[PHP] How to disable browser's back button, refresh button and multiple clicks of submit buttons using PHP.

Mon, 19 Apr 2004 10:43:41 -0700 

This is the only way that I have been able to insure that the users can not 
use any of the bad buttons (back,refresh,double-click submit). The 
java-script solutions will only work for users that have java-script enabled.

I put the following in my authenticate.php which is included at the top of 
every page.

authenticate.php
<?
if ($_POST['form_id'] != ''){
        mysql_select_db("form_authentication");
        $query = "select count(*) as valid_form from form_id where form_id = 
'".$_POST['form_id']."'";
        extract(mysql_fetch_array(mysql_query($query)));
        if ( $valid_form < 1 ){
                include("warn_doubleclick.php");
                exit;
        } else {
                mysql_select_db("form_authentication");
                $query = "delete from form_id where form_id = 
'".$_POST['form_id']."'";
                mysql_query($query);
        }
}
/*
MORE AUTHENTICATE STUFF HERE
*/
function create_form_id(){
        mysql_select_db("form_authentication");
        $new_form_id = uniqid(rand(),1);
        $query = "insert into form_id values ( '$new_form_id' )";
        mysql_query($query);
        $form_field = "<input type=\"hidden\" name=\"form_id\" 
value=\"$new_form_id\">";
        return $form_field;
}
?>


Then inside every form that I want to protect from back button , refresh 
button or double-clicking of the submit button I echo the results of 
create_form_id inside the <form> tag. I also remember to include 
authenticate.php which is going to actually stop the user from resubmitting 
the same form.

<?php
include("authenticate.php");
include("header.php");
echo "<form action=\"".$_SERVER['PHP_SELF']."\" method=\"POST\">";
echo "<input type=\"text\" name=\"test\">";
echo create_form_id();
echo "</form>";
include("footer.php");
?>

Here is an example warn_doubleclick.php that you can edit to your taste. This 
is what the users will be redirected to if they break the button rules.

<?php
include("header.php");
echo ("<BR><BR><h2>You have double clicked the submit button titled<b>");
echo ($_POST['submit']."</b> or attempted to process this form twice by using 
the back button or the refresh button.</h2>");
echo ("<BR><BR><a href=index.php>Return to Program</a>");
include("footer.php");
?>

Here is the SQL to create necessary DB and table.

CREATE DATABASE form_authentication;
CREATE TABLE form_id (
  form_id varchar(50) NOT NULL default ''
) TYPE=MyISAM;

James Hicks

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to