Re: [PHP] Double click problem [SOLVED]

2008-03-22 Thread tedd

At 7:21 AM + 3/22/08, Lester Caine wrote:

tedd wrote:

Hi gang:

This is probably trivial for most of you, but here's my solution to 
the problem I presented earlier.


The problem was, I just wanted to be certain that if a use clicked 
a button that they could only do it once. Sounds simple enough, huh?


Certainly, one can use javascript, but I wanted something that was 
basic php and html -- here's my solution with code (please provide 
critical review):


I had been tracking an intermittent bug for some considerable time 
and having finally identified the underlying problem - double click 
sends the page request twice, but the second request is processed 
before first has updated things! We have tightened up the server end 
as much as possible, but not eliminated the problem.


The javascript solution is the only reliable one that I've found but 
some sites do not allow it to be enabled. Since having finally 
identified the source of the problem, we have improved education and 
can now 'spot' a double clicker who in many cases does not even know 
they are doing it! People get so used TO double clicking things on 
the desktop :( But in some case we suspect that the BROWSER send two 
requests perhaps because of a noisy keyboard! On one site that we 
pinned down to a particular counter position, changing the keyboard 
fixed the problem ( enter was pressing the button ).


Just a word of warning that may explain the occasional double order ;)

--
Lester Caine - G8HFL


Well that sounds good enough reason to use javascript.

I'll add that too.

Thanks,

tedd

--
---
http://sperling.com  http://ancientstones.com  http://earthstones.com

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Re: [PHP] Double click problem [SOLVED]

2008-03-22 Thread tedd

At 4:23 PM -0700 3/21/08, Jim Lucas wrote:
It would require a little JS, but you could use the onUnload feature 
and pop up a warning that would tell them the problem(s) of leaving 
this page.  Then use the confirm() method from JS to either allow or 
deny them to leave the current page.


I don't know if you can limit this action to only take affect when 
they press the back button, but it might help in any event.


Jim:

I tried that.

The problem is that you'll get that notice if the user submits the 
form as well. IOW, no matter what the user does, as soon as they 
leave that page they get the notice.


I might be able to put a hidden input field to cancel the notice, but 
like everything -- one thing leads to another.


Thanks,

tedd

--
---
http://sperling.com  http://ancientstones.com  http://earthstones.com

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Re: [PHP] Double click problem [SOLVED]

2008-03-22 Thread Lester Caine

tedd wrote:

Hi gang:

This is probably trivial for most of you, but here's my solution to the 
problem I presented earlier.


The problem was, I just wanted to be certain that if a use clicked a 
button that they could only do it once. Sounds simple enough, huh?


Certainly, one can use javascript, but I wanted something that was basic 
php and html -- here's my solution with code (please provide critical 
review):


I had been tracking an intermittent bug for some considerable time and having 
finally identified the underlying problem - double click sends the page 
request twice, but the second request is processed before first has updated 
things! We have tightened up the server end as much as possible, but not 
eliminated the problem.


The javascript solution is the only reliable one that I've found but some 
sites do not allow it to be enabled. Since having finally identified the 
source of the problem, we have improved education and can now 'spot' a double 
clicker who in many cases does not even know they are doing it! People get so 
used TO double clicking things on the desktop :( But in some case we suspect 
that the BROWSER send two requests perhaps because of a noisy keyboard! On one 
site that we pinned down to a particular counter position, changing the 
keyboard fixed the problem ( enter was pressing the button ).


Just a word of warning that may explain the occasional double order ;)

--
Lester Caine - G8HFL
-
Contact - http://home.lsces.co.uk/lsces/wiki/?page=contact
L.S.Caine Electronic Services - http://home.lsces.co.uk
EnquirySolve - http://enquirysolve.com/
Model Engineers Digital Workshop - http://medw.co.uk//
Firebird - http://www.firebirdsql.org/index.php

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Re: [PHP] Double click problem [SOLVED]

2008-03-21 Thread Jim Lucas

tedd wrote:

Hi gang:

This is probably trivial for most of you, but here's my solution to the 
problem I presented earlier.


The problem was, I just wanted to be certain that if a use clicked a 
button that they could only do it once. Sounds simple enough, huh?


Certainly, one can use javascript, but I wanted something that was basic 
php and html -- here's my solution with code (please provide critical 
review):


http://www.webbytedd.com/cc/submit-once/index.php

If the user clicks "Submit once", then that's the way it is until they 
quit their browser. If they don't quit their browser, then no amount of 
refresh will allow them to click the button again.


The "Reset Submit", of course, resets this condition but it's for demo 
purposes.


What I have not solved, and I don't think there is a solution (I could 
be wrong) is to prohibit the user from clicking the back button on their 
browser to reset this condition.


I've done a considerable amount of javascript reading, testing, and code 
search and have not found anything that works -- and -- I have even 
found places where the js community says that nothing will work to solve 
the back-button problem.


So, does anyone here know better? If so, please start a different thread.

Cheers,

tedd



It would require a little JS, but you could use the onUnload feature and pop up 
a warning that would tell them the problem(s) of leaving this page.  Then use 
the confirm() method from JS to either allow or deny them to leave the current page.


