• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
How to stop submiting query in a form

#1
[eluser]l1v1[/eluser]
Hi guys, so I have little problem. I have contact form and everything works just fine here, expect that I have a security issue there. I have a form which action is pointed to the home controller. When I submit this form everything goes fine, my data is sent, expect that every time I refresh my page, my data is sent again. That means you can spam my database by just refreshing the page. How to stop this spamming without sessions? Because I think that it is possible to bypass sessions too.

#2
[eluser]DarkManX[/eluser]
Send formdata to some extra method and redirect from there.

#3
[eluser]l1v1[/eluser]
[quote author="DarkManX" date="1345973377"]Send formdata to some extra method and redirect from there.[/quote]

Okay, that's a nice way to solve this, but maybe there is another way to solve this?

#4
[eluser]DarkManX[/eluser]
[quote author="l1v1" date="1345973685"][quote author="DarkManX" date="1345973377"]Send formdata to some extra method and redirect from there.[/quote]

Okay, that's a nice way to solve this, but maybe there is another way to solve this?[/quote]


For real? why you need another way? thats the best way to solve it oO
you can blacklist the ip on your server once the mail was sent or you can make a ajax request to submit the form. you also could store the formdata in the database, then let a cronjob execute every 5min to send all mails that are stored in the db and havent been send. Wink

#5
[eluser]l1v1[/eluser]
[quote author="DarkManX" date="1345975015"][quote author="l1v1" date="1345973685"][quote author="DarkManX" date="1345973377"]Send formdata to some extra method and redirect from there.[/quote]

Okay, that's a nice way to solve this, but maybe there is another way to solve this?[/quote]


For real? why you need another way? thats the best way to solve it oO
you can blacklist the ip on your server once the mail was sent or you can make a ajax request to submit the form. you also could store the formdata in the database, then let a cronjob execute every 5min to send all mails that are stored in the db and havent been send. Wink[/quote]

This way doesn't work well for me, because I have some extra data and I have to use sessions anyway. Maybe I will try something with blacklisting and cronjob. Thanks for advice Smile

#6
[eluser]DarkManX[/eluser]
That blacklist and cronjob stuff was kind of ironical. you got to use redirect!!!

#7
[eluser]l1v1[/eluser]
Maybe, but in my case it's better to use blacklist.

#8
[eluser]DarkManX[/eluser]
dont think so, thats you problem with redirecting?

#9
[eluser]johnpeace[/eluser]
I only do the insert if:
- you aren't coming from a blacklisted ip
- your email isn't from a blacklisted domain
- your email address hasn't already submitted within a given time period
- if your ip or email domain tries 5x in an hour, they get blacklisted

this system also relies on a whitelist of safe email domains.

#10
[eluser]DarkManX[/eluser]
[quote author="johnpeace" date="1345985034"]I only do the insert if:
- you aren't coming from a blacklisted ip
- your email isn't from a blacklisted domain
- your email address hasn't already submitted within a given time period
- if your ip or email domain tries 5x in an hour, they get blacklisted

this system also relies on a whitelist of safe email domains.[/quote]

there several methods you can use bug still it isn't users fault if your page re-sending the email by refreshing the page. that's why you should redirect from the sending page. if you are not that experienced internet user and you refresh and get blacklisted due to the bad design of the application, you will never visit the page again... whats wrong with redirecting?! i don't get it!


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


Users browsing this thread:
1 Guest(s)


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2019 MyBB Group.