I am looking to enable only one submission of form per session. I have tried to disable submit button but this on click function is nothing for bots so extra layer of single submission per session is what i think can save somewhat from bots
OR
Create token for each submission to make submission more secure and unique
Which one is better and how to implement so any user (bots) can not submit same form twice
Code I have is
<form role="form" method='post' action='index.php' id='cme'>
<input type="hidden" name="val" value="<?php echo $val ?>" />
<fieldset>
<div class="form-group">
<center><div class="g-recaptcha" data-sitekey="sitekey"></di</center>
</div>
<div class="row">
<center>
<input type="submit" name="claim" class="btn btn-lg btn-success btn-block" value="Claim Now" id="claim" onclick="setTimeout(disableFunction, 1);">
</center>
</div>
</fieldset>
</form>
Submit section
if(isset($_POST['claim'])) {
$recaptcha = $_POST['g-recaptcha-response'];
if(!empty($recaptcha)) {
# Use the recaptcha function here
$resp = getGoogleRecaptcha();
if($resp['success']) {
header('Location: index.php');
# Capture value from the form submit
$bonval = $_POST['bonval'];
# Insert normally
$db->fetchVal("insert into log (`user_id`,`amount`) values (?,?)", array($id, $bonval));
}
}
else { ?>
<div class="overlay"><div class="popup" style="background:red;">
<h2>Opps</h2>
<a class="close" href="#">×</a><br/>
<div><center><span class="blink_me">You missed it</span></center></div>
</div></div>
<?php }
}
Now issue is form opens on popup and user keeps clicking and score keeps adding as with each click session view is +1
Can you please guide me about this issue solving so one click and only one submission
I think it can be better to do form submission through javascript so on submit function can be controlled more wisely to kill popup on more than one submit click....am i right, if yes plz guide this way
Below is one way of doing this using sessions.
Basically I am generating a token and storing it in session if its not already in session. I am also including the same in the form, which can be cross checked (in index.php) to see if it matches with the session variable or not.
<?php
if(! isset($_SESSION['cme-token']) ){
$cme_token = rand(11111, 99999);
$_SESSION['cme-token'] = $cme_token;
} ?>
<?php if (!isset($_SESSION['cme'])){ ?>
<form role="form" method='post' action='index.php' id='cme'>
<input type="hidden" name="token" value="<?php echo $cme_token ?>" />
<fieldset>
<div class="form-group">
<center><div class="g-recaptcha" data-sitekey="sitekey"></di</center>
</div>
<div class="row">
<center>
<input type="submit" name="claim" class="btn btn-lg btn-success btn-block" value="Claim Now" id="claim">
</center>
</div>
</fieldset>
</form>
<? } else {
<div>ALREADY CLAIMED!</div>
}?>
In index.php you can do additional check just to be sure that the token was not modified in between by user like below.
// INDEX.PHP
<?php
if($_POST['token'] == $_SESSION['cme-token']) {
//PROCESS THE FORM
} else {
// IGNORE THE FORM SUBMIT AS IT DOESN'T CARRY PROPER TOKEN
}
?>
Related
I have created a user profile information update using php. To update his image, what I do is that first let him delete the image and ask him to upload a new image. If accidentally user click image update button without clicking image delete button how to show an error message as "please first delete your Image and then upload a new image".
I couldn't find any way of doing it.
A help would be really appreciated
Given below is my code
<div class="form-group">
<center><label>Update A New Profile Picture </label></br></center>
<form method="post" action="update_userinfo.php" enctype="multipart/form-data">
<center><img id="uploadPreview4" style="width: 100px; height: 100px;" /></center>
<center><input type="file" name="Filename4" id="uploadImage4" onchange="PreviewImage4();" class="form-group"><input TYPE="submit" name="updateImage" value="Update Image" class="btn btn-success" /></center>
</form>
</div>
<div class="col-md-6">
<center><label>Your Current Profile Picture </label></br>
<form method="post" action="update_userinfo.php" enctype="multipart/form-data" onSubmit="if(!confirm('Do You really want to update your profile picture?')){return false;}">
<?php
echo "<img border=\"0\" src=\"".$row['image_path4']."\" width=\"100\" height=\"100\" >";
echo "<br>"; ?>
<input TYPE="submit" name="delete" value="delete" class="btn btn-success" />
</form>
</div>
This is what i can think of if you really want to deal with this using PHP ,
considering this is your current code
<div class="form-group">
<center><label>Update A New Profile Picture </label></br></center>
<form method="post" action="update_userinfo.php" enctype="multipart/form-data">
<center><img id="uploadPreview4" style="width: 100px; height: 100px;" /></center>
<center><input type="file" name="Filename4" id="uploadImage4" onchange="PreviewImage4();" class="form-group"><input TYPE="submit" name="updateImage" value="Update Image" class="btn btn-success" /></center>
</form>
////
new code
<?php if(isset($photoDeleted) && $photoDelete=== false) :>
<center>Hey! Delete your photo first!</center>
<?php endif; ?>
////
</div>
<div class="col-md-6">
<center><label>Your Current Profile Picture </label></br>
<form method="post" action="update_userinfo.php" enctype="multipart/form-data" onSubmit="if(!confirm('Do You really want to update your profile picture?')){return false;}">
<?php
echo "<img border=\"0\" src=\"".$row['image_path4']."\" width=\"100\" height=\"100\" >";
echo "<br>"; ?>
<input TYPE="submit" name="delete" value="delete" class="btn btn-success" />
</form>
</div>
from your PHP side, check, if there is still a photo in db reload this upload page and pass photoDelete variable as false when it's loading the page php will render this as an error.
