PHP/javascript? allow only two submissions within 10 min? [closed]

Question

This question is unlikely to help any future visitors; it is only relevant to a small geographic area, a specific moment in time, or an extraordinarily narrow situation that is not generally applicable to the worldwide audience of the internet. For help making this question more broadly applicable, visit the help center.

Closed 9 years ago.

http://www.3dmark3t.com/contact.html1 Here is my contact form I want to be able to only allow 2 submissions from 1 ip address within 10 min. Please help me with this? Here is my php script for the form validation:

                <?php
            if(isset($_POST['email'])) {

                // CHANGE THE TWO LINES BELOW
                $email_to = "email@domain.com";

                $email_subject = "3DMark3t Contact:";


                function died($error) {
                    // your error code can go here
                    echo "We are very sorry, but there were error(s) found with the form you submitted. ";
                    echo "These errors appear below.<br /><br />";
                    echo $error."<br /><br />";
                    echo "Please go back and fix these errors.<br /><br />";
                    die();
                }

                // validation expected data exists
               if(!isset($_POST['first_name']) ||
                !isset($_POST['last_name']) ||
                !isset($_POST['email']) ||
                !isset($_POST['telephone']) ||
                !isset($_POST['comments'])) {
              if(empty($_POST['select']) )
            {
              $var3dmodels = $_POST['3DModels'];
              $vargraphic_design = $_POST['Graphic Design'];
              $varweb_design = $_POST['Web Design'];
              $vartutorials = $_POST['Tutorials'];
              $varreport = $_POST['Report'];
              $varrequests = $_POST['Requests'];
            }
                    died('We are sorry, but there appears to be a problem with the form you submitted.');       
                }




                $first_name = $_POST['first_name']; // required
                $last_name = $_POST['last_name']; // required
                $email_from = $_POST['email']; // required
                $telephone = $_POST['telephone']; // not required
                $select = $_POST['select']; // required
                $comments = $_POST['comments']; // required

                $error_message = "";
                $email_exp = '/^[A-Za-z0-9._%-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,4}$/';
              if(!preg_match($email_exp,$email_from)) {
                $error_message .= 'The Email Address you entered does not appear to be valid.<br />';
              }
                $string_exp = "/^[A-Za-z .'-]+$/";
              if(!preg_match($string_exp,$first_name)) {
                $error_message .= 'The First Name you entered does not appear to be valid.<br />';
              }
              if(!preg_match($string_exp,$last_name)) {
                $error_message .= 'The Last Name you entered does not appear to be valid.<br />';
              }
            if(empty($_POST['select']))
            {
              $error_message .= 'The Selection you made does not appear to be valid.<br />';
            }
              if(strlen($comments) < 2) {
                $error_message .= 'The Comments you entered do not appear to be valid.<br />';
              }
              if(strlen($error_message) > 0) {
                died($error_message);
              }
                $email_message = '3DMark3t Contact:';

                function clean_string($string) {
                  $bad = array("content-type","bcc:","to:","cc:","href");
                  return str_replace($bad,"",$string);
                }

                $email_message .= "First Name: ".clean_string($first_name)."\n";
                $email_message .= "Last Name: ".clean_string($last_name)."\n";
                $email_message .= "Email: ".clean_string($email_from)."\n";
                $email_message .= "Telephone: ".clean_string($telephone)."\n";
                $email_message .= "Select One: ".clean_string($select)."\n";
                $email_message .= "Comments: ".clean_string($comments)."\n";


            // create email headers
            $headers = 'From: '.$email_from."\r\n".
            'Reply-To: '.$email_from."\r\n" .
            'X-Mailer: PHP/' . phpversion();
            @mail($email_to, $email_subject, $email_message, $headers);  
            ?>

            <!-- place your own success html below -->

            <img src="../images/loading-circle.gif" width="32" height="32" />  Thank you for contacting us. We will be in touch with you very soon.
            <script type = "text/javascript">setTimeout('window.opener.location.href=\'http://www.3dmark3t.com\';close();', 3000)</script>
            <?php
            }
            die();
            ?>

Answer 1

Since a user can destroy their session within two minutes and submit again, this has to be done on your end (probably with a DB). Your DB should keep track of user submissions and IP addresses. When a user submits (or visits the submission form), check their IP against your DB. If they've made a submission in the last 2 (or is it 10) minutes, show an error and refuse them. If you need some code, I need to see what code you're working with.

Answer 2

Checking using IP addresses is fatally flawed - as some companies (even ISPs) share IP addresses. There is no solution that guarentees but why not explore using cookies instead (along with something like Captcha)