0

Hi All,

I am trying to create a form using sessions so that the submit button is only submitted once in a two minute duration. I need the form to still complete the onclick action so that a calculation happens, but I only want the mail() function to send an email only once in that two minute duration.. even if the submit button is clicked more than once... here is what I got so far.. but doesnt work..?? What am I missing..??

<?php session_start();?>

if (!isset($_SESSION))
$_SESSION = time();

if (time()-$_SESSION < 120)
die('Post limit exceeded. Please wait at least 120 seconds');
else
$_SESSION = time();

2
Contributors
12
Replies
13
Views
5 Years
Discussion Span
Last Post by Stefano Mtangoo
0

Thanks.. but I tried this, but still nogo.. for some reason when the user clicks the submit button again it is still allowing the form to send again.. and not checking the time interval...?? What might I be missing here..?? Thanks in advance..

<?php
$_SESSION = time();
?>

<?php
if ($_SESSION + 10 * 60 < time()) {
// session timed out
} else {
// session ok
}
?>

0

Thanks.. but I tried this, but still nogo.. for some reason when the user clicks the submit button again it is still allowing the form to send again.. and not checking the time interval...?? What might I be missing here..?? Thanks in advance..

<?php
$_SESSION = time();

if ($_SESSION + 10 * 60 < time()) {
// session timed out
} else {
// session ok
}
?>

actually you are not doing anything here. check an example. Also use code tags

<?php
  $_SESSION['timeout'] = time(); 

  if ($_SESSION['timeout'] + 10 * 60 < time()) {
     // session timed out --log him out. For now we will just kill the script
     die("Session have timed out");
     exit(1);
  } 
?>
0

Opps.. thanks.. will use the code tags... but I am still not sure what I am missing... All I want to do is have the session only send one email when the user clicks the submit button instead of if they click it 3 or 4 times sending an email everytime... and If I can limit the interval to something like 2 or 3 minutes so that after that time has elapsed the email can be sent again..

Sorry.. I am abit of a nubie here...:) Thanks for your help so far though...

0
<?php
  $_SESSION['timeout'] = time(); 
  $_SESSION['mail_send_allowed'] = true;   

  if ($_SESSION['mail_send_allowed']&& !$_SESSION['timeout'] + 10 * 60 < time()) {
     // do validation and checks and send email here
     $_SESSION['mail_send_allowed'] = false;
     $_SESSION['timeout'] = time(); 
  } else{ die("No Spamming with my contact box...");}
?>

Edited by Stefano Mtangoo: n/a

0

This is what I got thus far..but when I add your code it doesnt send for some reason... Can you see what I am missing..?? Thanks again..??

<?php
  $_SESSION['timeout'] = time(); 
  $_SESSION['mail_send_allowed'] = true;   
 

// Database settings
$db_host = "localhost";
$db_name = "connect";
$db_user = "connect";
$db_password = "connect";
//

$db = mysql_connect($db_host, $db_user, $db_password);
if(!$db)
	die("Could not connect to database.");
if(!mysql_select_db($db_name))
	die("Could not load database.");

if($_REQUEST["action"] == "form1")
{
	$query = "INSERT INTO db (UserEmail,
	UserFirstName, UserLastName, UserAddress, UserCity, UserState, UserPC, UserPhone, UserPurchaseType, UserLoanAmount, UserInterestRate,
	UserTermLoan, UserBalloon, UserPercentage, UserPaymentAmount, UserIP, UserEnquiryDate, UserSiteReferer) VALUES (
	'".mysql_real_escape_string($_REQUEST["email"])."',
	'".mysql_real_escape_string($_REQUEST["first_name"])."',
	'".mysql_real_escape_string($_REQUEST["last_name"])."',
	'".mysql_real_escape_string($_REQUEST["address"])."',
	'".mysql_real_escape_string($_REQUEST["city"])."',
	'".mysql_real_escape_string($_REQUEST["state"])."',
	'".mysql_real_escape_string($_REQUEST["postal_code"])."',
	'".mysql_real_escape_string($_REQUEST["phone"])."',
	'".mysql_real_escape_string($_REQUEST["purchase_type"])."',
	".$_REQUEST["amount"].",
	'".mysql_real_escape_string($_REQUEST["rate"])."',
	'".mysql_real_escape_string($_REQUEST["term"])."',
	'".mysql_real_escape_string($_REQUEST["balloon"])."',
	'".mysql_real_escape_string($_REQUEST["percentage"])."',
	".$_REQUEST["monthly"].",
	'".$_SERVER["REMOTE_ADDR"]."',
	NOW(),
	'".$_SERVER["HTTP_REFERER"]."'
	)";
	mysql_query($query);
	
