On Friday 09 April 2004 02:14 pm, Daniel Clark wrote: > > Another question envolves the use of the back button. My client wants > > the use of the back button to be turned off for security reasons for > > some pages. His preference is to have a page expire if it is arrived on > > by pressing the back button. Can this be done with sessions?
I put the following in my authenticate.php which is included at the top of every page. if ($_POST['form_id'] != ''){ mysql_select_db("form_authentication"); $query = "select count(*) as valid_form from form_id where form_id = '".$_POST['form_id']."'"; extract(mysql_fetch_array(mysql_query($query))); if ( $valid_form < 1 ){ include("warn_doubleclick.php"); exit; } else { mysql_select_db("form_authentication"); $query = "delete from form_id where form_id = '".$_POST['form_id']."'"; mysql_query($query); } } function create_form_id(){ mysql_select_db("form_authentication"); $new_form_id = uniqid(rand(),1); $query = "insert into form_id values ( '$new_form_id' )"; mysql_query($query); $form_field = "<input type=\"hidden\" name=\"form_id\" value=\"$new_form_id\">"; return $form_field; } Then inside every form that I want to protect from back button or double-clicking of the submit button I echo the results of create_form_id into. <?php echo "<form action=\"".$_SERVER['PHP_SELF']."\" method=\"POST\">"; echo "<input type=\"text\" name=\"test\">"; echo create_form_id(); echo "</form>"; ?> Here is an example warn_doubleclick.php that you can edit to your taste. <?php include("header.php"); echo ("<BR><BR><h2>You have double clicked the submit button titled<b>"); echo ($_POST['submit']."</b> or attempted to process this form twice.</h2>"); echo ("<BR><BR><a href=index.php>Return to Program</a>"); echo ("</body></html>"); ?> Here is the SQL to create necessary DB and table. CREATE DATABASE form_authentication; CREATE TABLE form_id ( form_id varchar(50) NOT NULL default '' ) TYPE=MyISAM; James Hicks -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php