I don't know if you can limit this action to only take affect when they press 
the back button, but it might help in any event.



--
Jim Lucas

   "Some men are born to greatness, some achieve greatness,
   and some have greatness thrust upon them."

Twelfth Night, Act II, Scene V
by William Shakespeare


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Re: [PHP] Double click problem [SOLVED]

2008-03-21 Thread Eric Butera
On Fri, Mar 21, 2008 at 2:24 PM, tedd <[EMAIL PROTECTED]> wrote:
> Hi gang:
>
>  This is probably trivial for most of you, but here's my solution to
>  the problem I presented earlier.
>
>  The problem was, I just wanted to be certain that if a use clicked a
>  button that they could only do it once. Sounds simple enough, huh?
>
>  Certainly, one can use javascript, but I wanted something that was
>  basic php and html -- here's my solution with code (please provide
>  critical review):
>
>  http://www.webbytedd.com/cc/submit-once/index.php
>
>  If the user clicks "Submit once", then that's the way it is until
>  they quit their browser. If they don't quit their browser, then no
>  amount of refresh will allow them to click the button again.
>
>  The "Reset Submit", of course, resets this condition but it's for
>  demo purposes.
>
>  What I have not solved, and I don't think there is a solution (I
>  could be wrong) is to prohibit the user from clicking the back button
>  on their browser to reset this condition.
>
>  I've done a considerable amount of javascript reading, testing, and
>  code search and have not found anything that works -- and -- I have
>  even found places where the js community says that nothing will work
>  to solve the back-button problem.
>
>  So, does anyone here know better? If so, please start a different thread.
>
>  Cheers,
>
>  tedd
>
>  --
>  ---
>  http://sperling.com  http://ancientstones.com  http://earthstones.com
>
>  --
>  PHP General Mailing List (http://www.php.net/)
>  To unsubscribe, visit: http://www.php.net/unsub.php
>
>

Tedd,

Web pages are supposed to be stateless.  Therefore it is your burden
to deal with the back button because each URI should be able to be
requested in any order at any time with or without sessions.  Just
because a shopping cart has a checkout.php page that requires certain
steps doesn't mean that Google can't stumble upon it and index it to
try and hit it over and over.

So the real question is why is clicking the back button so terrible?

Your workflow might be like this:

form
create crumb and hide in token field & store in session
if (post) re-show form with error message from gateway
show payment form
submit will post to processing

processing:
validate post token == session token, if not then re-display payment
form via require w/ error message
if payment declined then re-display payment form via require w/ error message
if payment accepted then save order, clear cart, and say thank you


If I am on the form and I click process, then it posts to processing
and does some stuff.  If somehow I am fast enough to click the back
button you think there might be an issue of the card transaction being
sent to the merchant but the results not returned?  If that is the
case, on the processing page do this:
- set a session variable saying you have started card processing
- use ignore_user_abort
- continue as normal

then on the form page
- check for started card processing session existance, if it exists
then say please wait a moment and refresh again or however you want to
handle that.
- continue as normal

The web is stateless and we're always going to have to deal with that.
 Just make everyone play by your rules.

BTW Javascript is just fluff, a convenience for the end user.  Your
script should work perfectly without it because googlebot snooping
around will not have it and also any of those rogue spam scripts will
also not have it.

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Re: [PHP] Double click problem [SOLVED]

2008-03-21 Thread tedd

Hi gang:

This is probably trivial for most of you, but here's my solution to 
the problem I presented earlier.


The problem was, I just wanted to be certain that if a use clicked a 
button that they could only do it once. Sounds simple enough, huh?


Certainly, one can use javascript, but I wanted something that was 
basic php and html -- here's my solution with code (please provide 
critical review):


http://www.webbytedd.com/cc/submit-once/index.php

If the user clicks "Submit once", then that's the way it is until 
they quit their browser. If they don't quit their browser, then no 
amount of refresh will allow them to click the button again.


The "Reset Submit", of course, resets this condition but it's for 
demo purposes.


What I have not solved, and I don't think there is a solution (I 
could be wrong) is to prohibit the user from clicking the back button 
on their browser to reset this condition.


I've done a considerable amount of javascript reading, testing, and 
code search and have not found anything that works -- and -- I have 
even found places where the js community says that nothing will work 
to solve the back-button problem.


So, does anyone here know better? If so, please start a different thread.

Cheers,

tedd

--
---
http://sperling.com  http://ancientstones.com  http://earthstones.com

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Re: [PHP] Double click problem

2008-03-20 Thread Lamp Lists
- Original Message 
From: Eric Butera <[EMAIL PROTECTED]>
To: Lamp Lists <[EMAIL PROTECTED]>
Cc: tedd <[EMAIL PROTECTED]>; php-general@lists.php.net
Sent: Thursday, March 20, 2008 11:00:19 AM
Subject: Re: [PHP] Double click problem

