I need to limit use of a server-intensive php script, and have come up with the following solution- each IP can use the script once every ten minutes, otherwise they get an error message.
So far I've come up with this process chart:
Start by deleting all database entries from over an hour ago (would be useful, to stop database getting clogged)
Then
1. Get time of script running
2. Get user IP
3. See if the timestamp matches within last ten minutes. If yes- go to error. If no- continue.
4. Write to database the time & IP of this request
However, I am bit lost with how to do this. I am not asking for anyone to write the code, but I would really appreciate it if someone could give me a list of functions etc. I will need to complete each step.
Thanks!
Limiting use of a php script
Moderator: General Moderators
rely on IP addresses you can not. Use a session variable instead you should.
however, in order to make this work like you want, written a sample below I have:
however, in order to make this work like you want, written a sample below I have:
Code: Select all
$result = mysql_query("select * from someTable where lastexecutiontime > '".date("Y-m-d G:i",strtotime("-10 minutes"))."' and ipadd = '".$_SERVER['REMOTE_ADDR']."'")
or die(mysql_error());
if($row = mysql_fetch_assoc($result))
\\ go to error stuff
else
{
mysql_query("insert into someTable (lastexecutiontime,ipadd) values (now(),'".$_SERVER['REMOTE_ADDR']."')")
or die(mysql_error());
}Using sessions won't work if the user closes their browser and decides to come back. An IP will work, however, most companies, universities and public access points will show the same IP address for every computer. You could set a cookie on the user's computer however; they can delete that too...
If you want to be really paranoid. (Which will only keep the honest people out?) You can set a cookie and try the IP or catch the user agent / IP. The only way for this to effectively work is to make the user login before they run your script.
If you want to be really paranoid. (Which will only keep the honest people out?) You can set a cookie and try the IP or catch the user agent / IP. The only way for this to effectively work is to make the user login before they run your script.
I think that the best bet is to stick with IPs.
On the whole, I doubt anyone is going to go to extreme lengths to block my script, and I'm not too fussed about stopping networks; the users who will be testing the script will have use a home computer.
So, referring back to my original message, what functions should I use?
I can draw from Burrito's code for the sql stuff and checking, but what is the best way to get an IP address?
Also, to stop people using web proxies (proxify etc.) would it be possible to identify the address in the users address bar and make sure it is within somesite.com?
The reason I have to be paranoid is that my host stopped my *entire site* because too many people were using a script. Got an apology eventually, but I don't wanna risk it again!
Thanks for your help!
On the whole, I doubt anyone is going to go to extreme lengths to block my script, and I'm not too fussed about stopping networks; the users who will be testing the script will have use a home computer.
So, referring back to my original message, what functions should I use?
I can draw from Burrito's code for the sql stuff and checking, but what is the best way to get an IP address?
Also, to stop people using web proxies (proxify etc.) would it be possible to identify the address in the users address bar and make sure it is within somesite.com?
The reason I have to be paranoid is that my host stopped my *entire site* because too many people were using a script. Got an apology eventually, but I don't wanna risk it again!
Thanks for your help!