Refreshing the page = uploading the file again and again
Posted: Sat Aug 23, 2014 3:41 amIn DFH v1.2.9, after I'm uploading via normal input and getting to the "separate" page ./upload.php?do=verify and hitting the refresh button, my browser asks my permission to resubmit the form, and if I hit ok - it uploads the same file all over again. Just imagine what can happen if someone who wants to harm your website will come up with a way to automate this process - and then you'll have a big server load and small free webspace on your hands.
I've looked up for some solutions, and I think that the best one is to set a hidden input named postcheck which contains a random md5 number, and check it against the current session, and of course that it will change in every page load.
The code here is just a small example which I haven't tested, but it'll maybe help with thinking of a good implementation.
Thanks.
I've looked up for some solutions, and I think that the best one is to set a hidden input named postcheck which contains a random md5 number, and check it against the current session, and of course that it will change in every page load.
The code here is just a small example which I haven't tested, but it'll maybe help with thinking of a good implementation.
- Code: Select all
if( ($_SESSION['postcheck'] != $_POST['postcheck']) )
{
return false;
} else {
return true;
}
Thanks.