SitePoint Sponsor

User Tag List

Results 1 to 9 of 9
  1. #1
    SitePoint Zealot
    Join Date
    Sep 2003
    Location
    UK
    Posts
    102
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Javascript submits form twice

    Hi,

    I've written some javascript to stop right-clicking on the page that is displayed by my software as it is re-directing to a browser to a payment processor. However it seems to be having a weird side-effect. It took me days to narrow it down to this script, but it seems to be causing my order page form to be submitted twice when the Submit button is clicked.

    I have been scratching my head over this for a very long while, but I still can't see how this code could possibly cause a form submission, but through a lot of trial and error testing, I've found that when this code is present, the form is submitted a second time, but when it's absent, the form is submitted only once.

    The process that happens is that my order page is submitted to a PHP script, which adds the order to my database and sends the dopay.php page back to the browser. This page then forwards the browser to the payment processor's page. Sometimes, it may take a few seconds to get the processor's page, so I added the js script to stop opportunists from looking at the sensitive information in the form that is submitted on the page. Obviously, the determined can always use the others ways, but as the page is only displayed for a few seconds, if that, it's very rarely there long enough to be able to use the other methods.

    However, when this script is present, I get two orders being added to my database and my test display messages show that it's because my order page php script has been triggered twice.

    These are the pages involved:

    The dopay.php page:
    Code:
    <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
    <html>
    <head>
    <SCRIPT><!--
    //***************************************************************************
    //*  This work is the copyright and intellectual property of Deborah Figg.  *
    //*  Reproduction by any means is strictly prohibited unless prior written  *
    //*  permission is obtained from the copyright holder.                      *
    //***************************************************************************
    function funGetEvent(evt) {
    	// Return the appropriate event object
    
    	if  (evt == null) {
    		return event;
    	} else {
    		return evt;
    	}
    }
    function funKeyPress(evt) {
    	var objEvt  = funGetEvent(evt);
    
    	if (objEvt.which) {
    		var keyChar = String.fromCharCode(objEvt.which);
    	} else {
    		var keyChar = String.fromCharCode(objEvt.keyCode);
    	}
    
    	if (keyChar == 'U' || keyChar == 'u' || keyChar == 'R' || keyChar == 'r') {
    		alert('Page not available');
    		return false;
    	}
    }
    function funMouseDown(evt) {
    	if (navigator.userAgent.indexOf('Firefox') == -1) {
    		var objEvt = funGetEvent(evt);
    
    		if (objEvt.which) {
    			var button = objEvt.which;
    		} else {
    			var button = objEvt.button;
    		}
    
    		if (button > 1) {
    			alert('Page not available');
    			return false;
    		}
    	}
    }
    function funMouseClick(evt) {
    	var objEvt = funGetEvent(evt);
    
    	if (objEvt.which) {
    		var button = objEvt.which;
    	} else {
    		var button = objEvt.button;
    	}
    
    	if (button > 1) {
    		alert('Page not available');
    		return false;
    	}
    }
    if (document.captureEvents) {
    	if (Event.KEYPRESS) {
    		document.captureEvents(Event.KEYPRESS|Event.MOUSEDOWN|Event.CLICK);
    	} else {
    		document.captureEvents(1024|1|64);
    	}
    }
    document.onkeypress  = funKeyPress;
    document.onmousedown = funMouseDown;
    document.onclick     = funMouseClick;
    
    --></SCRIPT>
    </head>
    <body onLoad="javascript:document.frmPay.submit()">
    <form action="https://www.alertpay.com/payprocess.aspx" method="post" name="frmPay" id="frmPay">
    <input name="ap_merchant" type="hidden" value="myid" />
    <input name="ap_returnurl" type="hidden" value="myreturnpage" />
    <input name="ap_cancelurl" type="hidden" value="mycancelpage" />
    <input name="ap_description" type="hidden" value="My description." />
    <input name="apc_1" type="hidden" value="myorderid" />
    <input name="ap_currency" type="hidden" value="mycurrency" />
    <input name="ap_purchasetype" type="hidden" value="item" />
    <input name="ap_quantity" type="hidden" value="1" />
    <input name="ap_itemname" type="hidden" value="My Product" />
    <input name="ap_amount" type="hidden" value="37.00" />
    <input name="ap_totalamount" type="hidden" value="37.00" />
    </form>
    </body>
    </html>
    As you can see, the form on this page goes to Alertpay, so how on earth can my own order page be submitted twice?

