Welcome to HBH! If you had an account on hellboundhacker.org you will need to reset your password using the Lost Password system before you will be able to login.

how to prevent post on refresh?


prox's Avatar
Member
0 0

I have the form page which is validuseragent.php http://codepaste.net/59zke3 and the page that posts everything called useragentinput.php http://codepaste.net/ejzmb6 Now when I hit submit on the first(form) page, it will go to the second page and post the output ..on the second page, if you hit refresh or enter, it will keep posting the comment over and over which I don't want it to do. I've been reading about headers such as placing markupheader("location: page.php"); in the code, but It's not working, any advice or ideas?


stealth-'s Avatar
Ninja Extreme
0 0

Havn't looked at the code, but header() must be called before any output is printed. You can't have output if you are sending a relocate header. Also, the 'L' in location is a capital.

You could also look at Javascript redirects.

Most people's browsers will handle this for you though, and alert them if they try and refresh a page they just sent POST data to.

EDIT: Erm, also, just so you know: User agents can easily be spoofed and should not be used as a security mechanism.


prox's Avatar
Member
0 0

that helps, I didnt know it had to be called before anythings echo'd

yeah, I'm not using it for security or anything really. Im just learning php and was writing a script to learn some stuff.


prox's Avatar
Member
0 0

just a question, how easy is it to get content from a .php page? The actual php code for example.

just wondering how easy it would be to get the useragent name if you did not know what it was


stealth-'s Avatar
Ninja Extreme
0 0

By design, it is supposed to be impossible for a client to access the actual PHP code. Vulnerabilities in the PHP code you write, other code on the server, or in the webserver itself may leak this information, but this isn't typical.