Hi James Thanks for your realy constructive post! I'll try that out and maybe come back with some questions (hopefully not) :-)
-- Regards Marco Am Mo, 2004-04-19 um 19.42 schrieb James E Hicks III: > This is the only way that I have been able to insure that the users can not > use any of the bad buttons (back,refresh,double-click submit). The > java-script solutions will only work for users that have java-script enabled. > > I put the following in my authenticate.php which is included at the top of > every page. > > authenticate.php > <? > if ($_POST['form_id'] != ''){ > mysql_select_db("form_authentication"); > $query = "select count(*) as valid_form from form_id where form_id = > '".$_POST['form_id']."'"; > extract(mysql_fetch_array(mysql_query($query))); > if ( $valid_form < 1 ){ > include("warn_doubleclick.php"); > exit; > } else { > mysql_select_db("form_authentication"); > $query = "delete from form_id where form_id = > '".$_POST['form_id']."'"; > mysql_query($query); > } > } > /* > MORE AUTHENTICATE STUFF HERE > */ > function create_form_id(){ > mysql_select_db("form_authentication"); > $new_form_id = uniqid(rand(),1); > $query = "insert into form_id values ( '$new_form_id' )"; > mysql_query($query); > $form_field = "<input type=\"hidden\" name=\"form_id\" > value=\"$new_form_id\">"; > return $form_field; > } > ?> > > > Then inside every form that I want to protect from back button , refresh > button or double-clicking of the submit button I echo the results of > create_form_id inside the <form> tag. I also remember to include > authenticate.php which is going to actually stop the user from resubmitting > the same form. > > <?php > include("authenticate.php"); > include("header.php"); > echo "<form action=\"".$_SERVER['PHP_SELF']."\" method=\"POST\">"; > echo "<input type=\"text\" name=\"test\">"; > echo create_form_id(); > echo "</form>"; > include("footer.php"); > ?> > > Here is an example warn_doubleclick.php that you can edit to your taste. This > is what the users will be redirected to if they break the button rules. > > <?php > include("header.php"); > echo ("<BR><BR><h2>You have double clicked the submit button titled<b>"); > echo ($_POST['submit']."</b> or attempted to process this form twice by using > the back button or the refresh button.</h2>"); > echo ("<BR><BR><a href=index.php>Return to Program</a>"); > include("footer.php"); > ?> > > Here is the SQL to create necessary DB and table. > > CREATE DATABASE form_authentication; > CREATE TABLE form_id ( > form_id varchar(50) NOT NULL default '' > ) TYPE=MyISAM; > > James Hicks -- Regards Marco -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php