Does Yii have anything built in to prevent repeated posts of form data apart from using a captcha?
I’m writing a messenging system and I’m wondering the best way to prevent someone manually or automatically sending a message to every member on the site in a few minutes.
I thought maybe creating a table (or maybe in their session) that counts each DB insert a user makes and when it reaches a certain amount over a set time, freezing that account for 5 minutes while alerting me via email.
I’ve seen systems where posting is slowed to a crawl so that might be an option.
No, Yii does not have something like that. You could write a AntiSpam component. Then in your controllers you should be able to:
// Send message to user...
// Now we keep track of the send message. check() should return false after a certain amount is reached (maybe configureable through config?)
There are many way to handle this.
Just got around to wanting to implement this and am wondering if extending CHttpRequest somehow so every single POST request is logged from a user and/or ip is the way to go.
This would prevent an attacker moving through the site trying to insert spam using any forms.
A month ago an extension was posted:
It appears to suit your needs.