IP Based Limit Form Submission With PHP & MySQL

We were recently working on an internal project which had a segment in which it is required to limit form submission based on IP.

This is a brief case-study cum tutorial which describes how to limit IP based form submission with PHP and MySQL.

The Scenario To limit form submission based on IP

We have described the requirement of what needs to be achieved earlier. In addition to that the scenario which needs to be tackled was, that a user should be allowed to make only 5 submissions per hour.

The application for this project is being built on PHP and MySQL. So we decided to save the IP requests in a database table and calculate the time of submission and limit accordingly.

In the new MySQL table, the IP address from which the form was submitted and the current time-stamp when the form was submitted is being saved. The database is kept on updating when a form submission is made, provided the user has not exceeded the number of form submissions.

MySQL table structure

The MySQL table structure for logging the form submissions is created as follows.

The table consists of the following columns:

  1. ID (id): Which is a primary key and auto-increment
  2. IP Address (ip_address): A varchar datatype with a length of 256 bytes.
  3. Timestamp (timestamp): This is the default MySQL CURRENT_TIMESTAMP data type.

PHP code

A PHP function was developed which would return the number of submissions that was made from an IP address in a specified amount of time. The IP address and the time interval is passed in the function as an argument. The PHP function is as follows

<?php
/**
 * Function to check number of logs made from an IP address in a specified period of time
 * 
 * @author Sameer Joshi (http://codincafe.com)
 * 
 * @version 0.1
 * 
 * @param string $var The IP address to check
 * @param int $var The amount of time (in hours) to check and return count
 * 
 * @return int The number of submissions made form the specified IP address in the specified time
 */
function check_ip_submission($ipAddress, $timeToRestrict){
    if( (isset($ipAddress) && !empty($ipAddress)) || (isset($timeToRestrict) && !empty($timeToRestrict)) ) {
        $hostname='hostname';
        $username='username';
        $password='password';
        $dbname='ip_submission_record';

        mysql_connect($hostname, $username, $password) OR DIE('Unable to connect to database! Please try again later.');
        mysql_select_db($dbname);
        
        /* Source: http://stackoverflow.com/a/7814124*/
        $sql = "SELECT * FROM ip_submission_record WHERE ip_address LIKE '{$ipAddress}' AND timestamp > (DATE_ADD(NOW(), INTERVAL -{$timeToRestrict} HOUR))";

        $result = mysql_query($sql);

        while ( $row = mysql_fetch_array($result, MYSQL_BOTH) ) {
            $timestamps[] = $row['timestamp'];
        }
        
        $numTries = count($timestamps);
        
        if (isset($numTries) && !empty($numTries)){
            return count($timestamps);
        } else {
            return;
        }
    } else {
        return FALSE;
    }
}

Now this function can be used and the IP address and time to restrict can be passed to get the count. This count can be then checked to restrict or allow the users to submit a form to do any action.

The code used to check the number of submissions and restricting form submission was as follows

<?php

/* Get IP Address */
$ipAddress = $_SERVER['REMOTE_ADDR'];

/* Get the number of logs generated by IP Adderss ($ipAddress) in 1 hour */
$checkSubmissionTime = check_ip_submission($ipAddress, 1);

/* check if IP address ($ipAddress) has made more than or equal to 5 logs in database */
if ($checkSubmissionTime >= 5 ) {
  //Do something
} else {
  //Do someting different
}

This way, we are able to limit 5 form submission in 1 hour.

If there is a more efficient, different or an easy way to achieve this please feel free to share your thoughts in the comment form below

Level: Intermediate

Technologies: PHP, MySQL

post by Codincafe