form resend prevent with session, hidden input & redirection

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
uyewq
Forum Newbie
Posts: 22
Joined: Thu Sep 17, 2009 6:21 am

form resend prevent with session, hidden input & redirection

Post by uyewq »

Hi dear all,

i have a script which works for adding user comments to database after form submission. Form needs to be fine-tuned but i can do it later (captcha, e-mail validity check, htmlentities etc).

In order to prevent form resend appearing problem i want to use the technique below that i found on web:

create a random string (a hash), which I stored in a session variable and echoed into a hidden <input> element in my form page.

Then, once the data had been submitted, I had my action page match the session variable to the value of the <input> element. If they matched, I unset the session variable and processed the form. If they didn't I simply redirected the user back to the form page.


I don't know how to do/where to put which code so can you help me to modify my simple comment script? As i read, i think taht critical keywords are hash & session
if i really have to split the action page please also describe that too. All DETAILED helps will be appreciated. (Non-critical texts in script is in Turkish)
best regards

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
note: this single-page script refers (action="") to itself. it is used for user comments for the articles

Code: Select all

 
<?php
if(isset($_POST['submit'])) 
{// submit yapildi ise - if submitted
    // form gecerli sekilde dolduruldu mu?
    if (!$_POST['nisim']) die('?sminizi yazmal?s?n?z.');
    if (!$_POST['neposta']) die('Geçerli e-posta adresinizi yazmal?s?n?z.');
    if (!$_POST['nyorum']) die('Yorum yazmal?s?n?z.');
    
    //devamli yorum eklemeyi onlemek icin - user must wait 5min to comment again
    $c = "SELECT ipadresi, max(yorumsaati) from dis_yorumonay WHERE ipadresi = '$_SERVER[REMOTE_ADDR]'";
    $c2 = mysql_query($c);
    while($rwo = mysql_fetch_row($c2)){
        if (($rwo[1]-$_POST[nysaati])<300) die('son yorumunuz üzerinden 5dk geçmi? olmal?d?r.'); 
        }
    
    // yorumu veritabanina ekle - add comment to db
    $sqlyrmekle = "INSERT INTO dis_yorumonay SET adsoyad='$_POST[nisim]', eposta='$_POST[neposta]', 
    yorum='$_POST[nyorum]', yazino='$_GET[id]', ipadresi='$_POST[nipadresi]', yorumtarihi='$_POST[nytarihi]', yorumsaati='$_POST[nysaati]', onaydurumu='bekliyor' ";
    mysql_query($sqlyrmekle);
 
}
    
 
 
else 
{ // submit yapilmadi ise - if not submitted
        // varolan yorumlari goster
        $qy = "SELECT * FROM dis_yorumonay WHERE yazino = '$id' && onaydurumu = 'olumlu' ORDER BY yorumtarihi DESC";
        $qym = mysql_query($qy);
            if(!$qym) die(mysql_error());
        while($row = mysql_fetch_row($qym))
        {
            echo '<div id=\".$row[0].\">'."\n";
            $yrm    = $row[4];  echo '<p>'.$yrm."</p>\n";
            $adsyd = $row[1];   echo '<p>'.$adsyd."</p>\n";
            $trh = $row[5]; $saat = $row[6];
            echo '<p>'.$trh.' [ '.$saat." ]</p>\n</div>\n";
        }
 
}
 
?>
 
<div id="yorumformu">
<form method="post" action="<? echo '$siteurl/php/yazi.php?id='.$id ; //page refers itself ?>" enctype="multipart/form-data">
<fieldset>
<input type="hidden" name="nipadresi" value="<? echo $_SERVER['REMOTE_ADDR']; ?>" />
<input type="hidden" name="nytarihi" value="<? echo date("Y-m-d"); ?>" />
<input type="hidden" name="nysaati" value="<? echo time(); ?>" />
<table>
  <tr>
 
  <th>?sim:</th>
  <td>
        <div class="input"><input name="nisim" type="text" value="" /></div>
        </td>
  </tr>
    <tr>
  <th>E-posta:</th>
  <td>
 
        <div class="input"><input name="neposta" type="text" value="" /></div>
        </td>
  </tr>
    <tr>
  <th>Yorum:</th>
  <td>
        <div class="input"><textarea name="nyorum" cols="45" rows="6"></textarea></div>
        </td>
  </tr>
 
  
<tr><th></th><td><input name="submit" id="submit" class="submit" type="submit" value="Submit" /></td></tr>
 
</table>
</fieldset>
</form>
</div><!-- yorumformu sonu -->
Post Reply