    if ($_SESSION['mail_send_allowed']&& !$_SESSION['timeout'] + 10 * 60 < time()) {

     	
	// Send e-mail
	$message = "
	E-mail: ".$_REQUEST["email"]."\n 
	First Name: ".$_REQUEST["first_name"]."\n 
	Last Name: ".$_REQUEST["last_name"]."\n 
	Address: ".$_REQUEST["address"]."\n 
	City: ".$_REQUEST["city"]."\n 
	State: ".$_REQUEST["state"]."\n 
	Postal Code: ".$_REQUEST["postal_code"]."\n 
	Phone: ".$_REQUEST["phone"]."\n 
	Purchase Type: ".$_REQUEST["purchase_type"]."\n 
	Loan Amount: ".$_REQUEST["amount"]."\n 
	Interest Rate: ".$_REQUEST["rate"]."\n 
	Length of Loan: ".$_REQUEST["term"]." months\n 
	Balloon Final Payment: ".$_REQUEST["balloon"]."\n 
	Percentage: ".$_REQUEST["percentage"]."\n 
	Monthly Amount Payable: ".$_REQUEST["monthly"]."\n 
	IP Address: ".$_SERVER["REMOTE_ADDR"]."\n 
	Referrer: ".$_SERVER["HTTP_REFERER"]."\n 
	Date: ".date("F j, Y, g:i a"); 
	
	$to = "mymail@mail.com";
	$subject = "Enquiry - From ".$_REQUEST["email"];
    $headers .= "X-Priority: 1 (Higuest)\n";
    $headers .= "X-MSMail-Priority: High\n";
    $headers .= "Importance: High\n"; 
	$headers = "From: mail@mail.com" . "\r\n" .
	mail($to, $subject, $message, $headers);
        $_SESSION['mail_send_allowed'] = false;
        $_SESSION['timeout'] = time(); 
        } else{ die("No Spamming with my contact box...");}

?>
0

Just test Sending email with no DB stuffs and when it is working you can add DB support
BTW don't use REQUEST. Either POST or GET!

0

ok.. just tried the below with "request" and "post" and still doesnt send..??

<?php
  $_SESSION['timeout'] = time(); 
  $_SESSION['mail_send_allowed'] = true;   
 
	
    if ($_SESSION['mail_send_allowed']&& !$_SESSION['timeout'] + 10 * 60 < time()) {
	
	// Send e-mail
	$message = "
	E-mail: ".$_REQUEST["email"]."\n 
	First Name: ".$_REQUEST["first_name"]."\n 
	Last Name: ".$_REQUEST["last_name"]."\n 
	Address: ".$_REQUEST["address"]."\n 
	City: ".$_REQUEST["city"]."\n 
	State: ".$_REQUEST["state"]."\n 
	Postal Code: ".$_REQUEST["postal_code"]."\n 
	Phone: ".$_REQUEST["phone"]."\n 
	Purchase Type: ".$_REQUEST["purchase_type"]."\n 
	Loan Amount: ".$_REQUEST["amount"]."\n 
	Interest Rate: ".$_REQUEST["rate"]."\n 
	Length of Loan: ".$_REQUEST["term"]." months\n 
	Balloon Final Payment: ".$_REQUEST["balloon"]."\n 
	Percentage: ".$_REQUEST["percentage"]."\n 
	Monthly Amount Payable: ".$_REQUEST["monthly"]."\n 
	IP Address: ".$_SERVER["REMOTE_ADDR"]."\n 
	Referrer: ".$_SERVER["HTTP_REFERER"]."\n 
	Date: ".date("F j, Y, g:i a"); 
	
    $to = "jmail@mail.com";
    $subject = "Enquiry - From ".$_REQUEST["email"];
    $headers .= "X-Priority: 1 (Higuest)\n";
    $headers .= "X-MSMail-Priority: High\n";
    $headers .= "Importance: High\n";  
    $headers = "From: mail@mail.com" . "\r\n" .
    mail($to, $subject, $message, $headers);
    $_SESSION['mail_send_allowed'] = false;
    $_SESSION['timeout'] = time(); 
    } else{ die("No Spamming with my contact box...");}

?>
0

Ignore above examples they don't do what I think of. I have rolled simple example for you because I will be offline soon. Toy with it and make it suite your need

<?php
session_start();

if(!isset($_SESSION['mail_send_allowed'])){    
    $_SESSION['mail_send_allowed'] = true;  
}

if($_SESSION['mail_send_allowed']){
    $_SESSION['timeout'] = time(); 
}

$form = <<<EOT
<form action={$_SERVER["PHP_SELF"]} method="post">
    <label for="heading"><strong>Email Title</strong></label>
    <input type="text" name="heading" />
    <br /><br />
    <label for="body"><strong>Email Body</strong></label>
    <input type="text" name="body" " />
    <br />
    <input type="submit" name="submit" value="Submit" />
</form>

EOT;

if(isset($_POST["submit"])){
  if ($_SESSION['mail_send_allowed']) {
     // do validation and checks and send email here
    //check for valid values and send email, for now I will just echo output
    echo "Heading is: " . $_POST['heading'] ."<br />and body is <br />". $_POST['body'];
    //next time don't come here until time is expired    
     $_SESSION['mail_send_allowed'] = false;     
     
  } else{ 
    die("No Spamming with my contact box...");
    if(!$_SESSION['timeout'] + 10 * 60 < time()){
        $_SESSION['mail_send_allowed'] = false;
    }
  }
  
}else{
echo $form;
}
0

Ok.. the below works to stop multiple email submissions which is great, but it doesnt seem to pick up on the time set before the email can be allowed to be sent again? Also... It is currently add a DB entry everytime the submit is clicked.. I would like it to only add one entry in the db as well... so it does the entry at the same time the email send.. but not after... Just so I dont have dups in the DB.

