[PHP] No Back Button in forms

Fri, 09 Apr 2004 11:53:40 -0700 

On Friday 09 April 2004 02:14 pm, Daniel Clark wrote:
> > Another question envolves the use of the back button.  My client wants
> > the use of the back button to be turned off for security reasons for
> > some pages.  His preference is to have a page expire if it is arrived on
> > by pressing the back button.  Can this be done with sessions?

I put the following in my authenticate.php which is included at the top of 
every page.

if ($_POST['form_id'] != ''){
        mysql_select_db("form_authentication");
        $query = "select count(*) as valid_form from form_id where form_id = 
'".$_POST['form_id']."'";
        extract(mysql_fetch_array(mysql_query($query)));
        if ( $valid_form < 1 ){
                include("warn_doubleclick.php");
                exit;
        } else {
                mysql_select_db("form_authentication");
                $query = "delete from form_id where form_id = '".$_POST['form_id']."'";
                mysql_query($query);
        }
}

function create_form_id(){
        mysql_select_db("form_authentication");
        $new_form_id = uniqid(rand(),1);
        $query = "insert into form_id values ( '$new_form_id' )";
        mysql_query($query);
        $form_field = "<input type=\"hidden\" name=\"form_id\" 
value=\"$new_form_id\">";
        return $form_field;
}

Then inside every form that I want to protect from back button or 
double-clicking of the submit button I echo the results of create_form_id 
into.

<?php
echo "<form action=\"".$_SERVER['PHP_SELF']."\" method=\"POST\">";
echo "<input type=\"text\" name=\"test\">";
echo create_form_id();
echo "</form>";
?>

Here is an example warn_doubleclick.php that you can edit to your taste.

<?php
include("header.php");
echo ("<BR><BR><h2>You have double clicked the submit button titled<b>");
echo ($_POST['submit']."</b> or attempted to process this form twice.</h2>");
echo ("<BR><BR><a href=index.php>Return to Program</a>");
echo ("</body></html>");
?>

Here is the SQL to create necessary DB and table.

CREATE DATABASE form_authentication;
CREATE TABLE form_id (
  form_id varchar(50) NOT NULL default ''
) TYPE=MyISAM;

James Hicks

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to