lovephp Posted October 13, 2012 Share Posted October 13, 2012 guys how to go about to stop form flooding by users? i got a session anti flood code but it do not seem to work they keep posting, i guess they clear cache Quote Link to comment https://forums.phpfreaks.com/topic/269428-how-to-stop-flooding-of-a-form/ Share on other sites More sharing options...
KevinM1 Posted October 13, 2012 Share Posted October 13, 2012 Can you show your form code, your form handling code, and your anti-flood code? Quote Link to comment https://forums.phpfreaks.com/topic/269428-how-to-stop-flooding-of-a-form/#findComment-1385030 Share on other sites More sharing options...
lovephp Posted October 15, 2012 Author Share Posted October 15, 2012 well the code which is got is from google its <?php if (!isset($_SESSION)) { session_start(); } // anti flood protection if($_SESSION['last_session_request'] > time() - 2){ // users will be redirected to this page if it makes requests faster than 2 seconds header("location: http://www.example.com/403.html"); exit; } $_SESSION['last_session_request'] = time(); ?> but this code is of no use people after clearing cache can post again. and my form is open not register based Quote Link to comment https://forums.phpfreaks.com/topic/269428-how-to-stop-flooding-of-a-form/#findComment-1385296 Share on other sites More sharing options...
Jessica Posted October 15, 2012 Share Posted October 15, 2012 This has nothing to do with "clearing cache". This code only prevents people from posting more than once every 2 seconds. They can still post every 3 seconds if they want. What do you WANT to happen? Quote Link to comment https://forums.phpfreaks.com/topic/269428-how-to-stop-flooding-of-a-form/#findComment-1385298 Share on other sites More sharing options...
gizmola Posted October 16, 2012 Share Posted October 16, 2012 First off that code is wrong. You need to call session_start() at the top of any script where you want to use sessions. You don't check whether $_SESSION isset first. Clearing the cache is not the concern. Sessions are linked by cookies, using PHP's default behavior. What will that code do to stop my bot that doesn't accept your cookie anyways? Quote Link to comment https://forums.phpfreaks.com/topic/269428-how-to-stop-flooding-of-a-form/#findComment-1385413 Share on other sites More sharing options...
lovephp Posted October 16, 2012 Author Share Posted October 16, 2012 This has nothing to do with "clearing cache". This code only prevents people from posting more than once every 2 seconds. They can still post every 3 seconds if they want. What do you WANT to happen? sorry Jess but it got to do with cache i tried it myself and if i make it 6hours and make a post and then clear cache, i can make a post without waiting for 6hours. Quote Link to comment https://forums.phpfreaks.com/topic/269428-how-to-stop-flooding-of-a-form/#findComment-1385588 Share on other sites More sharing options...
Pikachu2000 Posted October 16, 2012 Share Posted October 16, 2012 Are you sure you don't mean "clear cookies" instead of "clear cache"? Quote Link to comment https://forums.phpfreaks.com/topic/269428-how-to-stop-flooding-of-a-form/#findComment-1385599 Share on other sites More sharing options...
lovephp Posted October 16, 2012 Author Share Posted October 16, 2012 oops i mean both clear Cookie and Cache Quote Link to comment https://forums.phpfreaks.com/topic/269428-how-to-stop-flooding-of-a-form/#findComment-1385608 Share on other sites More sharing options...
Jessica Posted October 16, 2012 Share Posted October 16, 2012 There's nothing to do with 6 hours in this code, it says 2 seconds. Quote Link to comment https://forums.phpfreaks.com/topic/269428-how-to-stop-flooding-of-a-form/#findComment-1385609 Share on other sites More sharing options...
lovephp Posted October 17, 2012 Author Share Posted October 17, 2012 hahahaha Jess this code is just example and be it 2 secs to make it 300, after clearing cookie it will not work. thats what i am talking about eh Quote Link to comment https://forums.phpfreaks.com/topic/269428-how-to-stop-flooding-of-a-form/#findComment-1385801 Share on other sites More sharing options...
Jessica Posted October 17, 2012 Share Posted October 17, 2012 So you showed us code that isn't actually what you're using, and you expect us to help you fix the problem. Quote Link to comment https://forums.phpfreaks.com/topic/269428-how-to-stop-flooding-of-a-form/#findComment-1385803 Share on other sites More sharing options...
PFMaBiSmAd Posted October 17, 2012 Share Posted October 17, 2012 (edited) Your code won't stop anyone or anything that wants to post, because they can drop the session id (or as gizmola already posted, simple bot scripts don't even propagate session id's) and your code won't know if they ever posted before. You would need to store the last access time and IP address in a database table. Edited October 17, 2012 by PFMaBiSmAd Quote Link to comment https://forums.phpfreaks.com/topic/269428-how-to-stop-flooding-of-a-form/#findComment-1385804 Share on other sites More sharing options...
pantu Posted October 23, 2012 Share Posted October 23, 2012 You would need to store the last access time and IP address in a database table. But if you take the IP as an identifier then all people behind a single NAT with the same IP will be treated as a single user. Imagine a large university network with only a couple of external IPs and many thousand users. Quote Link to comment https://forums.phpfreaks.com/topic/269428-how-to-stop-flooding-of-a-form/#findComment-1387289 Share on other sites More sharing options...
Christian F. Posted October 23, 2012 Share Posted October 23, 2012 Others would even be counted as many different persons, as they might go through a proxy farm and thus have different IPs from request to request. So, you should at least be aware of these difficulties. Quote Link to comment https://forums.phpfreaks.com/topic/269428-how-to-stop-flooding-of-a-form/#findComment-1387306 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.