Using a randomly generated token for flood control

Basic setup of my site is: user enters a message on the homepage, hits enter and the message is sent though a AJAX request to a file called like.php where it echo's a link that gets sent back to the user.

I have made the input disable when the user presses enter, but there's nothing stopping the user from just constantly flooding like.php with POST request and filling up my database.

Someone here on SO told me to use a token system but didn't mention how. I've seen this being done before and from what I know it is effective.

The only problem I have is how will like.php know it's a valid token? My code is this at the moment:

$token = md5(rand(0, 9999) * 1000000);

and the markup:

<input type="hidden" name="token" value="<?php echo $token ?>" />

Which will send the token to like.php through POST. But how will like.php know that this is a valid token? Should I instead token something that's linked to the user? Like their IP address? Or perhaps token the current minute and check that it's the same minute in like.php...

Any help on this amtter would be greatly appreciated, thanks. :)

-------------Problems Reply------------

The best way is to use session variables because users can't delete them or modify them as easily as a form element. Or better yet, store the IP address and the time in the database and look it up to see if the user can post again yet.

Don't reinvent the wheel - just look the last comment time from this user, defined by user_id, user_ip, whatever you have - and decide whether he allowed to post or not.

One minute seems like a length of time that is too long for most users to wait. Tabbed browsing, broadband Internet service and users' tendency to not read every piece of text they're presented all contribute to a mass of users who will most likely get bored after less than a minute of not doing anything.

I would definitely suggest storing the users' IP addresses.

Category:php Views:1 Time:2010-06-13

Related post

  • Algorithm to randomly generate an aesthetically-pleasing color palette 2008-09-04

    I'm looking for a simple algorithm to generate a large number of random, aesthetically pleasing colors. So no crazy neon colors, colors reminiscent of feces, etc. I've found solutions to this problem but they rely on alternative color palettes than R

  • Need for predictable random generator 2009-05-26

    I'm a web-game developer and I got a problem with random numbers. Let's say that a player has 20% chance to get a critical hit with his sword. That means, 1 out of 5 hits should be critical. The problem is I got very bad real life results -- sometime

  • md5(uniqid) makes sense for random unique tokens? 2010-04-07

    I want to create a token generator that generates tokens that cannot be guessed by the user and that are still unique (to be used for password resets and confirmation codes). I often see this code; does it make sense? md5(uniqid(rand(), true)); Accor

  • Any tools can randomly generate the source code according to a language grammar? 2010-12-17

    A C program source code can be parsed according to the C grammar(described in CFG) and eventually turned into many ASTs. I am considering if such tool exists: it can do the reverse thing by firstly randomly generating many ASTs, which include tokens

  • Selenium clickat with AJAX and randomly generated target ids 2011-12-16

    I am using selenium to automate some IT admin tasks, a NAS (that I access through an internal webpage) needs some external drives swapped out. I think the web interface uses AJAX to dynamically change the screen around and that generally messes with

  • Trying to display a random generated string on my page 2014-04-29

    I'm trying to display a random generated string on my page (php), but I have absolutely no idea how to do this. I only want the following letters and digits to be used: B C D F G H J K M P Q R T V W X Y Z 2 3 4 6 7 8 9 In the following format: XXXXX-

  • A %APPDAT% Folder is randomly generated (with ietldcache inside) and opened within one of the folders I am working in several times a day. 2014-10-30

    Probably a corrupt entry in one of the following registry entries: Hkey_Current_user Software Microsoft IE IETld Default REG_SZ (value not set) IETldDllVersionHigh 0x000800000 (524288) IETdlDllVersion low 0x1db040f1 (498090225) IETdlVersionHigh 0x000

  • Better Random Generating PHP 2008-08-08

    I know that just using rand() is predictable, if you know what your doing, and have access to the server. I have a project that is HIGHLY dependent on choosing a random that is as unpredictable as possible. So I'm looking for suggestions, either othe

  • Port of Random generator from C to Java? 2008-12-29

    George Marsaglia has written an excellent random number generator that is extremely fast, simple, and has a much higher period than the Mersenne Twister. Here is the code with a description: good C random number generator I wanted to port the CMWC409

  • Is it a bad practice to randomly-generate test data? 2009-03-11

    Since I've started using rspec, I've had a problem with the notion of fixtures. My primary concerns are this: I use testing to reveal surprising behavior. I'm not always clever enough to enumerate every possible edge case for the examples I'm testing

  • Show/Hide table elements that were randomly generated using click event 2009-04-08

    I have multiple tables that are randomly generated. I only want the first row of each table displayed with the rest of the rows hidden. When I click on the visible row for a table I want the rest of its rows/contents to show/hide. How would I accompl

  • Should I store generated code in source control 2009-05-21

    This is a debate I'm taking a part in. I would like to get more opinions and points of view. We have some classes that are generated in build time to handle DB operations (in This specific case, with SubSonic, but I don't think it is very important f

  • How can I find islands in a randomly generated hexagonal map? 2009-08-17

    I'm programming a Risk like game in Codigniter and JQuery. I've come up with a way to create randomly generated maps by making a full layout of tiles then deleting random ones. However, this sometimes produces what I call islands. In risk, you can on

  • algorithm to add randomly-generated NSStrings to NSMutableArray 2009-11-03

    The goal is to generate an NSString chars in length and assign each string to an array. I'm getting stuck on what I need to do with my algorithm to get the correct result. Here's the sample. The result I get is the same randomly generated string adde

  • What's the fastest way to randomly generate numbers in Visual Basic 2008? 2010-01-08

    What's the fastest way to randomly generate numbers, either randomly or simulating random? I don't really need a true random number generator, it would be acceptable to simulate random. I tried other random simulation methods but none were faster tha

  • fetching data from database in randomly generated button 2010-01-12

    hi i found it difficult,,,, fetching data from database while a buttons are randomly generated in for each how can i fetch --------------Solutions------------- Without understanding what your question really is, you could go trough the mysql query re

  • How to test a random generator 2010-01-25

    I need to test a random number generator which produces numbers randomly. How to make sure the numbers generated are random. --------------Solutions------------- Use chi-square testing. What language are you using? I can offer a C++ example. Basicall

  • Randomly Generate Letters According to their Frequency of Use? 2010-01-27

    How can I randomly generate letters according to their frequency of use in common speech? Any pseudo-code appreciated, but an implementation in Java would be fantastic. Otherwise just a poke in the right direction would be helpful. Note: I don't need

  • How do you randomly generate x amount of values and store them? 2010-03-06

    I found a suggestion on a Stack Overflow topic about problems beginners should do to learn a new language. A user posted a very nice list of problems from Beginner to advanced that should help you get to know a language. One of the problems is to cre

Copyright (C), All Rights Reserved.

processed in 0.112 (s). 11 q(s)