Question about sessions and pages

adh32 · August 17, 2010, 6:10pm

I was browsing around for tutorials that use a PHP session to insert an ID into a form and use it to check for accidental repeated submission of a form. All of these tutorials seem to set the form action to a separate page on which they place the form-processing part of the PHP, which I don’t do.

This implies that this method cannot be used when the form action points to the same page: the usual lack of info in tutorials leaves me unsure whether that is the case or not. If so, is there a simple alternative to sessions? (It has to be simple and clear. Ideally, I would like to find the most robust and secure solution, but I doubt that I could use it.)

My apologies for the vague title, by the way, but I couldn’t sum this up accurately in a few words.

adh32 · August 17, 2010, 9:56pm

Thanks for responding. I don’t think that I would use that, though, because I can see problems with anyone who takes time over completing the form.

adamcoppard · August 17, 2010, 6:42pm

This isn’t the most elegant way of doing the whole time checks, but it’s simple, although some PHP Guru could probably rewrite to one line.
Where the form is being validated before output:


<?php
	if($_POST){
		$timenow = time(); //Get the time now.
		$timeform = $_POST['time']; //Get the time form created on the HTML page.
		$timeinvalid = 5; //time in seconds for timeouts.
		$timecheck = $timenow - $timeform; //Create a variable comparing the two.
		if($timecheck <= $timeinvalid){ //if comparing the two
			echo 'Within five seconds.';
		} else{
			echo 'Longer than five seconds.';
		}
	}	
?>

Then in your HTML form:


				<?php
					if($_POST){
				?>
				<input type="hidden" name="time" value="<?php echo time(); ?>" />
				<?php	
					}
				?>

N.B: The hidden time is created when the page loads, so is not ideal (could be extended to be JavaScript time of form post. This will stop someone hamering the submit button, though.

adh32 · August 17, 2010, 6:26pm

How would the PHP compare the two values, old and new, and how can it retrieve or retain the old value?

That’s probably the most confusing part for me right now.

adamcoppard · August 17, 2010, 6:19pm

You could, and this is different from what you are saying - but if the form has been submitted, in the HTML, I’m assuming further down from the form, add a hidden form value, with a timestamp. Then, if this is present when the form is next submitted within a reasonable time from the current time, inform the user that they are close to each other - that’s how I would approach the problem just given - others may have different solutions.

adamcoppard · August 18, 2010, 10:23am

We can only check for the time on the second, third etc. Post of the form. On the first post they can take as long as they like - I’m not saying it’s ideal - it stops people repatedly submitting a form, like you said in the first post of the thread.