Thanks for any advice.. Cheers.

<?php
session_start();

if(!isset($_SESSION['mail_send_allowed'])){    
    $_SESSION['mail_send_allowed'] = true;  
}

if($_SESSION['mail_send_allowed']){
    $_SESSION['timeout'] = time(); 
}

// Database settings
$db_host = "localhost";
$db_name = "connect";
$db_user = "connect";
$db_password = "connect";
//

$db = mysql_connect($db_host, $db_user, $db_password);
if(!$db)
	die("Could not connect to database.");
if(!mysql_select_db($db_name))
	die("Could not load database.");

if($_REQUEST["action"] == "form1")
{
	$query = "INSERT INTO calc (UserEmail,
	UserFirstName, UserLastName, UserAddress, UserCity, UserState, UserPC, UserPhone, UserPurchaseType, UserLoanAmount, UserInterestRate,
	UserTermLoan, UserBalloon, UserPercentage, UserPaymentAmount, UserIP, UserEnquiryDate, UserSiteReferer) VALUES (
	'".mysql_real_escape_string($_REQUEST["email"])."',
	'".mysql_real_escape_string($_REQUEST["first_name"])."',
	'".mysql_real_escape_string($_REQUEST["last_name"])."',
	'".mysql_real_escape_string($_REQUEST["address"])."',
	'".mysql_real_escape_string($_REQUEST["city"])."',
	'".mysql_real_escape_string($_REQUEST["state"])."',
	'".mysql_real_escape_string($_REQUEST["postal_code"])."',
	'".mysql_real_escape_string($_REQUEST["phone"])."',
	'".mysql_real_escape_string($_REQUEST["purchase_type"])."',
	".$_REQUEST["amount"].",
	'".mysql_real_escape_string($_REQUEST["rate"])."',
	'".mysql_real_escape_string($_REQUEST["term"])."',
	'".mysql_real_escape_string($_REQUEST["balloon"])."',
	'".mysql_real_escape_string($_REQUEST["percentage"])."',
	".$_REQUEST["monthly"].",
	'".$_SERVER["REMOTE_ADDR"]."',
	NOW(),
	'".$_SERVER["HTTP_REFERER"]."'
	)";
	mysql_query($query);
	
}
	

    if ($_SESSION['mail_send_allowed']) {
	$message = "
	E-mail: ".$_REQUEST["email"]."\n 
	First Name: ".$_REQUEST["first_name"]."\n 
	Last Name: ".$_REQUEST["last_name"]."\n 
	Address: ".$_REQUEST["address"]."\n 
	City: ".$_REQUEST["city"]."\n 
	State: ".$_REQUEST["state"]."\n 
	Postal Code: ".$_REQUEST["postal_code"]."\n 
	Phone: ".$_REQUEST["phone"]."\n 
	Purchase Type: ".$_REQUEST["purchase_type"]."\n 
	Loan Amount: ".$_REQUEST["amount"]."\n 
	Interest Rate: ".$_REQUEST["rate"]."\n 
	Length of Loan: ".$_REQUEST["term"]." months\n 
	Balloon Final Payment: ".$_REQUEST["balloon"]."\n 
	Percentage: ".$_REQUEST["percentage"]."\n 
	Monthly Amount Payable: ".$_REQUEST["monthly"]."\n 
	IP Address: ".$_SERVER["REMOTE_ADDR"]."\n 
	Referrer: ".$_SERVER["HTTP_REFERER"]."\n 
	Date: ".date("F j, Y, g:i a"); 
	
	$to = "mail@mail.com";
	$subject = "Enquiry - From ".$_REQUEST["email"];
    $headers .= "X-Priority: 1 (Higuest)\n";
    $headers .= "X-MSMail-Priority: High\n";
    $headers .= "Importance: High\n"; 
	$headers = "From: mail@mail.com" . "\r\n" .
    $headers .= 'Bcc: mail@mail.com' . "\r\n";
	"Reply-To: mail@mail.com";
	mail($to, $subject, $message, $headers);
    //next time don't come here until time is expired    
     $_SESSION['mail_send_allowed'] = false; }    
     
    else{ 
    die("No Spamming with my contact box...");
    if(!$_SESSION['timeout'] + 10 * 60 < time()){
        $_SESSION['mail_send_allowed'] = false;
    }
  }
?>
0
if ($_SESSION['mail_send_allowed']) {

this code stops multiple submission, so move your data there! Also wrap your connection in function and call that function each time you want to connect. Also you can make those insert stuffs can be also wrapped in function. And last warning, stop using REQUEST use either POST or GET explicitly!

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.