The Arcive of Official vBulletin Modifications Site.

TheMayhem · #1 03-11-2005, 03:33 AM

I have a completed script and there has been a flaw found in it, basically what happens is if a user clicks submit they are then loaded and forwarded to a new page. But on my rpg somehow the users have found out if they click submit rapidly as many times as possible before that next page can load completely, it'll majorly boost there stats and levels.

So what I'm looking for is some kinda javascript thing or php thing that once a form button is clicked submit, it can't be clicked immediately again. Or something along those lines to solve this bug. It's kind of similar to people trying to double post on a forum, they can click the submit button too many times causing the same posts over and over again. I need a fix for this asap, any ideas?

Zachery · #2 03-11-2005, 03:43 AM

Quote:

Originally Posted by TheMayhem

I have a completed script and there has been a flaw found in it, basically what happens is if a user clicks submit they are then loaded and forwarded to a new page. But on my rpg somehow the users have found out if they click submit rapidly as many times as possible before that next page can load completely, it'll majorly boost there stats and levels.

So what I'm looking for is some kinda javascript thing or php thing that once a form button is clicked submit, it can't be clicked immediately again. Or something along those lines to solve this bug. It's kind of similar to people trying to double post on a forum, they can click the submit button too many times causing the same posts over and over again. I need a fix for this asap, any ideas?

HTML Code:

<SCRIPT TYPE="text/javascript">
<!--
  document.write("<INPUT TYPE=button VALUE=\"Hide non-strict attributes\""
                 + "ID=toggler ONCLICK=\"toggle()\">");
// -->
</script>

Might want to try that.

TheMayhem · #3 03-11-2005, 03:54 AM

Im not too familiar with javascript like this so if I was taking this form...

<input type='submit' name='update' value='Submit'></form>

How would I insert those values into that javascript statement?

Zachery · #4 03-11-2005, 04:05 AM

HTML Code:

<SCRIPT TYPE="text/javascript">
<!--
  document.write("<INPUT name=update TYPE=submit VALUE=\"Submit\""
                 + "ID=toggler ONCLICK=\"toggle()\">");
// -->
</script>

I can tell your not great with html either, as in regular html you should use " not '

filburt1 · #5 03-11-2005, 04:08 AM

HTML Code:

<form action="..." method="..." onsubmit="document.getElementById('submitbutton').disabled = true">
.
.
.
<input id="submitbutton" type="submit" />
.
.
.
</form>

A client-side method is not desirable. Use a server-side method such as reading the last date/time the user submitted the form and reject submissions made less than, say, 5 minutes ago.

TheMayhem · #6 03-11-2005, 04:09 AM

Actually I took that form from my php so therefor I couldn't use " and had to use '

Anyways That code really screwed me up on this page.
I'm basically posting to self but techniqally the url is
battle.php?compid=$compid&battle=1

And before whenever it reloaded the form, it'd update the sql and everything. Now it completely loses the sql. I am attaching the page so you can see what I mean, the submission is at the bottom btw.

Guy G · #7 03-11-2005, 05:37 AM

Client side protection as filburt1 said wont work cause users can just do the same from the url...
post this to the auther of the hack as well.

TheMayhem · #8 03-11-2005, 10:01 AM

I am the author of the hack

X vBulletin 3.8.12 by vBS Debug Information
Page Generation 0.04469 seconds Memory Usage 2,252KB Queries Executed 12 (?)
More Information
Template Usage: (1)SHOWTHREAD (1)ad_footer_end (1)ad_footer_start (1)ad_header_end (1)ad_header_logo (1)ad_navbar_below (1)ad_showthread_beforeqr (1)ad_showthread_firstpost (1)ad_showthread_firstpost_sig (1)ad_showthread_firstpost_start (3)bbcode_html (1)bbcode_quote (1)footer (1)forumjump (1)forumrules (1)gobutton (1)header (1)headinclude (1)navbar (3)navbar_link (120)option (8)post_thanks_box (8)post_thanks_button (1)post_thanks_javascript (1)post_thanks_navbar_search (8)post_thanks_postbit_info (8)postbit (1)postbit_attachment (8)postbit_onlinestatus (8)postbit_wrapper (1)spacer_close (1)spacer_open (1)tagbit_wrapper Phrase Groups Available: global inlinemod postbit posting reputationlevel showthread	Included Files: ./showthread.php ./global.php ./includes/init.php ./includes/class_core.php ./includes/config.php ./includes/functions.php ./includes/class_hook.php ./includes/modsystem_functions.php ./includes/functions_bigthree.php ./includes/class_postbit.php ./includes/class_bbcode.php ./includes/functions_reputation.php ./includes/functions_post_thanks.php Hooks Called: init_startup init_startup_session_setup_start init_startup_session_setup_complete cache_permissions fetch_threadinfo_query fetch_threadinfo fetch_foruminfo style_fetch cache_templates global_start parse_templates global_setup_complete showthread_start showthread_getinfo forumjump showthread_post_start showthread_query_postids showthread_query bbcode_fetch_tags bbcode_create showthread_postbit_create postbit_factory postbit_display_start post_thanks_function_post_thanks_off_start post_thanks_function_post_thanks_off_end post_thanks_function_fetch_thanks_start post_thanks_function_fetch_thanks_end post_thanks_function_thanked_already_start post_thanks_function_thanked_already_end fetch_musername postbit_imicons bbcode_parse_start bbcode_parse_complete_precache bbcode_parse_complete postbit_display_complete post_thanks_function_can_thank_this_post_start postbit_attachment tag_fetchbit_complete forumrules navbits navbits_complete showthread_complete
Messages:

The Arcive of Official vBulletin Modifications Site.

It is not a VB3 engine, just a parsed copy!