refresh cheating.
Posted: Fri Apr 23, 2010 11:28 pm
ok. well as we all know, refreshing a page after submitting data to the DB can cause major issues. (esspecially when purchasing items in a game and basically cheating)
i know alot of this can be stopped by running a series of checks before allowing the transaction and data to be written to the DB.
but running checks will not always produce a solution.
for eg. you buy something from a shop, while the databse is farting about, the page crashes and you are left with a blank screen (failed to load, slow internet. what ever the cause may be... it happens)
now to the average person, their 1st instinct is to hit f5/refresh button.
this will cause a double entry on the db without the user wanting to, and therefor purchasing twice the amount of stuff he wanted to buy.
now in my case, i run all my checks via ajax/jQuery before you are able to purchase the item.
one thing i struggled to do was to prevent the above without running needless checks against the player, and without header'ing to another page where the user would have to mess about navigating back to the shop to make another purchase, rinsing and repeating asmany times as they wanted to purchase all of their stuff.
well i have come up witha quick fix. (how secure it really is. i dont honestly know lol) But it seems to work for now lol.
what i do, via Jquery, is to load up a page when the buy button is clicked, which sets a session, then asoon as the page is loaded again, it unsets the session. by doing this and checking to make sure the session is set before any DB manipulation happens. i am stopping anyone refreshing and making multiple purchases, either on purpus or not.
quick break down of the code.
setsession.php
and all Should work from there on out.
if anyone has any alternative methods to doing this. please feel free to post them.
i know alot of this can be stopped by running a series of checks before allowing the transaction and data to be written to the DB.
but running checks will not always produce a solution.
for eg. you buy something from a shop, while the databse is farting about, the page crashes and you are left with a blank screen (failed to load, slow internet. what ever the cause may be... it happens)
now to the average person, their 1st instinct is to hit f5/refresh button.
this will cause a double entry on the db without the user wanting to, and therefor purchasing twice the amount of stuff he wanted to buy.
now in my case, i run all my checks via ajax/jQuery before you are able to purchase the item.
one thing i struggled to do was to prevent the above without running needless checks against the player, and without header'ing to another page where the user would have to mess about navigating back to the shop to make another purchase, rinsing and repeating asmany times as they wanted to purchase all of their stuff.
well i have come up witha quick fix. (how secure it really is. i dont honestly know lol) But it seems to work for now lol.
what i do, via Jquery, is to load up a page when the buy button is clicked, which sets a session, then asoon as the page is loaded again, it unsets the session. by doing this and checking to make sure the session is set before any DB manipulation happens. i am stopping anyone refreshing and making multiple purchases, either on purpus or not.
quick break down of the code.
Code: Select all
<?php
if(isset($_POST['buy'])){
if(isset($_SESSION['confirmBuy'])){
unset($_SESSION['confirmBuy'];
Rest of code!!
}
}
?>
<input type='image' id='buybutton'>
<script type='text/javascript'>
$('#buybutton').click(function(){
load('sessionset.php');
});
</script>
Code: Select all
<?php
session_start();
$_SESSION['confirmBuy'] = "set";
?>
and all Should work from there on out.
if anyone has any alternative methods to doing this. please feel free to post them.
