vb.org Archive

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vB3 Programming Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=15)
-   -   Form Submissions Gone Mad (https://vborg.vbsupport.ru/showthread.php?t=77895)

TheMayhem 03-11-2005 03:33 AM
Form Submissions Gone Mad
 
I have a completed script and there has been a flaw found in it, basically what happens is if a user clicks submit they are then loaded and forwarded to a new page. But on my rpg somehow the users have found out if they click submit rapidly as many times as possible before that next page can load completely, it'll majorly boost there stats and levels.

So what I'm looking for is some kinda javascript thing or php thing that once a form button is clicked submit, it can't be clicked immediately again. Or something along those lines to solve this bug. It's kind of similar to people trying to double post on a forum, they can click the submit button too many times causing the same posts over and over again. I need a fix for this asap, any ideas?

Zachery 03-11-2005 03:43 AM
Quote:
Originally Posted by TheMayhem
I have a completed script and there has been a flaw found in it, basically what happens is if a user clicks submit they are then loaded and forwarded to a new page. But on my rpg somehow the users have found out if they click submit rapidly as many times as possible before that next page can load completely, it'll majorly boost there stats and levels.

So what I'm looking for is some kinda javascript thing or php thing that once a form button is clicked submit, it can't be clicked immediately again. Or something along those lines to solve this bug. It's kind of similar to people trying to double post on a forum, they can click the submit button too many times causing the same posts over and over again. I need a fix for this asap, any ideas?
HTML Code:
<SCRIPT TYPE="text/javascript">
<!--
  document.write("<INPUT TYPE=button VALUE=\"Hide non-strict attributes\""
                + "ID=toggler ONCLICK=\"toggle()\">");
// -->
</script>
Might want to try that.

TheMayhem 03-11-2005 03:54 AM
Im not too familiar with javascript like this so if I was taking this form...

<input type='submit' name='update' value='Submit'></form>

How would I insert those values into that javascript statement?

Zachery 03-11-2005 04:05 AM
HTML Code:
<SCRIPT TYPE="text/javascript">
<!--
  document.write("<INPUT name=update TYPE=submit VALUE=\"Submit\""
                + "ID=toggler ONCLICK=\"toggle()\">");
// -->
</script>
I can tell your not great with html either, as in regular html you should use " not '

filburt1 03-11-2005 04:08 AM
HTML Code:
<form action="..." method="..." onsubmit="document.getElementById('submitbutton').disabled = true">
.
.
.
<input id="submitbutton" type="submit" />
.
.
.
</form>
A client-side method is not desirable. Use a server-side method such as reading the last date/time the user submitted the form and reject submissions made less than, say, 5 minutes ago.

TheMayhem 03-11-2005 04:09 AM
1 Attachment(s)
Actually I took that form from my php so therefor I couldn't use " and had to use '

Anyways That code really screwed me up on this page.
I'm basically posting to self but techniqally the url is
battle.php?compid=$compid&battle=1

And before whenever it reloaded the form, it'd update the sql and everything. Now it completely loses the sql. I am attaching the page so you can see what I mean, the submission is at the bottom btw.

Guy G 03-11-2005 05:37 AM
Client side protection as filburt1 said wont work cause users can just do the same from the url...
post this to the auther of the hack as well.

TheMayhem 03-11-2005 10:01 AM
I am the author of the hack


All times are GMT. The time now is 08:43 AM.

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01990 seconds
  • Memory Usage 1,730KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (3)bbcode_html_printable
  • (1)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (8)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete