View Full Version : how to prevent page refreshes using PHP?

07-28-2007, 06:06 PM
I am trying to come up with a method to prevent users from refreshing/reloading a page using PHP

I am making a PHP web based game. I don't want players to reload the page because it will reset the game -- this will be a way for them to cheat. It isn't a Flash game -- it's a pure PHP based combat system.

The best way I can think of this is to generate a random number and use that number for the combat instance. Store that number in a mySQL table and do a check to see if the number is the correct random number for the combat instance.

If the page reloads then a new random number is generated and the check fails, which doesn't allow the combat instance to display thereby preventing the player from cheating.

Is there a better way to do this than the idea I came up with?

07-28-2007, 06:09 PM
Yeah, I think you should write the PHP code so the game won't reset. I have no idea how, but messing with the functions in the user's browser is not the optimal thing to do.

07-28-2007, 07:03 PM
I wouldn't mess with the browser code at all. I aim to do this purely in PHP.

not sure how to do it though.. any takers?

07-28-2007, 07:07 PM
I didn't mean mess with the browser code. That is a programming language and has nothing to do with the web. I meant you shouldn't use PHP or Javascript or similar to prevent the user from using the built in functions in the browser.

07-28-2007, 08:22 PM
I dont think you can prevent a person from refreshing using php server side. Maybe you can with javascript since that is clinet side. But it sounds like you just want to determine if a person reloading te page is new or not. You solutions sounds good. You could store the random number in a session:


07-28-2007, 08:54 PM

This code will, hopefully, get you where you want. It works using the database and a session variable which is changed every time the user refreshes. Note: the database has the FIRST set session code so as soon as the user refreshes the two will be different. This means the code knows the page must have been refreshed!

Once the user has refreshed the page, the error message will continue to come up until the databases version of the session is erased. I would suggest that you put a submit button with the error message which triggers the code:

//NOTE: All CAPITALISED words should be changed to match your database.

Then you should take the user back to the first page to start again =]

Hopefully this is what you are looking for.


//connect to the database.
mysql_connect("localhost", "USERNAME", "PASSWORD") or die(mysql_error());
mysql_select_db("DATABASE") or die(mysql_error());

//if you press the "Start Game Again" button. This code will be the code you use when you want to let the user access the game page again.
if (isset($_POST['startagain'])){
//change the databases version of the session to blank
//go back to the index/start page
echo "<script>window.location = 'index.php';</script>";
//stop running any more code.

//get the session randomised number from the database for that specific user.
$result = mysql_query("SELECT sessionvar FROM [TABLE] WHERE [USERNAME COLUMN] = '$usernamevar'");
$row = mysql_fetch_array( $result );
//assign the random number from the database to a variable.
$databasesession = $row['sessionvar'];

//the random number will be made up of a certain number of these characters (you can add symbols).
$alphanum = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz123456789";
//create a random string of 20 characters, using the characters above.
$rand = substr(str_shuffle($alphanum), 0, 20);

//set the random string as a SESSION variable. (We'll use this to check whether the page has been refreshed or not, later).
$_SESSION['sessionvar'] = $rand;

//if there is no random number (session) already in the database, then the user has never visted the page. So lets give the user a session variable... and add it to the database.
if ($databasesession == ""){
mysql_query("UPDATE [TABLE] SET sessionvar = '$rand' WHERE [USERNAME COLUMN] = '$usernamevar'");

//now the user should have a random session variable in the database. All we have to do now is check to see whether it is the same as the one we assigned to his/her SESSION on the server.

//if the databases session matches the current session on the server for this user OR the databases session is blank (which means the user has never visited before), then show the page.
if ($databasesession == $_SESSION['sessionvar'] || $databasesession == ""){
echo "<a href='javascript:void(0)' onClick='window.location.reload( true );'>Refresh</a>";

//if the databases random number isn't the same as the one which the user has in the session then show an error and stop executing the rest of the code ("exit();").
} else {
echo "ERROR: You must NOT refresh this page!";
echo "<form method='post' action''><input type='submit' name='startagain' value='Start Game Again!'></form>";
echo "<a href='javascript:void(0)' onClick='window.location.reload( true );'>Refresh</a>";


If you need to know anything else about this code then please let me know, and I'll help... the commenting may or may not help at all :P