I want to limit how many times a visitor can view a PHP file, and if they exceed the limit then it executes a block (not sure what you call it in PHP?). How would I do this? Thanks!
If they have to log in, then you can record it in the database. Otherwise you have to track it in a cookie and they can alter the count (or at least reset it) if they want to.
It's easy with a cookie then. Roughly... $view_limit = 5; // set to whatever you want $times_viewed_already = intval($_COOKIE['view_count']); if ($times_viewed_already) > $view_limit { $allowed_to_view = false; } else { $times_viewed_already++; setcookie('view_count', $times_viewed_already, strtotime('Jan 1, 2020 12:00:00')); $allowed_to_view = true; } PHP: Note that you have to do this near the beginning of your script, before generating any other output, because PHP won't let you set a cookie after you've sent any HTML to the browser.
No more secure than cookies. Anyone can drop their session and start from scratch. The only more secure approach is to ensure that each user has a unique login id.
Takes me about 10 seconds to change my IP (hit the bookmark for my router's web interface, click "disconnect PPPoE session", done). Also, every mobile device user who uses my telephone company shares the same single IP, as we are all channeled through a proxy server. Should only one person among all their million customers be allowed in? I suppose this whole debate depends on how important it really is that people only be allowed to view the page a limited number of times.
Every point has its own vulnerability. Proxies allow everything to be defeated, so no single solution will achieve 100% success. Even if you mixed Cookie (Session), IP and Users Logging In/Out of a system, nothing is stopping them loading a proxy and then re-registering. Also, you can't detect the proper (HTTP) proxies so I wouldn't waste time with a detection system. Jay
Though nothing can be 100% secure, it does work as a deterrent and keeps most of the folks away, some persisting one's would not give up. Having said that - design site for majority and not the minority. Start with one of the many options provided and scale it up to include other options. If I were in your place, I would start with IP address in session and after a while block the IP address. Since I don't visit only one site, I would rather hate to keep toggling my IP after every 5 mins (and break sessions with other sites ... not a very wise choice, unless I have only one aim to keep coming to only ONE site through out the day) ...