PHPLIB / Patches / #37 prevent resubmit already posted loginfor

#37 prevent resubmit already posted loginfor

Status: open

Owner: nobody

Labels: None

Priority: 5

Updated: 2002-10-05

Created: 2002-10-05

Creator: Giancarlo Pinerolo

Private: No

This patches to loginform.ihtml and the validatelogin
in locval.inc prevent tte resubmission of a form
already submitted, thus prevents going back with the
browser back button and repost auth credentials when
authentication is expired

Discussion

Giancarlo Pinerolo - 2002-10-05

local.inc with extra check in auth_validatelogin

local.inc

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Giancarlo Pinerolo - 2002-10-05

loginform.ihtml that adds an uniqid hidden fiels

loginform.ihtml

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Giancarlo Pinerolo - 2002-10-05

Logged In: YES
user_id=163488

my previous version of local.inc stored the used_formidsa in
tha auth->auth persistent array.
But once someone logged off, that would be cleared, thus
again allowing going 'back' to the posted loginform

This version stores the used_formids as a persistent session
variable ($sess-Zregister("used_formids"), so oit should be
there as long the sessions is tha same.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Giancarlo Pinerolo - 2002-10-05

validatelogin registers and checks used_formids

local.inc

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

prevent resubmit already posted loginfor

Group

Searches

Help

#37 prevent resubmit already posted loginfor

Discussion