Solved

stop user from going back

Posted on 2002-04-04
7
202 Views
Last Modified: 2006-11-17
Hi,

I have a form where the user enters his info (file1.php)
When the user hits submits he is sent to (file2.php) where it displays all his info he then has to hit submit again to confirm.  He is then sent to (file3.php) where all his info is submitted to the database and displays a thank you messages.  

My question what is the best way to stop the user (when he is at file3.php) to hit the back button and hit submit again?  I would like it if he was to hit the back button he would get an error message and a link to the main page.

Thanks


0
Comment
Question by:onestar
7 Comments
 
LVL 3

Expert Comment

by:winningl
ID: 6918578

Sorry, that's impossible. But there are some ways to make it harder.

1. Try to use session variables, if they hit the back button, the session expired.

2. for the page after a submit, change the history to history.go(1) onload


winningl
0
 
LVL 32

Expert Comment

by:Batalf
ID: 6919402
I have worked with a similar problem when I was developing a quiz for a company. My solution was :

1) Create a sesson-cookie, either with php-sessions or with a self-made cookie, example:

setcookie("sessionID","2002-04-03 00:04:00hjkahsdfueredf34");

The value of the cookie has to be unique, that's the main issue here.

Then, you use a db-table to store what pages the user has finished,

example

table: sessionPages
ID int
sessionID varchar(128),
page char(1);

then after each submit you store an entry in this table, for instance:

insert into sessionPages(sessionID,page)values('$sessionID','1')

for the first page.

THen:
At the top of file1.php, you check if the user with this specific cookie has been on file1.php before:

"select ID from sessionPages where page='1' and sessionID='$sessionID'"

If you're able to retreve data from this query, then forward the user to "file2.php"

header("location:file2.php");

Then you have the same at file2.php, but there you forward the user to file3.php if he has been on file2.php before.

That's a solution which works great for me.

I hope this could help you.

Regards
Batalf
0
 
LVL 4

Expert Comment

by:lokeshv
ID: 6920122
a good one .....

Lk
0
Active Directory Webinar

We all know we need to protect and secure our privileges, but where to start? Join Experts Exchange and ManageEngine on Tuesday, April 11, 2017 10:00 AM PDT to learn how to track and secure privileged users in Active Directory.

 
LVL 5

Accepted Solution

by:
dkjariwala earned 50 total points
ID: 6920185
I have done thing similar to batalf but different way.

What I did is every form I generate would have a unique number identifying that form.

So it would be like


<form name="blah" action="myscript.php">

<input type="hidden" name="formid" value="21342342342323423423">

//other details go here.


</form>

Now the value formid would be stored in DB.
When someone submits the form, I check the formid. Then following steps are taken.

1. It must be non empty otherwise I do not accept form. [This is needed cause ppl can trick those forms with hidden fields very easily.]

2. If it is having some number, I check against my db, and see If this form is submitted earlier. If yes, then I don't allow to submit it. Otherwise I submit it and set field in db saying form id = #### is submitted.

So table would be like

//table forms
formid, is_submitted

If you make formid, which incorporates date somehow then you can clean up the table on day to day basis.


JD
0
 
LVL 1

Author Comment

by:onestar
ID: 6920678
Thanks for the ideas I will try them out and let you guys know how I make out....

Onestar
0
 
LVL 1

Expert Comment

by:Steves2001
ID: 6921465
Try this at the top of your form pages it should at least make them think
<?
header ("Expires: Mon, 26 Jul 1997 05:00:00 GMT");    // Date in the past
header ("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");           // always modified
header ("Cache-Control: no-cache, must-revalidate");  // HTTP/1.1
header ("Pragma: no-cache");                          // HTTP/1.0
?>
0
 
LVL 1

Expert Comment

by:Steves2001
ID: 6922114
Sorry forgot to add before any other output to the browser (above the <HTML> tag
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction HTML checkboxes provide the perfect way for a web developer to receive client input when the client's options might be none, one or many.  But the PHP code for processing the checkboxes can be confusing at first.  What if a checkbox is…
Nothing in an HTTP request can be trusted, including HTTP headers and form data.  A form token is a tool that can be used to guard against request forgeries (CSRF).  This article shows an improved approach to form tokens, making it more difficult to…
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question