On Thu, Mar 20, 2008 at 10:39 AM, Lamp Lists <[EMAIL PROTECTED]> wrote:
> the way I solved the "click back button" issue (simplified vresion):
>
>  confirmation page (conf.php) -> transfer page (tp.php) -> thank you page 
> (typ.php)
>
>  #conf.php
>  # after the form is submitted and confirmed
>  header('location: tp.php?url=typ.php');
>  exit;
>
>  #tp.php
>  header('location:$_GET['url']);
>  exit;
>
>  and, if visitor clicks on back button on thakyou page he will go actually to 
> the transfer page - which will send him back to thankyou page
>  ;)
>
>  -ll
>
>
>
>
>
>  - Original Message ----
>  From: tedd <[EMAIL PROTECTED]>
>  To: php-general@lists.php.net
>  Sent: Wednesday, March 19, 2008 11:43:06 AM
>  Subject: Re: [PHP] Double click problem
>
>  At 4:19 PM + 3/19/08, Richard Heyes wrote:
>  >tedd wrote:
>  >// ...
>  >
>  >Your first (and the quickest by far) method to employ would be to
>  >disable the submit button using Jabbascript when the form is
>  >submitted. That will stop the vast majority of occurrences. You
>  >could also employ an intermediary page which actually does the card
>  >processing and when complete redirects to the "thank you" page. ie.
>  >
>  >Form --> "Please wait..." page --> "Thank you" page
>
>  That's in place. The person clicks the "confirm purchase" and they
>  are taken to a "confirm and thank you page".
>
>  The problem here is two fold -- 1) clicking the "confirm
>  purchase"button twice, which I think js will stop; 2) and clicking
>  the back-button which the token should stop.
>
>  Now, I just need to develop a test for this. Sometime writing a test
>  is more of a problem than writing the solution.
>
>  Thanks for everyone's help.
>
>  Cheers,
>
>  tedd
>
>
>  --
>  ---
>  http://sperling.com  http://ancientstones.com  http://earthstones.com
>
>  --
>  PHP General Mailing List (http://www.php.net/)
>  To unsubscribe, visit: http://www.php.net/unsub.php
>
>
>
>  
> 
>  Looking for last minute shopping deals?
>  Find them fast with Yahoo! Search.  
> http://tools.search.yahoo.com/newsearch/category.php?category=shopping

Allowing unscrubbed user data in a header is a really bad idea.

- http://en.wikipedia.org/wiki/HTTP_response_splitting
- http://www.owasp.org/index.php/Open_redirect


I agree with you to use exactly this way is bad idea.
But, as I said on the begining of my post it's "simplified version", to get my 
point. My code on tp.php actually use sveral validations before forward to 
thank you page :D

-ll


  

Looking for last minute shopping deals?  
Find them fast with Yahoo! Search.  
http://tools.search.yahoo.com/newsearch/category.php?category=shopping

Re: [PHP] Double click problem

2008-03-20 Thread Eric Butera
On Thu, Mar 20, 2008 at 10:39 AM, Lamp Lists <[EMAIL PROTECTED]> wrote:
> the way I solved the "click back button" issue (simplified vresion):
>
>  confirmation page (conf.php) -> transfer page (tp.php) -> thank you page 
> (typ.php)
>
>  #conf.php
>  # after the form is submitted and confirmed
>  header('location: tp.php?url=typ.php');
>  exit;
>
>  #tp.php
>  header('location:$_GET['url']);
>  exit;
>
>  and, if visitor clicks on back button on thakyou page he will go actually to 
> the transfer page - which will send him back to thankyou page
>  ;)
>
>  -ll
>
>
>
>
>
>  - Original Message 
>  From: tedd <[EMAIL PROTECTED]>
>  To: php-general@lists.php.net
>  Sent: Wednesday, March 19, 2008 11:43:06 AM
>  Subject: Re: [PHP] Double click problem
>
>  At 4:19 PM + 3/19/08, Richard Heyes wrote:
>  >tedd wrote:
>  >// ...
>  >
>  >Your first (and the quickest by far) method to employ would be to
>  >disable the submit button using Jabbascript when the form is
>  >submitted. That will stop the vast majority of occurrences. You
>  >could also employ an intermediary page which actually does the card
>  >processing and when complete redirects to the "thank you" page. ie.
>  >
>  >Form --> "Please wait..." page --> "Thank you" page
>
>  That's in place. The person clicks the "confirm purchase" and they
>  are taken to a "confirm and thank you page".
>
>  The problem here is two fold -- 1) clicking the "confirm
>  purchase"button twice, which I think js will stop; 2) and clicking
>  the back-button which the token should stop.
>
>  Now, I just need to develop a test for this. Sometime writing a test
>  is more of a problem than writing the solution.
>
>  Thanks for everyone's help.
>
>  Cheers,
>
>  tedd
>
>
>  --
>  ---
>  http://sperling.com  http://ancientstones.com  http://earthstones.com
>
>  --
>  PHP General Mailing List (http://www.php.net/)
>  To unsubscribe, visit: http://www.php.net/unsub.php
>
>
>
>   
> 
>  Looking for last minute shopping deals?
>  Find them fast with Yahoo! Search.  
> http://tools.search.yahoo.com/newsearch/category.php?category=shopping

Allowing unscrubbed user data in a header is a really bad idea.

