CodeIgniter Forums

Full Version: Restrict form/search submissions once every X seconds
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Pages: 1 2

El Forum

[eluser]gh0st[/eluser]
Using CodeIgniter I have built a search form, with paginated results.

It works, but I want to restrict the form/search submission (regardless of whether its a GET or POST) once every X seconds.

IE: A user makes a search and cannot perform another one for at least 10 seconds.

This is to reduce load on the server, etc.

Is there a quick way to do this with CI?

Thanks

El Forum

[eluser]jdfwarrior[/eluser]
There is several ways this could be done..

One way would be to set a session variable for the time of the last search and check that value before you submit allow the next

El Forum

[eluser]gh0st[/eluser]
I was thinking along the same lines, I wasn't sure if there was already a solution that someone did with CI.

I may end up just building my own.

El Forum

[eluser]jdfwarrior[/eluser]
That would prob be my choice. Or specifically, I would prob use a session var, set it to the time of the last search, then upon each request for a search, use jquery, do the submission via ajax to whichever controller, check the time, if it passes, do the search, throw back the results, make visible via javascript/jquery, or if the time doesnt pass, throw back and error, and display.

El Forum

[eluser]TheFuzzy0ne[/eluser]
I would suggest logging the user's IP and user agent to a database with a timestamp. That way, the restriction can't be bypassed by deleting the session cookie. The only problem I see with this solution is that it won't work as well as expected if more than one user is using the same browser and coming from the same IP address.

Another alternative would be to pass the data back to the form. Sure, it can be edited, but only by the minority of people, most of which would probably never check the post variables.

El Forum

[eluser]jdfwarrior[/eluser]
Thats why I didnt suggest that method. (Same outside ip from multiple users). There are obviously several ways to do it. The method I suggested seems less likely to be bypassed. If its only a few seconds, I would wait as opposed to going to delete the session cookie. But, using the database, places such as a university could have, potentially, alot of users hitting it at the same time.

El Forum

[eluser]gh0st[/eluser]
Thanks. I think a simple cookie, or session is perhaps the quickest route around this. I'm just wanting to reduce page load and issues of that nature.

Thanks

El Forum

[eluser]gh0st[/eluser]
[quote author="jdfwarrior" date="1234294705"]That would prob be my choice. Or specifically, I would prob use a session var, set it to the time of the last search, then upon each request for a search, use jquery, do the submission via ajax to whichever controller, check the time, if it passes, do the search, throw back the results, make visible via javascript/jquery, or if the time doesnt pass, throw back and error, and display.[/quote]

But what about a GET request?

In theory the session var, or token would always be the same if you keep pressing enter in the address bar?

El Forum

[eluser]jdfwarrior[/eluser]
I guess I'm not real sure what your asking. The method I'm saying I would use would:
On click of the search button, submit values to a given controller and function via jquery's Ajax $.post function. The controller function called would check a session variable of the last time a search was performed. If time had expired, it would pass the values on to a model, executing the search, updating the last time of search, and returning results back to the $.post function to update the Dom accordingly. If upon checking, X amount of time had not elapsed since the last search this info would be passed back to $.post and an error message would be displayed to the user.

As far as get variables, just personal pref, I don't use them very much.

El Forum

[eluser]gh0st[/eluser]
Oh okay.

I nearly got mine working, but it was way too strict and it wasn't working correctly. I've abandoned it until a later time.

I think using this method works better with post and not get.

My idea was;

1. Form has a hidden randomly generated token
2. Search results checks the token against session
3. Search results generates a new token and puts this in the form, but not in the URLs, or session.
4. If the user presses SUBMIT, a new token is forced into session, but if the user clicks on a URL the token is the same.

My problem came with when you simply went to the URL and pressed enter loads of times, the token would never really change.

It doesn't matter, I've abandoned it until further notice.
Pages: 1 2