|
|
Posted by Richard Lynch on 10/14/34 11:07
Ricky Morley wrote:
>> Richard Lynch <mailto:ceo@l-i-e.com>
>> on Thursday, February 03, 2005 11:26 AM said:
>>
>>> A simple thing to do is to put an md5 hash into the POST data, then
>>> only do the insert if that md5 hash isn't already "used" when they
>>> hit refresh.
>
> Thank you for your responses. One question: If I were to use the md5 hash
> method, what would be the best way to store used hashes? In a database? In
> a temporary file kinda thing? Thanks again.
In a database with a datetime field.
Clear out anything older than a day or whatever in a cron job.
For a super busy site, you'd want to clear them out more often.
Or, to simplify matters, if you already have sessions, then do this:
<?php
session_start();
//Check their FORM freshness, and only process fresh input, not re-loaded:
$fresh = $_POST['fresh'];
$used = isset($_SESSION['used']) ? $_SESSION['used'] : array();
if (isset($used[$fresh])){
echo "Ignoring re-posted data: $fresh<br />\n";
}
else{
echo "INSERT INTO whatever (duplicate) VALUES ('$_POST[duplicate]')";
$used[$fresh] = TRUE;
$_SESSION['used'] = $used;
}
?>
<form action="<?php echo $_SERVER['PHP_SELF']?>" method="post">
<input type="hidden" name="fresh" value="[<?php echo md5(uniqid())?>]">
<input name="duplicate"><br />
<input type="submit" value="Duplicate?">
</form>
Make sure any test for a session time-out occurs BEFORE this test for
'fresh' data -- so they can't wait for the session to time-out, and then
re-load, and get their duplicate "in" that way.
You could put most of the code to check for freshness in an include file,
and use it on a zillion forms.
Just put the INPUT HIDDEN with NAME='fresh' and an MD5 in every form and
be sure to: include 'freshness.inc'; before processing.
Or put it in a function you define in your globals.inc (or whatever gets
loaded every page).
It's simple and browser-independent, so it doesn't matter if they hit back
or not or re-load or their browser sends or doesn't send the signal needed
for ignore_user_abort to work or...
--
Like Music?
http://l-i-e.com/artists.htm
Navigation:
[Reply to this message]
|