Quote:
Originally Posted by Sakakuchi
You could also take the IP of the user, log it, and check whether he already send you a message in - lets say last hour. If yes, then he's not allowed to send more messages. Using this way you could also make sure that your Mailbox does not get spammed from one user.
|
That way, ALL users who share an IP address will be blocked in that interval and will not be allowed to send any message, which obviously is not what is wanted.
You could do this a couple of ways:
1. the most simple method -> redirect the user to another page after he/she has submitted the form (after you send the e-mail)
2. use a 'security key' (this is what I call it). What does this mean? Each time you show the user the page, you also generate a hash key (an md5 of variable data), which you will store in the session. Then, when the user hits the submit button and after you validate your form, etc., you check that session variable against what you would expect. If it's different, you can reset the form values and present the user with a message saying "please use the submit button" or such. Something like this:
Code:
if(form_submitted)
{
// validate your form, etc. and continue only if all fields are correctly completed
// $_POST['security_key'] is an input in the form (a hidden input), in which you echo your $_SESSION['security_key'] - so you could compare them later
if($_SESSION['security_key'] != $_POST['security_key']) {
// show a message or what ever. validation failed, so you will not send the e-mail yet
} else {
// send your e-mail, show the user the "thank you" page, etc.
}
// invalidate the security token with each new request
$_SESSION['security_key'] = regenerate_security_key();
}
else
{
// form has not been submitted, so keep generating keys
$_SESSION['security_key'] = regenerate_security_key();
}
3. using a cookie. However, this is NOT a reliable technique, as the user's browser might block these cookies, or even the user might delete them.
So, the best choice would be #2.