- http://en.wikipedia.org/wiki/HTTP_response_splitting
- http://www.owasp.org/index.php/Open_redirect

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Re: [PHP] Double click problem

2008-03-20 Thread Lamp Lists
the way I solved the "click back button" issue (simplified vresion):

confirmation page (conf.php) -> transfer page (tp.php) -> thank you page 
(typ.php)

#conf.php
# after the form is submitted and confirmed
header('location: tp.php?url=typ.php');
exit;

#tp.php
header('location:$_GET['url']);
exit;

and, if visitor clicks on back button on thakyou page he will go actually to 
the transfer page - which will send him back to thankyou page
;)

-ll



- Original Message 
From: tedd <[EMAIL PROTECTED]>
To: php-general@lists.php.net
Sent: Wednesday, March 19, 2008 11:43:06 AM
Subject: Re: [PHP] Double click problem

At 4:19 PM + 3/19/08, Richard Heyes wrote:
>tedd wrote:
>// ...
>
>Your first (and the quickest by far) method to employ would be to 
>disable the submit button using Jabbascript when the form is 
>submitted. That will stop the vast majority of occurrences. You 
>could also employ an intermediary page which actually does the card 
>processing and when complete redirects to the "thank you" page. ie.
>
>Form --> "Please wait..." page --> "Thank you" page

That's in place. The person clicks the "confirm purchase" and they 
are taken to a "confirm and thank you page".

The problem here is two fold -- 1) clicking the "confirm 
purchase"button twice, which I think js will stop; 2) and clicking 
the back-button which the token should stop.

Now, I just need to develop a test for this. Sometime writing a test 
is more of a problem than writing the solution.

Thanks for everyone's help.

Cheers,

tedd


-- 
---
http://sperling.com  http://ancientstones.com  http://earthstones.com

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


  

Looking for last minute shopping deals?  
Find them fast with Yahoo! Search.  
http://tools.search.yahoo.com/newsearch/category.php?category=shopping

Re: [PHP] Double click problem

2008-03-19 Thread Daniel Brown
On Wed, Mar 19, 2008 at 12:44 PM, Jim Lucas <[EMAIL PROTECTED]> wrote:
> Daniel Brown wrote:
>  >
>  > I like Eric's method better than the timestamp method I proposed.
>  > Much cleaner and easier to institute, and I'd hazard a guess at it
>  > being more reliable as well.
>  >
>
>  The initial problem that I see with it would be that if the user clicks the
>  submit button a second time, the first transaction is canceled.  If the 
> process
>  takes a long time, maybe the time period for the server to get the approval 
> has
>  already passed, but the server is still doing stuff but not redirected the
>  person to the success page.  At this point, the user has purchased the item
>  successfully, but they did see the success page.  So they repeat the process,
>  over and over and over...

Right, but I meant that as a replacement to my "backup" solution.
As a backup for disabling the button using JavaScript, as mentioned.

Sorry, should've clarified that.  Good catch, Jim.

-- 

Forensic Services, Senior Unix Engineer
1+ (570-) 362-0283

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Re: [PHP] Double click problem

2008-03-19 Thread Jim Lucas

Daniel Brown wrote:

On Wed, Mar 19, 2008 at 12:01 PM, Eric Butera <[EMAIL PROTECTED]> wrote:

 Unique form tokens.

 Generate a token when the form is displayed and save that value in the session.

 Then on post check it and remove it.  Then if they re-submit it will
 not exist therefore be invalid.


I like Eric's method better than the timestamp method I proposed.
Much cleaner and easier to institute, and I'd hazard a guess at it
being more reliable as well.



The initial problem that I see with it would be that if the user clicks the 
submit button a second time, the first transaction is canceled.  If the process 
takes a long time, maybe the time period for the server to get the approval has 
already passed, but the server is still doing stuff but not redirected the 
person to the success page.  At this point, the user has purchased the item 
successfully, but they did see the success page.  So they repeat the process, 
over and over and over...


That is a situation that I can envision at least.

My suggestion would be to disable the submit button.  This would prevent the 
first transaction from being killed prematurely.




--
Jim Lucas

   "Some men are born to greatness, some achieve greatness,
   and some have greatness thrust upon them."

Twelfth Night, Act II, Scene V
by William Shakespeare


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Re: [PHP] Double click problem

2008-03-19 Thread tedd

At 4:19 PM + 3/19/08, Richard Heyes wrote:

tedd wrote:
// ...

Your first (and the quickest by far) method to employ would be to 
disable the submit button using Jabbascript when the form is 
submitted. That will stop the vast majority of occurrences. You 
could also employ an intermediary page which actually does the card 
processing and when complete redirects to the "thank you" page. ie.


   Form --> "Please wait..." page --> "Thank you" page


That's in place. The person clicks the "confirm purchase" and they 
are taken to a "confirm and thank you page".


The problem here is two fold -- 1) clicking the "confirm 
purchase"button twice, which I think js will stop; 2) and clicking 
the back-button which the token should stop.


Now, I just need to develop a test for this. Sometime writing a test 
is more of a problem than writing the solution.


Thanks for everyone's help.

Cheers,

tedd


--
---
http://sperling.com  http://ancientstones.com  http://earthstones.com

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Re: [PHP] Double click problem

2008-03-19 Thread Richard Heyes

tedd wrote:
// ...

