Jump to content

Prevent form resubmission


choppingblock
 Share

Recommended Posts

Hey all,

I have just created a contact form with the PW api (nice and easy as expected, though I found it has some limitations concerning fieldsets and multi-row layout... I know this is a tricky subject, so no offense meant).

I'm wondering what would be the best way to prevent the (accidental) resubmission of a form. I usually do this with a redirect after submit and a flash error/success message... is there any PW-ish way to achieve this (e.g., does PW support flash messages, or is this procedure even already implemented in the api somewhere)?

Link to comment
Share on other sites

Hi choppingblock,

Do you mean preventing the user from clicking submit multiple times?

If so, I usually just handle that with JS.

$("form").submit(function() {
    $(this).submit(function() {
        return false;
    });
}); 
  • Like 2
Link to comment
Share on other sites

Do you mean preventing the user from clicking submit multiple times?

I am more concerned about people reloading the page (like, pressing F5) after the form has been submitted.

So I'd like to redirect them to the same page, but without any POST data. And sending a flash message with the redirect (message that is only stored in the session until the next page is displayed).

...and there it is, thanks a lot.

Link to comment
Share on other sites

I implement the PW CSRF token in my forms so a resubmit will result in a error message.

this seemed not to work with my form, although it generates the token (i guess i have to check for it somehow after submit)... can you give an example of how you do this?

Link to comment
Share on other sites

If you use PW form API, it will get validated if you call processInput()

$form->processInput($input->post);

I think the CSRF doesn't get reset if the CSRF was valid, but you can do it manually with

$session->CSRF->resetToken();

after validating the form.

Or if you do manual form and not use InputfieldForm you can generate and validate the token

$session->CSRF->validate(); // will throw exeption if invalid

And get the token name and value with it respective methods

$session->CSRF->getTokenName(); // name for input hidden
$session->CSRF->getTokenValue(); // token value

Also the trick renobird mentioned is also very good to prevent double click submission errors.

Of course you can still use redirect method and as you may found the $notices errors and messages are transported through redirects.

  • Like 5
Link to comment
Share on other sites

$session->CSRF->resetToken();

this is what i was missing... thanks!

Edit:

Got it working with CSRF token, but I think the redirect approach fits better here. Easy to achieve with the flashdata function of PW (this should be added to the cheat sheet, I could imagine many users of PW would use this if they knew about it).

  • Like 1
Link to comment
Share on other sites

  • 1 year later...

this is what i was missing... thanks!

Edit:

Got it working with CSRF token, but I think the redirect approach fits better here. Easy to achieve with the flashdata function of PW (this should be added to the cheat sheet, I could imagine many users of PW would use this if they knew about it).

You made my day! Missed the CSRF reset as well^^

Link to comment
Share on other sites

  • 8 months later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...