问题
I would like to know is it possible to create a restriction where php will not accept the form data if the user already submitted the form once. Well the system my client wants is like a open system. No user registration is needed, so there is no way I can use the session trick to put a restriction of 10mins for each users before they can submit the form again.
Any solution will be much appreciated. I don't want to put a restriction on IP because many users use shared IP.
回答1:
Using sessions you can restrict additional form submissions from the same browser session.
The following doesn't check for 'duplicate' submissions, just multiple submissions within 10 minutes.
If you wanted to check for duplicate submissions you could store a hash of the form data alongside the timestamp.
<?php
session_start();
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$timestamp = isset($_SESSION['form_submitted_ts'])
? $_SESSION['form_submitted_ts']
: null;
if(is_null($timestamp) || (time() - $timestamp) > 10 * 60) {
if(process_data($_POST)) {
$_SESSION['form_submitted_ts'] = time();
echo 'Success!';
}
} else {
// Form submitted in last 10 minutes. Perhaps send HTTP 403 header.
die('Failure! (Form submissions are rate limited.)');
}
}
function process_data($data)
{
// Your code here...
return true;
}
?>
<form method="post">
<input type="submit" value="submit">
</form>
回答2:
using sessions is the solution to your problem.
Method
- when user visits your page, just start a session
session_start(); - make a session variable which stores current time
$_SESSION['user']['login_time']; - store current time in that variable
$_SESSION['time']['login_time'] = currentTime();--> note that currentTime() is the function which gets current time. - then make a condition which would check
if newtime - currentTime >= 10 - if true then bingo ! tim up else keep it running.
_i would recommend to use Javascript as it would reduce the impace on server and it runs on browser than the server. The same can be achieved using JS, and that too, very easily.
回答3:
You can use either a session, custom cookie, or post/get variable - You need a way to store that they have already submitted the form, so these are your best bets.
Easiest way is to use $_SESSION - I assume that you start a session and write it to the user as a cookie (Pretty much default settings).
You could do it using javascript and write a cookie on submission, which you could check in PHP ($_COOKIE), and to stop the user submitting the form again you can also check it in javascript on the page.
Downside is if you make a cookie using Javascript someone would be able to alter the contents, but the same goes if they clear their cookies thats where your $_SESSION is stored unless your passing it in GET and POST requests.
You could do it with a hidden input variable on the form (GET/POST) which on first visit is populated with the session id, if you really don't want to use a cookie to store the session,you will need to look at session_id(). This is still using a session, but without the relience on the cookie.
来源:https://stackoverflow.com/questions/35557034/how-to-restrict-a-user-from-submitting-a-form-more-than-once-in-10-mins-using-ph