Darkness Posted January 28, 2008 Share Posted January 28, 2008 Hey.There are people on my site who are using page editing to cheat. On my site, I use a this.disabled function to disable a button when clicked, so people can not click it multiple times. However, people are editing the source, and taking out the disabled part. Is there a way I can disable this or track it?I'm guessing that this can be achieved via Javascript, HTML, PHP, or a combination of them, however I am not sure.Thanks. Link to comment Share on other sites More sharing options...
justsomeguy Posted January 28, 2008 Share Posted January 28, 2008 You can probably track it somehow, depending what your application does when the button is clicked. If it sends an AJAX request to PHP then the PHP script can keep track of when the button was clicked using the session. Link to comment Share on other sites More sharing options...
Darkness Posted January 28, 2008 Author Share Posted January 28, 2008 Hmm.. well, I don't really know anything about AJAX. :S Link to comment Share on other sites More sharing options...
justsomeguy Posted January 28, 2008 Share Posted January 28, 2008 That was just an example of one thing you could do to track. What you will want to do will depend on what the button does. Link to comment Share on other sites More sharing options...
Darkness Posted January 28, 2008 Author Share Posted January 28, 2008 Well, here's an example of the form. <form action='pagehere.php' method='POST'><input type='hidden' name='Submit' value='1'>Input stuff here.<input type='submit' value='Continue' onclick="this.disabled='true'; this.value='Please Wait...'; this.form.submit();\"></form> The hidden input field is there because disabled submit fields can not have names.Basically, the form goes to a certain page, of course. That page adds data to the MySQL database. However, people can use source editing to change it to... <input type='submit' value='Submit'> That way, they can keep clicking the button rapidly, and the data will be added each time; which allows them to spam. Link to comment Share on other sites More sharing options...
justsomeguy Posted January 28, 2008 Share Posted January 28, 2008 The PHP page should use the session to keep track of the last time the form was submitted, and take the appropriate action. Link to comment Share on other sites More sharing options...
Darkness Posted January 29, 2008 Author Share Posted January 29, 2008 Oh, thanks! Link to comment Share on other sites More sharing options...
Praetorian Posted January 29, 2008 Share Posted January 29, 2008 Granted I'm not an expert, but it's possible that they're simply disabling javascript for their browser, which I'm guessing would throw a wrench into the way the script works. That's just a guess, but it's something you may want to look into. Link to comment Share on other sites More sharing options...
jhecht Posted January 29, 2008 Share Posted January 29, 2008 How about if they submit data you not let them go back to the page? What exactly is the issue with this though? If they go to a page through they form, it shouldn't matter if they click it that much, and even if they do, make it send you an email if a user posts more than 1 thing within a few seconds of each other, and also flag them so they can't do it... It's not that hard a process(well, then again, I am a relatively good PHP user... so i guess whats not so hard for me may be for others...). I'm sure we could all help you much more if we knew what else was going on. Is there any more Javascript involved? or what? Link to comment Share on other sites More sharing options...
Synook Posted January 29, 2008 Share Posted January 29, 2008 Justsomeguy's idea will work all the time (unless they write a script to click, delete cookies, click, delete cookies, etc). Link to comment Share on other sites More sharing options...
justsomeguy Posted January 29, 2008 Share Posted January 29, 2008 Right. And if they want to go through that much trouble there's not a lot you can do to stop them other then by associating a database record with their IP or something, and they can get around that too. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.