I have a form on a page where user fills in a message and when "Send" button is clicked it is send via ajax to php script. There via mail() message is sent to specific email address.
I would like to avoid situation where 1000's of emails are send in short time by malicious user. Please tell me if I'm wrong but this would be sort of DOS attack and and this would probably be taken care of by webserver itself. I am on shared hosting and I would assume that large hosting provider would limit this sort of behaviour so multiple automated hits to my page would be blocked somehow before it would hit my php script.
If that is not the case what would be the best way to protect against it? I'm still not 100% sure that my host would do the part and was wondering if there is anything I can do from PHP itself that would help?
EDIT: I was thinking to store timestamp in Session variable but then if someone has got cookies turned off session wouldn't exist. Would it be possible to check if cookies are on in a browser and if not simply ignore request? If coockies are on then store timestamp in a session and with every request compare if e.g. 5 seconds passed before sending email?
You can prevent this from both side , Client and Server
on Client side, first create a flag to check if form is submitted vi Ajax call or not
var flag = false; // name for flag var according to your requirement
//check if for is sent or not
if(!flag){
$.ajax({
//set properties
.....
success: function (response){
// set flag as true
flag = true;
}
});
}
it will prevent for multiple for submission for single user unless if user refresh the page
now suppose user try to refresh the page and submit the form multiple times
then on server side create a flag variable in database for user email
e.g subscription table
user_email { true , false } default false //for each email id which sent via that form
and make it true if user email id is not found in this table
using this process you prevent your problem.
hope it will help you