But! Wait!
Why don't you just replace/delete the previous photo with the newly updated one in your php?
assuming that there's only one record of profile photo for each user, just update your db record with the newly updated photo and delete the previous record !?
it's a better User Experience overall
I have a problem regarding bootstrap modal: I have an input box and a button, in the input box, the user should type their code, then click the check button:
<form class="form-inline" action="" method="post">
<div class="form-group">
<input type="text" class="form-control input-sm input-inverse" name="appcode" required="" data-form-field="appcode" placeholder="Insert Your Code"></div>
<div class="buttons-wrap">
<button name="Xcheck" class="btn btn-secondary display-4 " type="submit" role="button" data-toggle="modal" data-target="#modalID">Check</button>
</div>
</form>
When the button is clicked, it will run a PHP code in the same page, also check either the inserted code exists in the database or not.
Here is the php code:
<?php
$con= mysqli_connect("localhost", "root", "");
mysqli_select_db($con, "cobathesis");
if (isset($_POST['Xcheck'])){
$appcode= $_POST['appcode'];
$check=mysqli_query($con,"select * from applicantdata where appcode='$appcode'");
$checkrows=mysqli_num_rows($check);
if($checkrows>0) {
// the modal should be loaded here
}else{
echo "<script>alert('You Inserted either the wrong Code or the Code is unregistered'); location.href='';</script>";
}
}
?>
Is it possible to use the same button (check button) to post the value and load the modal at the same time?
Thank you for your response.
You could use something like
$('#myForm').on('submit', function(e){
$('#myModal').modal('show');
e.preventDefault();
});
CodePen by Hana Piers
I have a form in which by using javascript and in a while I add content to it.
Denpending on the number of data in database different number of forms are added to the page.
<?php
while($row = mysql_fetch_array ($result)){
?>
<form method="post" accept-charset="UTF-8" >
//add some content to the form by reading from database
<div class="form-group ">
<input type="submit" name="print" id="button" value="print"/>
</div>
</form>
<?php
}//end while
?>
and below I want to redirect to another page when clicked on each "print" button.
But not only it doesn't redirect to another page but also alert just works for the first button.
Below is the code:
<script>
$("#button").click(function(){
alert('hi');
window.location.href = "design_card.php";
});
</script>
how to solve?
jquery, php or javascript solutions are acceptable. other workable solutions, if work, are good.
Thanks for your response in advance.
Check your HTML
<?php
while($row = mysql_fetch_array ($result)){
?>
<form method="post" accept-charset="UTF-8" >
//add some content to the form by reading from database
<div class="form-group ">
<input type="submit" name="print" id="button" value="print"/>
</div>
</form>
<?php
}//end while
?>
You have created multiple <input> element dynamically with duplicate id so the better way is to assign a class to them like
<?php
while($row = mysql_fetch_array ($result)){
?>
<form method="post" accept-charset="UTF-8" >
//add some content to the form by reading from database
<div class="form-group ">
<input type="submit" name="print" class="buttonClass" value="print"/>
</div>
</form>
<?php
}//end while
?>
And then use this buttonClass class as a jquery selector like this
$(".buttonClass").click(function(){
alert('hi');
window.location.href = "design_card.php";
});
I have the following code which consists of a form whose on submit calls a javascript function.
<div class="form" role="form" onsubmit="createresult()">
<fieldset>
<?php
$subject = $_GET["sub"];
$array = mysqli_query($con, "Select * from questions where subject='$subject'");
$j =1;
while($row = mysqli_fetch_array($array))
{
echo "
<div class=\"form-group\"><h5>$row[question]</h5>";
for($i=1;$i<5;$i++)
{
$opt1 = "option".$i;
$opt = $row[$opt1];
$name = "question" ."$j";
echo "
<label class=\"radio-inline\">
<input type=\"radio\" name=$name required>$opt</label>";
}
echo "</div>";
$j++;
}
?>
<button type="submit" class="btn btn-primary" name="submit">Submit</button>
<button type="reset" class="btn btn-primary">Reset</button>
</fieldset>
</div>
The PHP script is working fine but this form is not calling the JavaScript function createresult().
https://developer.mozilla.org/en-US/docs/Web/API/GlobalEventHandlers.onsubmit
The submit event happens when a user clicks a submit button inside a <form> tag. Right now you use a <div> tag.
