Suppose a user came to the site and used the site search script, how do you restrict the use of this script with PHP? Those. so that when re-running the script, if 30 seconds had passed, he would get a message: wait a bit.

    5 answers 5

    Create a table with request. In which to store IP, and the time of the last visit. Extract IP from $ _SERVER. We are looking in the table, if there is no such append, if we compare the time of the last request with the current one, something like this

    TIMESTAMPDIFF(SECOND, time_request, NOW())

    If the time does not exceed the interval, update the field with the time of the last request, otherwise we give an error message.

      If it is not critical, then it is better to assign a session to the cookie for 30 seconds in order not to create another trash on the hosting. And there is already a JS check to not create a load. About cookies here, for example: http://php.net/manual/ru/function.setcookie.php

      and here is how to read the javascript cookie % 81-% D0% BA% D1% 83% D0% BA% D0% B8-% D0% B2-javascript-% D0% B8-jquery

      • If cookies are used, they are easy to wipe. - Andrey Arshinov

      My version:

      Description of data:

       cookie = { time, //ВрСмя ΠΏΡ€ΠΎΡˆΠ»ΠΎΠ³ΠΎ ΡƒΡΠΏΠ΅ΡˆΠ½ΠΎΠ³ΠΎ запроса md5_time //md5( time + salt ) } //НСкий ΠΎΠ±ΡŠΠ΅ΠΊΡ‚, допустим memcached //Для ΠΊΠ°ΠΆΠ΄ΠΎΠ³ΠΎ ip - timestamp дСсяти послСдних Π²ΠΈΠ·ΠΈΡ‚ΠΎΠ² Π±Π΅Π· cookie mem_ip = { ip1: [ time1, time2, time3 ] }; //НСкий ΠΎΠ±ΡŠΠ΅ΠΊΡ‚, допустим memcached //timestamp тысячи послСдних Π²ΠΈΠ·ΠΈΡ‚ΠΎΠ² Π±Π΅Π· cookie mem_all = [ time1, time2, time3 ];

      Algorithm

       Если ΠΊΡƒΠΊΠ° Π΅ΡΡ‚ΡŒ ΠΈ ΠΎΠ½Π° вСрная Π’ΠΎΠ³Π΄Π° Если ( curr_time - cookie.time ) > 30 Π’ΠΎΠ³Π΄Π°: ОбновляСм ΠΊΡƒΠΊΡƒ ΠŸΡ€ΠΎΠΏΡƒΡΠΊΠ°Π΅ΠΌ запрос Π˜Π½Π°Ρ‡Π΅: Π‘Π»ΠΎΠΊΠΈΡ€ΡƒΠ΅ΠΌ запрос Π˜Π½Π°Ρ‡Π΅ //ΠŸΡ€ΠΎΠ²Π΅Ρ€ΠΊΠ° Π½Π° DoS Если count( mem_all, time > curr_time - 60 ) > 100 Π’ΠΎΠ³Π΄Π°: Π‘Π»ΠΎΠΊΠΈΡ€ΡƒΠ΅ΠΌ запрос //Π—Π°Ρ‰ΠΈΡ‚Π° ΠΎΡ‚ очистки ΠΊΡƒΠΊΠΈ, Π½ΠΎ нСбольшая ΠΏΠΎΠ±Π»Π°ΠΆΠΊΠ° для NAT Если count( mem_ip[ req_ip ], time > curr_time - 60 ) > 3 Π’ΠΎΠ³Π΄Π°: mem_all.push( curr_time ); mem_ip[ req_ip ].push( curr_time ); Π‘Π»ΠΎΠΊΠΈΡ€ΡƒΠ΅ΠΌ запрос Π˜Π½Π°Ρ‡Π΅: Π‘ΠΎΠ·Π΄Π°Ρ‘ΠΌ ΠΊΡƒΠΊΡƒ ΠŸΡ€ΠΎΠΏΡƒΡΠΊΠ°Π΅ΠΌ запрос
      • The same memcached (for strangers with this) is replaced with a DB (as in the answer @ alter_f4), the excellent answer is Dex
      • memcached faster than the database)) - timka_s
      • I do not argue, therefore I say that for strangers with him - Dex

      As an option :

      1. Create a file with the name containing its ip address in md5 and txt format.
      2. Check the creation time of this file, and if more than 30 seconds have passed since the creation, then allow, otherwise disable.

      In principle, the easiest and fastest way.

      Here is the code:

       <?php $f_name = './gts/'.md5($_SERVER['REMOTE_ADDR']).'txt'; # if (file_exists($f_name) && (microtime(true) - filemtime($f_name) < 30) ) { echo '30 сСкунд Π½Π΅ ΠΏΡ€ΠΎΡˆΠ»ΠΎ, ΠΏΠΎΠ΄ΠΎΠΆΠ΄ΠΈΡ‚Π΅ Π½Π΅ΠΌΠ½ΠΎΠ³ΠΎ ΠΈ ΠΏΠΎΠ²Ρ‚ΠΎΡ€ΠΈΡ‚Π΅ ΠΏΠΎΠΏΡ‹Ρ‚ΠΊΡƒ.'; } else { $fp = fopen($f_name, 'w'); fclose($fp); # //Π½ΡƒΠΆΠ½Ρ‹ΠΉ Π²Π°ΠΌ ΠΊΠΎΠ΄ echo 'МоТно ΠΏΠΎΠ»ΡŒΠ·ΠΎΠ²Π°Ρ‚ΡŒΡΡ)'; } ?>

      Do not forget to create a folder gts - it will create files.

      • Can you imagine how many files there will be when at least the average load? - AlexDenisov
      • fast? do you know that the bottleneck is working with FS?))) - timka_s

      I support the variant with cookies and session, just write the time of the last request in cookies, and then compare it either via JS or already on the server. This option is better for at least two reasons:

      1. No need to store a bunch of extra information on the server.
      2. Several users coming from different machines, but through one gateway (having one external IP) will not interfere with each other.