PHP: Prevent back/double submission with a form confirmation page. Is my workflow correct?

Question

I can't get this to work. I am trying to prevent a user to get back to a form confirmation page which displays his information before final submission.

This is the current workflow:

post.php //User enters info; name, date, etc
->clicks submit
verify.php //This page displays the information the user entered before final submission.
           //No database work done
->clicks final submit
verify_f.php //Inserts data into database, REDIRECTS to verify_redirect.php
verify_redirect.php //Redirects to next page, confirm.php
confirm.php //Final screen. Lets user know that his data was successfully entered

The problem is once at confirm.php the user can hit his back button and is on verify_f.php, the confirmation page, where all of his data he entered is displayed and all he has to do is hit the final submit button again for a double entry.

How could this be fixed?

Answer 1

You can generate a random hash between those forms and change the hash once a form is submitted. Everytime the user submits a form, you check the hash coming from the form and whatever is stored in your server via $_SESSION.

Answer 2

In verify.php, generate a nonce (a random hash generally works well for this simple kind of purpose) and add it as a hidden form field submitted to verify_f.php. Then in verify_f.php, check to see that the nonce hasn't been used before.

Answer 3

keep all the processing in the same script.
you can use some form field and conditional operator to control the program flow, i.e.:

if (isset($_POST['confitm'])) {
  include 'confirm.php';
}