Flood Protection
Listed In Uncategorized » — Viewing Full TutorialALTER your MySQL tables to add an IP and timestamp field to each row inserted in order for this to work efficiently, or, at all.
The logic for this is very simple. All you have to do is this:
- Before they make a post, check the number of posts they have made under their IP address in the last x minutes.
- If it's over the limit, prevent them from posting.
- If not, let them post.
Let's put it into code.
Step 1: Checking the number of posts.
<?PHP
$five_minutes = 300; // five minutes, in seconds. you can alternatively do 60 * 5.
$limit = time() - $five_minutes; // this makes a timestamp from exactly five minutes ago.
$check = mysql_query("SELECT COUNT(*) AS result FROM `table` WHERE `ip` = '".$_SERVER['REMOTE_ADDR']."' AND `timestamp` < $limit");
?>
Step 2: Get the result from MySQL and then compare it to how many posts we'll let the user have in a five minute period.
<?PHP
$r = mysql_fetch_array($check, MYSQL_ASSOC);
$number = $r['result'];
$set_amount = 3;
?>
Step 3: Do the comparison using if/else and execute the query if they're under the limit.
<?PHP
if($number < $set_amount) { // If they're below the limit (i.e. if they're not spammers :P)
mysql_query("INSERT INTO table (name, post, ip, timestamp) VALUES ('$name','$post','".$_SERVER['REMOTE_ADDR']."','".time()."'");
echo 'Thanks, '.$name.'. Your post was added.';
}
else {
echo 'Sorry love, but you can't post more than '.$set_amount.' times in '.round($five_minutes/60,1).' minutes. Try again later.';
}
?>
Simple, eh? Oh - and if you're wondering why I used
round() on $five_minutes, it's so you can change that variable's value and it will automatically update accordingly. I'm so convinient ;)
