dongmie3526 2013-11-22 12:42
浏览 197

如何防止使用php自动多次点击网站?

I have a form on a page where user fills in a message and when "Send" button is clicked it is send via ajax to php script. There via mail() message is sent to specific email address.

I would like to avoid situation where 1000's of emails are send in short time by malicious user. Please tell me if I'm wrong but this would be sort of DOS attack and and this would probably be taken care of by webserver itself. I am on shared hosting and I would assume that large hosting provider would limit this sort of behaviour so multiple automated hits to my page would be blocked somehow before it would hit my php script.

If that is not the case what would be the best way to protect against it? I'm still not 100% sure that my host would do the part and was wondering if there is anything I can do from PHP itself that would help?

EDIT: I was thinking to store timestamp in Session variable but then if someone has got cookies turned off session wouldn't exist. Would it be possible to check if cookies are on in a browser and if not simply ignore request? If coockies are on then store timestamp in a session and with every request compare if e.g. 5 seconds passed before sending email?

  • 写回答

1条回答 默认 最新

  • doukuanjing5404 2013-11-22 13:03
    关注

    You can prevent this from both side , Client and Server

    on Client side, first create a flag to check if form is submitted vi Ajax call or not

    var flag = false; // name for flag var according to your requirement

//check if for is sent or not

if(!flag){
   $.ajax({
    //set properties 
    .....
    success: function (response){
       // set flag as true
       flag = true;
    }
   });
}

    it will prevent for multiple for submission for single user unless if user refresh the page

    now suppose user try to refresh the page and submit the form multiple times

    then on server side create a flag variable in database for user email

    e.g subscription table

    user_email { true , false } default false //for each email id which sent via that form

    and make it true if user email id is not found in this table

    using this process you prevent your problem.

    hope it will help you

    评论

报告相同问题?

悬赏问题

  • ¥15 Vue3 大型图片数据拖动排序
  • ¥15 划分vlan后不通了
  • ¥15 GDI处理通道视频时总是带有白色锯齿
  • ¥20 用雷电模拟器安装百达屋apk一直闪退
  • ¥15 算能科技20240506咨询(拒绝大模型回答)
  • ¥15 自适应 AR 模型 参数估计Matlab程序
  • ¥100 角动量包络面如何用MATLAB绘制
  • ¥15 merge函数占用内存过大
  • ¥15 使用EMD去噪处理RML2016数据集时候的原理
  • ¥15 神经网络预测均方误差很小 但是图像上看着差别太大