473,545 Members | 2,577 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

stop someone reloading a page

is there a way in either php or html to disable the back and or the
reload/refresh on a browser so a potential spammer cant just keep refreshing
the page of a form that sends a confirmation email out

thanks in advance
Jul 17 '05 #1
11 15586
chris wrote:
is there a way in either php or html to disable the back and or the
reload/refresh on a browser so a potential spammer cant just keep refreshing
the page of a form that sends a confirmation email out


That's a very common problem in web applications. There's different
solutions:

- have the "successful ly sent" page redirect to another page (like back
to where we came from), so the spammer would have to catch a 1-second
time-window to hit F5.

- include a uniqid() in a hidden field of the form, so the system won't
accept more than one form submission with the same ID, e.g. insert the
ID in a db table when the form is being displayed and remove it again
when the form is submitted.

There's prolly lotsa other solutions. These are the one's I've used so
far. (The first one is less work, the second one is more secure).

Jochen

Jul 17 '05 #2
chris wrote:
is there a way in either php or html to disable the back and or the
reload/refresh on a browser so a potential spammer cant just keep refreshing
the page of a form that sends a confirmation email out


In PHP, check the reference page, if the reference page isn't the page from
where the link is to the send-page, then redirect them to another page that
wishes them "happy new year".

//Aho
Jul 17 '05 #3
J.O. Aho wrote:
In PHP, check the reference page, if the reference page isn't the page
from where the link is to the send-page, then redirect them to another
page that wishes them "happy new year".


Won't work... When pressing "F5", the browser sends the same referer
info as before.

Jochen

Jul 17 '05 #4

"chris" <so*****@here.c om> schreef in bericht
news:3f******** @funnel.arach.n et.au...
is there a way in either php or html to disable the back and or the
reload/refresh on a browser so a potential spammer cant just keep refreshing the page of a form that sends a confirmation email out

thanks in advance

This is what I do

// put on top of page
if ($_POST)
{ // do stuff that cant handle refresh
header("Locatio n: http://".$_SERVER['PHP_SELF']); // with or without
vars
exit;
}

Jul 17 '05 #5
Jochen Buennagel wrote:
J.O. Aho wrote:
In PHP, check the reference page, if the reference page isn't the page
from where the link is to the send-page, then redirect them to another
page that wishes them "happy new year".

Won't work... When pressing "F5", the browser sends the same referer
info as before.


Then next option is to use a cookie, I guess most spammers would use another
method than a browser to send, on the page before set a cookie, then on the
sendpage, if there aren't any cookie set, then don't send (and if there is,
delete cookie and send).
//Aho
Jul 17 '05 #6
Floortje wrote:

"chris" <so*****@here.c om> schreef in bericht
news:3f******** @funnel.arach.n et.au...
is there a way in either php or html to disable the back and or the
reload/refresh on a browser so a potential spammer cant just keep

refreshing
the page of a form that sends a confirmation email out


You could use uniqid() to generate a unique id and include it in hidden field in
the form. On your confirmation page, check a log file or mysql db to see if
that confirmation number has been used. If not, send the email and write the id
to the db or file. If it has been used, display the appropriate error message.
This is quick and easy and will prevent the casual or inadvertent "spammer" from
sending multiple emails with refresh and back (though a programmer can get
around it easily). Make sure to clean out the file or db often or else your
script will slow down. You can do this manually, with a cron job, or this
method:

If using a logfile, if the filesize() is greater than n bytes delete all but the
last 10 records and save the file. Occasionally, a user will have to wait a bit
longer (a fraction of a second or, at most, a couple seconds), but you keep all
your code together.

Regards,
Shawn
--
Shawn Wilson
sh***@glassgian t.com
http://www.glassgiant.com
Jul 17 '05 #7
At the top of your script/page check for a cookie or session variable

$varName = session or cookie
if ($varName == "yep")
header("Locatio n: http://www.yourdomain. com/noback.html");

then at this point set a cookie or session variable

$varName = "yep";
setcookie or session

now continue with rest of your page
if the use tries to come back to this page, nope, no way jose
the only way back would be through the page that is supposed to link
to it, and on this page make sure to clear the cookie or session var.

so your prior page, at top:
$varName = "all clear";
setcookie or session
again, as was stated, a programmer can get past this.

