Limit Entries per IP Address to one every 5 minutes

By: A C | Asked: 06/03/2024
ForumsCategory: General questionsLimit Entries per IP Address to one every 5 minutes
A C asked 7 months ago

Hi!

I would like to limit form entries to 1 per IP address every 5 mins.

I can do it with the Saved Cookie function but I would like to do the same with the IP address.

Is that possible?

Many thanks in advance!

I have added this to my functions.php but it does not work:

 

add_action('frm_display_form_action', 'limit_form_submissions', 8, 3);

function limit_form_submissions($params, $fields, $form){
    remove_filter('frm_continue_to_new', '__return_false', 50);

    if($form->id == 2 and !is_admin()){ // Change 2 to the ID of your form
        $time_limit = time() - (5 * 60); // 5 minutes in seconds
        
        // Get the count of entries submitted from the current IP address within the last 5 minutes
        $count = FrmEntry::getRecordCount(array(
            'form_id' => $form->id,
            'it.ip' => $_SERVER['REMOTE_ADDR'],
            'created_at >' => date('Y-m-d H:i:s', $time_limit)
        )); 
        
        $entry_limit = 1; // Allow only one submission every 5 minutes
        
        if($count >= $entry_limit){
            echo 'Only one entry is allowed per IP address every 5 minutes.';
            add_filter('frm_continue_to_new', '__return_false', 50);
        }
    }
}

Do I need to change anything the formidable forms settings?

 

1 Answers
Victor Font answered 7 months ago
Formidable settings have nothing to do with this. This code is querying the database. When you debug your code, are the values for time correct? You are also missing the alieas for created_at. It should be it.created_at. Your array should be array('form_id' => $form->id, 'it.ip' => $_SERVER['REMOTE_ADDR'], 'it.created_at >' => date('Y-m-d H:i:s', $time_limit) ). I'm not positive this will work unless you structure the parameter as a SQL where clause, but at least the missing alias in one mistake in your code.
Victor Font replied 7 months ago

Also, your post title says 5-minutes, your message says 10-minutes. Your code is set for 5-minutes.

A C replied 7 months ago

<p>Hi Victor, