TalkPHP - Email script problem

TalkPHP (http://www.talkphp.com/forums.php)

- General (http://www.talkphp.com/general/)

- - Email script problem (http://www.talkphp.com/general/4451-email-script-problem.html)

Email script problem

I have had a script running that once a user enters their information it will email it to me. However, if they hit refresh it sends it again. How would I go about preventing this from happening?

Thanks for any help.

Quote:

Originally Posted by code_junkie (Post 24747)

How about you show us some code?

Its just the basic mailto function.

Code:

$to = "email@address.com";

$from = "email@address.com";

$subject = "Message from site";

$message = "";

$headers  = "From: $from\r\n";

$headers .= "Content-type: text/html\r\n";



ini_set('sendmail_from', $from);

mail($to, $subject, $message, $headers);

Quote:

Originally Posted by code_junkie (Post 24750)

Its just the basic mailto function.

Code:

$to = "email@address.com";

$from = "email@address.com";

$subject = "Message from site";

$message = "";

$headers  = "From: $from\r\n";

$headers .= "Content-type: text/html\r\n";



ini_set('sendmail_from', $from);

mail($to, $subject, $message, $headers);

Ok, well based on that, of course it's going to run on every refresh because there's nothing stopping it from running.

If you include an IF conditional that will check for a specific status, it will only run once..

I like to base it off a hidden POST variable say, "submit_form" and set that value to true. Then on the receiving page, make sure that it is set to true, then run your mail function.

After your mail function, unset that variable, that way it won't be true anymore and then if they hit refresh, it won't send the email.

Thanks for your response. I'm not very familiar with PHP yet, so can show me some example code or a site so I can reference from? I need to see it to figure it out and inderstand it.
Thanks

PHP/ELSE
PHP/EXIT
PHP/MAIL
PHP/IF

this should be a good start.

PS: the best way to go is to read all of php.net manual one or two times..

PHP Manual

Have the page that actually sends the page redirect, the HTML code for this is (put this in the <head>):

Code:

<meta http-equiv="REFRESH" content="0;url=http://www.the-domain-you-want-to-redirect-to.com"></HEAD>

This will redirect the page away immediately after the message is sent.

The header function will also redirect using GET and therefore prevent any reloading.

php Code:

header('location: FQDN');

Now to make things more complicated :-P

You could also take the IP of the user, log it, and check whether he already send you a message in - lets say last hour. If yes, then he's not allowed to send more messages. Using this way you could also make sure that your Mailbox does not get spammed from one user.

-> There are many people out there who just love writting such little programms.

I think I should have explained the whole thing. This site is an incident reporting site.

Page 1:

user enters data
on submit it redirects to page 2 (url containing incident number)

Page 2:

emails webmaster informing them there has been an incident
shows user there incident

Quote:

Originally Posted by Sakakuchi (Post 24798)

You could also take the IP of the user, log it, and check whether he already send you a message in - lets say last hour. If yes, then he's not allowed to send more messages. Using this way you could also make sure that your Mailbox does not get spammed from one user.

That way, ALL users who share an IP address will be blocked in that interval and will not be allowed to send any message, which obviously is not what is wanted.

You could do this a couple of ways:

1. the most simple method -> redirect the user to another page after he/she has submitted the form (after you send the e-mail)

2. use a 'security key' (this is what I call it). What does this mean? Each time you show the user the page, you also generate a hash key (an md5 of variable data), which you will store in the session. Then, when the user hits the submit button and after you validate your form, etc., you check that session variable against what you would expect. If it's different, you can reset the form values and present the user with a message saying "please use the submit button" or such. Something like this:

Code:

if(form_submitted)

{

    // validate your form, etc. and continue only if all fields are correctly completed



    // $_POST['security_key'] is an input in the form (a hidden input), in which you echo your $_SESSION['security_key'] - so you could compare them later

    if($_SESSION['security_key'] != $_POST['security_key']) {

        // show a message or what ever. validation failed, so you will not send the e-mail yet

    } else {

        // send your e-mail, show the user the "thank you" page, etc.

    }



    // invalidate the security token with each new request

    $_SESSION['security_key'] = regenerate_security_key();

}

else

{

    // form has not been submitted, so keep generating keys

    $_SESSION['security_key'] = regenerate_security_key();

}

3. using a cookie. However, this is NOT a reliable technique, as the user's browser might block these cookies, or even the user might delete them.

So, the best choice would be #2.

I'll provide some simple code later today to help you on your way...

Quote:

Originally Posted by xenon (Post 24804)

That way, ALL users who share an IP address will be blocked in that interval and will not be allowed to send any message, which obviously is not what is wanted.

Hmm true - didn't think of that. Considering that I would also choose the Session - Solution. :-D