I have a page where any user gets directed to after a payment was made, and in that page there is PHP code to send a confirmation email and some certain other tasks. So I don't want user to be able to refresh that page so the script is run again and I also don't want them to be able to change the parameters in the url for example: www.idk.com?name=eij&age=39 I had this working before but that was when there were only 2 pages I could use
if ( !isset( $_SESSION["origURL"] ) )
$_SESSION["origURL"] = $_SERVER["HTTP_REFERER"];
And used the if user is from ... then run script and if they refreshed it wouldn't run and also couldn't change the url. the problem is that i made a 3rd page the url didn't show up anymore with this code there was nog http referer found.
I really need this to work i hope that anyone can help me
One way to prevent to load the same page twice after a payment is like:
For that you need a unique identifier and validate that the payment is legit, that depends in your payment provider.
Sounds like a design problem.
A quick fix:
Use POST
instead of GET
to prevent people from changing parameters and redirect them as soon as they are done to a new page or the same with no POST
parameters.
You could look into checksums so you can validate the request is coming from your site.
its as easy as
$checksum = md5(json_encode($array));
just make sure you have some secret element in the array.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.