问题
I am trying to limit a form's submission rate to one per user per 120 seconds.
I was thinking about using a $_SESSION variable, but I'm not sure how that would work, and cookies can just be deleted. I guess a $_SESSION variable could be worked around by an intuitive user just by logging out and back in.
I'm just theorizing at the moment so I do not have code.
How do I get around my problem?
EDIT --
The reason the user would be querying so often is because it is an item and bestiary database. I need to slow down user queries to an acceptable rate because going over the rate of 10 queries/minute or else the application may be "banned" or denied for about an hour.
回答1:
$_SESSION and $_COOKIE variables could be removed by the user, and are therefore abused by them. You need to store the submits somewhere on your server. Perhaps with MySQL. Then do a check before processing the form.
Something like
SELECT COUNT(*) attempts, MAX(submit_time) last
FROM form_submits
WHERE user_id = ?
AND submit_time > NOW - INTERVAL 2 MINUTE
Then
if ($row['attempts'] > 0) {
echo "You must wait " . (time() - strtotime($row['last'])) . " seconds before you can submit this form again.";
return;
}
来源:https://stackoverflow.com/questions/16379239/how-to-limit-a-form-submission-rate-per-user