Well, you could eliminate worrying about that by storing the 5 email addresses that are sent, then checking to see if they've reached their quota for the order.
On 3/13/06, Che Vilnonis <[EMAIL PROTECTED]> wrote: > > I sent this before I did not even get a copy sent to myself. Perhaps it > was > considered junkmail? Thus, the misspelling. See below. > > ---------- > > Preventing "Cou-pon" Generation Fraud. > > I am developing an e-commerce site that presents customers with an > opportunity to send five dollar cou-pons to their friends after they place > an order. There's a form with up to 5 email addresses to send these > cou-pons > to. I have all the necessary logic in place but I am stumped by two > things... > > #1. How do I stop the customer from hitting the "back" button to resubmit > the form again? Namely, how do I stop the same set (or a different set) of > emails from receiving these cou-pons? I realize the "back" button issue > has > come up in various incarnations before... what was the consensus on how to > best prevent it? > > #2. How do I prevent the web form from being downloaded and submitted from > someone's desktop. Namely, what is the logic I should implement that makes > certain that the form comes from my web server before I process? > > Thanks in advance, Che > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:235245 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
