$_POST question

raDeon-gamer

Hello,

I wrote a script that allows people to send me email through a form (instead of the old-fashioned way). When the user clicks "submit" from a form the data (message body, username, and their email address) is sent over by POST to itself. So the page reloads and if there is data in the POST variables, it will process and send the mail to my inbox. It will also display a "Thank you for emailing me message". My question is how I can prevent a user from reloading this page and sending the email again and again and again maliciously.

Thank You.

kevinsequeira

well once the mail is sent , redirect the user to another page using header("location:thankyou.php"); so that way even the page is reloaded, all it displays in this case will be a thank you msg[thankyou.php]

reg
kevin

Xoid

to be honest, I wouldn't of thought there is much you can do about this, although you could possibly implement a system whereby the users session and IP are recorded to a database, everytime a user send mail you grap their IP and check if it exists in the database. although not a really good way, they only way they could send you email again is to reconnect with another IP which may annoy then after awhile, but this method would protect you from malicious attacks that LOOPs the form etc...

bad news for static IP's though, LOL.

There are probably better solutions to this problem, but this is the only one I can think of for the moment.

Hope it helps!

trooper

There is a danger that the user will simply press the back button on their browser and reload the data from post.

If you really want to stop it from happening then you could do a javascript location replace call (i think that removes any history not sure though)

HTH

Erazor05

Just set a cookie that lasts for a short period of time ex. 5 minutes. To avoid people using "back" just have the script check for cookie before mail(). Also could use a session.