Your first (and the quickest by far) method to employ would be to 
disable the submit button using Jabbascript when the form is submitted. 
That will stop the vast majority of occurrences. You could also employ 
an intermediary page which actually does the card processing and when 
complete redirects to the "thank you" page. ie.



   Form --> "Please wait..." page --> "Thank you" page

--
Richard Heyes
Employ me:
http://www.phpguru.org/cv

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



RE: [PHP] Double click problem

2008-03-19 Thread tedd

At 4:00 PM + 3/19/08, Edward Kay wrote:

Oh, I'd also add a bit of text near the button saying:

"Please click this button ONCE only. Clicking again may result in your
credit card being billed twice."

I'm always much more precise with my clicking when such warnings are
displayed :)


That's already in place. But people have a hard time reading when 
their fingers are clicking.


Cheers,

tedd
--
---
http://sperling.com  http://ancientstones.com  http://earthstones.com

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Re: [PHP] Double click problem

2008-03-19 Thread Daniel Brown
On Wed, Mar 19, 2008 at 12:01 PM, Eric Butera <[EMAIL PROTECTED]> wrote:
>
>  Unique form tokens.
>
>  Generate a token when the form is displayed and save that value in the 
> session.
>
>  Then on post check it and remove it.  Then if they re-submit it will
>  not exist therefore be invalid.

I like Eric's method better than the timestamp method I proposed.
Much cleaner and easier to institute, and I'd hazard a guess at it
being more reliable as well.

-- 

Forensic Services, Senior Unix Engineer
1+ (570-) 362-0283

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Re: [PHP] Double click problem

2008-03-19 Thread Daniel Brown
On Wed, Mar 19, 2008 at 11:48 AM, tedd <[EMAIL PROTECTED]> wrote:
> Hi gang:
>
>  I have a situation where users can purchase stuff online.
>
>  In the last step in the process, the user clicks a "confirm purchase"
>  button and their credit card is checked and if it's valid, they are
>  awarded the product. Everything works, but it takes a little time to
>  check the credit card.
>
>  During the time it takes to send the credit card information to the
>  clearing house and get back an "Ok" with a transaction ID, the user
>  can click the "confirm purchase" button more than once. As such, more
>  than one order can be made during the process.

I'd use a JavaScript onClick event to disable the button, but I'd
back it up with a timestamp tracker to compare clicks of the button.
If someone clicks the button and, for whatever reason, the script
times-out, they'll probably try to order again.  No sweat.  The
timestamp tracker can verify that the order was not successful within
(n) (duration), and if one is found within said duration, the user is
shown a message stating that their order has already been processed,
with an option to purchase the item again if that was their intent.
If there wasn't a successful response from the payment processor, the
timestamp isn't recorded, and the purchase can go through as expected.

-- 

Forensic Services, Senior Unix Engineer
1+ (570-) 362-0283

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Re: [PHP] Double click problem

2008-03-19 Thread Eric Butera
On Wed, Mar 19, 2008 at 11:48 AM, tedd <[EMAIL PROTECTED]> wrote:
> Hi gang:
>
>  I have a situation where users can purchase stuff online.
>
>  In the last step in the process, the user clicks a "confirm purchase"
>  button and their credit card is checked and if it's valid, they are
>  awarded the product. Everything works, but it takes a little time to
>  check the credit card.
>
>  During the time it takes to send the credit card information to the
>  clearing house and get back an "Ok" with a transaction ID, the user
>  can click the "confirm purchase" button more than once. As such, more
>  than one order can be made during the process.
>
>  I was thinking of using the database to prohibit multiple "confirm
>  purchase" clicks made by the user, but I wanted to ask this group if
>  anyone has a simpler idea/solution?
>
>  Thanks,
>
>  tedd
>
>  --
>  ---
>  http://sperling.com  http://ancientstones.com  http://earthstones.com
>
>  --
>  PHP General Mailing List (http://www.php.net/)
>  To unsubscribe, visit: http://www.php.net/unsub.php
>
>

Unique form tokens.

Generate a token when the form is displayed and save that value in the session.

Then on post check it and remove it.  Then if they re-submit it will
not exist therefore be invalid.

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



RE: [PHP] Double click problem

2008-03-19 Thread Edward Kay
> Hi gang:
>
> I have a situation where users can purchase stuff online.
>
> In the last step in the process, the user clicks a "confirm purchase"
> button and their credit card is checked and if it's valid, they are
> awarded the product. Everything works, but it takes a little time to
> check the credit card.
>
> During the time it takes to send the credit card information to the
> clearing house and get back an "Ok" with a transaction ID, the user
> can click the "confirm purchase" button more than once. As such, more
> than one order can be made during the process.
>
> I was thinking of using the database to prohibit multiple "confirm
> purchase" clicks made by the user, but I wanted to ask this group if
> anyone has a simpler idea/solution?
>
> Thanks,
>
> tedd

Oh, I'd also add a bit of text near the button saying:

"Please click this button ONCE only. Clicking again may result in your
credit card being billed twice."

