如何限制每个用户的表单提交率 [英] How to limit a form submission rate per user
问题描述
我试图将 表单的
提交率限制为每个用户每 120 秒一次.
I am trying to limit a form's
submission rate to one per user per 120 seconds.
我正在考虑使用 $_SESSION
变量,但我不确定它会如何工作,并且可以删除 cookie.我猜一个 $_SESSION
变量可以由一个直观的用户解决,只需 注销
并重新登录.
I was thinking about using a $_SESSION
variable, but I'm not sure how that would work, and cookies can just be deleted. I guess a $_SESSION
variable could be worked around by an intuitive user just by logging out
and back in.
我目前只是在理论,所以我没有代码.
I'm just theorizing at the moment so I do not have code.
如何解决我的问题?
编辑 --
用户经常查询的原因是因为它是一个项目和动物寓言数据库.我需要将用户查询速度减慢到可接受的速度,因为超过 10 个查询/分钟的速度,否则应用程序可能会被禁止"或拒绝大约一个小时.
The reason the user would be querying so often is because it is an item and bestiary database. I need to slow down user queries to an acceptable rate because going over the rate of 10 queries/minute or else the application may be "banned" or denied for about an hour.
推荐答案
$_SESSION
和 $_COOKIE
变量可以被用户删除,因此被他们滥用.您需要将提交存储在服务器上的某个位置.也许用 MySQL.然后在处理表单之前做一个检查.
$_SESSION
and $_COOKIE
variables could be removed by the user, and are therefore abused by them. You need to store the submits somewhere on your server. Perhaps with MySQL. Then do a check before processing the form.
类似的东西
SELECT COUNT(*) attempts, MAX(submit_time) last
FROM form_submits
WHERE user_id = ?
AND submit_time > NOW - INTERVAL 2 MINUTE
然后
if ($row['attempts'] > 0) {
echo "You must wait " . (time() - strtotime($row['last'])) . " seconds before you can submit this form again.";
return;
}
这篇关于如何限制每个用户的表单提交率的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!