如何限制每个用户的表单提交率 [英] How to limit a form submission rate per user

问题描述

我试图将 表单的 提交率限制为每个用户每 120 秒一次.

I am trying to limit a form's submission rate to one per user per 120 seconds.

我正在考虑使用 $_SESSION 变量，但我不确定它会如何工作，并且可以删除 cookie.我猜一个 $_SESSION 变量可以由一个直观的用户解决，只需 注销 并重新登录.

I was thinking about using a $_SESSION variable, but I'm not sure how that would work, and cookies can just be deleted. I guess a $_SESSION variable could be worked around by an intuitive user just by logging out and back in.

我目前只是在理论，所以我没有代码.

I'm just theorizing at the moment so I do not have code.

如何解决我的问题?

编辑 --

用户经常查询的原因是因为它是一个项目和动物寓言数据库.我需要将用户查询速度减慢到可接受的速度，因为超过 10 个查询/分钟的速度，否则应用程序可能会被禁止"或拒绝大约一个小时.

The reason the user would be querying so often is because it is an item and bestiary database. I need to slow down user queries to an acceptable rate because going over the rate of 10 queries/minute or else the application may be "banned" or denied for about an hour.

推荐答案

$_SESSION 和 $_COOKIE 变量可以被用户删除，因此被他们滥用.您需要将提交存储在服务器上的某个位置.也许用 MySQL.然后在处理表单之前做一个检查.

$_SESSION and $_COOKIE variables could be removed by the user, and are therefore abused by them. You need to store the submits somewhere on your server. Perhaps with MySQL. Then do a check before processing the form.

类似的东西

SELECT COUNT(*) attempts, MAX(submit_time) last
FROM form_submits
WHERE user_id = ?
AND submit_time > NOW - INTERVAL 2 MINUTE

然后

if ($row['attempts'] > 0) {

    echo "You must wait " . (time() - strtotime($row['last'])) . " seconds before you can submit this form again.";
    return;
}

这篇关于如何限制每个用户的表单提交率的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！