On Fri, Mar 21, 2008 at 2:24 PM, tedd <tedd.sperling@xxxxxxxxx> wrote: > Hi gang: > > This is probably trivial for most of you, but here's my solution to > the problem I presented earlier. > > The problem was, I just wanted to be certain that if a use clicked a > button that they could only do it once. Sounds simple enough, huh? > > Certainly, one can use javascript, but I wanted something that was > basic php and html -- here's my solution with code (please provide > critical review): > > http://www.webbytedd.com/cc/submit-once/index.php > > If the user clicks "Submit once", then that's the way it is until > they quit their browser. If they don't quit their browser, then no > amount of refresh will allow them to click the button again. > > The "Reset Submit", of course, resets this condition but it's for > demo purposes. > > What I have not solved, and I don't think there is a solution (I > could be wrong) is to prohibit the user from clicking the back button > on their browser to reset this condition. > > I've done a considerable amount of javascript reading, testing, and > code search and have not found anything that works -- and -- I have > even found places where the js community says that nothing will work > to solve the back-button problem. > > So, does anyone here know better? If so, please start a different thread. > > Cheers, > > tedd > > -- > ------- > http://sperling.com http://ancientstones.com http://earthstones.com > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > Tedd, Web pages are supposed to be stateless. Therefore it is your burden to deal with the back button because each URI should be able to be requested in any order at any time with or without sessions. Just because a shopping cart has a checkout.php page that requires certain steps doesn't mean that Google can't stumble upon it and index it to try and hit it over and over. So the real question is why is clicking the back button so terrible? Your workflow might be like this: form create crumb and hide in token field & store in session if (post) re-show form with error message from gateway show payment form submit will post to processing processing: validate post token == session token, if not then re-display payment form via require w/ error message if payment declined then re-display payment form via require w/ error message if payment accepted then save order, clear cart, and say thank you If I am on the form and I click process, then it posts to processing and does some stuff. If somehow I am fast enough to click the back button you think there might be an issue of the card transaction being sent to the merchant but the results not returned? If that is the case, on the processing page do this: - set a session variable saying you have started card processing - use ignore_user_abort - continue as normal then on the form page - check for started card processing session existance, if it exists then say please wait a moment and refresh again or however you want to handle that. - continue as normal The web is stateless and we're always going to have to deal with that. Just make everyone play by your rules. BTW Javascript is just fluff, a convenience for the end user. Your script should work perfectly without it because googlebot snooping around will not have it and also any of those rogue spam scripts will also not have it. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
