Alex
Reputation: 68396
Determine if the request comes from a new user
Let's say you have a form. And you don't want ugly captcha's on it, unless it's absolutely necessary.
So you let the user submit the form, and if the same user submits the form again show the captcha, or whatever.
Is it possible to detect if the 2nd form submission comes from the same user?
I know about $_SERVER['REMOTE_ATTR'] (which is the user IP), but is this reliable? Since this variable stores a value that is sent by the user, I guess any bot can fake that, right?
Upvotes: 2
Views: 91
Answers (1)
rook
Reputation: 67019
You can go 2 routes. You can either use a rolling csrf token or store a flag in session. The session flag is a bit more straight forward:
session_start();
if(!isset($_SESSION['submit_flag'])){
$_SESSION['submit_flag']=true
//perform action...
}
Upvotes: 1
Related Questions
- How can I detect how a user accesses a page in php? (from a form or directly)
- PHP Check for User if Exists
- check if user didnt come from url
- How to validate if it's an authorised user sending a request?
- Detect where the user came from using php
- PHP Login application - Check if username already exists when creating a new user
- How can I detect when a user is logged in?
- prevent users from submitting requests other than application
- Checking if a user is logged in
- Form post security. Making sure it did not come from outside source