If you would like to use the <div> tag, instead of using onsubmit, use onclick on the submit
<button type="submit" class="btn btn-primary" name="submit" onclick="createresult()">Submit</button>
Change:
<div class="form" role="form" onsubmit="createresult()">
// your code
</div>
To
<form onsubmit="createresult()">
// your code
</form>
On my index.php page, I have a form which posts into a 3rd party newsletter system.
The page reloads index.php?mail&
Is there anyway I can do a check when the page is loaded AND that the form has been posted? If it has, that it can call another function?
Thanks Chris
The code:
So what I'm hoping for is a sort of onload feature which will detect if the form name="subscribe" has been posted. Then I call a function (which will be a popup div).
I can get there with a little help and can do a bit of php or javascript, maybe not program it but understand some of it. don't have a clue with ajax
mailbar8 (where the actual form is located for the newsletter):
<?php include("globals.php"); ?>
<form action="<?php echo $website.$relative_string;?>" name="subscribe" onsubmit="javascript:return checkEmail(this);" method="post">
<div id="cell8" class="titlecell2"><h3>Email:</h3></div>
<div id="cell9" class="inputcell2">
<input type="text" class="inputfield2" name="email" value="Your Email..." id="email2" maxlength="255" onfocus="this.value='';">
</div>
<div id="cell10" class="textcell3">
<input name="group" type="hidden" id="group[]" value="<?php echo $group; ?>">
<input name="subscribe" id="sub" type="radio" value="true" checked>
</span>Subscribe</p>
</div>
<div id="cell11" class="buttoncell">
<button type="submit" name="Submit2" value="Join" id="submitButton2" button" onClick="javascript:myFunction();"/>
<span>Join</span>
</button>
</div>
<div id="cell8" class="textcell4">
<input type="radio" name="subscribe" id="unsub" value="false">
</span>Un-Subscribe</p>
</div>
</form>
The form name is subscribe, it checks the email entry is legit and then if it is redirects the user back to: http://www.allcoles.com/index.php?page=mail&
The index.php (this bit of code displays the mailbar8.php form):
<div id="guestArea" class="siteAreas">
<div id="guestTitle" class="roundedTitle">Guests</div>
<div id="guestContent" class="roundedContent">
<h4>Get Our Newsletter!</h4>
<?php
$mailbar=8;
$group=1;
include("maillist/mailbar.php");
?>
</div>
</div>
<!-- End of User and Guest Areas -->
index.php (the popup div I want to load when the page is open and the form is posted, it has a js file but that's not important - the popup div currently works by a href link on www.allcoles.com):
<div id="toPopup">
<div class="close"></div>
<span class="ecs_tooltip">Press Esc to close <span class="arrow"></span></span>
<div id="popup_content"> <!--your content start-->
<h2 align="center">All Coles Newsletter System</h2>
<h3 align="center">bringing News, Birthdays, Events and Invites to your mailbox!</h3>
<hr align="center" width="75%">
<p style="text-align:center"> <?php
if(isset ($_GET['page']))
{
if ($_GET['page'] == "mail")
{
include("maillist/mailmain.php");
}
if ($_GET['page'] == "about")
{
include("about.php");
}
}else {
print("THIS PRINT IS WHERE THE NEWSLETTER SAYS THAT THE EMAIL HAS BEEN SUBSCRIBED TO THE DATABASE, THIS POPUP DIV IS A NICE WAY TO SHOW THAT. THIS BIT CHANGES IF THE USER IS ALREADY SUBSCRIBED, OR ADDED OR REMOVED");
}
?> </p2>
<hr align="center" width="75%">
<p style="text-align:center; font-size: 12px;">
<font style="text-decoration:underline; font-weight:bold;">TIP</font>
: Remember to check your Junk Mail, and add 'administrator#allcoles.com' to your
<font style="text-decoration:underline; font-weight:bold;">SafeSenders</font>
list.</p>
</div>
</div>
<div class="loader"></div>
<div id="backgroundPopup"></div>
So ideally - when (http://www.allcoles.com/index.php?page=mail&) loads it recognises the form named subscribe which has been submitted and then calls a function.
for example the function: formPosted();
The solution I came up with was (with the help from everyone):
<?php
if(isset ($_GET['page']))
{
if ($_GET['page'] == "mail")
{
echo "<script>window.alert('Found the reply!');var formPosted = true;</script>";
}
}
?>
<script>
if(formPosted) {
window.alert("popupclick!");
popupClick();
}
</script>
How about something simple like this?
<?php
if( /* check if form has been postet */ ) {
$form_posted = true;
} else {
$form_posted = false;
}
?>
and then...
<?php if($form_posted) : ?>
<script>
formPosted();
</script>
<? endif ?>
Using Ajax:
var mail = ???;
$.post( "index.php", { mail : mail }, function( data ) {
formPosted();
});
It's simple. It posts to the page you want with the parameter mail and then calls the function you want.
<?php
$dispatched = isset($_POST['dispatched']) ? 1 : 0;
if($dispatched) {
// handle data
echo "<script>var formPosted = true;</script>";
}
?>
<script>
if(formPosted) {
// do something
}
</script>