On Thu, 17 May 2001, Rob Bloodgood wrote:
> So, like many of you, I've got a signup system in place for bringing on new
> customers.
>
> My signup script is reasonably straightforward. I use CGI::Validate to make
> my parameters pass muster (along with a little judicious JavaScript on the
> signup form), Apache::Session::Oracle to maintain state between the multiple
> pages of the signup, CGI::FastTemplate to print a pretty success page, and
> DBI to create the account records at successful creation.
When you send out the signup form, include a random 32-character
hexadecimal string as a hidden input, and record in your database that the
code has been sent out. When the form is submitted, ensure that the code
which accompanies it is valid, by looking in the database. Then mark the
code as already used. When the user reloads, your program will see that
the code he is sending was sent before, and can ignore his duplicate
request.
Jeffrey
