Sideclef Posted October 8, 2008 Share Posted October 8, 2008 I went to a site (game) and I tried using auto refresh(or refresh every in Firefox). I push the button and set the auto refresh I came back and it says invalid submit. So I was wondering how exactly would you code something like that?It seem's it would be a much more convenient way than image verification to stop someone auto scripting your site.With out inconveniceing them with letters and number to enter in a form. If some one could give me an example or even a function type name I would apreciate it. Thanks. Quote Link to comment Share on other sites More sharing options...
Sideclef Posted October 8, 2008 Author Share Posted October 8, 2008 Sorry I didn't really clarify what it did it was like some kind of on click you had to actually push the submit button to move on. Quote Link to comment Share on other sites More sharing options...
R0bb0b Posted October 8, 2008 Share Posted October 8, 2008 Turn off javascript and then try it again. See if you get the same result. Quote Link to comment Share on other sites More sharing options...
Sideclef Posted October 8, 2008 Author Share Posted October 8, 2008 Verification failed, please try again. When java is off I am thinking its php that's why I placed it here. I would really like to know how to implement this on my own site. This code makes you have to hit the button to process the form again. I did veiw the source code and this is what comes up I am not sure if it has something to do with the hidden form value or what. <input type="hidden" name="traincode" value="G6qD"> <input type="submit" class="button" name="trainme" value="Train this Weapon"> Quote Link to comment Share on other sites More sharing options...
discomatt Posted October 8, 2008 Share Posted October 8, 2008 It's probably storing the random value in a session - when you refresh, you're reposting the OLD 'traincode' value, when it expects the new one. This can still easily be bypassed by creating an AutoIt script that hits the submit button every x seconds Quote Link to comment Share on other sites More sharing options...
Sideclef Posted October 8, 2008 Author Share Posted October 8, 2008 That is actually very good to know hun but I really want to know how to implement it like it is but on my site. I am sure that's probably not common gamer knowledge and would discourage most auto scripters. Could you explain how you would implement random session value stored in something like that? Quote Link to comment Share on other sites More sharing options...
discomatt Posted October 8, 2008 Share Posted October 8, 2008 Here's a basic rundown... <?php session_start(); if( isset($_SESSION['noRefresh']) && $_POST['noRefresh'] !== $_SESSION['noRefresh'] ) echo 'Refresh attempt detected<br />'; else echo 'No refresh/first visit<br />'; $_SESSION['noRefresh'] = substr( md5(uniqid(mt_rand(),true)), 0, 5 ); echo <<<OUTPUT <form action="" method="post"> <input type="hidden" name="noRefresh" value="{$_SESSION['noRefresh']}" /> <input type="submit" name="Submit the Query" /> </form> OUTPUT; ?> Quote Link to comment Share on other sites More sharing options...
R0bb0b Posted October 8, 2008 Share Posted October 8, 2008 If that's what you are looking for I would assign $_SERVER['PHP_SELF'] to $_SESSION['noRefresh'] to that if someone tries to refresh a page you just check $_SERVER['PHP_SELF'] against $_SESSION['noRefresh'] and if they match, that would be your invalid refresh. and just reassign $_SERVER['PHP_SELF'] to $_SESSION['noRefresh'] on the top of every page. Quote Link to comment Share on other sites More sharing options...
Sideclef Posted October 8, 2008 Author Share Posted October 8, 2008 I appreciate the time you took to help me out. Thank you both so much. Quote Link to comment Share on other sites More sharing options...
discomatt Posted October 9, 2008 Share Posted October 9, 2008 If that's what you are looking for I would assign $_SERVER['PHP_SELF'] to $_SESSION['noRefresh'] to that if someone tries to refresh a page you just check $_SERVER['PHP_SELF'] against $_SESSION['noRefresh'] and if they match, that would be your invalid refresh. and just reassign $_SERVER['PHP_SELF'] to $_SESSION['noRefresh'] on the top of every page. Say what? The idea is the page POSTs to itself. You want to view the same page every time, but you want to prevent refresh. You want to force the user to repost new information every time. Check out my example, and you'll see why your method won't work. You're always resubmitting to the same page. Quote Link to comment Share on other sites More sharing options...
R0bb0b Posted October 9, 2008 Share Posted October 9, 2008 If that's what you are looking for I would assign $_SERVER['PHP_SELF'] to $_SESSION['noRefresh'] to that if someone tries to refresh a page you just check $_SERVER['PHP_SELF'] against $_SESSION['noRefresh'] and if they match, that would be your invalid refresh. and just reassign $_SERVER['PHP_SELF'] to $_SESSION['noRefresh'] on the top of every page. Say what? The idea is the page POSTs to itself. You want to view the same page every time, but you want to prevent refresh. You want to force the user to repost new information every time. Check out my example, and you'll see why your method won't work. You're always resubmitting to the same page. Guess I didn't think about that, I usually use a separate file to process form posts and then redirect back. That way the user doesn't have to deal with that resubmit info popup any time they do want to refresh. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.