Anonymous Monk has asked for the wisdom of the Perl Monks concerning the following question:

Hi.

Is there a way to block a user from pressing the submit button more times after he's already pressed it once?

Thanks,
Ralph :)

Replies are listed 'Best First'.
Re: security in forms
by jepri (Parson) on Nov 04, 2000 at 16:04 UTC
    If you wanted to do it clientside, you could write some kind of javascript, like onClick=disable(this), or whatever the correct js is. There should be a way of switching off the button.

    You could put a (random) hidden varible into the form and keep track of which 'numbers' have just submitted data in a local file. Clear the number after you've finished processing their form and sent the response, or at midnight, whatever takes your fancy. Or if you're pushing data into a database you could do a query to see if you're submitting duplicate information.

    Or, at the risk of getting shotdown by the perl fanatics here (i.e. almost everybody) use the persistent (or session? what are they called?) variable features of php4.

    I know there are a few other ways but I haven't had to tackle this problem directly before..

    ____________________
    Jeremy

[reply]
      Apache::Session will do the equivalent of the PHP4 wizardry for you in mod_perl.

      Another approach would be to do something like an md5sum of $query->query_string . $query->remote_host, and save it in some persistent DB for 'an appropriate time' (possibly until your CGI has completed successfully and displayed the results page...)

[reply]
Re: security in forms
by cianoz (Friar) on Nov 04, 2000 at 16:19 UTC
    if you use mod_perl you could write a register_cleanup handler where you can commit or rollback user input.
    register cleanup phase get called even if the user press the stop button during the upload of the form data.
[reply]

Back to Seekers of Perl Wisdom