Page 1 of 1
Back Button Hell
Posted: Wed Dec 01, 2004 9:50 am
by neophyte
Okay were coding a donations page. We want to make sure the form cannot be resubmitted with either the back arrow or the refresh button so people don't accidently charge themselves twice. How can I prevent this phenomenon? I've read on the forums several suggestions including making cache private, using the get method in the form. What's the best way to do this?
Thanks
Posted: Wed Dec 01, 2004 10:18 am
by xisle
Just a suggestion, for the donation form you could disable the button and submit with javascript.
Code: Select all
<SCRIPT LANGUAGE=JavaScript>
function disableButton(btn)
{
btn.disabled = true;
document.formname.submit();
}
</SCRIPT>
<input type="button" value="save" onclick="javascript: return disableButton(this);">
Posted: Wed Dec 01, 2004 10:47 am
by neophyte
Thanks for the reply xisle. Is there a way that you can clear the form after the submission so that hitting the back button would send them to an empty form? I wasn't able to get the back button disabled. But the form submitted so I have to assume the JS executed...
Posted: Wed Dec 01, 2004 11:19 am
by neophyte
Well I added a reset() after the submission process and that clears the form. So even if they do hit the back button they won't find their data.
Code: Select all
<SCRIPT LANGUAGE=JavaScript>
function disableButton(btn)
{
btn.disabled = true;
document.formname.submit();
document.formname.reset();
}
</SCRIPT>
Posted: Wed Dec 01, 2004 11:52 am
by rehfeld
i would do it serverside, in case they have js disabled. your collecting the info serverside anyway, so its really just 1 more small step.
Code: Select all
<?php
session_start();
if (form submitted, form complete, and acceptable) {
if (empty($_SESSION['form_accepted'])) {
// accept it, process it, send emails etc.....
$_SESSION['form_accepted'] = true;
} else {
echo 'you already submitted the form';
}
}
// theres also a variation of the cache-control header that you might find usefull.
// i would not depend on it though for this purpose
header('Cache-Control: Private, Must-Revalidate');
// the browser will check w/ the server and ask if the document has changed. it will only re-download the page if it has changed.
?>
Posted: Wed Dec 01, 2004 1:34 pm
by Archy
You could also, once the transaction has taken place, clear the variables that were stored; this would mean that a refresh would not work. So that you dont come up with an error, you could use a simple if statement to check that the variables actually contain data. If not, then dont let the transaction take place, and display a message saying that they have already donated.
Need to stop people pressing the back button? Not an ideal solution, but perhaps when submitted, open the page in a new window where it then does the transaction. Therefor people cannot press the back button.
Ofcourse, none of these are probably ideal solutions.
Posted: Wed Dec 01, 2004 3:35 pm
by neophyte
I think were going to do a combo solution. Use the JS to clear the form after its submitted and use sessions or cookies to prevent them from returning.
Thanks all!!!!!