Jump to content

Stopping refresh

Sideclef

By Sideclef
in PHP Coding Help

 Share

Recommended Posts

Sideclef Newbie

Sideclef

Posted
Posted

I went to a site (game) and I tried using auto refresh(or refresh every in Firefox). I push the button and set the auto refresh I came back and it says invalid submit. So I was wondering how exactly would you code something like that?It seem's it would be a much more convenient way than image verification to stop someone auto scripting your site.With out inconveniceing them with letters and number to enter in a form. If some one could give me an example or even a function type name I would apreciate it.

Thanks.

Link to comment
https://forums.phpfreaks.com/topic/127580-stopping-refresh/
Share on other sites
Sideclef Newbie

Sideclef

Posted
  • Author
Posted

Verification failed, please try again.

When java is off I am thinking its php that's why I placed it here. I would really like to know how to implement this on my own site.

This code makes you have to hit the button to process the form again.

I did veiw the source code and this is what comes up I am not sure if it has something to do with the hidden form value or what. 

<input type="hidden" name="traincode" value="G6qD">
<input type="submit" class="button" name="trainme" value="Train this Weapon">

 

 

 

Link to comment
https://forums.phpfreaks.com/topic/127580-stopping-refresh/#findComment-660127
Share on other sites
discomatt Member

discomatt

Posted
Posted

It's probably storing the random value in a session - when you refresh, you're reposting the OLD 'traincode' value, when it expects the new one.

 

This can still easily be bypassed by creating an AutoIt script that hits the submit button every x seconds ;)

Link to comment
https://forums.phpfreaks.com/topic/127580-stopping-refresh/#findComment-660175
Share on other sites
Sideclef Newbie

Sideclef

Posted
  • Author
Posted

That is actually very good to know hun but  I really want to know how to implement it like it is but on my site. I am sure that's probably not common gamer knowledge and would discourage most auto scripters. Could you explain how you would implement random  session value stored in something like that?

Link to comment
https://forums.phpfreaks.com/topic/127580-stopping-refresh/#findComment-660183
Share on other sites
discomatt Member

discomatt

Posted
Posted

Here's a basic rundown...

 

 

<?php

session_start();

if( isset($_SESSION['noRefresh']) && $_POST['noRefresh'] !== $_SESSION['noRefresh'] )
echo 'Refresh attempt detected<br />';
else
echo 'No refresh/first visit<br />';

$_SESSION['noRefresh'] = substr( md5(uniqid(mt_rand(),true)), 0, 5 );

echo <<<OUTPUT
<form action="" method="post">

<input type="hidden" name="noRefresh" value="{$_SESSION['noRefresh']}" />
<input type="submit" name="Submit the Query" />

</form>
OUTPUT;

?>

Link to comment
https://forums.phpfreaks.com/topic/127580-stopping-refresh/#findComment-660194
Share on other sites
R0bb0b Newbie

R0bb0b

Posted
Posted

If that's what you are looking for I would assign $_SERVER['PHP_SELF'] to $_SESSION['noRefresh'] to that if someone tries to refresh a page you just check $_SERVER['PHP_SELF'] against $_SESSION['noRefresh'] and if they match, that would be your invalid refresh.  and just reassign $_SERVER['PHP_SELF'] to $_SESSION['noRefresh'] on the top of every page.

Link to comment
https://forums.phpfreaks.com/topic/127580-stopping-refresh/#findComment-660257
Share on other sites
discomatt Member

discomatt

Posted
Posted

If that's what you are looking for I would assign $_SERVER['PHP_SELF'] to $_SESSION['noRefresh'] to that if someone tries to refresh a page you just check $_SERVER['PHP_SELF'] against $_SESSION['noRefresh'] and if they match, that would be your invalid refresh.  and just reassign $_SERVER['PHP_SELF'] to $_SESSION['noRefresh'] on the top of every page.

 

Say what? The idea is the page POSTs to itself. You want to view the same page every time, but you want to prevent refresh. You want to force the user to repost new information every time.

 

Check out my example, and you'll see why your method won't work. You're always resubmitting to the same page.

Link to comment
https://forums.phpfreaks.com/topic/127580-stopping-refresh/#findComment-660949
Share on other sites
R0bb0b Newbie

R0bb0b

Posted
Posted

If that's what you are looking for I would assign $_SERVER['PHP_SELF'] to $_SESSION['noRefresh'] to that if someone tries to refresh a page you just check $_SERVER['PHP_SELF'] against $_SESSION['noRefresh'] and if they match, that would be your invalid refresh.  and just reassign $_SERVER['PHP_SELF'] to $_SESSION['noRefresh'] on the top of every page.

 

Say what? The idea is the page POSTs to itself. You want to view the same page every time, but you want to prevent refresh. You want to force the user to repost new information every time.

 

Check out my example, and you'll see why your method won't work. You're always resubmitting to the same page.

 

Guess I didn't think about that, I usually use a separate file to process form posts and then redirect back.  That way the user doesn't have to deal with that resubmit info popup any time they do want to refresh.

Link to comment
https://forums.phpfreaks.com/topic/127580-stopping-refresh/#findComment-661000
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.