I have a one-page short (roughly 200 lines of code) PHP+HTML file. When the user loads the page he sees a simple form with several input fields and, of course, a button.
When the button is pressed, the input is sent through the POST protocol to PHP_SELF. Here I have a function which uses the input provided by the user and some other variables defined by me to send another POST request using CURL to a remote server, to which I do not have any type of access.
Here is what I want:
Some type of security measure which will not let the user use the form more often then I will allow him to(a value which I want to be able to define in seconds inside the PHP script).
So basically, when the user submits the form you will have to store the IP and the exact time when he used the form. Then, if that IP will visit the webpage again before the required time(which I have previously established in the PHP) passed, instead of showing him the form I want you to show him the text: "This IP address($ip) has to wait $time seconds before being able to use the form again. Please refresh the webpage when the counter reaches 0! ". Also, as a security measure, I want him to be shown the same page even if he clicks the button before the required time has passed(in case he opened the same page in 2 tabs simultaneously, so that the second request to the server has passed the initial verification since he hasn't used the from yet).
To sum up, you will have to provide me:
[url removed, login to view] a piece of code to put at the very beginning of my script which will check if the IP has used the form in the past X(established by me)seconds.
-if it did, echo the HTML with the text from above and the simple JS to do the countdown;
-if it did not, then do nothing and let my existing script do it's job.
[url removed, login to view] a piece of code to integrate into my existing function which will do the security check before letting my function send the CURL request to the other server(basically server side validation) explained above.
-if the IP was trying to cheat, echo the same HTML text with countdown as at point 1;
-if the request my legitimate, do nothing and let my existing function do the rest.
[url removed, login to view] a piece of code to integrate into my function after the piece from point 2 which will store the IP and time in a file(required for point 1 and 2).
Please do not use databases. Keep it as simple as possible. Store the IP and time into a file.
12 freelancers are bidding on average $76 for this job
Well,Stefan(?) Your have described it clear enough so that I have no more questions. Just 2 options: [url removed, login to view] need remove expired IPs for the file or it will get bigg and inefficient. [url removed, login to view] it better to refresh it autom Mais
i think you should be use the database concept to make your page more dynamic and more secure for users informaion that u get aftre sybmit the form by the user