简单投票系统[防刷程序刷新]
简单投票系统[防刷程序刷新]
<?php
include_once("../inc/connect.php");
$value =$_SERVER['HTTP_HOST'];
if(empty($_COOKIE["cook"])){
if(sizeof($_POST)<9){ exit("<script>alert('对不起,你还有选项未选!');history.back();</script>");}
for($i=1;$i<=8;$i++){
$c =$_POST['r'.$i];
switch( intval($c) ){
case 0:
$word ='vote_r1';
break;
case 1:
$word ='vote_r2';
break;
case 2:
$word ='vote_r3';
break;
default:
exit('error');
}
$sql ="update gx_votes set $word=$word+1,vote_times=vote_times+1 where id=$i";
mysql_query($sql) or die(mysql_error());
}
if( !empty($_POST['r9']) || !empty($_POST['r10']) ){ sava_voteinfo();}
echo "<script>alert('感谢你的参与,你的报表己提交!');history.back();</script>";
setcookie("cook", $value, time()+7200, "/");
}else{
print "对不起,你己经投票了,<a href=# onclick=\"history.back();\">点击返回</a>";
}
function sava_voteinfo(){
$vote_modi =addslashes(php_sava(isset($_POST['r9'])?$_POST['r9']:''));
$vote_info =addslashes(php_sava(isset($_POST['r10'])?$_POST['r10']:''));
$vote_ip =isset($_SERVER['REMOTE_ADDR'])?$_SERVER['REMOTE_ADDR']:'未获取到IP';
$vote_time =date("Y-m-d H:i:s");
$vote_sql ="Insert into ss(vote_ip,vote_modi,vote_info,vote_time) value('$vote_ip','$vote_modi','$vote_info','$vote_time')";
mysql_query($vote_sql) or die('error');
}
function php_sava($str)
{
$farr = array(
"/\s+/",
"/<(\/?)(script|i?frame|style|html|body|title|link|meta|\?|\%)([^>]*?)>/isU",
"/(<[^>]*)on[a-zA-Z]+\s*=([^>]*>)/isU",
);
$tarr = array(
" ",
"<\\1\\2\\3>", //如果要直接清除不安全的标签,这里可以留空
"\\1\\2",
);
$str = preg_replace( $farr,$tarr,$str);
return $str;
}
?>
最新说一下,这种用cookie形式的程序可以清除cookie再刷,有一种办法是我以前做过了,先是客户端防刷然后再把用户的IP保存到数据库,这样用户刷时就会用php程序来检查是否在我们规定的时间内操作喽这样就可以实现真正的防刷喽.
补充:Php教程,Php安全