,我不希望用户能够刷新该页面以便再次运行该脚本,并且我也不希望他们能够更改url中的参数,例如:www.idk.com?name=eij&age = 39我之前曾做过这项工作,但是那时候我只能使用2页
if ( !isset( $_SESSION["origURL"] ) )
$_SESSION["origURL"] = $_SERVER["HTTP_REFERER"];
And used the if user is from ... then run script and if they refreshed it wouldn't run and also couldn't change the url. 并使用了if用户来自...然后运行脚本,如果他们刷新,它将无法运行,也无法更改url。 the problem is that i made a 3rd page the url didn't show up anymore with this code there was nog http referer found. 问题是我用此代码制作了第3页,但该网址不再显示了,没有找到Nog http Referer。
I really need this to work i hope that anyone can help me 我真的需要这个来工作,我希望任何人都可以帮助我
2 个解决方案
解决方案1
1 2013-12-05 20:27:36
One way to prevent to load the same page twice after a payment is like: 付款后避免两次加载同一页面的一种方法是:
- Your customer makes de payment and is redirected to your page 您的客户付款,并被重定向到您的页面
- At that point you should have some payment data like: payment id, order id, etc... 届时,您应该有一些付款数据,例如:付款ID,订单ID等。
- Store in Data Base that payment has been paid 在数据库中存储已付款
- If user tries to access to the same page again with the same data (after resend the POST data for instance) you have to check if that payment was processed before, if was already processed redirect him to another page 如果用户尝试使用相同的数据再次访问同一页面(例如,在重新发送POST数据之后),则必须检查该付款之前是否已处理过(如果已经处理过),将其重定向到另一页
For that you need a unique identifier and validate that the payment is legit, that depends in your payment provider. 为此,您需要一个唯一的标识符并验证付款是否合法,这取决于您的付款提供商。
解决方案2
0 2013-12-05 20:23:55
Sounds like a design problem. 听起来像是设计问题。
A quick fix: 快速修复:
Use POST instead of GET to prevent people from changing parameters and redirect them as soon as they are done to a new page or the same with no POST parameters. 使用POST而不是GET可以防止人们更改参数,并在完成操作后将其重定向到新页面或没有POST参数的页面。
You could look into checksums so you can validate the request is coming from your site. 您可以调查校验和,以便可以验证请求是否来自您的站点。
its as easy as 它就像
$checksum = md5(json_encode($array));
just make sure you have some secret element in the array. 只要确保您在数组中有一些秘密元素即可。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.