Back Button Hell

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
User avatar
neophyte
DevNet Resident
Posts: 1537
Joined: Tue Jan 20, 2004 4:58 pm
Location: Minnesota

Back Button Hell

Post by neophyte »

Okay were coding a donations page. We want to make sure the form cannot be resubmitted with either the back arrow or the refresh button so people don't accidently charge themselves twice. How can I prevent this phenomenon? I've read on the forums several suggestions including making cache private, using the get method in the form. What's the best way to do this?

Thanks
User avatar
xisle
Forum Contributor
Posts: 249
Joined: Wed Jun 25, 2003 1:53 pm

Post by xisle »

Just a suggestion, for the donation form you could disable the button and submit with javascript.

Code: Select all

<SCRIPT LANGUAGE=JavaScript>
function disableButton(btn)
&#123;
	btn.disabled = true;
	document.formname.submit();
&#125;
</SCRIPT>

<input type="button" value="save" onclick="javascript: return disableButton(this);">
User avatar
neophyte
DevNet Resident
Posts: 1537
Joined: Tue Jan 20, 2004 4:58 pm
Location: Minnesota

Post by neophyte »

Thanks for the reply xisle. Is there a way that you can clear the form after the submission so that hitting the back button would send them to an empty form? I wasn't able to get the back button disabled. But the form submitted so I have to assume the JS executed...
User avatar
neophyte
DevNet Resident
Posts: 1537
Joined: Tue Jan 20, 2004 4:58 pm
Location: Minnesota

Post by neophyte »

Well I added a reset() after the submission process and that clears the form. So even if they do hit the back button they won't find their data.

Code: Select all

<SCRIPT LANGUAGE=JavaScript>
function disableButton(btn)
&#123;
   btn.disabled = true;
   document.formname.submit();
   document.formname.reset();
&#125;
</SCRIPT>
rehfeld
Forum Regular
Posts: 741
Joined: Mon Oct 18, 2004 8:14 pm

Post by rehfeld »

i would do it serverside, in case they have js disabled. your collecting the info serverside anyway, so its really just 1 more small step.

Code: Select all

<?php

session_start();

if (form submitted, form complete, and acceptable) {
    if (empty($_SESSION['form_accepted'])) {
        // accept it, process it, send emails etc.....
        $_SESSION['form_accepted'] = true;
    } else {
        echo 'you already submitted the form';
    }

}


// theres also a variation of the cache-control header that you might find usefull.
// i would not depend on it though for this purpose

header('Cache-Control: Private, Must-Revalidate');

// the browser will check w/ the server and ask if the document has changed. it will only re-download the page if it has changed.
?>
Archy
Forum Contributor
Posts: 129
Joined: Fri Jun 18, 2004 2:25 pm
Location: USA

Post by Archy »

You could also, once the transaction has taken place, clear the variables that were stored; this would mean that a refresh would not work. So that you dont come up with an error, you could use a simple if statement to check that the variables actually contain data. If not, then dont let the transaction take place, and display a message saying that they have already donated.

Need to stop people pressing the back button? Not an ideal solution, but perhaps when submitted, open the page in a new window where it then does the transaction. Therefor people cannot press the back button.

Ofcourse, none of these are probably ideal solutions.
User avatar
neophyte
DevNet Resident
Posts: 1537
Joined: Tue Jan 20, 2004 4:58 pm
Location: Minnesota

Post by neophyte »

I think were going to do a combo solution. Use the JS to clear the form after its submitted and use sessions or cookies to prevent them from returning.

Thanks all!!!!!
Post Reply