Disable multiple clicking on a link

[proxximo]

Hey Guys,

 

I am creating a php text based game and during testing I have found a HUGE exploitable problem. During purchasing or selling items by clicking on a link (which then uses a MySQL query to updated the database), if you click the link multiple times before the next page loads you can sell one item multiple time, thus making quite a bit of in game currency really quickly.

 

I have found a quick patch using javascript but it is not a solution I really want to stick with seeing as it uses an alert box...

var clicked = false;
function processClick() {
   if (clicked) return;
   clicked = true;
   alert("Your item has been sold");
}

Basically I call the above function which stops them from clicking multiple times by popping an alert box.

 

My question is... is there a better way to disable multiple clicks in this way, as I generally only like to use alert boxes for debugging and really slows down he pace of the game. Not to mention it looks terrible.

 

Any help would be great. All of my google searches have left me with no clear alternative.

 

Thanks!

Proxximo

[_EmilsM]

<a href='http://forums.phpfreaks.com' id='sellinglink' onClick='document.getElementById("sellinglink").disabled=true;'>Link Name</a>

Edited July 9, 2013 by _EmilsM

[proxximo]

This solution still allows the issue to persist. I tried in this form as well as creating a function and calling it onClick. Its driving me absolutely nuts! But thank you very much for a quick response _EmilsM!

[_EmilsM]

well cant you make a check in the database or file like sold = 1 or something, so when they try to do it again it just does nothing?

[codefossa]

If you're doing a game, you may find other uses for $.data() as well.

jsFiddle: http://jsfiddle.net/Re7jQ/

 

Javascript / jQuery

$(document).ready(function()
{
    $("selectLink").click(function(e)
    {
        e.preventDefault();
        
        if ($(this).data('disabled'))
            return false;
        
        $(this).data('disabled', true);
        window.open($(this).attr("href"), "_blank");
    });
});

Edit: I didn't realize this is your safety to selling items.  While it will stop the average user, Javascript is not going to prevent people from exploiting it.  You need to check server-side to assure they are not selling an item they don't have.

Edited July 10, 2013 by Xaotique

[proxximo]

Thanks a ton. Setting a database variable to sold fixed it. Appreciated!

[kicken]

A somewhat more generic solution to disabling links after a single click would be:

http://jsfiddle.net/Xeghq/

$(document).on('click', '.one-click', function(e){
    if ($(this).data('clicked')){
        e.preventDefault();
    }
    else {
        $(this).addClass('clicked').data('clicked', true);
    }
});

That would cause any element with class="one-click" to only allow a single click. Once clicked all further clicks would be disabled, and the element would get class="clicked" added to it which you could use to change the visual style if desired. Note that this would work for things such as form submits also.

 

As has been mentioned however, a JS solution like this will only stop someone who is lazy/unskilled. Server-side validations are required to fully prevent such a thing.