Jump to content

Stopping refresh


Sideclef

Recommended Posts

I went to a site (game) and I tried using auto refresh(or refresh every in Firefox). I push the button and set the auto refresh I came back and it says invalid submit. So I was wondering how exactly would you code something like that?It seem's it would be a much more convenient way than image verification to stop someone auto scripting your site.With out inconveniceing them with letters and number to enter in a form. If some one could give me an example or even a function type name I would apreciate it.

Thanks.

Link to comment
Share on other sites

Verification failed, please try again.

When java is off I am thinking its php that's why I placed it here. I would really like to know how to implement this on my own site.

This code makes you have to hit the button to process the form again.

I did veiw the source code and this is what comes up I am not sure if it has something to do with the hidden form value or what.

<input type="hidden" name="traincode" value="G6qD">
<input type="submit" class="button" name="trainme" value="Train this Weapon">

 

 

 

Link to comment
Share on other sites

It's probably storing the random value in a session - when you refresh, you're reposting the OLD 'traincode' value, when it expects the new one.

 

This can still easily be bypassed by creating an AutoIt script that hits the submit button every x seconds ;)

Link to comment
Share on other sites

That is actually very good to know hun but  I really want to know how to implement it like it is but on my site. I am sure that's probably not common gamer knowledge and would discourage most auto scripters. Could you explain how you would implement random  session value stored in something like that?

Link to comment
Share on other sites

Here's a basic rundown...

 

 

<?php

session_start();

if( isset($_SESSION['noRefresh']) && $_POST['noRefresh'] !== $_SESSION['noRefresh'] )
echo 'Refresh attempt detected<br />';
else
echo 'No refresh/first visit<br />';

$_SESSION['noRefresh'] = substr( md5(uniqid(mt_rand(),true)), 0, 5 );

echo <<<OUTPUT
<form action="" method="post">

<input type="hidden" name="noRefresh" value="{$_SESSION['noRefresh']}" />
<input type="submit" name="Submit the Query" />

</form>
OUTPUT;

?>

Link to comment
Share on other sites

If that's what you are looking for I would assign $_SERVER['PHP_SELF'] to $_SESSION['noRefresh'] to that if someone tries to refresh a page you just check $_SERVER['PHP_SELF'] against $_SESSION['noRefresh'] and if they match, that would be your invalid refresh.  and just reassign $_SERVER['PHP_SELF'] to $_SESSION['noRefresh'] on the top of every page.

Link to comment
Share on other sites

If that's what you are looking for I would assign $_SERVER['PHP_SELF'] to $_SESSION['noRefresh'] to that if someone tries to refresh a page you just check $_SERVER['PHP_SELF'] against $_SESSION['noRefresh'] and if they match, that would be your invalid refresh.  and just reassign $_SERVER['PHP_SELF'] to $_SESSION['noRefresh'] on the top of every page.

 

Say what? The idea is the page POSTs to itself. You want to view the same page every time, but you want to prevent refresh. You want to force the user to repost new information every time.

 

Check out my example, and you'll see why your method won't work. You're always resubmitting to the same page.

Link to comment
Share on other sites

If that's what you are looking for I would assign $_SERVER['PHP_SELF'] to $_SESSION['noRefresh'] to that if someone tries to refresh a page you just check $_SERVER['PHP_SELF'] against $_SESSION['noRefresh'] and if they match, that would be your invalid refresh.  and just reassign $_SERVER['PHP_SELF'] to $_SESSION['noRefresh'] on the top of every page.

 

Say what? The idea is the page POSTs to itself. You want to view the same page every time, but you want to prevent refresh. You want to force the user to repost new information every time.

 

Check out my example, and you'll see why your method won't work. You're always resubmitting to the same page.

 

Guess I didn't think about that, I usually use a separate file to process form posts and then redirect back.  That way the user doesn't have to deal with that resubmit info popup any time they do want to refresh.

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.