0

I'm adding some account-spamming security to my registration script.

The aim is for the script to reject the user from creating a new account if over 10 accounts in the database match their IP address, and these ten accounts were made in the last hour.

This would allow people in a library, for instance, to create their accounts, whilst also preventing people from spamming accounts in our database.

I have the following code, but how would I check if 10 or more accounts were made in the last 1 hour?

if($count_existscheck==1) {
    echo 'account already exists.';
    exit();
}
if($count_existscheck==0) {
    // begin check for IPs
    $ip = $_SERVER['REMOTE_ADDR'];
    $sql_ipcheck = "SELECT * FROM members WHERE ip='$ip'";
    $result_ipcheck = mysql_query($sql_ipcheck);
    $count_ipcheck = mysql_num_rows($result_ipcheck);

    // if count =10 or >10, check if they were in the last hour
    if($count_ipcheck>9) {
        $row_ipcheck = mysql_fetch_assoc($result_ipcheck);
    }
}
4

1 回答 1

1

尝试这个:

$onehourbefore = strtotime('-1 hour');
$sql_ipcheck = "SELECT * FROM members 
         WHERE ip = '$ip' AND lastregistration > $onehourbefore;
$result_ipcheck = mysql_query($sql_ipcheck);

if(mysql_num_rows($result_ipcheck)>=10) echo 'Access Denied';

您应该在 tha members 表中有一个名为“lastregistration”的列,您现在将注册时间存储在 Unix 时间戳中。

(你应该检查你的mysql服务器的时间和你的网络服务器的时间。你应该使用 mysqli_query() 而不是 mysql_query() ...)

于 2013-05-14T00:46:09.287 回答