I'm always much more precise with my clicking when such warnings are
displayed :)

Edward


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



RE: [PHP] Double click problem

2008-03-19 Thread Edward Kay
> Hi gang:
>
> I have a situation where users can purchase stuff online.
>
> In the last step in the process, the user clicks a "confirm purchase"
> button and their credit card is checked and if it's valid, they are
> awarded the product. Everything works, but it takes a little time to
> check the credit card.
>
> During the time it takes to send the credit card information to the
> clearing house and get back an "Ok" with a transaction ID, the user
> can click the "confirm purchase" button more than once. As such, more
> than one order can be made during the process.
>
> I was thinking of using the database to prohibit multiple "confirm
> purchase" clicks made by the user, but I wanted to ask this group if
> anyone has a simpler idea/solution?
>
> Thanks,
>
> tedd

How about a bit of JavaScript that disabled the button when the form was
submitted? This is used by eBay and Google for their login processes.

Sure, if JS was disabled this could be circumvented but it would be a good
start and work with the majority of users.

Edward


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Re: [PHP] Double click problem

2008-03-19 Thread Stut

tedd wrote:

I have a situation where users can purchase stuff online.

In the last step in the process, the user clicks a "confirm purchase" 
button and their credit card is checked and if it's valid, they are 
awarded the product. Everything works, but it takes a little time to 
check the credit card.


During the time it takes to send the credit card information to the 
clearing house and get back an "Ok" with a transaction ID, the user can 
click the "confirm purchase" button more than once. As such, more than 
one order can be made during the process.


I was thinking of using the database to prohibit multiple "confirm 
purchase" clicks made by the user, but I wanted to ask this group if 
anyone has a simpler idea/solution?


In the onclick for the button...

onclick="this.disabled=1;this.value='Processing, please wait...';"

You can also do this in the onsubmit of the form but you obviously need 
to change this to a document.getElementById.


I'd also recommend you put some JS at the end of the page to enable the 
button and set its value otherwise users hitting the back button may be 
presented with a disabled button which is annoying.


-Stut

--
http://stut.net/

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Re: [PHP] Double click problem

2008-03-19 Thread Dan Joseph
On Wed, Mar 19, 2008 at 11:48 AM, tedd <[EMAIL PROTECTED]> wrote:

> In the last step in the process, the user clicks a "confirm purchase"
> button and their credit card is checked and if it's valid, they are
> awarded the product. Everything works, but it takes a little time to
> check the credit card.
>
> During the time it takes to send the credit card information to the
> clearing house and get back an "Ok" with a transaction ID, the user
> can click the "confirm purchase" button more than once. As such, more
> than one order can be made during the process.
>
> I was thinking of using the database to prohibit multiple "confirm
> purchase" clicks made by the user, but I wanted to ask this group if
> anyone has a simpler idea/solution?
>
>
>
>
I had a similar problem with one of our applications here.  I ended up
adding some javascript to disable the button once clicked, and then putting
in code in the php to prevent duplicates.  It seemed to do the trick.  I can
send over some sample code if you need.  For the javascript I just made the
submit button hit a function, disable the button, then submit the form.

-- 
-Dan Joseph

"Build a man a fire, and he will be warm for the rest of the day.
Light a man on fire, and will be warm for the rest of his life."


Re: [PHP] Double Click

2001-03-02 Thread Yasuo Ohgaki

> A tactic I've been planning to use, but don't know if it actually works or
> not, is to disable the button first thing in its onClick so the second
click
> occurs on a disabled button.  Does anybody know if this actually works or
> not?
>
> - Theo

How do you determine if the click is the first time, when user send form,
decide to go back to previous page using browser's back button? It's
impossible to determine the click is the first or not using JavaScript.
(It's only works browser does not send form data immediately and it allow
users to send form data while it is sending form data or waiting response
from server. Is this what you want to prevent? Then it works.)

John's uses hash to compare posted values are the same as in DB, it works.
In many cases, it may be a preferred way. If you are just worried about
sending form data multiple times using browser's back button, you can do as
follows using session var.

switch ($task) {
  case 'update':
if ($HTTP_SESSION_VAR['FORM_DATA_SENT']==false) {
 // do update
}
$HTTP_SESSION_VAR['FORM_DATA_SENT'] = true;
break;
  case 'show_form':
$HTTP_SESSION_VAR['FORM_DATA_SENT'] = false;
 // show form
break;
}

