dcsimg
www.webdeveloper.com
Results 1 to 7 of 7

Thread: Securing forms

  1. #1
    Join Date
    May 2003
    Posts
    55

    Question Securing forms

    I'm wanting to know if its possible to stop people clicking "back" and re-submitting a form which is uded to update an account after payment. It's easy to just click back and hit refresh which would credit the users account again for free! Not many people will think of this but it's possible and could end up costing me a fortune!

  2. #2
    Join Date
    Dec 2002
    Location
    WI, United States
    Posts
    1,372
    You could either log the IP or set a cookie. Either way would work, so it is up to you.

  3. #3
    Join Date
    May 2003
    Posts
    55
    OOO cookies, thats a good idea!

  4. #4
    Join Date
    Nov 2002
    Location
    Dartmoor [Holiday]
    Posts
    2,382
    Unless the user rejects the cookie, which is quite possible - in Mozilla, it takes 2 clicks to block cookies from a site.

    Adam

  5. #5
    Join Date
    May 2003
    Posts
    55
    good point, any other ideas?

  6. #6
    Join Date
    Nov 2002
    Location
    Dartmoor [Holiday]
    Posts
    2,382
    You could perhaps give them a code after paying (perhaps a MD5 hash of a random number) which is stored in a database table/file of allowed codes until they use it once, then it is deleted. You could pass the code in a hidden form field.

    Adam

  7. #7
    Join Date
    May 2003
    Posts
    55
    at the moment they get a code which is posted from a 3rd party, verified and then redirected back to my account update page. I could log the code in a file and check it every time a code is entered but that would involve a ton more coding and as I can only use flat files after a while the script would just time out! Cookies are working for now, my users can just get over it :P

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
HTML5 Development Center



Recent Articles