Hi James
Thanks for your realy constructive post! I'll try that out and maybe
come back with some questions (hopefully not) :-)
--
Regards
Marco
Am Mo, 2004-04-19 um 19.42 schrieb James E Hicks III:
> This is the only way that I have been able to insure that the users can not
> use any of the bad buttons (back,refresh,double-click submit). The
> java-script solutions will only work for users that have java-script enabled.
>
> I put the following in my authenticate.php which is included at the top of
> every page.
>
> authenticate.php
> <?
> if ($_POST['form_id'] != ''){
> mysql_select_db("form_authentication");
> $query = "select count(*) as valid_form from form_id where form_id =
> '".$_POST['form_id']."'";
> extract(mysql_fetch_array(mysql_query($query)));
> if ( $valid_form < 1 ){
> include("warn_doubleclick.php");
> exit;
> } else {
> mysql_select_db("form_authentication");
> $query = "delete from form_id where form_id =
> '".$_POST['form_id']."'";
> mysql_query($query);
> }
> }
> /*
> MORE AUTHENTICATE STUFF HERE
> */
> function create_form_id(){
> mysql_select_db("form_authentication");
> $new_form_id = uniqid(rand(),1);
> $query = "insert into form_id values ( '$new_form_id' )";
> mysql_query($query);
> $form_field = "<input type=\"hidden\" name=\"form_id\"
> value=\"$new_form_id\">";
> return $form_field;
> }
> ?>
>
>
> Then inside every form that I want to protect from back button , refresh
> button or double-clicking of the submit button I echo the results of
> create_form_id inside the <form> tag. I also remember to include
> authenticate.php which is going to actually stop the user from resubmitting
> the same form.
>
> <?php
> include("authenticate.php");
> include("header.php");
> echo "<form action=\"".$_SERVER['PHP_SELF']."\" method=\"POST\">";
> echo "<input type=\"text\" name=\"test\">";
> echo create_form_id();
> echo "</form>";
> include("footer.php");
> ?>
>
> Here is an example warn_doubleclick.php that you can edit to your taste. This
> is what the users will be redirected to if they break the button rules.
>
> <?php
> include("header.php");
> echo ("<BR><BR><h2>You have double clicked the submit button titled<b>");
> echo ($_POST['submit']."</b> or attempted to process this form twice by using
> the back button or the refresh button.</h2>");
> echo ("<BR><BR><a href=index.php>Return to Program</a>");
> include("footer.php");
> ?>
>
> Here is the SQL to create necessary DB and table.
>
> CREATE DATABASE form_authentication;
> CREATE TABLE form_id (
> form_id varchar(50) NOT NULL default ''
> ) TYPE=MyISAM;
>
> James Hicks
--
Regards
Marco
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
