Re: [PHP] Dealing with multiple form submissions
On 24.08.2011 21:38, Mike Mackintosh wrote: On Aug 24, 2011, at 11:52, John Blacks...@network-technologies.org wrote: On 08/24/2011 03:04 AM, Jason Pruim wrote: Wondering what everyone does to prevent multiple form submissions? My form is simply getting emailed to my email, and it redirects to a success page when submitted... Would it be as simple as doing something with the cache control? Basically I'm trying to avoid someone submitting a form... Then hitting back, and submitting again, then hitting back I think you get the idea... What do you all do? Jason Pruim I am using $_SESSION for this. Set a value on the initial page, a timestamp is a good choice, then validate the value on the receiving script and clear the value. I like to use a timestamp because it will allow you to deny a comment which took too long to submit. I've always tended to stay away from session for that, as when the browser closes/restarts, the page is accessible again. True, a SESSION can be reset by closing the browser but I am not trying to deny a user from submitting different information again. I want to prevent them from submitting the same data again by accident (back button or refresh). A visitor, enters on the form UI page, the session is set, user submits and the form will reset the value in session to null or destroy it. If the visitor attempts to resubmit by using refresh then it will fail because session does not contain an expected value anymore. That value is generated on the UI page. If the user goes back with the back button then the browser should display the page from cache. The script will not be called and it will not create a new session value. If the browser does not use the cache it will have to reload the form. This will create a new session value and an empty form so the user may type a new message. This is like attempting to submit a new message and is something I don't block. I do it this way because I don't want to prevent a visitor to submit new information and I don't think that the original question wanted that. -- John -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Dealing with multiple form submissions
On Aug 25, 2011, at 5:01, John Black s...@network-technologies.org wrote: On 24.08.2011 21:38, Mike Mackintosh wrote: On Aug 24, 2011, at 11:52, John Blacks...@network-technologies.org wrote: On 08/24/2011 03:04 AM, Jason Pruim wrote: Wondering what everyone does to prevent multiple form submissions? My form is simply getting emailed to my email, and it redirects to a success page when submitted... Would it be as simple as doing something with the cache control? Basically I'm trying to avoid someone submitting a form... Then hitting back, and submitting again, then hitting back I think you get the idea... What do you all do? Jason Pruim I am using $_SESSION for this. Set a value on the initial page, a timestamp is a good choice, then validate the value on the receiving script and clear the value. I like to use a timestamp because it will allow you to deny a comment which took too long to submit. I've always tended to stay away from session for that, as when the browser closes/restarts, the page is accessible again. True, a SESSION can be reset by closing the browser but I am not trying to deny a user from submitting different information again. I want to prevent them from submitting the same data again by accident (back button or refresh). A visitor, enters on the form UI page, the session is set, user submits and the form will reset the value in session to null or destroy it. If the visitor attempts to resubmit by using refresh then it will fail because session does not contain an expected value anymore. That value is generated on the UI page. If the user goes back with the back button then the browser should display the page from cache. The script will not be called and it will not create a new session value. If the browser does not use the cache it will have to reload the form. This will create a new session value and an empty form so the user may type a new message. This is like attempting to submit a new message and is something I don't block. I do it this way because I don't want to prevent a visitor to submit new information and I don't think that the original question wanted that. -- John -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php Ah, ok. For that I submit the page and do a header location to a thank you page. This will clear the post data if the back button us clicked. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Dealing with multiple form submissions
Am 25.08.2011 11:01, schrieb John Black: True, a SESSION can be reset by closing the browser but I am not trying to deny a user from submitting different information again. I want to prevent them from submitting the same data again by accident (back button or refresh). what about storing an md5 of the message body in the db? that way you could check if the mail is exactly the same. probaply you could let the md5 stay in the db for hours so that nobody could use 2 browser windows to send mail1, mail2, mail1, it wouldn't even be necessary to store the identity of the sender since its highly inprobable that 2 100% identical messages contain anything worth bothering about. http://php.net/manual/en/function.md5.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Dealing with multiple form submissions
On 25.08.2011 15:00, Andreas wrote: Am 25.08.2011 11:01, schrieb John Black: True, a SESSION can be reset by closing the browser but I am not trying to deny a user from submitting different information again. I want to prevent them from submitting the same data again by accident (back button or refresh). what about storing an md5 of the message body in the db? Sure you can do all kinds of things with a database but I try to avoid unnecessary connection to the db because they are expensive. It all comes down to how badly you want to prevent the same message to be sent twice. I have seen bots submit the same message from multiple IPs and some will even modify the message a bit by adding some random data to the end. So I am not sure how effective a simple md5 check will be. -- John -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Dealing with multiple form submissions
John Black s...@network-technologies.org wrote: On 25.08.2011 15:00, Andreas wrote: Am 25.08.2011 11:01, schrieb John Black: True, a SESSION can be reset by closing the browser but I am not trying to deny a user from submitting different information again. I want to prevent them from submitting the same data again by accident (back button or refresh). what about storing an md5 of the message body in the db? Sure you can do all kinds of things with a database but I try to avoid unnecessary connection to the db because they are expensive. It all comes down to how badly you want to prevent the same message to be sent twice. I have seen bots submit the same message from multiple IPs and some will even modify the message a bit by adding some random data to the end. So I am not sure how effective a simple md5 check will be. -- John -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php So its the same message except for the bits at the bottom that are different? Sounds like its not the same message then. Thanks, Ash http://www.ashleysheridan.co.uk -- Sent from my Android phone with K-9 Mail. Please excuse my brevity. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Dealing with multiple form submissions
