Jump to content

Sessions and preventing resubmission of a form

jobsonandrew

By jobsonandrew
in PHP Coding Help

 Share

Recommended Posts

jobsonandrew Newbie

jobsonandrew

Posted
Posted

Hi,

Im new to PHP (and web development) and I'd like some help with my pet project

 

I have a web page with a form that has a couple of text boxes. I have Apache 2, MySQL and PHP 5 installed and would like to know:

 

What is the best way to identify a user, and prevent that user from submitting the form more than once in 30 mins?

Im guessing this will have to be done serverside (so people cant get around it by deleting cookies/changing browsers).. Is this a sessions problem? if so how? I'm having serious trouble understanding sessions..

 

Ultimatley id like to store and retrieve things from mySQL

 

Thanks

genericnumber1 Member

genericnumber1

Posted
Posted

It would more be a mysql problem, you could identify the person by ip and place it along with the submission time in a table. You can check the table to see if the person has submitted it in the last 30 minutes. Identifying the person by ip isn't completely effective since ips can change... as the poster above said, a login system is a little bit more reliable, but people can always make 2 accounts.

.josh Advanced Member

.josh

Posted
Posted

It would more be a mysql problem, you could identify the person by ip and place it along with the submission time in a table. You can check the table to see if the person has submitted it in the last 30 minutes.

 

tracking it by ip is not effective, as ip's can be easily spoofed or changed.

genericnumber1 Member

genericnumber1

Posted
Posted

It would more be a mysql problem, you could identify the person by ip and place it along with the submission time in a table. You can check the table to see if the person has submitted it in the last 30 minutes.

 

tracking it by ip is not effective, as ip's can be easily spoofed or changed.

 

I just editted that in :)

jobsonandrew Newbie

jobsonandrew

Posted
  • Author
Posted

yeah IPs were what i thought originally, but a lot of people are also behind proxies etc..

 

I dont really want something as complicated as a login system.. the page is just for people to leave their name and a comment, like a guestbook or something.. maybe im asking for trouble by having something so simple

 

Thanks

genericnumber1 Member

genericnumber1

Posted
Posted

There's really no way to find out who someone is as ips can be changed, more user accounts can be created, and cookies can be deleted. The best you can do is take all precautions and try to keep in mind that people who really want to, and know how to, will probably be able to exploit it.

.josh Advanced Member

.josh

Posted
Posted

In the real world it really depends on how important it really is for you to make sure people don't do that.  You could make your script track IP and cookie at the same time and that will probably take care of most people not really intending to circumvent it.  But if someone does intend to circumvent it, then again, depends on how important it really is to you to keep it from happening.  If it's really that important then yes, you're going to have to force a login. 

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.