Form help - stop user pressing back and changing submitted values

[master82]

Is there a bit of PHP code that can be used to prevent a user from pressing the back button or something of that nature.

What I have is a form with a question on, when its submitted it will place the answer onto my SQL database and go to the next question - however if the user presses back they can change what they originally put, which will update the answer in the database if submitted again - i dont want this to happen.

I have used a piece of code (top of each question page) that will redirect the user to the next unanswerd question by checking if the field in the database is blank, but this does not work if you hit the back button (It shows the form fully filled in - a few radio buttons)

Anyone help?

[wildteen88]

Theres no real way of stopping the user hitting the back button, but what you'll probably want to do is check whether the user has already inserted something into the database already. You'll probably want to the log users IP address when they complete each question, however this is not a bulletproof workaround, espcially uf the user has a dynamic ip address, which could change on every page reguest/couple of minutes etc.

[shocker-z]

another way would be to set a session up on data being inputted and then if user presses back and then submit again you check to see if variable is set and if so then put a message up saying so.. they can easily close browser and then it will work but it makes it a bit slower for them.

Could possibly seta  cookie also which in turn is searched for and sets a session also everytime they go onto the page?

Regards
Liam

[jcbarr]

You can also have the window that the form is in open in a new window and turn off the toolbar so that the back button is not visible.

That is an HTML fix, but it can help. Also like he said, when they answer the question check to see if there is an entry in the database already, if there is have it output an error and forward them on to the next question.

[wildteen88]

[quote author=jcbarr link=topic=102055.msg404493#msg404493 date=1153999846]
You can also have the window that the form is in open in a new window and turn off the toolbar so that the back button is not visible.

That is an HTML fix, but it can help. Also like he said, when they answer the question check to see if there is an entry in the database already, if there is have it output an error and forward them on to the next question.
[/quote]
This will not work, as the page can still go back by right clicking and selecting Back from the menu, or by simply hitting the backspace key.

[killerb]

Use sessions. I dug this out for you:

[code]
<?php


    function prevent_multi_submit($name) {
    $string = "";
    foreach ($_POST as $key => $val) {
            $string .= $val;
    };
    $i='0';// because if they submit once, then submit different values, the first submit is still retained. Clever eh!
    while(isset($_SESSION[$name.$i])){
        if ($_SESSION[$name.$i] === md5($string)) {
            return false;
        } else {
            $i++;
        };
};//end while

        $_SESSION[$name.$i] = md5($string);
        return true;
}
[/code]

Call it like this:

[code]<?php
  ####    MULTIPLE SUBMISSIONS  ####
  if(!prevent_multi_submit('mailForm')){ // 'mailForm' can be whatever you like
    $log.='You cannot submit the same form twice!<br />';
  }
[/code]

or if you run all your queries through a class or wrapper function, you can include this sort of condition before querying the DB:
[code]
<?php

    if(!prevent_multi_submit($_SESSION['userName'])){
      global $keyWords;
      require_once(lang('keyWords'));
  add_error($keyWords['1']);
  go_last_page();
  exit;
  };

?>
[/code]

After processing all your error checking, display the error message.

[code]
<?php
if($log!=''){
$content='<div class="error">'.$log.'</div>'.$content;
};
$pageBuilder->addContent($content);
echo $pageBuilder->assemble(get_error());
?>
[/code]

;)

[king arthur]

The book 'PHP Hacks' describes a way around this kind of problem.  You insert a unique id into the page being submitted and store it with the data. If the user hits the submit button twice, either by pressing it again while the first response is being processed or by hitting the back button, the same id will be sent twice, you detect this and discard the second submission.