On 25.08.2011 15:48, Ashley Sheridan wrote: So its the same message except for the bits at the bottom that are different? Sounds like its not the same message then. Ash True, it is a message which has been intentionally modified to appear different even though 99.9% of the content is the same. Most humans will view the message as the same but it is not. Anyway, the OP should have a few ideas now how to implement something that may work for his scenario. -- John -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Dealing with multiple form submissions
On 08/24/2011 03:04 AM, Jason Pruim wrote: Wondering what everyone does to prevent multiple form submissions? My form is simply getting emailed to my email, and it redirects to a success page when submitted... Would it be as simple as doing something with the cache control? Basically I'm trying to avoid someone submitting a form... Then hitting back, and submitting again, then hitting back I think you get the idea... What do you all do? Jason Pruim Hi, I am using $_SESSION for this. Set a value on the initial page, a timestamp is a good choice, then validate the value on the receiving script and clear the value. I like to use a timestamp because it will allow you to deny a comment which took too long to submit. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Dealing with multiple form submissions
On Aug 24, 2011, at 11:52, John Black s...@network-technologies.org wrote: On 08/24/2011 03:04 AM, Jason Pruim wrote: Wondering what everyone does to prevent multiple form submissions? My form is simply getting emailed to my email, and it redirects to a success page when submitted... Would it be as simple as doing something with the cache control? Basically I'm trying to avoid someone submitting a form... Then hitting back, and submitting again, then hitting back I think you get the idea... What do you all do? Jason Pruim Hi, I am using $_SESSION for this. Set a value on the initial page, a timestamp is a good choice, then validate the value on the receiving script and clear the value. I like to use a timestamp because it will allow you to deny a comment which took too long to submit. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php I've always tended to stay away from session for that, as when the browser closes/restarts, the page is accessible again. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Dealing with multiple form submissions
Mike Mackintosh mike.mackint...@angrystatic.com wrote: On Aug 24, 2011, at 11:52, John Black s...@network-technologies.org wrote: On 08/24/2011 03:04 AM, Jason Pruim wrote: Wondering what everyone does to prevent multiple form submissions? My form is simply getting emailed to my email, and it redirects to a success page when submitted... Would it be as simple as doing something with the cache control? Basically I'm trying to avoid someone submitting a form... Then hitting back, and submitting again, then hitting back I think you get the idea... What do you all do? Jason Pruim Hi, I am using $_SESSION for this. Set a value on the initial page, a timestamp is a good choice, then validate the value on the receiving script and clear the value. I like to use a timestamp because it will allow you to deny a comment which took too long to submit. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php I've always tended to stay away from session for that, as when the browser closes/restarts, the page is accessible again. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php I solved this issue with timestamps stored in the db with the submission. With each submission, I took all the info that should make it uniqueish, and checked if it was near another one. A time limit of 10th seconds worked out well. The reason I had the problem was because we were triggering a counter on an account from get data (which the browser can request in a way that looks like multiple submissions). We should have used post, which didn't have this problem though really. Thanks, Ash http://www.ashleysheridan.co.uk -- Sent from my Android phone with K-9 Mail. Please excuse my brevity. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Dealing with multiple form submissions
On Wed, Aug 24, 2011 at 3:46 PM, Ashley Sheridan a...@ashleysheridan.co.uk wrote: I solved this issue with timestamps stored in the db with the submission. This seems like the one sure way to control it. Cookies can be denied, session can be reset, js methods can be noscripted, etc. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Dealing with multiple form submissions
On Aug 24, 2011, at 3:46 PM, Ashley Sheridan a...@ashleysheridan.co.uk wrote: Mike Mackintosh mike.mackint...@angrystatic.com wrote: On Aug 24, 2011, at 11:52, John Black s...@network-technologies.org wrote: On 08/24/2011 03:04 AM, Jason Pruim wrote: Wondering what everyone does to prevent multiple form submissions? My form is simply getting emailed to my email, and it redirects to a success page when submitted... Would it be as simple as doing something with the cache control? Basically I'm trying to avoid someone submitting a form... Then hitting back, and submitting again, then hitting back I think you get the idea... What do you all do? Jason Pruim Hi, I am using $_SESSION for this. Set a value on the initial page, a timestamp is a good choice, then validate the value on the receiving script and clear the value. I like to use a timestamp because it will allow you to deny a comment which took too long to submit. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php I've always tended to stay away from session for that, as when the browser closes/restarts, the page is accessible again. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php I solved this issue with timestamps stored in the db with the submission. With each submission, I took all the info that should make it uniqueish, and checked if it was near another one. A time limit of 10th seconds worked out well. The reason I had the problem was because we were triggering a counter on an account from get data (which the browser can request in a way that looks like multiple submissions). We should have used post, which didn't have this problem though really. Will you please show an example of using this timestamp methodology? Thank you -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Dealing with multiple form submissions
Hey Everyone, Wondering what everyone does to prevent multiple form submissions? My form is simply getting emailed to my email, and it redirects to a success page when submitted... Would it be as simple as doing something with the cache control? Basically I'm trying to avoid someone submitting a form... Then hitting back, and submitting again, then hitting back I think you get the idea... What do you all do? Thanks! Jason Pruim li...@pruimphotography.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Dealing with multiple form submissions
On Aug 23, 2011, at 9:04 PM, Jason Pruim wrote: Hey Everyone, Wondering what everyone does to prevent multiple form submissions? My form is simply getting emailed to my email, and it redirects to a success page when submitted... Would it be as simple as doing something with the cache control? Basically I'm trying to avoid someone submitting a form... Then hitting back, and submitting again, then hitting back I think you get the idea... What do you all do? Thanks! Jason Pruim li...@pruimphotography.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php Cookies are always a great start! On success, set a cookie, and if they access the form and cookie is set, redirect automatically to the thank you page. Mike -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
