SitePoint Sponsor

User Tag List

Results 1 to 5 of 5
  1. #1
    SitePoint Evangelist
    Join Date
    Mar 2004
    Location
    Fort Lauderdale
    Posts
    522
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Code to disable malicious form submittions

    I would like to use Php 4.3.9 to prevent my form from being submitted 100s times.

    How can I set up sessions or cookies or both to let users submit the form once per a certain amount of time?

    P

  2. #2
    SitePoint Wizard
    Join Date
    Mar 2004
    Posts
    1,647
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    PHP Code:
    if($_POST["submit"]) {
    header("Location: index.php");


  3. #3
    SitePoint Wizard Mike Borozdin's Avatar
    Join Date
    Oct 2002
    Location
    Edinburgh, UK
    Posts
    1,743
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    THe simple way is just using JavaScript that will disable your submit button after its being clicked.

    If you want to be protected against users with disabled JavaScript, you can use cookies and IP method, so you set a cookie and then check if it's set, if so, then the form has been already submitted, but users can still disable cookies. As for the IP methhod, you get the users's IP, store it somewhere (DB, XML etc.) and then check if there's that IP in your database, but people can use anonynous proxies, so several peole have the same IP or use dial-up and they have dynamic IP, so their IP change from connection to connection.

  4. #4
    SitePoint Wizard DougBTX's Avatar
    Join Date
    Nov 2001
    Location
    Bath, UK
    Posts
    2,498
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Equallay, they could set up a PHP script to feed data to your script by forging POST headers and sending a couple of thousand a second to your site. Your options include the "type in what you see in this image unless your blind" technique, or some form of "limit of 10 submissions a minute" per IP, or some other solution.

    Douglas
    Hello World

  5. #5
    SitePoint Addict
    Join Date
    Oct 2004
    Location
    Ontario Canada
    Posts
    235
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Another way would be to store the form information in a database, and not allow the exact same information to be submited again. So it would be possible to have a bot submit random stuff, but if you combine this with an IP/cookie check it makes it that much harder. (bots will most likely be programmed to ingore cookies though).

    I think vB uses this method to avoid people from doubleposting.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •