0

Basically I have a form that accesses a email script I made, and send a message with the content that the user sets in the given fields. I was wondering if it was possible to, through the PHP script, disable it from being submitted more than once...

It's an email form, so if the user presses the "submit" button more than once, it'll send the email more than once. If a person presses the submit button 100 times, 100 messages will be sent to my email.

So, my question is, is there anyway to stop a PHP script from running again once it's already been submitted?

Below is the code of the form.

<form action="http://sebastianalsina.com/contact/sendmail.php" method="post">
    <input type="text" placeholder="Name" name="name">
    <input type="text" placeholder="Email" name="email">
    <input type="text" placeholder="Subject" name="subject">
    <textarea placeholder="Write your message here" name="message" rows="6"></textarea>
    <input type="submit" name="submit" class="sendmessage" value="Send message">
</form>

Here is sendmail.php:

<?php
require 'PHPMailerAutoload.php';
include 'variables.php';

// receiver message

if ($_POST['name'] != "" && $_POST['email'] != "" && filter_var($_POST['email'], FILTER_VALIDATE_EMAIL) && $_POST['message'] != "") {
    $mail = new PHPMailer;

    $mail->AddReplyTo($_POST['email'], $_POST['name']);
    $mail->setFrom($fromEmail, $_POST['name'] . ' (' . $companyName . ' Web Mailer)');
    $mail->addAddress($toEmail);

    $mail->isHTML(true);

    $mail->Subject = $_POST['subject'];
    $mail->Body = '**CODE WAS REMOVED HERE BECAUSE IT WAS REALLY LONG**';
    $mail->AltBody = $_POST['message'];

    if(!$mail->send()) {
        header("Location: error.php");
    } else {
        header("Location: thankyou.php");
    }
} else {
        header("Location: error.php");
}
?>
Sebastian Alsina
  • 85
  • 1
  • 3
  • 9

1 Answers1

0

ok so it seems your PHP and form code looks ok. The problem is that the user is not being prevented from hitting/clicking that button when sending the message.

One way to handle this is to disable the button once its clicked. This way, only one click is allowed until the page is reloaded (which you are already doing with a redirect in PHP)

First you need to give your form an ID:

<form id="message_form" action="http://sebastianalsina.com/contact/sendmail.php" method="post">

now use Javascript, to give the functionality:

var form = document.getElementById("message_form");
form.addEventListener('submit', function () {
    form.submit.disabled = true;
});

hope this helps.

CodeGodie
  • 12,116
  • 6
  • 37
  • 66
  • Yes, this will work, and I found a similar suggestion elsewhere, but I really wanted to see if it was possible to stop the spamming via the PHP script, because if I'm stopping the spam via the HTML page (the form) I'll have to update the form in 10+ different places (for my customers sites), while if I did it through PHP I would only have to edit the script. Does that make sense? – Sebastian Alsina Mar 23 '16 at 20:16
  • to stop spamming you are better off using Captcha as people mentioned.. What kind of spamming do you mean exactly? – CodeGodie Mar 23 '16 at 20:17
  • 1
    Sorry, when I refer to spamming I mean that if the user presses submit multiple times, the message will be sent multiple times. I want to avoid that, via the PHP script if possible. – Sebastian Alsina Mar 23 '16 at 20:19
  • Sorry if this doesn't make sense, I always seem to have trouble explaining myself. – Sebastian Alsina Mar 23 '16 at 20:19
  • No problem makes sense.. in that case you need to set session/cookies/tokens.. check this out: http://stackoverflow.com/questions/15626868/prevent-double-form-submit-using-tokens – CodeGodie Mar 23 '16 at 20:21