I have created a user registration form using PHP/smarty. The form posts back to itself since I don't know of any reason not to do it this way. The problem here is that if the user refreshes the welcome page, the code will attempt to recreate the account. What is the best way to do this from both a user and security perspective?
if (isset($_POST['submit'])) {
/* Create customer account */
$smarty->display($welcome_template);
} else {
$smarty->display($form_template);
}
after the account has successfully been created, do a HTTP redirect and send them to a separate "success" page: http://en.wikipedia.org/wiki/Post/Redirect/Get
I guess that is a reason to not do it this way. I think the standard solution is the Post/Redirect/Get pattern, which means: make the POST request and then redirect to a GET request to a confirmation page. That page can then be reloaded without any problem.
the user may of course try to recreate their account at any time, so care must be taken for that.
For your needs, as post-action page shows confirmation, the easiest solution would be
//at end of post-action
echo '<script type="text/javascript">document.location = 'yoururl?cmd=confirm</script>';
die();
regards, //t
