Refreshing the page = uploading the file again and again

All support enquiries for DFH go in here...

Refreshing the page = uploading the file again and again

Postby Dan_y2k » Sat Aug 23, 2014 3:41 am

In DFH v1.2.9, after I'm uploading via normal input and getting to the "separate" page ./upload.php?do=verify and hitting the refresh button, my browser asks my permission to resubmit the form, and if I hit ok - it uploads the same file all over again. Just imagine what can happen if someone who wants to harm your website will come up with a way to automate this process - and then you'll have a big server load and small free webspace on your hands.

I've looked up for some solutions, and I think that the best one is to set a hidden input named postcheck which contains a random md5 number, and check it against the current session, and of course that it will change in every page load.

The code here is just a small example which I haven't tested, but it'll maybe help with thinking of a good implementation.

Code: Select all
if( ($_SESSION['postcheck'] != $_POST['postcheck']) )
{
    return false;
} else {
    return true;
}


Thanks.
Dan_y2k
Newbie Member
 
Posts: 2
Joined: Fri Aug 22, 2014 2:09 am

Re: Refreshing the page = uploading the file again and again

Postby SamEA » Sat Sep 06, 2014 1:30 am

Hi Dan_y2k,

Adding session verification to this process will not prevent any sort of automated systems from reuploading the same file again, as such systems are capable of retrieving this data the same way a browser will be able to. The only way you can prevent abuse, would be handled at the web server level (i.e Apache) or by adding a captcha each and every time to a new file upload.

The only other method would be verifying if the file was uploaded by the same user, but again, an automated system could continuously travel on different IP addresses.

I have never heard of DFH users having any issues with abusive server load. Are you experiencing any? If so, I will look further into this.

Thanks,
SamEA,
DaddyScripts' Admin & Developer.

Require a PHP or general IT freelancer? Don't hesitate to PM me.
User avatar
SamEA
Site Admin
 
Posts: 1165
Joined: Sat Feb 19, 2011 7:51 pm


Return to Daddy's File Host v1.X

Who is online

Users browsing this forum: No registered users and 2 guests

cron