Yeah, I'd probably have something stored in the database.. customer_login coupon_emails [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
select count(customer_login), coupon-emails from coupons where customer_login = <cfqueryparam ... group by coupon_emails if they have sent to 5 then disable the form Put this behind a login screen and you should be golden On 3/13/06, Katz, Dov B (IT) <[EMAIL PROTECTED]> wrote: > 1) You can set a session variable or client variable to say > "ALREADY_SUBMITTED" and disable form, or block submission if that cookie > is sent > > 2) You can check for HTTP_REFERRER to make sure the form was submitted > from a page on your site... > > Obviously someone can write a custom http client to get around both of > these, but would someone go through all the trouble to get discounts for > your site? > > dov > > -----Original Message----- > From: Che Vilnonis [mailto:[EMAIL PROTECTED] > Sent: Monday, March 13, 2006 1:58 PM > To: CF-Talk > Subject: Re-Send: Preventing "Cou-pon" Generation Fraud. > > I sent this before I did not even get a copy sent to myself. Perhaps it > was considered junkmail? Thus, the misspelling. See below. > > ---------- > > Preventing "Cou-pon" Generation Fraud. > > I am developing an e-commerce site that presents customers with an > opportunity to send five dollar cou-pons to their friends after they > place an order. There's a form with up to 5 email addresses to send > these cou-pons to. I have all the necessary logic in place but I am > stumped by two things... > > #1. How do I stop the customer from hitting the "back" button to > resubmit the form again? Namely, how do I stop the same set (or a > different set) of emails from receiving these cou-pons? I realize the > "back" button issue has come up in various incarnations before... what > was the consensus on how to best prevent it? > > #2. How do I prevent the web form from being downloaded and submitted > from someone's desktop. Namely, what is the logic I should implement > that makes certain that the form comes from my web server before I > process? > > Thanks in advance, Che > > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:235252 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