    The order page form:
    Code:
    <form action="order.php" method="post" name="frmOrder" id="frmOrder">
    	<table width="80%" align="center" cellspacing="0" cellpadding="0">
    	<tr><td>
    		<fieldset class="ordfrm-fieldset"><legend class="ordfrm-legend">Enter Your Details</legend>
    		<table width="97%" align="center" cellspacing="3" cellpadding="3" class="ordfrm-text-norm">
    		<tr class="ordfrm-tbl-row ordfrm-tbl-row-even">
    			<td width="40%" class="ordfrm-tbl-row-hdg"><span class="ordfrm-frm-rqd">* </span>First Name:</td>
    			<td width="60%">
    				<input name="FirstName" id="FirstName" type="text" size="30" maxlength="50" title="Max length: 50" value="" tabindex="1" class="ordfrm-input" />
    			</td>
    		</tr>
    		<tr class="ordfrm-tbl-row ordfrm-tbl-row-odd">
    
    			<td class="ordfrm-tbl-row-hdg"><span class="ordfrm-frm-rqd">* </span>Last Name:</td>
    			<td>
    				<input name="LastName" id="LastName" type="text" size="30" maxlength="50" title="Max length: 50" value="" tabindex="1" class="ordfrm-input" />
    			</td>
    		</tr>
    		<tr class="ordfrm-tbl-row  ordfrm-tbl-row-even">
    			<td class="ordfrm-tbl-row-hdg"><span class="ordfrm-frm-rqd">* </span>Email Address:</td>
    
    			<td>
    				<input name="EmailAddress" id="EmailAddress" type="text" size="30" maxlength="100" title="Max length: 100" value="" tabindex="1" class="ordfrm-input" />
    			</td>
    		</tr>
    		</table>
    		<table width="97%" align="center" cellspacing="3" cellpadding="3" class="ordfrm-text-norm">
    		<tr><td><img src="images/spacer.gif" width="1" height="1" /></td></tr>
    		<tr class="ordfrm-tbl-row ordfrm-tbl-row-odd">
    			<td align="center">
    
    <input name="Submit" id="Submit" type="image" src="images/alertpay-sm-1.gif" title="Click here to order securely using **AlertPay**. It may take several moments, so please be patient." tabindex="1" valign="absmiddle" class="image-button" onclick="return funDisable(this, '', true, document.frmOrder)" />
    			</td>
    		</tr>
    		<tr><td align="center" class="ordfrm-text-small ordfrm-tbl-row-odd">
    			<img src="images/spacer.gif" width="1" height="5" /><br />
    			(It may take several moments to take you to our secure payment page, so please be patient. We always protect your privacy and never share your email address with anybody. Also, to ensure you receive our emails, we don't allow free email addresses e.g. yahoo, hotmail, msn.)
    		</td></tr></table>
    		</fieldset>
    	</td></tr></table>
    </form>
    funDisable disables the image button and submits the form. I've thoroughly tested this script with Firebug and it only ever does one submit.

    The order page php script is far too big and complex to include here, but all it does with the dopay.php page is to echo it back to the browser. But anyway, I've eliminated it from the equation, as my testing has all pointed to the presence of the js script on the dopay.php page.

    It's an obscure one, but does anyone have any suggestions as to how the js script could be causing the order page form to be submitted a second time? Or does anyone know of a better script to disable code viewing that I could possibly use?

    Debbie
    QuicknEasySalesPro.com
    - your quick and easy, yet powerful solution for managing your
    membership site sales, downloads and affiliates.

