I can't get this to work. I am trying to prevent a user to get back to a form confirmation page which displays his information before final submission.
This is the current workflow:
post.php //User enters info; name, date, etc
->clicks submit
verify.php //This page displays the information the user entered before final submission.
//No database work done
->clicks final submit
verify_f.php //Inserts data into database, REDIRECTS to verify_redirect.php
verify_redirect.php //Redirects to next page, confirm.php
confirm.php //Final screen. Lets user know that his data was successfully entered
The problem is once at confirm.php the user can hit his back button and is on verify_f.php, the confirmation page, where all of his data he entered is displayed and all he has to do is hit the final submit button again for a double entry.
How could this be fixed?
You can generate a random hash between those forms and change the hash once a form is submitted. Everytime the user submits a form, you check the hash coming from the form and whatever is stored in your server via $_SESSION.