php计时器,仅允许用户每两秒钟输入一次 [英] php timer to only allow user input every two seconds
问题描述
我正在编程一个网站,您可以在该网站上发布内容.这适用于以下jQuery ajax:
I am programming a website where you can post stuff. This works with the following jQuery ajax:
$.ajax({
type: 'POST',
url: 'action/post.php',
data: 'posttext='+posttext+'&imageurl='+imageurl,
success: function(feedback){
$('#feedback').val(feedback);
}
});
现在,我想知道:任何人都可以编写自己的Ajax来向网站发布内容,然后一遍又一遍地做.我该如何预防?我确定我需要在post.php中进行某种安全检查-我已经听说过http Referer,但是可以对其进行修改,因此它并不是真正值得信赖的.
Now I wonder: anyone could write his own ajax to post something to the site and do this over and over again. How do I prevent this? I am sure I would need some kind of security check in post.php - I already heard about http referer, but that can be modified so it's not really trustworthy.
我还想在post.php中添加一个计时器,以确保来自同一ip地址的帖子只能每x秒发布一次,并且如果该帖子在x秒以下发送,重置计时器.就像堆栈溢出用注释一样).
Also I would like to add a timer in post.php that makes sure that a post from the same ip address can only be posted once every x seconds, and resets the timer if the post is sent below x seconds (kind of like stack overflow does it with the comments).
有人知道如何保护Ajax以及如何设置计时器吗?或其他任何想法如何确保发布机制?
Does anyone know how to secure the ajax and also how set the timer? Or any other ideas how to secure the posting mechanism?
谢谢!
丹尼斯
推荐答案
您最好的方法是将您的信息存储在数据库中.一个表中可能有4个字段:
Your best approach would be to store your information in a database. You could have 4 fields in a table:
ipAddress, submitDate, postText, imageUrl
提交后,检查数据库中是否有当前IP地址的条目.如果是这样,请将条目的提交日期与当前日期进行比较,如果超出您的阈值,则允许提交.否则,发出错误消息并重定向用户.
Upon submission, check if there's an entry in the DB for the current IP Address. If so, compare the entry's submit date with the current date and if it is over your threshold allow the submission. Otherwise, issue an error message and redirect the user back.
但这仍然不是万无一失的,因为IP地址也可能被欺骗,或者用户可能躲在代理后面.
This still isn't foolproof however, since the IP Address can also be spoofed or the user can be hiding behind a proxy.
这篇关于php计时器,仅允许用户每两秒钟输入一次的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
