Commit 9bf33e5a authored by Dries's avatar Dries

- Added generic flood control mechanism to throttle certain operations per hostname (eg. posting comments, requesting passwords, sending e-mails).  See flood_register_event() and flood_is_allowed() for details.
parent f67c046d
......@@ -9,8 +9,11 @@ Drupal x.x.x, xxxx-xx-xx
* improved search output.
- syndication:
* added support for RSS ping-notifications of http://technorati.com/.
- flood control mechanism:
* added a mechanism to throttle certain operations.
- usability:
* refactored the throttle module configuration.
* added a 'add child page' link to book pages.
- performance:
* improved performance of the tracker module.
......
......@@ -669,6 +669,33 @@ function valid_input_data($data) {
* @} End of "defgroup validation".
*/
/**
* Register an event for the current visitor (hostname/IP) to the flood control mechanism.
*
* @param $name
* The name of the event.
*/
function flood_register_event($name) {
db_query("INSERT INTO {flood} (event, hostname, timestamp) VALUES ('%s', '%s', %d)", $name, $_SERVER['REMOTE_ADDR'], time());
}
/**
* Check if the current visitor (hostname/IP) is allowed to proceed with the specified event.
* The user is allowed to proceed if he did not trigger the specified event more than
* $threshold times per hour.
*
* @param $name
* The name of the event.
* @param $number
* The maximum number of the specified event per hour (per visitor).
* @return
* True if the user did not exceed the hourly threshold. False otherwise.
*/
function flood_is_allowed($name, $threshold) {
$number = db_num_rows(db_query("SELECT event FROM {flood} WHERE event = '%s' AND hostname = '%s' AND timestamp > %d", $name, $_SERVER['REMOTE_ADDR'], time() - 3600));
return ($number < $threshold ? TRUE : FALSE);
}
function check_form($text) {
return drupal_specialchars($text, ENT_QUOTES);
}
......
......@@ -71,10 +71,11 @@ function watchdog_perm() {
/**
* Implementation of hook_cron().
*
* Remove expired log messages.
* Remove expired log messages and flood control events.
*/
function watchdog_cron() {
db_query('DELETE FROM {watchdog} WHERE timestamp < %d', time() - variable_get('watchdog_clear', 604800));
db_query('DELETE FROM {flood} WHERE timestamp < %d', time() - 3600);
}
/**
......
......@@ -71,10 +71,11 @@ function watchdog_perm() {
/**
* Implementation of hook_cron().
*
* Remove expired log messages.
* Remove expired log messages and flood control events.
*/
function watchdog_cron() {
db_query('DELETE FROM {watchdog} WHERE timestamp < %d', time() - variable_get('watchdog_clear', 604800));
db_query('DELETE FROM {flood} WHERE timestamp < %d', time() - 3600);
}
/**
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment