I've written some javascript to stop right-clicking on the page that is displayed by my software as it is re-directing to a browser to a payment processor. However it seems to be having a weird side-effect. It took me days to narrow it down to this script, but it seems to be causing my order page form to be submitted twice when the Submit button is clicked. However, it is only happening in Firefox - it works fine in all the other browsers.
I have been scratching my head over this for a very long while, but I still can't see how this code could possibly cause a form submission, but through a lot of trial and error testing, I've found that when this code is present, the form is submitted a second time, but when it's absent, the form is submitted only once.
The process that happens is that my order page is submitted to a PHP script, which adds the order to my database and sends the dopay.php page back to the browser. This page then forwards the browser to the payment processor's page. Sometimes, it may take a few seconds to get the processor's page, so I added the js script to stop opportunists from looking at the sensitive information in the form that is submitted on the page. Obviously, the determined can always use the others ways, but as the page is only displayed for a few seconds, if that, it's very rarely there long enough to be able to use the other methods.
However, when this script is present, I get two orders being added to my database and my test display messages show that it's because my order page php script has been triggered twice.
These are the pages involved:
The dopay.php page:
Code: Select all
<DOCTYPE>
<html>
<head>
<SCRIPT></This> 1) {
alert('Page not available');
return false;
}
}
}
function funMouseClick(evt) {
var objEvt = funGetEvent(evt);
if (objEvt.which) {
var button = objEvt.which;
} else {
var button = objEvt.button;
}
if (button > 1) {
alert('Page not available');
return false;
}
}
if (document.captureEvents) {
if (Event.KEYPRESS) {
document.captureEvents(Event.KEYPRESS|Event.MOUSEDOWN|Event.CLICK);
} else {
document.captureEvents(1024|1|64);
}
}
document.onkeypress = funKeyPress;
document.onmousedown = funMouseDown;
document.onclick = funMouseClick;
--></SCRIPT>
</head>
<body>
<form>
<input>
<input>
<input>
<input>
<input>
<input>
<input>
<input>
<input>
<input>
<input>
</form>
</body>
</html>
As you can see, the form on this page goes to Alertpay, so how on earth can my own order page be submitted twice?
The order page form:
Code: Select all
<form>
<table>
<tr><td>
<fieldset><legend>Enter Your Details</legend>
<table>
<tr>
<td><span>* </span>First Name:</td>
<td>
<input>
</td>
</tr>
<tr>
<td><span>* </span>Last Name:</td>
<td>
<input>
</td>
</tr>
<tr>
<td><span>* </span>Email Address:</td>
<td>
<input>
</td>
</tr>
</table>
<table>
<tr><td><img src="images/spacer.gif" width="1" height="1"></td></tr>
<tr>
<td>
<input>
</td>
</tr>
<tr><td>
<img src="images/spacer.gif" width="1" height="5"><br>
(It may take several moments to take you to our secure payment page, so please be patient. We always protect your privacy and never share your email address with anybody. Also, to ensure you receive our emails, we don't allow free email addresses e.g. yahoo, hotmail, msn.)
</td></tr></table>
</fieldset>
</td></tr></table>
</form>
funDisable disables the image button and submits the form. I've thoroughly tested this script with Firebug and it only ever does one submit.
The order page php script is far too big and complex to include here, but all it does with the dopay.php page is to echo it back to the browser. But anyway, I've eliminated it from the equation, as my testing has all pointed to the presence of the js script on the dopay.php page.
It's an obscure one, but does anyone have any suggestions as to how the js script could be causing the order page form to be submitted a second time?
Debbie
