如何限制每个用户一个表单提交率 [英] How to limit a form submission rate per user

问题描述

我想一个表单提交率限制到每了每120个秒用户之一。

I am trying to limit a form's submission rate to one per user per 120 seconds.

我在想使用 $ _ SESSION 变量，但我不知道如何，将工作和cookie可以只被删除。我猜 $ _ SESSION 变量可以被周围被一个直观的用户仅仅通过在工作日志记录了和背部。

I was thinking about using a $_SESSION variable, but I'm not sure how that would work, and cookies can just be deleted. I guess a $_SESSION variable could be worked around by an intuitive user just by logging out and back in.

我只是理论化的时刻，所以我没有code。

I'm just theorizing at the moment so I do not have code.

我如何在我的问题得到什么？

How do I get around my problem?

编辑 -

用户将常常查询的原因是因为它是一个项目，寓言数据库。我需要用户查询放慢到可接受的速率，因为要在10查询/分钟或其他应用程序可能被禁止或拒绝了大约一个小时的速率

The reason the user would be querying so often is because it is an item and bestiary database. I need to slow down user queries to an acceptable rate because going over the rate of 10 queries/minute or else the application may be "banned" or denied for about an hour.

推荐答案

$ _ SESSION 和 $ _ COOKIE 变量可能被用户除去，因此由它们滥用。你需要在一些地方保存你的服务器上提交。也许是与MySQL。然后处理表单前做一次检查。

$_SESSION and $_COOKIE variables could be removed by the user, and are therefore abused by them. You need to store the submits somewhere on your server. Perhaps with MySQL. Then do a check before processing the form.

像

SELECT COUNT(*) attempts, MAX(submit_time) last
FROM form_submits
WHERE user_id = ?
AND submit_time > NOW - INTERVAL 2 MINUTE

然后

if ($row['attempts'] > 0) {

    echo "You must wait " . (time() - strtotime($row['last'])) . " seconds before you can submit this form again.";
    return;
}

这篇关于如何限制每个用户一个表单提交率的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！