防止使用令牌提交双重表格 [英] Prevent Double Form Submit using Tokens

问题描述

我试图通过添加令牌隐藏字段来阻止用户两次提交论坛.

I am trying to prevent the user from double submitting the forum by adding token hidden field.

因此，这是我到目前为止所做的事情(在论坛加载之前，我有这段代码可以使用当前时间作为值来创建令牌.

So here is what I have done so far (before the forum loads I have this code to create a token with the current time as a value.

$token = time();
setcookie('formToken', $token, time() + 3600);

在我的论坛中，我有这样的隐藏输入

in my forum I have a hidden input like this

<form method="post" action="'.$PHP_SELF.'?action=update">
<input type="hidden" name="token" value="'.$token.'" />
<input type="submit" value="go" />
</form>

现在在页面顶部，其中$ action =="update"我有此代码

now on the top of my page where $action == "update" I have this code

if(isset($_POST)  &&  ($_POST['token'] != $_COOKIE['formToken'])){
    $error_list .= '<li>You can not submit this forum twise.</li>';
} 

如果我按F5刷新页面，它将再次提交表单，而不会显示我的错误.

if i hit F5 to refresh the page it submit the form again without displaying my error.

推荐答案

我强烈建议您避免使用您的系统:它没有经过深度测试，您将浪费时间调试它，并且它也不会避免臭名昭著的再次发送POSTDATA" ?"浏览器的确认对话框，这会使用户感到困惑.

I strongly advice you to avoid your system: it is not deeply tested, you will waste time debugging it, and it will not avoid the infamous "Send POSTDATA again?" confirmation dialog of the browser, which is confusing for the user.

我建议您使用 PRG模式 (发布/重定向/获取)，也可以通过phpbb之类的论坛来实现.

I suggest you to use use the PRG pattern (Post/Redirect/Get), which is also implemented by forums like phpbb.

发布/重定向/获取(PRG)是一种Web开发设计模式， 防止一些重复的表单提交，从而创建更直观的 用户代理(用户)的界面. PRG实现书签，并且 以可预测的方式刷新按钮，不会产生重复 表单提交.

Post/Redirect/Get (PRG) is a web development design pattern that prevents some duplicate form submissions, creating a more intuitive interface for user agents (users). PRG implements bookmarks and the refresh button in a predictable way that does not create duplicate form submissions.

您的问题已经解决，解决方案就在这里，只管接受-滚动自己的解决方案只会浪费您的时间. :)

Your problem is already solved, the solution is here, just take it - rolling your own seems-like-a-solution will only waste your time. :)

这篇关于防止使用令牌提交双重表格的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！