Solved

stop user from going back

Posted on 2002-04-04
7
199 Views
Last Modified: 2006-11-17
Hi,

I have a form where the user enters his info (file1.php)
When the user hits submits he is sent to (file2.php) where it displays all his info he then has to hit submit again to confirm.  He is then sent to (file3.php) where all his info is submitted to the database and displays a thank you messages.  

My question what is the best way to stop the user (when he is at file3.php) to hit the back button and hit submit again?  I would like it if he was to hit the back button he would get an error message and a link to the main page.

Thanks


0
Comment
Question by:onestar
7 Comments
 
LVL 3

Expert Comment

by:winningl
ID: 6918578

Sorry, that's impossible. But there are some ways to make it harder.

1. Try to use session variables, if they hit the back button, the session expired.

2. for the page after a submit, change the history to history.go(1) onload


winningl
0
 
LVL 32

Expert Comment

by:Batalf
ID: 6919402
I have worked with a similar problem when I was developing a quiz for a company. My solution was :

1) Create a sesson-cookie, either with php-sessions or with a self-made cookie, example:

setcookie("sessionID","2002-04-03 00:04:00hjkahsdfueredf34");

The value of the cookie has to be unique, that's the main issue here.

Then, you use a db-table to store what pages the user has finished,

example

table: sessionPages
ID int
sessionID varchar(128),
page char(1);

then after each submit you store an entry in this table, for instance:

insert into sessionPages(sessionID,page)values('$sessionID','1')

for the first page.

THen:
At the top of file1.php, you check if the user with this specific cookie has been on file1.php before:

"select ID from sessionPages where page='1' and sessionID='$sessionID'"

If you're able to retreve data from this query, then forward the user to "file2.php"

header("location:file2.php");

Then you have the same at file2.php, but there you forward the user to file3.php if he has been on file2.php before.

That's a solution which works great for me.

I hope this could help you.

Regards
Batalf
0
 
LVL 4

Expert Comment

by:lokeshv
ID: 6920122
a good one .....

Lk
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 
LVL 5

Accepted Solution

by:
dkjariwala earned 50 total points
ID: 6920185
I have done thing similar to batalf but different way.

What I did is every form I generate would have a unique number identifying that form.

So it would be like


<form name="blah" action="myscript.php">

<input type="hidden" name="formid" value="21342342342323423423">

//other details go here.


</form>

Now the value formid would be stored in DB.
When someone submits the form, I check the formid. Then following steps are taken.

1. It must be non empty otherwise I do not accept form. [This is needed cause ppl can trick those forms with hidden fields very easily.]

2. If it is having some number, I check against my db, and see If this form is submitted earlier. If yes, then I don't allow to submit it. Otherwise I submit it and set field in db saying form id = #### is submitted.

So table would be like

//table forms
formid, is_submitted

If you make formid, which incorporates date somehow then you can clean up the table on day to day basis.


JD
0
 
LVL 1

Author Comment

by:onestar
ID: 6920678
Thanks for the ideas I will try them out and let you guys know how I make out....

Onestar
0
 
LVL 1

Expert Comment

by:Steves2001
ID: 6921465
Try this at the top of your form pages it should at least make them think
<?
header ("Expires: Mon, 26 Jul 1997 05:00:00 GMT");    // Date in the past
header ("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");           // always modified
header ("Cache-Control: no-cache, must-revalidate");  // HTTP/1.1
header ("Pragma: no-cache");                          // HTTP/1.0
?>
0
 
LVL 1

Expert Comment

by:Steves2001
ID: 6922114
Sorry forgot to add before any other output to the browser (above the <HTML> tag
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
mysqli 3 22
How to keep line breaks when outputting data from database 4 14
PHP: Insert Data into MySQL 5 13
Checking CSRF token within a function 36 7
Both Easy and Powerful How easy is PHP? http://lmgtfy.com?q=how+easy+is+php (http://lmgtfy.com?q=how+easy+is+php)  Very easy.  It has been described as "a programming language even my grandmother can use." How powerful is PHP?  http://en.wikiped…
Build an array called $myWeek which will hold the array elements Today, Yesterday and then builds up the rest of the week by the name of the day going back 1 week.   (CODE) (CODE) Then you just need to pass your date to the function. If i…
The viewer will learn how to dynamically set the form action using jQuery.
The viewer will learn how to count occurrences of each item in an array.

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now