is it possible to disable a user from viewing a page after they submit a form

[cluce]

I have a forgot password form that allows a user to submit their email then a link to a page to reset their password is sent to that email. On this page I have them submit their email and enter in a new password which works fine. But is there any way I could disable this page so the user cant get access to change their password again unless they submit another request to change their password. In other words, I want them to use that link only once and thats it. 

 

If so can someone give me some ideas on how to do this? 

[taith]

you'd need to put a password request table into the database, prolly with the columns of id, key(put a random key there), email... then on submit, it grabs that key, takes the email address, updates the profile for that email address, then removes that entery... somin to that effect

[chigley]

<?php

if(isset($_POST["submit"])) {
// Process emails and other stuff
} else {
// Output your form
}

?>

 

Is that what you mean? The form will not be displayed if it has been submitted.

[cluce]

that may work? if that will disable the form after they submit it. As long as they cant change the password a second time that will work.

[chigley]

Well they can if they reload the page. Do you want it so that they can only ever change their password once? In that case, have a value in the database stating if they've already changed or not.

[cluce]

yes. I think this will work.  I can have a "key" colunm that is set to 1 when they submit there email requesting a password change.  and that key will grant them access to change their password.  And when there password is changed that key value is set to 0 until the next time they decide to chang their password again. 

[marcus]

If you want to just disable the form just add some javascript.

 

<form name=name action=file.php method=post onSubmit="document.name.submit.disabled=true">
<input type=submit name=submit value="Send Password">
</form>

 

If you want to use pure php for this, just set a session and, if you want to limit the amount of time between for them to resend/change their password.

 

Say you set the session as $_SESSION[pw_time], and the value was time()

 

Just do this:

 

if($_SESSION[pw_time]){
     $diff = time()-$_SESSION[pw_time];

     if($diff < 7200){ //2 hours
     //no form
     }else {
    //form
     }
}else {
//form
}

[AV1611]

When I want to do something like that I usually set a session variable on the sending page and then check if the session is set when the next page loads, then unset the variable when the page loads so they can't refresh...

[AV1611]

Avoid Javascript whenever possible, or paranoid folks like me can't use your site because js is disabled

[marcus]

When I want to do something like that I usually set a session variable on the sending page and then check if the session is set when the next page loads, then unset the variable when the page loads so they can't refresh...

 

They could just close the browser, you could also just set a cookie with an expiration of 2 hours, or a database time field.

 

Avoid Javascript whenever possible, or paranoid folks like me can't use your site because js is disabled

 

Just giving it an example, if you're just disabling the submit button, oh well, you could still use the site.

[AV1611]

Not being critical about using JS just pointing it out