diff options
| author | Dries Buytaert <dries@buytaert.net> | 2004-11-15 21:17:25 +0000 |
|---|---|---|
| committer | Dries Buytaert <dries@buytaert.net> | 2004-11-15 21:17:25 +0000 |
| commit | 9bf33e5ac8afc192b32e5c5132407d2fd394cecd (patch) | |
| tree | 0c81f199aeaa3180db9799a5905e538b6d55fcf2 | |
| parent | f67c046d402b53b1c63cd680f98c6ded598c0dbc (diff) | |
| download | brdo-9bf33e5ac8afc192b32e5c5132407d2fd394cecd.tar.gz brdo-9bf33e5ac8afc192b32e5c5132407d2fd394cecd.tar.bz2 | |
- Added generic flood control mechanism to throttle certain operations per hostname (eg. posting comments, requesting passwords, sending e-mails). See flood_register_event() and flood_is_allowed() for details.
| -rw-r--r-- | CHANGELOG.txt | 3 | ||||
| -rw-r--r-- | includes/common.inc | 27 | ||||
| -rw-r--r-- | modules/watchdog.module | 3 | ||||
| -rw-r--r-- | modules/watchdog/watchdog.module | 3 |
4 files changed, 34 insertions, 2 deletions
diff --git a/CHANGELOG.txt b/CHANGELOG.txt index bd8032fc4..94c3982f5 100644 --- a/CHANGELOG.txt +++ b/CHANGELOG.txt @@ -9,8 +9,11 @@ Drupal x.x.x, xxxx-xx-xx * improved search output. - syndication: * added support for RSS ping-notifications of http://technorati.com/. +- flood control mechanism: + * added a mechanism to throttle certain operations. - usability: * refactored the throttle module configuration. + * added a 'add child page' link to book pages. - performance: * improved performance of the tracker module. diff --git a/includes/common.inc b/includes/common.inc index 34e96a274..0f8312aeb 100644 --- a/includes/common.inc +++ b/includes/common.inc @@ -669,6 +669,33 @@ function valid_input_data($data) { * @} End of "defgroup validation". */ +/** + * Register an event for the current visitor (hostname/IP) to the flood control mechanism. + * + * @param $name + * The name of the event. + */ +function flood_register_event($name) { + db_query("INSERT INTO {flood} (event, hostname, timestamp) VALUES ('%s', '%s', %d)", $name, $_SERVER['REMOTE_ADDR'], time()); +} + +/** + * Check if the current visitor (hostname/IP) is allowed to proceed with the specified event. + * The user is allowed to proceed if he did not trigger the specified event more than + * $threshold times per hour. + * + * @param $name + * The name of the event. + * @param $number + * The maximum number of the specified event per hour (per visitor). + * @return + * True if the user did not exceed the hourly threshold. False otherwise. + */ +function flood_is_allowed($name, $threshold) { + $number = db_num_rows(db_query("SELECT event FROM {flood} WHERE event = '%s' AND hostname = '%s' AND timestamp > %d", $name, $_SERVER['REMOTE_ADDR'], time() - 3600)); + return ($number < $threshold ? TRUE : FALSE); +} + function check_form($text) { return drupal_specialchars($text, ENT_QUOTES); } diff --git a/modules/watchdog.module b/modules/watchdog.module index 89f2d4f70..6aebf299c 100644 --- a/modules/watchdog.module +++ b/modules/watchdog.module @@ -71,10 +71,11 @@ function watchdog_perm() { /** * Implementation of hook_cron(). * - * Remove expired log messages. + * Remove expired log messages and flood control events. */ function watchdog_cron() { db_query('DELETE FROM {watchdog} WHERE timestamp < %d', time() - variable_get('watchdog_clear', 604800)); + db_query('DELETE FROM {flood} WHERE timestamp < %d', time() - 3600); } /** diff --git a/modules/watchdog/watchdog.module b/modules/watchdog/watchdog.module index 89f2d4f70..6aebf299c 100644 --- a/modules/watchdog/watchdog.module +++ b/modules/watchdog/watchdog.module @@ -71,10 +71,11 @@ function watchdog_perm() { /** * Implementation of hook_cron(). * - * Remove expired log messages. + * Remove expired log messages and flood control events. */ function watchdog_cron() { db_query('DELETE FROM {watchdog} WHERE timestamp < %d', time() - variable_get('watchdog_clear', 604800)); + db_query('DELETE FROM {flood} WHERE timestamp < %d', time() - 3600); } /** |