Page 1 of 1
prevent users from using form again until 48hours
Posted: Sat Jun 21, 2003 10:12 pm
by Cruzado_Mainfrm
how do i prevent users from sending a form if they have already sent it, and that they can after 48 hours?
thnx in advance
Posted: Sun Jun 22, 2003 4:51 am
by twigletmac
You have to register somehow that they've seen it. It's probably easiest if they have to login to send the form because then you can store that information against their username. However, generally this isn't the case so you're going to have to set a cookie, it's not infallible but will work for some users. IP address is fairly unreliable for things like this because they'll change for many users because of dialup or a group of users will have the same one because they are behind the same proxy.
Mac
Posted: Sun Jun 22, 2003 7:46 am
by Cruzado_Mainfrm
well, it's a sign up form, i used cookies, but they always say that 'headers were already sent' and bla bla bla, and they don't store, the solution could be..., storing the ip and date from the user, but as well as some information that will ONLY match that specific user... any ideas?
Posted: Sun Jun 22, 2003 8:27 am
by volka
then you should read
Sticky: Before Post Read: Warning: Cannot add header information
Sticky: Before Post Read: Sessions with a Minor in User Logins
cookies are sent as response-header. Headers can only be sent before any response-body contents (the document shown in the browser) and both topics cover this matter somewhere.
The first is more about headers-before-contents, the second also shows you how to use sessions the way you need it.
Posted: Sun Jun 22, 2003 8:31 am
by Cruzado_Mainfrm
this is not a php question i think, but how do i stop an user from entering my site without cookies enabled(that way nobody can override the security of cookies

)?
Posted: Sun Jun 22, 2003 9:09 am
by twigletmac
Cruzado_Mainfrm wrote:that way nobody can override the security of cookies

?
Unless they just delete them
Mac
Posted: Sun Jun 22, 2003 9:47 am
by Cruzado_Mainfrm
but how can i prevent users from entering a page without cookies enabled?

Posted: Sun Jun 22, 2003 10:09 am
by nielsene
Check for the php.ini setting of session.use_cookies_only and set it to 1.
Posted: Sun Jun 22, 2003 10:27 am
by Cruzado_Mainfrm
how can i set that in 'runtime'?
Posted: Sun Jun 22, 2003 10:35 am
by nielsene
While the
ini_set manual entry says it can be set at runtime, using
Code: Select all
ini_set("session.use_cookies_only","1");
I'm not sure if it would make a difference. Make sure you call ini_set before you call session_start and it might work, but I'm not sure about the timing issues required.
If it doesn't work you can try reading $_COOKIE["PHPSESSID"] and compare it to session_id(). If they don't match then the session id was passed by the URL/POST and you should reject it.