Login/Register
Laravel/PHP multiple form submissions (multiple click on submit button)
Asked Answered
Solved phpformslaravelsubmission
K

2

1

I've some problems due to multiple form submissions. I'm using laravel as framework and creating a browsergame (I know, there are millions) just for fun.

I've a page for buildings with a button "Construct" which is in a form (method="post").

If I hold Enter for 4-5 seconds many request will be fired and the user can create many records in the database.

I don't want an only client side fix like

$(document).on('submit', 'form', function() {
    $(this).find('button:submit, input:submit').attr('disabled', 'disabled);
});

Because never trust the client.

Is someone here with a solution (maybe with laravel)?

Thanks in advance.

Best regards.

Kudva answered 23/3, 2018 at 16:43 Comment(4)
Generate a random token. Put token in session. Put token in form as hidden field. On submit if token received is equal to the one in session do all the stuff on database and delete token from session.Chunky
So, I'm generating always a form token and save this one into the session. And every form have an hidden input field with this token included, right?Kudva
Using middleware for route group (laravel.com/docs/5.6/routing#route-group-middleware) you can View::share (laravel.com/docs/5.6/views#sharing-data-with-all-views) a random token and save on session.Chunky
Does this answer your question? Laravel - prevent POST method spammingCianca
K
0

"Generate a random token. Put token in session. Put token in form as hidden field. On submit if token received is equal to the one in session do all the stuff on database and delete token from session."

"Using middleware for route group (laravel.com/docs/5.6/routing#route-group-middleware) you can View::share (laravel.com/docs/5.6/views#sharing-data-with-all-views) a random token and save on session."

Thanks @assistbss

Kudva answered 27/3, 2018 at 16:15 Comment(0)
B
1

You can control it in server side using csrf token. Your form will have a token for preventing cross-site request forgery, and you can access this token in your controller to identify the client uniquely. When a request coming to the controller you can check whether the client sending the request first time or not. If it is not first time you can return back. Example:-

public function construct(Request $request){
     $token = $request->_token;
     //check weather the token already exists or not, using db or session
     if(exists){
         return;
     }
}
Bermuda answered 23/3, 2018 at 17:15 Comment(1)
There is a problem. CSRF-Token will created for each session not for each request. Your example only possible, if I'm generating a random token in session and sending with the post request as hidden input as @Chunky mentioned. Or do you have another approach maybe Laravel specific? Thanks.Kudva
K
0

"Generate a random token. Put token in session. Put token in form as hidden field. On submit if token received is equal to the one in session do all the stuff on database and delete token from session."

"Using middleware for route group (laravel.com/docs/5.6/routing#route-group-middleware) you can View::share (laravel.com/docs/5.6/views#sharing-data-with-all-views) a random token and save on session."

Thanks @assistbss

Kudva answered 27/3, 2018 at 16:15 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.