Repetitive form submission

[helraizer]

Hi folks,

 

I have a form for the user to fill in with a comment and then post it... which is pretty normal.

 

However, anyone can just post and post and post..

 

What code could (or an idea of such) can I use to stop a certain IP address from posting more than 3 times in 10 minutes (for example)?

 

Sam

[Wes1890]

Set up a table called "post_users" with 2 columns, IP and Time.

 

And everytime someone posts a comment, add their IP and Time to the DB. So each time (before putting the comment in the DB), check if their IP is in the "post_users" table within the last 10 minutes (time()-600)

 

[The Little Guy]

This shows how many users are viewing the site, but with a little modification, it can stop people from posting after 5,10,15,20 or how ever many minutes you would like.

 

http://phpsnips.com/snippet.php?id=22

[roopurt18]

You have to be careful about any approach that uses IPs to identify users.  A potential problem with an IP-based approach would be multiple users in the same public setting or company trying to post comments; they will all appear to come from the same IP as far as your site is concerned.

 

You could create a cookie on the client machine; but this is unreliable as well since a spammer can just delete them after each post.

 

The most reliable approach is one in which you require users to have an account before they can post.  Then you can use the initial solution proposed by wes but instead of the IP address, store the user's name.  If you ever wondered why every popular site required users to register, this is part of it.