Jump to content

How to stop a user from hitting back button and it not reloading

SEVIZ

By SEVIZ
in PHP Coding Help

 Share

Recommended Posts

SEVIZ Member

SEVIZ

Posted
Posted

Here is my problem.  Hopefully you all can help me figure out a solution.

I have a php page that a user logins to and it pulls from a database a number.  This number is an amount of money to spend.  Once the user fills out the form on the page it then on submit does an UPDATE query and changes the amount to minus what they just spent.  The problem I am having is that on the next page the person is hitting the Back button and the previous page shows with the original amount and allows them to submit again.

 

How can I make that page not be able to be seen from the back button?  Does this make sense?  Is there a way in php that if page referrer = x.php display: no no?

 

Thanks for any help.

DavidAM Member

DavidAM

Posted
Posted

There is a referrer -- $_SERVER['HTTP_REFERER'] -- but you can NOT rely on it.  The browser sends it, so it can be spoofed.

 

What you need to do is make sure the page is not cached, see header().  I'm not real sure of the best way to do it.  But, if the page has expired, then the browser has to request it from the server again.  Since you extract the money from the database, the user should now get the NEW (updated) value of what is available to spend.

 

If you are putting the amount they have available in the form (maybe as a hidden field) and using that to determine if they have enough to cover their request, DON'T!!!!!  It is very easy to modify a form and send any value I want.  When the form is submitted, you MUST check against the database again (or a session variable) NOT the form.

 

Hopefully, someone will chime in here with the correct headers to force a page to not be cached. 

 

EDIT:  Or you can search the forums for expire and cache; I'm sure there have been one or two topics on that.

SEVIZ Member

SEVIZ

Posted
  • Author
Posted

Thanks.

 

No the amount is pulled from the database on load.  And then edited when the page is submitted.  The issue is the amount to spend is pulled into the page in a form field.  So when they hit back button nothing is executing and its just showing the page as how it was before they left with the form field already showing the number.

 

If I use http refer can I use it so that the page only displays in full if refer = x.php.  And if its anything else it shows a message?

 

Would it work like this:

<?php

$referer = $_SERVER['HTTP_REFERER'];

if ($referer == 'http://55.55.55.55/uniform/index.php')
{
header('Location: http://55.55.55.55/uniform/order.php');
}

else
{
header('Location: http://55.55.55.55/uniform/nono.php');
}

?>

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.