Webmaster-Talk.com > Coding Talk > PHP Forum > Flood Prevention

Reply
Flood Prevention
Old 07-17-2004, 06:23 AM Flood Prevention
Super Talker

Posts: 121
Talkupation: vegancoder will become famous soon enough
I am creating a guestbook, and i want to know of any other ways to prevent flooding, i dont want to use cookies, is there a way to do it using sessions?
vegancoder is offline
Reply With Quote
View Public Profile
 
When You Register, These Ads Go Away!
     
Old 07-17-2004, 11:37 AM
Christopher's Avatar
Iced Cap

Latest Blog Post:
PHP and Unicode with UTF-8
Posts: 3,108
Location: Toronto, Ontario
Talkupation: Christopher has much to be proud ofChristopher has much to be proud ofChristopher has much to be proud ofChristopher has much to be proud ofChristopher has much to be proud ofChristopher has much to be proud ofChristopher has much to be proud ofChristopher has much to be proud ofChristopher has much to be proud ofChristopher has much to be proud of
What you want to do is just log the user's IP to the database, along with the time of their posting. Then once someone tries to post again, you see if it's the same person -- if it is the same person and they're within the flood-time limit, then you deny them.

Here's one example I used to use:

Code:
CREATE TABLE flood_protect (
    id INT NOT NULL AUTO_INCREMENT,
    ip VARCHAR(100) NOT NULL,
    ip_alt VARCHAR(100) NOT NULL,
    time INT NOT NULL,
    PRIMARY KEY (id)
);
PHP Code:
<?php
$flood_limit 300// flood limit, in seconds. (300 = 5 mins)

////////////////////

mysql_connect('localhost''root''');
mysql_select_db('my_db');
mysql_query("DELETE FROM flood_protect WHERE time < " . (time() - $flood_limit)) or die(mysql_error());
// ^ you can actually get rid of this line, but the IP records would
// start to build up in the database. If you have some sort of
// cron system, you can just empty it every once and a while
// and save the extra query.

////////////////////

$ip getUserIP();
$ip_alt getUserIP('alt');

$query mysql_query("SELECT COUNT(*) FROM flood_protect WHERE ip = '$ip' AND ip_alt = '$ip_alt' AND time >= " . (time() - $flood_limit)) or die(mysql_error());
$count mysql_fetch_row($query);

if($count === false)
    $count 0;
else
    $count $count[0];

if($count 0)
    die('Sorry, you cannot post again due to flood protection. Please wait ' $flood_limit 60 ' minutes.');

mysql_query("INSERT INTO flood_protect (ip, ip_alt, time) VALUES ('$ip', '$ip_alt', " time() . ")") or die(mysql_error());

////////////////////

function getUserIP($what '')
{
    if($what == 'alt')
    {
        if(isset($_SERVER['HTTP_CLIENT_IP']))
            return $_SERVER['HTTP_CLIENT_IP'];

        elseif(isset($_SERVER['HTTP_X_FORWARDED_FOR']) && preg_match_all('#\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}#s'$_SERVER['HTTP_X_FORWARDED_FOR'], $matches))
        {
            foreach($matches[0] AS $ip)
            {
                if (!preg_match('#^(10|172\.16|192\.168)\.#'$ip))
                    return $ip;
            }
        }

        elseif(isset($_SERVER['HTTP_FROM']))
            return $_SERVER['HTTP_FROM'];
    }

    return $_SERVER['REMOTE_ADDR'];
}

?>
Christopher is offline
Reply With Quote
View Public Profile Visit Christopher's homepage!
 
Reply     « Reply to Flood Prevention
 
Previous Thread | Next Thread Webmaster-Talk.com > Coding Talk > PHP Forum > Flood Prevention

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Webmaster Resources Marketplace:
Software Development Company | Webhosting.UK.com
Web Templates | Text Link Brokers | Stock Photos


   
RSS Feed  Feeds: RSS   JS   XML
RSS Feed  Feeds for this forum: RSS   JS   XML

 


Page generated in 0.11183 seconds with 13 queries