You are viewing a plain text version of this content. The canonical link for it is here.

Posted to modperl@perl.apache.org by Rob Bloodgood <ro...@empire2.com> on 2001/05/17 19:42:36 UTC

Preventing duplicate signups

So, like many of you, I've got a signup system in place for bringing on new
customers.

My signup script is reasonably straightforward.  I use CGI::Validate to make
my parameters pass muster (along with a little judicious JavaScript on the
signup form), Apache::Session::Oracle to maintain state between the multiple
pages of the signup, CGI::FastTemplate to print a pretty success page, and
DBI to create the account records at successful creation.

At one time it was straight CGI but I've since updated it for mod_perl.

Anyway, my only problem is that I can't seem to prevent duplicate signups,
e.g. reloading the last page to create multiple accounts.

This is my dupe detection code:

if (my (%post) = cookie('Signup')) {
    local $^W = 0;
    my $match = 0;
    foreach (qw/ email url password / ) {
	$match++ if param($_) and $post{$_} eq param($_)
    }
    if ($match == 3) {
	# I tried this first, but some browsers are stupid.
	# print header(-status=>'204 No Content');
	print header(-status=>'304 Not Modified');
	exit;
    }
}

Naturally, I set the corresponding cookie in the Header of the "Thank you
for signing up" template output.

But it doesn't work.  I still get duplicate accounts, and I'm at a loss as
to how to attack this problem.  (this is the 3rd or 4th approach I've
tried).

Suggestions?

TIA!

L8r,
Rob

#!/usr/bin/perl -w
use Disclaimer qw/:standard/;

Re: Preventing duplicate signups

Posted by clayton cottingham <dr...@smartt.com>.

Rob Bloodgood wrote:
> 
> So, like many of you, I've got a signup system in place for bringing on new
> customers.
> 
> My signup script is reasonably straightforward.  I use CGI::Validate to make
> my parameters pass muster (along with a little judicious JavaScript on the
> signup form), Apache::Session::Oracle to maintain state between the multiple
> pages of the signup, CGI::FastTemplate to print a pretty success page, and
> DBI to create the account records at successful creation.
> 
> At one time it was straight CGI but I've since updated it for mod_perl.
> 
> Anyway, my only problem is that I can't seem to prevent duplicate signups,
> e.g. reloading the last page to create multiple accounts.
> 
> This is my dupe detection code:
> 
> if (my (%post) = cookie('Signup')) {
>     local $^W = 0;
>     my $match = 0;
>     foreach (qw/ email url password / ) {
>         $match++ if param($_) and $post{$_} eq param($_)
>     }
>     if ($match == 3) {
>         # I tried this first, but some browsers are stupid.
>         # print header(-status=>'204 No Content');
>         print header(-status=>'304 Not Modified');
>         exit;
>     }
> }
> 
> Naturally, I set the corresponding cookie in the Header of the "Thank you
> for signing up" template output.
> 
> But it doesn't work.  I still get duplicate accounts, and I'm at a loss as
> to how to attack this problem.  (this is the 3rd or 4th approach I've
> tried).
> 
> Suggestions?
> 
> TIA!
> 
> L8r,
> Rob
> 
> #!/usr/bin/perl -w
> use Disclaimer qw/:standard/;



i might suggest making your database use stronger indexing
to prevent duplicate data in the database
that way the db would throw an error
that could be caught

we use first name last 
name and email address 
to create a combined
index 
that seems to do fine

Re: Preventing duplicate signups

Posted by Tim Tompkins <ti...@arttoday.com>.

Once your signup engine is ready to perform all database entries, have it
set and commit a flag in the session indicating that it is processing.  Once
the signup process is complete, set a flag in the session indicating this as
well.  You must now add two tests to your signup engine to avoid dupes.  The
two previous flags should be inspected immediately after fetching the
session (before processing anything) 1) to look for the completed flag which
can just display/redisplay the final status of the signup, 2) to display a
processing message while waiting for the previous signup process to complete
(if processing but not completed) then gathering the completed data from the
session and displaying the signup results.  There are a few ways to go about
#2, so be creative.


Thanks,

Tim Tompkins
----------------------------------------------
Staff Engineer / Programmer
http://www.arttoday.com/
----------------------------------------------
----- Original Message -----
From: "Rob Bloodgood" <ro...@empire2.com>
To: "mod_perl" <mo...@apache.org>
Sent: Thursday, May 17, 2001 10:42 AM
Subject: Preventing duplicate signups


> So, like many of you, I've got a signup system in place for bringing on
new
> customers.
>
> My signup script is reasonably straightforward.  I use CGI::Validate to
make
> my parameters pass muster (along with a little judicious JavaScript on the
> signup form), Apache::Session::Oracle to maintain state between the
multiple
> pages of the signup, CGI::FastTemplate to print a pretty success page, and
> DBI to create the account records at successful creation.
>
> At one time it was straight CGI but I've since updated it for mod_perl.
>
> Anyway, my only problem is that I can't seem to prevent duplicate signups,
> e.g. reloading the last page to create multiple accounts.
>
> This is my dupe detection code:
>
> if (my (%post) = cookie('Signup')) {
>     local $^W = 0;
>     my $match = 0;
>     foreach (qw/ email url password / ) {
> $match++ if param($_) and $post{$_} eq param($_)
>     }
>     if ($match == 3) {
> # I tried this first, but some browsers are stupid.
> # print header(-status=>'204 No Content');
> print header(-status=>'304 Not Modified');
> exit;
>     }
> }
>
> Naturally, I set the corresponding cookie in the Header of the "Thank you
> for signing up" template output.
>
> But it doesn't work.  I still get duplicate accounts, and I'm at a loss as
> to how to attack this problem.  (this is the 3rd or 4th approach I've
> tried).
>
> Suggestions?
>
> TIA!
>
> L8r,
> Rob
>
> #!/usr/bin/perl -w
> use Disclaimer qw/:standard/;
>
>
>

Re: Preventing duplicate signups

Posted by "Jeffrey W. Baker" <jw...@acm.org>.

On Thu, 17 May 2001, Rob Bloodgood wrote:

> So, like many of you, I've got a signup system in place for bringing on new
> customers.
>
> My signup script is reasonably straightforward.  I use CGI::Validate to make
> my parameters pass muster (along with a little judicious JavaScript on the
> signup form), Apache::Session::Oracle to maintain state between the multiple
> pages of the signup, CGI::FastTemplate to print a pretty success page, and
> DBI to create the account records at successful creation.

When you send out the signup form, include a random 32-character
hexadecimal string as a hidden input, and record in your database that the
code has been sent out.  When the form is submitted, ensure that the code
which accompanies it is valid, by looking in the database.  Then mark the
code as already used.  When the user reloads, your program will see that
the code he is sending was sent before, and can ignore his duplicate
request.

Jeffrey

Re: Preventing duplicate signups

Posted by "G.W. Haywood" <ge...@www.jubileegroup.co.uk>.

Hi Rob,

On Thu, 17 May 2001, Rob Bloodgood wrote:

> But it doesn't work.  I still get duplicate accounts, and I'm at a loss
[snip]
> Suggestions?

As you're using Oracle, why not use a constraint?

73,
Ged.