Ashley M. Kirchner wrote: > This is probably something that comes up every so often and it's > generally related to PHP scripts, however I have a different setup and > am now trying to figure out what to do. On our company site, we have a > section that clients use to upload files to us through a Java applet. > The way I have it setup is basically through 3 separate pages: > login.php, upload.php, and thankyou.php. And people go through those > pages in sequence. After uploading a file (through upload.php where the > applet resides) they get redirected to thankyou.php. However, by > hitting the back button, they can easily go back to the upload one, but > I need to prevent that from happening. Since you can't stop them from going there, stop them from uploading again. You can store an http://php.net/uniqid or http://php.net/md5 as a "token" in their <form> (or Java data) and when they do an upload, compare their "token" to the "tokens" already used up -- Putting them in your database or with the upload filenames or... If you detect that, tell them that the Java is broken, and show them the first page to start over, I guess. > Can I rely on referrers on upload.php to see where a hit came from? Not really. > Or should I redirect to an interim page that simply redirects again to > the thankyou.php one (which won't stop someone from hitting back twice, > but it's just an extra thing.) What (other) ways have people found that > works? I wouldn't rely on re-direction, as sooner or later somebody will hit "Back" or use the popup in "Back" to get to the page you're trying to keep them away from. Bottom Line: You can't keep them from getting to that page, so don't try. Let them get to that page and then deal with the data they send you sensibly -- by providing yourself enough information to deal with that info. -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
