Create an account

Very important

  • To access the important data of the forums, you must be active in each forum and especially in the leaks and database leaks section, send data and after sending the data and activity, data and important content will be opened and visible for you.
  • You will only see chat messages from people who are at or below your level.
  • More than 500,000 database leaks and millions of account leaks are waiting for you, so access and view with more activity.
  • Many important data are inactive and inaccessible for you, so open them with activity. (This will be done automatically)

0Day Forums Coding CMS WHMCS Smart way to generate a FORM key with PHP

Thread Rating:
  • 718 Vote(s) - 3.51 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Options
Smart way to generate a FORM key with PHP

Offline glasswork219489


Valued member
***
Valued member
Posts: 0
Threads: 0
Joined: Jan 2020
Reputation: 0
Level: inf [Level]
Total Points: inf
Rank nan / 1
100% to upload Level
Rank
Activity inf / 1
99% to upload your Rank
Activity
Experience nan
100% to upload Experience
Experience

Points: 50
#1
07-26-2023, 10:32 PM
I have a form, in whmcs that I want user to only be able to submit once, so they cant submit it and refresh to resubmit... I was thinking about unsetting $_POST or redirecting, but neither would work in this situation, how would I generate a key and make it so its only usable once? Can't use mysql.
Reply

Offline tasteful253


Valued member
***
Valued member
Posts: 0
Threads: 0
Joined: Jun 2021
Reputation: 0
Level: inf [Level]
Total Points: inf
Rank nan / 1
100% to upload Level
Rank
Activity inf / 1
99% to upload your Rank
Activity
Experience nan
100% to upload Experience
Experience

Points: 50
#2
07-26-2023, 11:04 PM
Why not store a random key in the session? That's how most CRSF token systems work: When loading the form, generate the key and save it in the session and include it in the form. When submitting, compare the keys and delete the saved key.

If you just don't want the user to accidentally resubmit a successfully submitted form, the link from @zerkms' comment is what you want:

[To see links please register here]

Reply

Offline clethraceae316009


Member
*
Member
Posts: 0
Threads: 0
Joined: Feb 2023
Reputation: 0
Level: inf [Level]
Total Points: inf
Rank nan / 1
100% to upload Level
Rank
Activity inf / 1
99% to upload your Rank
Activity
Experience nan
100% to upload Experience
Experience

Points: 50
#3
07-26-2023, 11:11 PM
Set a session or cookie when the form has been submitted and check if it exists beforehand.

You could also store information in a database such as their IP and browser if you wanted a permanent check, but this has it's own problems so your never going to stop someone 100% of the time.
Reply

Offline zeljkoyzzuavqf


Member
*
Member
Posts: 0
Threads: 0
Joined: Nov 2019
Reputation: 0
Level: inf [Level]
Total Points: inf
Rank nan / 1
100% to upload Level
Rank
Activity inf / 1
99% to upload your Rank
Activity
Experience nan
100% to upload Experience
Experience

Points: 50
#4
07-26-2023, 11:26 PM
The most common way to avoid double-posting is to do

header('location: /'.$your_url_here);
after you complete your actions. So you just redirect to the same page, but without $_POST.
Reply

Offline Probiogs342


Member
*
Member
Posts: 0
Threads: 0
Joined: Nov 2022
Reputation: 0
Level: inf [Level]
Total Points: inf
Rank nan / 1
100% to upload Level
Rank
Activity inf / 1
99% to upload your Rank
Activity
Experience nan
100% to upload Experience
Experience

Points: 50
#5
07-26-2023, 11:29 PM
I realize this is an old question but I recently had the same problem. None of the Post/Redirect/Get solutions appear to work on WHMCS if you want to stay on the productdetails page (for example) even if you are switching to another smarty template file after POST. Probably because it needs $_POST[id'] and that goes away after a refresh. So the closest I could get was having it go back to the products list page which is not what I want and probably not what the original poster wants.

The solution I finally came up with was to add a `$_SESSION[submitted]` variable after the form was submitted. You will have to figure out the logic yourself depending on what you are doing.

My Logic goes something like:

`if ($_SESSION['submitted'] == 1 && !isset($_POST['somecustomkey'])) {
unset($_SESSION['submitted']);
}`

That is at the top and resets the "submitted" session key if your POST form data does not exist.

Then add a check before you write the info to your database or whatever.

`if ($_SESSION['submitted'] != 1) {
//Do some stuff with $_POST form data
$_SESSION['submitted'] = 1;
}`

I think this fits in well with the intended purpose of $_SESSION and easy to implement.
Reply

« Next Oldest
Next Newest »


Forum Jump:


Users browsing this thread:
1 Guest(s)

©0Day  2016 - 2023 | All Rights Reserved.  Made with    for the community. Connected through