Regards,

Yasuo Ohgaki

>
> -Original Message-
> From: John Huggins [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, February 28, 2001 3:04 PM
> To: Manuel Lemos; [EMAIL PROTECTED]
> Subject: RE: [PHP] Double Click
>
>
> If you are lucky and are feeding this form data to a database, you can
> create a unique hash field from other fields that would not change from
> click 1 to click 2.  Then just make the database treat the hash as a
unique
> index and it should prevent double entries.  Works for me.
>
> Other advice is to not tell the double clicker that had an error; Just
> silently ignore their second request.
>
> > -Original Message-----
> > From: Manuel Lemos [mailto:[EMAIL PROTECTED]]
> > Sent: Wednesday, February 28, 2001 2:55 PM
> > To: [EMAIL PROTECTED]
> > Subject: Re: [PHP] Double Click
> >
> >
> > Hello Fabian,
> >
> > On 28-Feb-01 03:01:02, you wrote:
> >
> >
> > >Hi,
> >
> > >I have a page, and when I have to add a product I use a form,
> > many people are
> > >used to make double click in every task, so when the product is
> > sent with a
> > >double click in the send button, the program send it twice to
> > the data base.
> >
> > >What can I do to prevent this?
> >
> > You may want to try this forms generation class that lets you define a
> > warning message that shows when the user attempts to submit a form more
> > than once.
> >
> > http://phpclasses.UpperDesign.com/browse.html/package/1
> >
> > Regards,
> > Manuel Lemos
> >
> > Web Programming Components using PHP Classes.
> > Look at: http://phpclasses.UpperDesign.com/?[EMAIL PROTECTED]
> > --
> > E-mail: [EMAIL PROTECTED]
> > URL: http://www.mlemos.e-na.net/
> > PGP key: http://www.mlemos.e-na.net/ManuelLemos.pgp
> > --
> >
> >
> > --
> > PHP General Mailing List (http://www.php.net/)
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> > To contact the list administrators, e-mail: [EMAIL PROTECTED]
> >
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail: [EMAIL PROTECTED]
>
>

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]




Re: [PHP] Double Click

2001-03-01 Thread Hrishi

On Thursday 01 March 2001 21:41, Brinkman, Theodore wrote:
>  A tactic I've been planning to use, but don't know if it actually works or
>  not, is to disable the button first thing in its onClick so the second
> click occurs on a disabled button.  Does anybody know if this actually
> works or not?


<!--
var submitpressed;

submitpressed=0;

function submitcheck()
{
if(submitpressed)
return false;

submitpressed=1;
return true;
}


//-->




>   - Theo
>
>  -Original Message-
>  From: John Huggins [mailto:[EMAIL PROTECTED]]
>  Sent: Wednesday, February 28, 2001 3:04 PM
>  To: Manuel Lemos; [EMAIL PROTECTED]
>  Subject: RE: [PHP] Double Click
>
>
>  If you are lucky and are feeding this form data to a database, you can
>  create a unique hash field from other fields that would not change from
>  click 1 to click 2.  Then just make the database treat the hash as a
> unique index and it should prevent double entries.  Works for me.
>
>  Other advice is to not tell the double clicker that had an error; Just
>  silently ignore their second request.
>
>  > -Original Message-
>  > From: Manuel Lemos [mailto:[EMAIL PROTECTED]]
>  > Sent: Wednesday, February 28, 2001 2:55 PM
>  > To: [EMAIL PROTECTED]
>  > Subject: Re: [PHP] Double Click
>  >
>  >
>  > Hello Fabian,
>  >
>  > On 28-Feb-01 03:01:02, you wrote:
>  > >Hi,
>  > >
>  > >I have a page, and when I have to add a product I use a form,
>  >
>  > many people are
>  >
>  > >used to make double click in every task, so when the product is
>  >
>  > sent with a
>  >
>  > >double click in the send button, the program send it twice to
>  >
>  > the data base.
>  >
>  > >What can I do to prevent this?
>  >
>  > You may want to try this forms generation class that lets you define a
>  > warning message that shows when the user attempts to submit a form more
>  > than once.
>  >
>  > http://phpclasses.UpperDesign.com/browse.html/package/1
>  >
>  > Regards,
>  > Manuel Lemos
>  >
>  > Web Programming Components using PHP Classes.
>  > Look at: http://phpclasses.UpperDesign.com/?[EMAIL PROTECTED]
>  > --
>  > E-mail: [EMAIL PROTECTED]
>  > URL: http://www.mlemos.e-na.net/
>  > PGP key: http://www.mlemos.e-na.net/ManuelLemos.pgp
>  > --
>  >
>  >
>  > --
>  > PHP General Mailing List (http://www.php.net/)
>  > To unsubscribe, e-mail: [EMAIL PROTECTED]
>  > For additional commands, e-mail: [EMAIL PROTECTED]
>  > To contact the list administrators, e-mail: [EMAIL PROTECTED]

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]




RE: [PHP] Double Click

2001-03-01 Thread Brinkman, Theodore

A tactic I've been planning to use, but don't know if it actually works or
not, is to disable the button first thing in its onClick so the second click
occurs on a disabled button.  Does anybody know if this actually works or
not?

- Theo

-Original Message-
From: John Huggins [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, February 28, 2001 3:04 PM
To: Manuel Lemos; [EMAIL PROTECTED]
Subject: RE: [PHP] Double Click


If you are lucky and are feeding this form data to a database, you can
create a unique hash field from other fields that would not change from
click 1 to click 2.  Then just make the database treat the hash as a unique
index and it should prevent double entries.  Works for me.

Other advice is to not tell the double clicker that had an error; Just
silently ignore their second request.

