开发者

Anti flood : session or db stocking ips

问答 作者:

right now I'm using an antiflood function in all my websites : 

function flood($name,$time)
{
 $name = 'tmptmptmp'.$name;
 if(!isset($_SESSION[$name]))
 {
  $_SESSION[$name] = time();
  return true;
 }
 else
 {
  if(time()-$time > $_SESSION开发者_开发技巧[$name])
  {
   $_SESSION[$name] = time();
   return true;
  }
  else
  {
   return false;
  }
 }
}

I use it this way :

if(flood('post',60)) do something;
else 'you're posting too fast';

Is this way safe ? Or do I need to replace it/complete it with a db table stocking ips and checking if they did a request earlier ?

It depends. How likely are your users going to clear their cookies to get past your anti-flood protection? I'll say that if they have to login again, 99% of the users won't even bother.

But sure, if you really want better method, store the ips in the DB. But even that can be defeated by getting a new IP.

继续阅读:floodingsession

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9