Mike
http://gzen.myhq.info -- free online php tools
Jul 17 '05 #8
php
Perhaps you could maintain a database by IP address and reject duplicates.

The requester IP address is available via a $_SERVER['REMOTE_ADDR']
variable.

Good Luck.
"chris" <so*****@here.c om> wrote in message
news:3f******** @funnel.arach.n et.au...
is there a way in either php or html to disable the back and or the
reload/refresh on a browser so a potential spammer cant just keep refreshing the page of a form that sends a confirmation email out

thanks in advance

Jul 17 '05 #9
php wrote:
Perhaps you could maintain a database by IP address and reject duplicates.

The requester IP address is available via a $_SERVER['REMOTE_ADDR']
variable.

Good Luck.
"chris" <so*****@here.c om> wrote in message
news:3f******** @funnel.arach.n et.au...
is there a way in either php or html to disable the back and or the
reload/refresh on a browser so a potential spammer cant just keep


refreshing
the page of a form that sends a confirmation email out

thanks in advance


You could use the GD lib and create a random number ouputted as an image
which has to be inputted into the form and expires as soon as the form
as been used, much like a lot of sites do including Yahoo I belive.

~Cameron
Jul 17 '05 #10

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

3
2597
by: jbj | last post by:
Something like a php function that can be called? I have php in a page that needs to be update periodically (basically poll results) without reloading the page around it (I do have a button you can click). Is this possible? Or should I make some sort of Iframe with the php page in it that could be reloaded. The php code basicaly just...
8
4001
by: Aspersion | last post by:
I'm building an ASP page that has a lot of text and graphics. There is a calculation facility on the page. The user enters several numbers in a form and presses a button to see the calculated answer. The problem is this: when the user presses the Calculate button, the whole page is reloaded and, on a large page, this is very noticeable. ...
2
5081
by: Snolly | last post by:
Hi all, Here is my issue. I have a web page (lets call it page1) with an iframe in it that then opens a pop-up window (page2). The pop-up window is used to edit some data that was loaded into page1 so I want to use onunload to reload page1 to keep the data synchronized. At first I was using just window.opener.parent.location =...
1
8013
by: Mad Scientist Jr | last post by:
How do you get a ASP.NET page to return nothing, so the page posting form data to it doesn't reload? I have tried all combinations of the following: Response.SuppressContent = True Response.BufferOutput = True Response.Cache.SetNoStore()
3
2146
by: Richard | last post by:
Hey there, I have a textbox and a listbox. When a user types a number in the textbox, I want to get all the records from a MS Access DB but without reloading the page. I now have something manual and a user first must press a button to get the listbox filled with records but I want to have it done automaticly without pressing a sumbit...
1
2572
by: Alex Gurevich | last post by:
Hi, I am having very strange problem, I have Dropdownlist (DDL) with callback function for SelectedIndexChanged event on asp.net page, which is populated in codebehind Page_OnLoad page. After postback of the page, througth on click event of a button on the page, and returning of the page to client side, usually selection of an item in the...
3
1686
by: dhnriverside | last post by:
Hi guys I have a Calculate ASP:button on my page, and a text box next to it. I've got it so that it calls a function with itself, so you can check the value before submitting the form to it's final destination. However, when I click the Calculate button, the page loads back at the top, instead of where the Calculate button is. How can...
1
2558
by: almarc | last post by:
Problem : Stop an "Unonlaod" when then confirmation is false. Is a really good script but i have just one problem. The problem that i have is when i click on a link. The scipt ask "Do you want to save DATA". When you click "Yes" and the name form is empty. The script tell you a message, but i go to another page. ALL I WANT IS TO BLOCK IT, AND...
5
2189
by: henryrhenryr | last post by:
Appologies for unclear title. I don't really understand the problem I'm facing. My system: PHP 5.2.1, Win2K, Apache 2, MySQL 5 (local - problem is same on my live site running php 4.3.9, Linux, Apache 2). Various browsers. No errors are reported (set to ALL and STRICT) with my problem. To describe the problem a little more: The...
0
7490
marktang
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main...
0
7425
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it. First, let's disable language...
0
7682
Oralloy
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. ...
1
7449
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For...
0
5069
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert...
0
3465
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
1
1911
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
1
1037
muto222
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.
0
734
bsmnconsultancy
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.