  2. #2
    Unobtrusively zen silver trophybronze trophy
    paul_wilkins's Avatar
    Join Date
    Jan 2007
    Location
    Christchurch, New Zealand
    Posts
    14,684
    Mentioned
    99 Post(s)
    Tagged
    4 Thread(s)
    Could it be related to the body onload event that's also there?
    Programming Group Advisor
    Reference: JavaScript, Quirksmode Validate: HTML Validation, JSLint
    Car is to Carpet as Java is to JavaScript

  3. #3
    SitePoint Zealot
    Join Date
    Sep 2003
    Location
    UK
    Posts
    102
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hi pmw57,

    I looked at that, but I couldn't see how it could do, as it submits frmPay, the action of which goes to the Alertpay site, not mine ... unless I'm missing something?

    Debbie
    QuicknEasySalesPro.com
    - your quick and easy, yet powerful solution for managing your
    membership site sales, downloads and affiliates.

  4. #4
    Unobtrusively zen silver trophybronze trophy
    paul_wilkins's Avatar
    Join Date
    Jan 2007
    Location
    Christchurch, New Zealand
    Posts
    14,684
    Mentioned
    99 Post(s)
    Tagged
    4 Thread(s)
    It is possible that users are double-clicking on the submit button, causing two submissions to occur.
    Programming Group Advisor
    Reference: JavaScript, Quirksmode Validate: HTML Validation, JSLint
    Car is to Carpet as Java is to JavaScript

  5. #5
    SitePoint Zealot
    Join Date
    Sep 2003
    Location
    UK
    Posts
    102
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hi pmw57,

    Oh no, it's just me in my testing that has identified this problem, so no, I'm not clicking twice.

    Debbie
    QuicknEasySalesPro.com
    - your quick and easy, yet powerful solution for managing your
    membership site sales, downloads and affiliates.

  6. #6
    Unobtrusively zen silver trophybronze trophy
    paul_wilkins's Avatar
    Join Date
    Jan 2007
    Location
    Christchurch, New Zealand
    Posts
    14,684
    Mentioned
    99 Post(s)
    Tagged
    4 Thread(s)
    On the order form page when the submit button is clicked, it calls the funDisable function.

    When you click the submit button the page is going to submit the form. You can prevent that only by returning false from the funDisable function.

    Because the funDisable function also submits the form, you need to return false from that function to prevent the page from submitting the form as well.
    Programming Group Advisor
    Reference: JavaScript, Quirksmode Validate: HTML Validation, JSLint
    Car is to Carpet as Java is to JavaScript

  7. #7
    SitePoint Zealot
    Join Date
    Sep 2003
    Location
    UK
    Posts
    102
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hi pmw57,

    Yes, that's exactly what it does. It has various tests in it and if it ends up submitting the the form from code, then it returns false, so the page doesn't submit it as well. I've done rather a lot of testing of it using Firebug, as I kept believing that it was the culprit, so I did many tests on it until I had no more excuses to keep blaming it.

    Debbie
    QuicknEasySalesPro.com
    - your quick and easy, yet powerful solution for managing your
    membership site sales, downloads and affiliates.

  8. #8
    Unobtrusively zen silver trophybronze trophy
    paul_wilkins's Avatar
    Join Date
    Jan 2007
    Location
    Christchurch, New Zealand
    Posts
    14,684
    Mentioned
    99 Post(s)
    Tagged
    4 Thread(s)
    If the script has no possible reason to cancel the submission (as in validation) you should try removing the submission from the script and let the page handle the form submission by itself.

    Finally, you could put up a test page, with the payprocess disabled, so that a deeper look into the situation can be performed.
    Programming Group Advisor
    Reference: JavaScript, Quirksmode Validate: HTML Validation, JSLint
    Car is to Carpet as Java is to JavaScript

  9. #9
    SitePoint Zealot
    Join Date
    Sep 2003
    Location
    UK
    Posts
    102
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hi,

    I've now found the solution, which is in this bug report: https://bugzilla.mozilla.org/show_bug.cgi?id=236858, so I thought I'd share what I did with everyone.

    According to the bug report, the absence of a "content-type text/html; charset=iso-8859-1" header or <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> meta tag in the page causes the browser to use it's default charset, which it may decide is wrong once it gets to process the actual data on the page. This is what causes the browser to re-request the page to be able to process it using the correct charset, hence submitting the form twice. Not the most desirable result, I grant you, but that how it's been designed to work, currently.