> -Original Message-
> From: Manuel Lemos [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, February 28, 2001 2:55 PM
> To: [EMAIL PROTECTED]
> Subject: Re: [PHP] Double Click
>
>
> Hello Fabian,
>
> On 28-Feb-01 03:01:02, you wrote:
>
>
> >Hi,
>
> >I have a page, and when I have to add a product I use a form,
> many people are
> >used to make double click in every task, so when the product is
> sent with a
> >double click in the send button, the program send it twice to
> the data base.
>
> >What can I do to prevent this?
>
> You may want to try this forms generation class that lets you define a
> warning message that shows when the user attempts to submit a form more
> than once.
>
> http://phpclasses.UpperDesign.com/browse.html/package/1
>
> Regards,
> Manuel Lemos
>
> Web Programming Components using PHP Classes.
> Look at: http://phpclasses.UpperDesign.com/?[EMAIL PROTECTED]
> --
> E-mail: [EMAIL PROTECTED]
> URL: http://www.mlemos.e-na.net/
> PGP key: http://www.mlemos.e-na.net/ManuelLemos.pgp
> --
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail: [EMAIL PROTECTED]
>


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]




RE: [PHP] Double Click

2001-02-28 Thread John Huggins

If you are lucky and are feeding this form data to a database, you can
create a unique hash field from other fields that would not change from
click 1 to click 2.  Then just make the database treat the hash as a unique
index and it should prevent double entries.  Works for me.

Other advice is to not tell the double clicker that had an error; Just
silently ignore their second request.

> -Original Message-
> From: Manuel Lemos [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, February 28, 2001 2:55 PM
> To: [EMAIL PROTECTED]
> Subject: Re: [PHP] Double Click
>
>
> Hello Fabian,
>
> On 28-Feb-01 03:01:02, you wrote:
>
>
> >Hi,
>
> >I have a page, and when I have to add a product I use a form,
> many people are
> >used to make double click in every task, so when the product is
> sent with a
> >double click in the send button, the program send it twice to
> the data base.
>
> >What can I do to prevent this?
>
> You may want to try this forms generation class that lets you define a
> warning message that shows when the user attempts to submit a form more
> than once.
>
> http://phpclasses.UpperDesign.com/browse.html/package/1
>
> Regards,
> Manuel Lemos
>
> Web Programming Components using PHP Classes.
> Look at: http://phpclasses.UpperDesign.com/?[EMAIL PROTECTED]
> --
> E-mail: [EMAIL PROTECTED]
> URL: http://www.mlemos.e-na.net/
> PGP key: http://www.mlemos.e-na.net/ManuelLemos.pgp
> --
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail: [EMAIL PROTECTED]
>


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]




Re: [PHP] Double Click

2001-02-28 Thread Manuel Lemos

Hello Fabian,

On 28-Feb-01 03:01:02, you wrote:


>Hi,

>I have a page, and when I have to add a product I use a form, many people are
>used to make double click in every task, so when the product is sent with a
>double click in the send button, the program send it twice to the data base.

>What can I do to prevent this?

You may want to try this forms generation class that lets you define a
warning message that shows when the user attempts to submit a form more
than once.

http://phpclasses.UpperDesign.com/browse.html/package/1

Regards,
Manuel Lemos

Web Programming Components using PHP Classes.
Look at: http://phpclasses.UpperDesign.com/?[EMAIL PROTECTED]
--
E-mail: [EMAIL PROTECTED]
URL: http://www.mlemos.e-na.net/
PGP key: http://www.mlemos.e-na.net/ManuelLemos.pgp
--


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]




RE: [PHP] Double Click

2001-02-28 Thread Ovidiu EFTIMIE

Use something like this

var submitcount=0;
function checkSubmit(s)

   if (submitcount == 0)
  {
  submitcount++;
  s.value = "  Sending...  ";
  return true;
  }
   else
  {
  alert("This form has already been submitted.  Thanks!");
  return false;
  }
   }




And of course you should verify the id field in tha data base as Joe said.

Ovidiu

-Original Message-
From: Fabian Fabela [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, February 28, 2001 8:16 AM
To: [EMAIL PROTECTED]
Subject: [PHP] Double Click


Hi,

I have a page, and when I have to add a product I use a form, many people
are used to make double click in every task, so when the product is sent
with a double click in the send button, the program send it twice to the
data base.

What can I do to prevent this?

Thank you.

Fabian Fabela
[EMAIL PROTECTED]
www.vacagorda.com



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]




Re: [PHP] Double Click

2001-02-27 Thread Joe Stump

Make the id field on the db entry unique - the second query will fail. You 
should also be doing error checking on whether or not the record exists already.

--Joe

On Wed, Feb 28, 2001 at 12:15:38AM -0600, Fabian Fabela wrote:
> Hi,
> 
> I have a page, and when I have to add a product I use a form, many people are used 
>to make double click in every task, so when the product is sent with a double click 
>in the send button, the program send it twice to the data base.
> 
> What can I do to prevent this?
> 
> Thank you.
> 
> Fabian Fabela
> [EMAIL PROTECTED]
> www.vacagorda.com
> 

-- 

---
Joe Stump, PHP Hacker, [EMAIL PROTECTED] -o)
http://www.miester.org http://www.care2.com /\\
"It's not enough to succeed. Everyone else must fail" -- Larry Ellison _\_V
---


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]