Is there any codes or tags in php that can kill or die a script if someone refreshes the page? To like block cheaters. Like say your submitting information and it says you submitted it, and you refresh and it sends it again. I have PHP5 installed. If there is no codes, is there any other language that would have something like this?

Ultimately, your site has no control of the user's browser.

There are two things you can do, but they both are in JavaScript.

You can capture the body tag's onclosing event, in this you can return a prompt to ask the user. The user will be shown your prompt, along with an OK and Cancel button. If they click cancel the browser will not close. But they can click OK and the browser will still close.

You can also capture the body tag's onclose event. In this you are limited even more. All you can do is execute code to try and salvage things. You can open a new window or alert the user to something.

But in the end you are powerless in preventing cheating like that.

The best solution is to redesign your site so that it works whether they close the browser or not.

It's an add on to firefox browsers. So that it will refresh the page over and over every second.

There's nothing you can do about that.

Like I said, engineer around the problem on your side. You won't stop their firefox from working.

Assuming your site requires a username/password, you should log user actions so you can then later analyze the logs (manually or programmatically) and find patterns of cheating. For example, if the same user performs the same action every second for 16 hours straight you can be fairly confident that the user was using a bot, and take appropriate action.

That's a user intensive solution though. The goal is to create something that works works without user interaction. Otherwise it will never scale. Certain things do indeed require moderation by a user, but it should be avoided as much as possible.

"Programmatically" would be the key term.... of course the best solution is to eliminate the incentive to use a bot in the application (no repetitive actions that benefit the player).

of course the best solution is to eliminate the incentive to use a bot in the application (no repetitive actions that benefit the player).

That's what I was trying to recommend. Probably not clearly enough though. ;)

They have to type in a username and password to view the inside of the website, and it's logged into a session. I have a whos online function, and on each page it tells me what they are doing, (like which page they are on). But if they are idle on that page, it could look like cheating, but not. I wish I could log their ip and have it show every button they click and every link. So I know more about what they are doing.

But if they are idle on that page, it could look like cheating, but not.

Idling on a page could look like cheating? How? If your game/site betters the user for idling on a page, then you need to seriously redesign.

I wish I could log their ip and have it show every button they click and every link. So I know more about what they are doing.

You can.

Actually I did something even better.

I contacted the firefox administrators (through a email no one is suppose to have) ^_^

Dave said an add on like that shouldn't be available and will be looking into deleting it.

You really think that this is a solution?

Security through obscurity is the worst kind. Just because a plugin is not on the official firefox website, doesn't mean that no one will have it. It's just a file that anyone can download.

Not to mention that the current users already have it. And it can't be deleted for them.

You really should be redesigning this part of your website. It doesn't sound like fun but that's life. A website is not like an application. You don't control their computer.

No he is going to block the add on from running from the browsers. Therefor it can't be used by anyone.

My website already has a ton of security things in it, I can find out just about anything I want, either from the admin control panel, or through my webhost panel.

If people can just refresh the page constantly then I find it hard to believe it was well designed. Just because you know someone did it doesn't mean you've solve the problem.

And I fail to see how someone will block a plugin from running in a browser. Remember that Firefox is open source (anyone can undo the block), and many people work on it (hard to convince them to block something because one person doesn't want it).

*sigh* I refuse to say more. As you clearly don't understand where I am coming from.

As you clearly don't understand where I am coming from.

I am merely trying to encourage proper design.

Just because a solution works, does not mean it is a good solution.

Curious.... where can I find your online game?

No he is going to block the add on from running from the browsers. Therefor it can't be used by anyone.

except for those people who don't upgrade their browser to the version that implements the block.

As you clearly don't understand where I am coming from.

Clearly you're not explaining it well enough then. The simple solution is, don't make something that can be submitted multiple times through reloads. Whatever you do, it has to be a server-side solution. Emailing Firefox extension administrators to get a useful plugin removed isn't the way to go about it.