令人惊讶的是,我在internet/stackoverflow上找不到任何相关的东西,而我认为它经常被使用。
我的表单基本上是一个文件上传表单,我想设置使用Javascript或PHP(PHP首选)提交表单之间的最短时间,以保护表单免受机器人等的攻击。
我唯一能想到的就是一个cookie/会话,但它们可以被删除/清除/修改。
存储您可以使用的提交者ip:
- 在最短时间后过期的memcache密钥
- 临时文件"flag"
- 使用captcha让机器人的生活更加艰难
最后,我使用了一个简单的MySQLi表。
MySQLi表包含三列,
- "ID"(用户的登录ID)
- 上传的时间(指定时间内上传的时间,默认为15分钟)
- TimeLastUploaded(用户上传其第一个最大值的时间,TimesUploaded,文档)
代码:
1.函数getuploaduse()
function getuploaduse(){
require('connect.php'); //Connect with the MySQL database
$theid = mysqli_fetch_array(mysqli_query($link, "SELECT COUNT(*) FROM `UploadUse` WHERE ID='"".$_SESSION['id']."'""));
if($theid[0] == 0){
return 'makenew'; //Make a new row
} else {
return mysqli_fetch_array(mysqli_query($link, "SELECT TimesUploaded,TimeLastUploaded FROM `UploadUse` WHERE ID='"".$_SESSION['id']."'"")); //Pass on TimesUploaded and TimeLastUploaded
}
}
2.上传页面中的PHP
//Set variables
$block = 'false';
$mintime = 15; //A minimum of 15 minutes between $maxuploads
$maxuploads = 3;
$contents = getuploaduse();// [0] => TimesUploaded, [1] => TimeLastUploaded
if(isset($_POST['thetitle'])){ //If users uploads
if($contents != 'makenew'){
if($contents[0] == $maxuploads){
$block = (time() - $contents[1]);
if($block < ($mintime * 60)){
$block= 'false';
mysqli_query($link, "UPDATE `UploadUse` SET `TimesUploaded`=1,`TimeLastUploaded`='".time()."' WHERE `ID`='".$_SESSION['id']."'"); //Reset
} else {
$block = $mintime - round($block / 60);
}
} else {
$block = (time() - $contents[1]);
if($block >= ($mintime * 60)){
$block= 'false';
mysqli_query($link, "UPDATE `UploadUse` SET `TimesUploaded`=1,`TimeLastUploaded`='".time()."' WHERE `ID`='".$_SESSION['id']."'"); //Reset
} else {
$increased = ($contents[0] + 1);
mysqli_query($link, "UPDATE `UploadUse` SET `TimesUploaded`='".$increased."' WHERE `ID`='".$_SESSION['id']."'"); //Increase
if($increased == $maxuploads){
$block = $mintime - round($block / 60);
} else {
$block = 'false';
}
}
}
} else {
mysqli_query($link, "INSERT INTO UploadUse(ID,TimesUploaded,TimeLastUploaded) VALUES('".$_SESSION['id']."','1','".time()."')");
}
//Place your upload script here and set $success to something to show your success and not the 'Maximum uploaded'
}
//Block if user doesn't upload (so when he tries to access the upload page)
if($contents != 'makenew' && $block == 'false'){
$contents = getuploaduse();// [0] => TimesUploaded, [1] => TimeLastUploaded
if($contents[0] == $maxuploads){
$block = (time() - $contents[1]);
if($block < ($mintime * 60)){
$block = $mintime - round($block / 60);
} else {
$block = 'false';
}
}
}
3.使用您的上传表单
<? if($block == 'false'): ?>
<!-- Your upload form here -->
<?php elseif(isset($success)): ?>
<!-- Success here-->
<?php else: ?>
<div class="alert alert-block alert-danger fade in">
<h4>You exceeded the maximum uploads per <?php echo $mintime; ?> min.</h4>
<p>You may upload maximum <?php echo $maxuploads ?> documents per <?php echo $mintime; ?> minutes. You have to wait for <span class="label label-danger"><span id="updatemin"><?php echo $block; ?></span> minute<? if($block > 1){echo 's';} ?></span>.</p><br />
</div>
<? endif; ?>
4.在我的HTML标题中(所以当用户被阻止时,它会更新剩余的分钟数)
<?php if($block != 'false'):?><meta HTTP-EQUIV="REFRESH" content="60; url=/Upload"><? endif; ?>
如果你认为这个代码有用,请投票给我(自己)的答案,因为我确实花了时间在这个代码上。(我是一个初学者,对我来说,这段代码是值得骄傲的,尤其是因为我没有使用教程或其他答案)