How to prevent Spam on my Script?

[MonkeyMonster]

Hello there, i'm here to a question:
How to prevent Spam on my Script?
I've got a script for my hosting; so, there are a Group of users that refresh the page, creating too many servers. I want to find a way to allow the creation of a server or prevent the refresh page. Ideas?

Spoiler: Page Code

<head>
    <meta charset="utf-8">
    <title>My Site</title>
    <link rel="stylesheet" href="css2/style.css">
    <link href='http://fonts.googleapis.com/css?family=Lato:400,700' rel='stylesheet' type='text/css'>
  </head>
<?php
session_start();  
header("Cache-control: private");

if(@$_SESSION["user"]){
?>
<?php
 //Ts3Script is Here
?>
        <?php
                        if($_SESSION['permission'] > 1){
                        ?>
                        <a href = "modUser.php">mod user</a> |
                        <a href = "delUser.php">del user</a>
                        <?php
                        }
                        ?>
<html>
    <form action="userarea.php" method="post" name="sign up for beta form">
      <div class="header">
         <p>TeamSpeak 3 Server</p>
      </div>
      <div class="description">
        <p>Get a free Ts3 Server with 100 Slots and 98% Uptime Now!</p>
      </div>
      <div class="input">
        <input type="text" class="button" id="email" name="name" placeholder="MyCommunityName">
        <input type="submit" class="button" id="submit" value="Create">
      </div>
    </form>
    </html>
    <?php
    }
?>
<?php
}
else header("location: index.php?fail=1");
?>

Thanks.

 

[Kieran]

I'd say use $_SERVER['REMOTE_ADDR'] or $_SERVER['HTTP_CF_CONNECTING_IP'] (last one only with cloudflare) to log the IP in a file or database. Then test for IP everytime before executing the script and don't let the same IP create more servers until a specified amount of time passed

 

[MonkeyMonster]

I'd say use $_SERVER['REMOTE_ADDR'] or $_SERVER['HTTP_CF_CONNECTING_IP'] (last one only with cloudflare) to log the IP in a file or database. Then test for IP everytime before executing the script and don't let the same IP create more servers until a specified amount of time passed

Thank you, i'll test
(If u have time, can u send me an Example?)

 

[Kieran]

Thank you, i'll test
(If u have time, can u send me an Example?)

I can try to make something. Not sure when though

 

[Kleberstoff]

Hello there, i'm here to a question:
How to prevent Spam on my Script?
I've got a script for my hosting; so, there are a Group of users that refresh the page, creating too many servers. I want to find a way to allow the creation of a server or prevent the refresh page. Ideas?

Spoiler: Page Code

<head>
    <meta charset="utf-8">
    <title>My Site</title>
    <link rel="stylesheet" href="css2/style.css">
    <link href='http://fonts.googleapis.com/css?family=Lato:400,700' rel='stylesheet' type='text/css'>
  </head>
<?php
session_start();
header("Cache-control: private");

if(@$_SESSION["user"]){
?>
<?php
 //Ts3Script is Here
?>
        <?php
                        if($_SESSION['permission'] > 1){
                        ?>
                        <a href = "modUser.php">mod user</a> |
                        <a href = "delUser.php">del user</a>
                        <?php
                        }
                        ?>
<html>
    <form action="userarea.php" method="post" name="sign up for beta form">
      <div class="header">
         <p>TeamSpeak 3 Server</p>
      </div>
      <div class="description">
        <p>Get a free Ts3 Server with 100 Slots and 98% Uptime Now!</p>
      </div>
      <div class="input">
        <input type="text" class="button" id="email" name="name" placeholder="MyCommunityName">
        <input type="submit" class="button" id="submit" value="Create">
      </div>
    </form>
    </html>
    <?php
    }
?>
<?php
}
else header("location: index.php?fail=1");
?>

Thanks.

I'd say use $_SERVER['REMOTE_ADDR'] or $_SERVER['HTTP_CF_CONNECTING_IP'] (last one only with cloudflare) to log the IP in a file or database. Then test for IP everytime before executing the script and don't let the same IP create more servers until a specified amount of time passed

You don't need to do something with a Database, you can set a PHP Session with the Time of the last Execute, and then just check if the date are x amount of seconds different.
Note: PHP Session last for around 1440 Seconds or 24 Minutes. You can change it using the .htaccess

Spoiler

.htaccess

php_value session.gc_maxlifetime 86400 //this is one day in seconds

<?php
date_default_timezone_set(date_default_timezone_get()); //Gets the Server Timezone and Tests it for PHP
session_start(); //Starts Session
$timenow = date('Y-m-d H:i:s', time());//Stores Current Time in Session 12H Clock Default, Use date('m/d/Y h:i:s a', time()); for 12H Clock !You need to change both ;)!
$DelayInSeconds = 10; //Delay for Script, let's use 10 for example.
echo '<html>'; //stupid and ugly code for html form
echo '<form id="test" action="?test=1" method="post">'; //setting get
echo '<label> Test: </label>';
echo '<input id="test" name="test" type="text"><br>';
echo '<input type="submit"><br>';
echo '<form>';

if(isset($_GET)) //if get is set do stuff
{
  $diff = strtotime($timenow) - strtotime($_SESSION["LastExecution"]); //Get The diff in time in seconds.\
  if($diff <= $DelayInSeconds) //if difference is smaller or equal to set amount
  {
    echo "please wait atleast $DelayInSeconds to use the script again";
    die;
  }
  //Your Script stuff here.
  $_SESSION["LastExecution"] = date('Y-m-d H:i:s', time());//Updates Last Execution
}

?>

 

[Kieran]

You don't need to do something with a Database, you can set a PHP Session with the Time of the last Execute, and then just check if the date are x amount of seconds different.
Note: PHP Session last for around 1440 Seconds or 24 Minutes. You can change it using the .htaccess

Spoiler

.htaccess

php_value session.gc_maxlifetime 86400 //this is one day in seconds

<?php
date_default_timezone_set(date_default_timezone_get()); //Gets the Server Timezone and Tests it for PHP
session_start(); //Starts Session
$timenow = date('Y-m-d H:i:s', time());//Stores Current Time in Session 12H Clock Default, Use date('m/d/Y h:i:s a', time()); for 12H Clock !You need to change both ;)!
$DelayInSeconds = 10; //Delay for Script, let's use 10 for example.
echo '<html>'; //stupid and ugly code for html form
echo '<form id="test" action="?test=1" method="post">'; //setting get
echo '<label> Test: </label>';
echo '<input id="test" name="test" type="text"><br>';
echo '<input type="submit"><br>';
echo '<form>';

if(isset($_GET)) //if get is set do stuff
{
  $diff = strtotime($timenow) - strtotime($_SESSION["LastExecution"]); //Get The diff in time in seconds.\
  if($diff <= $DelayInSeconds) //if difference is smaller or equal to set amount
  {
    echo "please wait atleast $DelayInSeconds to use the script again";
    die;
  }
  //Your Script stuff here.
  $_SESSION["LastExecution"] = date('Y-m-d H:i:s', time());//Updates Last Execution
}

?>

Is that unique for every client or does that only check in general?

 

[Kleberstoff]

Is that unique for every client or does that only check in general?

PHP Session are stored for each client unique. But it's not the most secure way to do it but works