----- Original Message ---- From: Eric Butera <eric.butera@xxxxxxxxx> To: Lamp Lists <lamp.lists@xxxxxxxxx> Cc: tedd <tedd.sperling@xxxxxxxxx>; php-general@xxxxxxxxxxxxx Sent: Thursday, March 20, 2008 11:00:19 AM Subject: Re: Double click problem On Thu, Mar 20, 2008 at 10:39 AM, Lamp Lists <lamp.lists@xxxxxxxxx> wrote: > the way I solved the "click back button" issue (simplified vresion): > > confirmation page (conf.php) -> transfer page (tp.php) -> thank you page (typ.php) > > #conf.php > # after the form is submitted and confirmed > header('location: tp.php?url=typ.php'); > exit; > > #tp.php > header('location:$_GET['url']); > exit; > > and, if visitor clicks on back button on thakyou page he will go actually to the transfer page - which will send him back to thankyou page > ;) > > -ll > > > > > > ----- Original Message ---- > From: tedd <tedd.sperling@xxxxxxxxx> > To: php-general@xxxxxxxxxxxxx > Sent: Wednesday, March 19, 2008 11:43:06 AM > Subject: Re: Double click problem > > At 4:19 PM +0000 3/19/08, Richard Heyes wrote: > >tedd wrote: > >// ... > > > >Your first (and the quickest by far) method to employ would be to > >disable the submit button using Jabbascript when the form is > >submitted. That will stop the vast majority of occurrences. You > >could also employ an intermediary page which actually does the card > >processing and when complete redirects to the "thank you" page. ie. > > > > Form --> "Please wait..." page --> "Thank you" page > > That's in place. The person clicks the "confirm purchase" and they > are taken to a "confirm and thank you page". > > The problem here is two fold -- 1) clicking the "confirm > purchase"button twice, which I think js will stop; 2) and clicking > the back-button which the token should stop. > > Now, I just need to develop a test for this. Sometime writing a test > is more of a problem than writing the solution. > > Thanks for everyone's help. > > Cheers, > > tedd > > > -- > ------- > http://sperling.com http://ancientstones.com http://earthstones.com > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > > > ____________________________________________________________________________________ > Looking for last minute shopping deals? > Find them fast with Yahoo! Search. http://tools.search.yahoo.com/newsearch/category.php?category=shopping Allowing unscrubbed user data in a header is a really bad idea. - http://en.wikipedia.org/wiki/HTTP_response_splitting - http://www.owasp.org/index.php/Open_redirect I agree with you to use exactly this way is bad idea. But, as I said on the begining of my post it's "simplified version", to get my point. My code on tp.php actually use sveral validations before forward to thank you page :D -ll ____________________________________________________________________________________ Looking for last minute shopping deals? Find them fast with Yahoo! Search. http://tools.search.yahoo.com/newsearch/category.php?category=shopping