Jump to content

is it possible to disable a user from viewing a page after they submit a form


cluce

Recommended Posts

I have a forgot password form that allows a user to submit their email then a link to a page to reset their password is sent to that email. On this page I have them submit their email and enter in a new password which works fine. But is there any way I could disable this page so the user cant get access to change their password again unless they submit another request to change their password. In other words, I want them to use that link only once and thats it. 

 

If so can someone give me some ideas on how to do this? 

Link to comment
Share on other sites

you'd need to put a password request table into the database, prolly with the columns of id, key(put a random key there), email... then on submit, it grabs that key, takes the email address, updates the profile for that email address, then removes that entery... ::) somin to that effect :D

Link to comment
Share on other sites

yes. I think this will work.  I can have a "key" colunm that is set to 1 when they submit there email requesting a password change.  and that key will grant them access to change their password.  And when there password is changed that key value is set to 0 until the next time they decide to chang their password again. 

Link to comment
Share on other sites

If you want to just disable the form just add some javascript.

 

<form name=name action=file.php method=post onSubmit="document.name.submit.disabled=true">
<input type=submit name=submit value="Send Password">
</form>

 

If you want to use pure php for this, just set a session and, if you want to limit the amount of time between for them to resend/change their password.

 

Say you set the session as $_SESSION[pw_time], and the value was time()

 

Just do this:

 

if($_SESSION[pw_time]){
     $diff = time()-$_SESSION[pw_time];

     if($diff < 7200){ //2 hours
     //no form
     }else {
    //form
     }
}else {
//form
}

Link to comment
Share on other sites

When I want to do something like that I usually set a session variable on the sending page and then check if the session is set when the next page loads, then unset the variable when the page loads so they can't refresh...

Link to comment
Share on other sites

When I want to do something like that I usually set a session variable on the sending page and then check if the session is set when the next page loads, then unset the variable when the page loads so they can't refresh...

 

They could just close the browser, you could also just set a cookie with an expiration of 2 hours, or a database time field.

 

Avoid Javascript whenever possible, or paranoid folks like me can't use your site because js is disabled :P

 

Just giving it an example, if you're just disabling the submit button, oh well, you could still use the site.

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.