/    Sign up×
Community /Pin to ProfileBookmark

Limiting the number of calls to a php file per ip.

Copy linkTweet thisAlerts:
May 18.2009

I hope the title makes sense. I want to limit the number of calls a user can make to a php file (through a form and AJAX).

I guess the way to do it is with cookies or sessions but I can’t really understand how I would go about it. So far I’ve passed the ip of the user to the php file that does the action but can’t figure out how to use it. My main issue is setting a different cookie per user I guess.

Any thoughts or pointers on the subject?

to post a comment
PHP

7 Comments(s)

Copy linkTweet thisAlerts:
@bokehMay 18.2009 — [code=php]<?php

session_start();

$MaxPageLoads = 5;

if(@$_SESSION['PageLoads']++ > $MaxPageLoads)
{
// abort
}

?>[/code]This is by cookie which means the user can delete the cookie and get back to square one. If this is a problem you need to use a database table and make an entry for each page and IP. This also is not foolproof as people have dynamic IP's with some ISP's even changing the IP between requests.
Copy linkTweet thisAlerts:
@vaistikauthorMay 18.2009 — Gah! I should read what I've wrote more than once!

Thanks for the answer but I haven't described what I needed as I should.

I wanted to limit the time the page is loaded in a certain amount of time. To be more specific, once every X minutes, where X will be set by an administrator. It's not meant to be a bulletproof method, just an obstacle, so deleting the cookie doesn't really bother me.

My initial idea was to create a cookie with the users ip and set it to expire in X minutes. I'm not too familiar with cookies, no idea about them actually so my idea had the fault that it wasn't user specific.

If the cookie had my ip and another user called the file, the cookie would have his ip thus allowing me to call the file again.

It's a bit messy, or I'm having troubles describing it. ?

PS: Although it's not exactly what I'm looking for your code is handy, does the session_start() work if the file is called by AJAX?
Copy linkTweet thisAlerts:
@MindzaiMay 18.2009 — Generally the server doesn't care where the request comes from, a request is a request AJAX or otherwise. There is nothing magic about AJAX, it is just 'automating' (for lack of a better word) the process of sending requests, but what it does is exactly the same as if you sent a request by typing in a URL and hitting enter, so a PHP script will behave the same regardless (unless you write specific code to make it behave differently, but thats another story!).

Back to your issue, cookies and sessions are about the same in terms of robustness. All the user has to do with sessions is to close the browser window and they can make a new request. Obviously with cookies they just have to delete them.

Personally given that you are not too bothered by this, I would go with cookies as it is simpler just to check for a cookie and set it if one doesn't exist. Also bear in mind that IP addresses can change even between requests for some people, and similarly many people can share an IP. Cookies are going to be unique to the browser so will not be affected by any of these issues. You don't even need to store the IP in the cookie. Set the expire time to X minutes, if the cookie is there deny, if it is not process and set the cookie again.

To get more robust that that, you would have to start logging information on the server side, either in a flat file or a database. Neither is especially difficult, but it depends on how important this is to you as to whether it's worth doing.

Some sample code to get you started with cookies:

[code=php]
if (isset($_COOKIE['foo'])) {
// process request here
setcookie('foo', 'bar', time()+600); // expires in 10 minutes
} else {
// deny request here
}[/code]
Copy linkTweet thisAlerts:
@bokehMay 18.2009 — does the session_start() work if the file is called by AJAX?[/QUOTE]An AJAX request is identical to a conventional request so what happens on the server is identical.
[code=php]
<?php

// not tested

// minimum reload period in seconds
$X_Seconds = 60;

if(!isset($_COOKIE['X_Seconds']))
{
setcookie ('X_Seconds', '', time()+$X_Seconds, '/', '', 0);
}
else
{
// abort script
}

?>[/code]
Copy linkTweet thisAlerts:
@bokehMay 18.2009 — 
[code=php]
if (isset($_COOKIE['foo'])) {
// process request here
setcookie('foo', 'bar', time()+600); // expires in 10 minutes
} else {
// deny request here
}[/code][/QUOTE]This code will never work as the cookie never gets set.
Copy linkTweet thisAlerts:
@vaistikauthorMay 18.2009 — Thanks for the clarifications on cookies, sessions and AJAX. Will try the code examples with any changes I come up with and post the results.

Cheers.
Copy linkTweet thisAlerts:
@MindzaiMay 18.2009 — This code will never work as the cookie never gets set.[/QUOTE]

typo, should be !isset
×

Success!

Help @vaistik spread the word by sharing this article on Twitter...

Tweet This
Sign in
Forgot password?
Sign in with TwitchSign in with GithubCreate Account
about: ({
version: 0.1.9 BETA 5.17,
whats_new: community page,
up_next: more Davinci•003 tasks,
coming_soon: events calendar,
social: @webDeveloperHQ
});

legal: ({
terms: of use,
privacy: policy
});
changelog: (
version: 0.1.9,
notes: added community page

version: 0.1.8,
notes: added Davinci•003

version: 0.1.7,
notes: upvote answers to bounties

version: 0.1.6,
notes: article editor refresh
)...
recent_tips: (
tipper: @AriseFacilitySolutions09,
tipped: article
amount: 1000 SATS,

tipper: @Yussuf4331,
tipped: article
amount: 1000 SATS,

tipper: @darkwebsites540,
tipped: article
amount: 10 SATS,
)...