Jump to content

Prevent form resubmission


choppingblock
 Share

Recommended Posts

Hey all,

I have just created a contact form with the PW api (nice and easy as expected, though I found it has some limitations concerning fieldsets and multi-row layout... I know this is a tricky subject, so no offense meant).

I'm wondering what would be the best way to prevent the (accidental) resubmission of a form. I usually do this with a redirect after submit and a flash error/success message... is there any PW-ish way to achieve this (e.g., does PW support flash messages, or is this procedure even already implemented in the api somewhere)?

Link to comment
Share on other sites

Hi choppingblock,

Do you mean preventing the user from clicking submit multiple times?

If so, I usually just handle that with JS.

$("form").submit(function() {
    $(this).submit(function() {
        return false;
    });
}); 
  • Like 2
Link to comment
Share on other sites

Do you mean preventing the user from clicking submit multiple times?

I am more concerned about people reloading the page (like, pressing F5) after the form has been submitted.

So I'd like to redirect them to the same page, but without any POST data. And sending a flash message with the redirect (message that is only stored in the session until the next page is displayed).

...and there it is, thanks a lot.

Link to comment
Share on other sites

I implement the PW CSRF token in my forms so a resubmit will result in a error message.

this seemed not to work with my form, although it generates the token (i guess i have to check for it somehow after submit)... can you give an example of how you do this?

Link to comment
Share on other sites

If you use PW form API, it will get validated if you call processInput()

$form->processInput($input->post);

I think the CSRF doesn't get reset if the CSRF was valid, but you can do it manually with

$session->CSRF->resetToken();

after validating the form.

Or if you do manual form and not use InputfieldForm you can generate and validate the token

$session->CSRF->validate(); // will throw exeption if invalid

And get the token name and value with it respective methods

$session->CSRF->getTokenName(); // name for input hidden
$session->CSRF->getTokenValue(); // token value

Also the trick renobird mentioned is also very good to prevent double click submission errors.

Of course you can still use redirect method and as you may found the $notices errors and messages are transported through redirects.

  • Like 5
Link to comment
Share on other sites

$session->CSRF->resetToken();

this is what i was missing... thanks!

Edit:

Got it working with CSRF token, but I think the redirect approach fits better here. Easy to achieve with the flashdata function of PW (this should be added to the cheat sheet, I could imagine many users of PW would use this if they knew about it).

  • Like 1
Link to comment
Share on other sites

  • 1 year later...

this is what i was missing... thanks!

Edit:

Got it working with CSRF token, but I think the redirect approach fits better here. Easy to achieve with the flashdata function of PW (this should be added to the cheat sheet, I could imagine many users of PW would use this if they knew about it).

You made my day! Missed the CSRF reset as well^^

Link to comment
Share on other sites

  • 8 months later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

  • Similar Content

    • By 999design
      Hi all,
      Running into an odd error that I can't seem to get my head around.
      We have 2 separately created Formbuilder forms sitting on a single page.
      But we keep experiencing weird results with them, originally we couldn't get one of the forms to ever submit so we ended up disabling CSRF for them which let us get around this issue.
      However it then causes a problem in that with CSRF disabled, one of forms always records 2 entries on submission. Just a straight duplicate within the entries for that form.
      So trying to stop this happening we tried enabling CSRF again and although that does stop the duplicated entry, it ends up giving really weird feedback such as the attached screengrab.
      Hazarding a guess I assume whatever is trigger on submission is firing twice because of the presence of the second form, but I have no idea why this would be the case as they are 2 seperately named forms?
      Any ideas?

    • By benbyf
      I have a a form in my site footer that can be accessed anywhere on site, I've added the form in the _inc.php file and added the render in the pages footer.php. However, this works well on the homepage e.g. you can submit said form and get a thank you on reload, doesnt work at all on other pages... Just lots like a fresh reload. Any thing im doing wrong here or ways to diagnose as there isn't an error log for formbuilder etc...?
    • By Peter Knight
      I have a few web forms which require testing on a weekly basis and I don't want the recipients (administrators) to receive these test emails.
      What would be a good way to test approx 15 forms from the front end and have the test delivered a list of secondary administrator recipients?
      I'm thinking that I could have some kind of config file which watches for a trigger word or email and then understands that it's a test and to bypass the normal admins?
      All of the forms ask for an email address so I could setup an email such as 'testform@email.not' etc which my config file (hook?) would watch for.
      Or is there a better way to do this?
      Additionally, I have a few extra requirements...
      Forms should goto an alternative success page. This is because I don't want my test to skew my Google Analytics conversion tracking Forms would need to be tested from the front-end and not the PW admin area Any advice appreciated.
      BTW I realise this should be posted in the proper FormBuilder support forum. I am in the process of renewing my license for access to that support forum.
       
    • By J_Szwarga
      What is the best practice for having a form (only accessible to a logged in user) save the user's progress between sections of the form? Fieldsets? Multiple forms?
      Use case: I have a very long application form that would take 30 minutes for the applicant to fill out and I would hate for all progress to be lost due to user error. The progress needs to be logged into the user's page.
      Thanks!
    • By Guy Incognito
      I'm trying to implement a front-end image upload form for user profile pictures, to a field called 'profile_picture'. The code is based on the various examples found around these forums but isn't yet 100% right.
      The form successfully submits the image to the server and updates the field in the dashboard. When you submit the firm, the page reloads and uploads the image but the template still loads the old image path (now broken path as the old image has been removed).
      I can only get the new image to show if I hit enter in the address bar forcing the page to reload.
      Any ideas? Is it a caching issue, or something to do with the order of the script? It makes no difference if I call the image after the upload form.
      <?php //Display current user image $userImg = $user->profile_picture->first(); echo '<img src="'.$userImg->url.'">'; $upload_path = $config->paths->assets . "files/avatar_uploads/"; $f = new WireUpload('userimage'); $f->setMaxFiles(1); $f->setMaxFileSize(1*1024*1024); $f->setOverwrite(true); $f->setDestinationPath($upload_path); $f->setValidExtensions(array('jpg', 'jpeg', 'png', 'gif')); if($input->post->form_submit) { if(!is_dir($upload_path)) { if(!wireMkdir($upload_path)) throw new WireException("No upload path!"); } $files = $f->execute(); if ($f->getErrors()) { foreach($files as $filename) @unlink($upload_path . $filename); foreach($f->getErrors() as $e) echo $e; } else { $user->of(false); $user->profile_picture->removeAll(); // wirearray (line added by @horst: explanation is three posts beneath) $user->profile_picture = $upload_path . $files[0]; $user->save(); $user->of(true); @unlink($upload_path . $files[0]); } } ?> <form class="forum-form" accept-charset="utf-8" action="./" method="post" enctype="multipart/form-data" > <input type="file" id="attach" name="userimage" accept="image/jpg,image/jpeg,image/gif,image/png" /> <input type="submit" name="form_submit" value="Submit"/> </form>
       
×
×
  • Create New...