prevent users from using form again until 48hours

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
Cruzado_Mainfrm
Forum Contributor
Posts: 346
Joined: Sun Jun 15, 2003 11:22 pm
Location: Miami, FL

prevent users from using form again until 48hours

Post by Cruzado_Mainfrm »

how do i prevent users from sending a form if they have already sent it, and that they can after 48 hours?

thnx in advance
User avatar
twigletmac
Her Royal Site Adminness
Posts: 5371
Joined: Tue Apr 23, 2002 2:21 am
Location: Essex, UK

Post by twigletmac »

You have to register somehow that they've seen it. It's probably easiest if they have to login to send the form because then you can store that information against their username. However, generally this isn't the case so you're going to have to set a cookie, it's not infallible but will work for some users. IP address is fairly unreliable for things like this because they'll change for many users because of dialup or a group of users will have the same one because they are behind the same proxy.

Mac
Cruzado_Mainfrm
Forum Contributor
Posts: 346
Joined: Sun Jun 15, 2003 11:22 pm
Location: Miami, FL

Post by Cruzado_Mainfrm »

well, it's a sign up form, i used cookies, but they always say that 'headers were already sent' and bla bla bla, and they don't store, the solution could be..., storing the ip and date from the user, but as well as some information that will ONLY match that specific user... any ideas?
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

then you should read
Sticky: Before Post Read: Warning: Cannot add header information
Sticky: Before Post Read: Sessions with a Minor in User Logins

cookies are sent as response-header. Headers can only be sent before any response-body contents (the document shown in the browser) and both topics cover this matter somewhere.
The first is more about headers-before-contents, the second also shows you how to use sessions the way you need it.
Cruzado_Mainfrm
Forum Contributor
Posts: 346
Joined: Sun Jun 15, 2003 11:22 pm
Location: Miami, FL

Post by Cruzado_Mainfrm »

this is not a php question i think, but how do i stop an user from entering my site without cookies enabled(that way nobody can override the security of cookies :))?
User avatar
twigletmac
Her Royal Site Adminness
Posts: 5371
Joined: Tue Apr 23, 2002 2:21 am
Location: Essex, UK

Post by twigletmac »

Cruzado_Mainfrm wrote:that way nobody can override the security of cookies :)?
Unless they just delete them :wink:

Mac
Cruzado_Mainfrm
Forum Contributor
Posts: 346
Joined: Sun Jun 15, 2003 11:22 pm
Location: Miami, FL

Post by Cruzado_Mainfrm »

but how can i prevent users from entering a page without cookies enabled? :?:
User avatar
nielsene
DevNet Resident
Posts: 1834
Joined: Fri Aug 16, 2002 8:57 am
Location: Watertown, MA

Post by nielsene »

Check for the php.ini setting of session.use_cookies_only and set it to 1.
Cruzado_Mainfrm
Forum Contributor
Posts: 346
Joined: Sun Jun 15, 2003 11:22 pm
Location: Miami, FL

Post by Cruzado_Mainfrm »

how can i set that in 'runtime'?
User avatar
nielsene
DevNet Resident
Posts: 1834
Joined: Fri Aug 16, 2002 8:57 am
Location: Watertown, MA

Post by nielsene »

While the ini_set manual entry says it can be set at runtime, using

Code: Select all

ini_set("session.use_cookies_only","1");
I'm not sure if it would make a difference. Make sure you call ini_set before you call session_start and it might work, but I'm not sure about the timing issues required.

If it doesn't work you can try reading $_COOKIE["PHPSESSID"] and compare it to session_id(). If they don't match then the session id was passed by the URL/POST and you should reject it.
Post Reply