How can I make sure my button stays even after it has reset the page

StackOverflow https://stackoverflow.com/questions/23219865

Question

I have the following:

$allowed_referer = array("https://localhost/**blah.php**"); //add the allowed sites in this array
$referal = $_SERVER['HTTP_REFERER'];
if (in_array($referal, $allowed_referer)){

    //Do-stuff
}

so if the page is coming from blah.php the save button is allowed to be displayed instead of submit. I have it set up where the save button updates the database and the submit button inserts into the database. 

<?php if (!in_array($referal, $allowed_referer)){ ?> 
           <button type="submit" name="submit" value="submit-new"> Submit </button>   
<?php } 
      else { ?> 
               <button type="submit" name="submit" value="save-new"> Save </button>  
<?php } ?>

How can I make sure the save button stays even after clicking on save.
for example, lets say the page is coming from blah.php, then you make some changes and click the save button, then it refreshes the page which makes it believe it is not coming from "$allowed_referer" array, so it will then change the save button to the "submit" button, which is bad because now instead of saving that current id, submit will insert a duplicate of the file you just wanted to save.

Was it helpful?

Solution

You could store the information user in comming from a known referer in the first place when you ckeck it the first time:

$allowed_referer = array("https://localhost/**blah.php**"); //add the allowed sites in this array
$referal = $_SERVER['HTTP_REFERER'];
if (in_array($referal, $allowed_referer)){
    //Store a flag in the session
    $_SESSION['come_from_known_referer'] = true;

    //Do-stuff
}

And then modify your code:

<?php if (!isset($_SESSION['come_from_known_referer'])){ ?> 
           <button type="submit" name="submit" value="submit-new"> Submit </button>   
<?php } else { ?> 
               <button type="submit" name="submit" value="save-new"> Save </button>  
<?php } ?>

As a sidenote, remember that a user can hide or modify the headers send to your server so do not rely on this for critical functionalities.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top