Prevent back button exploits? PHP [closed] - javascript

Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 8 years ago.
Improve this question
I've built a simple game using Javascript and PHP. Once the user hits the target score, they are allowed to add their name to a highscore mysql database. I'm using PHP POST to get their score and add it to mysql.
After someone get's a highscore and enters their name, it resets the score variable back to zero and redirects them back to the main game page with header('location'). If they hit the back button once, all is good, it shows their score is zero since I reset the variables. However if they hit the back button twice it brings up their high score and they can enter their name again and flood the highscore database with their name.
Anyway to prevent this?

You need to check for at least one identifying feature of the user and check if they have submitted a score before serving up the form. There are various ways you can do this, each with their own weaknesses, so it's best to mix and match, however some off the top of my head include:
Checking that a person with the same IP and user-agent string hasn't submitted a highscore in the last x minutes (though this may prevent some legit scores from being submitted - think a school / office using same browser and having same ip)
Putting a tracking cookie on arrival with an identifying user id. Then checking that user id hasn't submitted a score in the last x minutes. (e.g. start a PHP session if you want)
Adding a cookie to the browser after score submit, then checking for this cookie before serving up the form (yes, it can be easily worked around by deleting the cookie). Alternatively You could set a value in the session)

Related

How to make the search function on a website [closed]

Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 4 years ago.
Improve this question
I was just wondering how do I make my website preview some info after the user searches for something stored in the database.
Basic approach for previewing user names as you type in a search bar. For this to work, you will need to use AJAX to query the server and also display the result as a preview for the user to click on if they want, without having to refresh the page.
User types 'Joe' into the search bar
The onChange() even is fired and you query your server with that the user has written "Joe". Keep in mind this query is via AJAX, so as not to force the page to reload.
Server side, you do a MySQL lookup of the table users, where the name is something like "Joe". SELECT NAME FROM USERS WHERE NAME LIKE '%what_you_sent_on_AJAX_request%' LIMIT 10;
The browser receives the response from the AJAX request and displays a nice dropdown with the output of the server. When the user actually click son this "previews" it is in that moment that you would actually reload to the page or take the user to a new page based on what they have clicked on.
That's a very basic approach for it.

detect browser refresh/F5/right click reload in angular 5 [closed]

Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 4 years ago.
Improve this question
I have a requirement where, Users inputs something and submit then angular does a service call which returns if users input is valid/invalid. If valid take user to success page, if service returns invalid/bad input then user needs to be taken to failure page and should never be able to go back(using back button) or user refresh the page, user should still be on same page. Only option provided to the user should be close browser, there by not allowing using to submit one more request(leading to service call).
You cannot prevent the user from not running or editing client-side JavaScript code. Since this is a security requirement against the interest of that particular user, the solution must be server-side:
On the server, after getting the wrong answer, mark the user's profile as such. You may need an additional table in your database joining users and questions for that.
Whenever the user loads the question or submits it, first check the user's flag. If it's set, error out immediately.
Note that this behavior is quite hostile to the user. For instance, the user may accidentally touch Enter too soon, and will be shut out by your system.

INSERT into MySQL database with JavaScript but without Node.js [closed]

Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 4 years ago.
Improve this question
I want to INSERT data into my MySQL database.
After some research I found out I can use something called Node.js to do this.
But it seems to complicated for this small thing I want to do.
Is there a way to do this only with JavaScript, without Node.js?
Background: In my web-based iOS app I want to integrate a Favorite button. When the user clicks on the Favorite button on any site some data get stored in my MySQL database (user id, favorited webpage, title of webpage) and the Favorite button changes its color to signal it's favorite and put in the favorite section.
Following problem if doing this with PHP and not JavaScript: The user have to click the Back button twice to get out of this page, because reloading for storing in the database created a new entry in browser history.
Or is there another solution to prevent to the user have to click the back button twice to get out of this page?
Applications which runs on the end-users machines should never-ever have direct database access. Create a REST API with PHP (if you already using it) which handles the database operations and invoke it with JavaScript (this is the short explanation of AJAX).

PHP Elements add EventListener [closed]

Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 5 years ago.
Improve this question
I'm currently working on a website which allows the costumer to personally add movies to a database. So I wrote a PHP class which initially loads all the data needed from a database and creating a table which kind of looks like this:
How do I theoretically proceed to make those buttons work(Which, as they change things in a database should "execute" php-functions).
theoretically this is how you should proceed:
First the database piece
you will create 4 fields
each field corresponding to the table header (notice there should be no space in the name of the field) -- movie_id will be numerical, name will be varchar, etc.
Next the code
I take it the second row are all inside tag? if not make it so
Make sure the form method is POST
I recommend making the action of the form go to another page (keeps it clean)
user clicks on "save changes" button
On the other page (specified in form action), you will receive the data in your $_POST var; based on each input's name, this will be accessible in post. So for example, if your input name for "name" field is "movie_name" then this data will be in: $_POST['movie_name']
Store each field's POST data in a variable... i.e. $movieName = $_POST['movie_name'] ---- THIS IS JUST AN EXAMPLE! YOU SHOULD NEVER ACCESS POST DATA DIRECTLY!! YOU MUST SANITIZE/VALIDATE ETC. THIS DATA BEFORE STORING IN DATABASE
Assuming you have a database link already established, simply insert the data into the table you created earlier
Hope this helps you get started!
Best,
-Rush

Count Form Submissions on PHP Site [closed]

Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 6 years ago.
Improve this question
I would like to implement a counter on a site I am building, so every time someone submits a form on the site, the counter increases for anyone who visits the site. For example, the number will start at 0 and every time someone submits the form, the count will increase for anyone who visits the site.
I know how to manipulate the number via JS/jQuery when the form submission button is clicked. My question is about how to update the number on the site for anyone who visits the site.
The site is currently a static PHP site without a database associated with it.
oh i get it now..
you can do it with a file.
1) create a file called "counter.txt", put it next to your web page put the number zero in the file.
2) get the current count with php: $counter = file_get_contents("counter.txt");
3) add one to the counter file_put_contents("counter.txt", $counter+1);
// put this wherever you want to do your counting
$counter = file_get_contents("counter.txt");
file_put_contents("counter.txt", $counter+1);
echo "You are the $counter person to view this page..";

Categories