    So, I tried the suggested fix and found that putting both or just the meta tag did solve the problem, but not consistently enough, because it still happened every so often.

    So, I put in a bit of code to not use the javascript when the browser is Firefox, as that is the only browser in which the problem occurs.
    Code:
    <?php
    if  (USER_BROWSER_AGENT <> "FIREFOX"):
    ?>
    <script language="JavaScript1.2" type="text/javascript"><!--
    <?php
    require(JS_STOP_THIEF);
    ?>
    --></script>
    <?php
    endif;
    ?>
    USER_BROWSER_AGENT is determined by this code, which I thought might be useful for anyone who doesn't already have something similar:
    Code:
    if  (!empty($_SERVER["HTTP_USER_AGENT"])):
    	define("USER_AGENT", $_SERVER["HTTP_USER_AGENT"]);
    elseif (!empty($HTTP_SERVER_VARS["HTTP_USER_AGENT"])):
    	define("USER_AGENT", $HTTP_SERVER_VARS["HTTP_USER_AGENT"]);
    else:
    	define("USER_AGENT", "");
    endif;
    
    if  (strstr(USER_AGENT, "Win")):
    	define("USER_OS", "Win");
    elseif (strstr(USER_AGENT, "Mac")):
    	define("USER_OS", "Mac");
    elseif (strstr(USER_AGENT, "Linux")):
    	define("USER_OS", "Linux");
    elseif (strstr(USER_AGENT, "Unix")):
    	define("USER_OS", "Unix");
    elseif (strstr(USER_AGENT, "OS/2")):
    	define("USER_OS", "OS/2");
    else:
    	define("USER_OS", "Other");
    endif;
    
    if  (ereg("Opera(/| )([0-9].[0-9]{1,2})",  USER_AGENT, $aMatches)):
    	define("USER_BROWSER_VER", $aMatches[2]);
    	define("USER_BROWSER_AGENT", "OPERA");
    elseif (ereg("MSIE ([0-9].[0-9]{1,2})",    USER_AGENT, $aMatches)):
    	define("USER_BROWSER_VER", $aMatches[1]);
    	define("USER_BROWSER_AGENT", "IE");
    elseif (ereg("OmniWeb/([0-9].[0-9]{1,2})", USER_AGENT, $aMatches)):
    	define("USER_BROWSER_VER", $aMatches[1]);
    	define("USER_BROWSER_AGENT", "OMNIWEB");
    elseif (ereg("(Konqueror/)(.*)(;)",        USER_AGENT, $aMatches)):
    	define("USER_BROWSER_VER", $aMatches[2]);
    	define("USER_BROWSER_AGENT", "KONQUEROR");
    elseif (ereg("Mozilla/([0-9].[0-9]{1,2})", USER_AGENT, $aMatches)
    	&&  ereg("Firefox/([0-9]*)",           USER_AGENT, $aMatches2)
    	   ):
    	define("USER_BROWSER_VER", $aMatches[1] . "." . $aMatches2[1]);
    	define("USER_BROWSER_AGENT", "FIREFOX");
    elseif (ereg("Mozilla/([0-9].[0-9]{1,2})", USER_AGENT, $aMatches)
    	&&  ereg("Safari/([0-9]*)",            USER_AGENT, $aMatches2)
    	   ):
    	define("USER_BROWSER_VER", $aMatches[1] . "." . $aMatches2[1]);
    	define("USER_BROWSER_AGENT", "SAFARI");
    elseif (ereg("Mozilla/([0-9].[0-9]{1,2})", USER_AGENT, $aMatches)):
    	define("USER_BROWSER_VER", $aMatches[1]);
    	define("USER_BROWSER_AGENT", "MOZILLA");
    else:
    	define("USER_BROWSER_VER", 0);
    	define("USER_BROWSER_AGENT", "OTHER");
    endif;
    Hope that helps.

    Debbie
    QuicknEasySalesPro.com
    - your quick and easy, yet powerful solution for managing your
    membership site sales, downloads and affiliates.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •