Jump to content

How To Stop Flooding Of A Form?


lovephp

Recommended Posts

well the code which is got is from google its

<?php


if (!isset($_SESSION)) {
       session_start();
}
// anti flood protection
if($_SESSION['last_session_request'] > time() - 2){
       // users will be redirected to this page if it makes requests faster than 2 seconds
       header("location: http://www.example.com/403.html");
       exit;
}
$_SESSION['last_session_request'] = time();
?>

 

but this code is of no use people after clearing cache can post again. and my form is open not register based

Link to comment
Share on other sites

  1. First off that code is wrong. You need to call session_start() at the top of any script where you want to use sessions. You don't check whether $_SESSION isset first.
  2. Clearing the cache is not the concern. Sessions are linked by cookies, using PHP's default behavior.
  3. What will that code do to stop my bot that doesn't accept your cookie anyways?

Link to comment
Share on other sites

This has nothing to do with "clearing cache". This code only prevents people from posting more than once every 2 seconds. They can still post every 3 seconds if they want.

 

What do you WANT to happen?

 

sorry Jess but it got to do with cache i tried it myself and if i make it 6hours and make a post and then clear cache, i can make a post without waiting for 6hours.

Link to comment
Share on other sites

Your code won't stop anyone or anything that wants to post, because they can drop the session id (or as

gizmola already posted, simple bot scripts don't even propagate session id's) and your code won't know if they ever posted before.

 

You would need to store the last access time and IP address in a database table.

Edited by PFMaBiSmAd
Link to comment
Share on other sites

You would need to store the last access time and IP address in a database table.

 

But if you take the IP as an identifier then all people behind a single NAT with the same IP will be treated as a single user.

Imagine a large university network with only a couple of external IPs and many thousand users.

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.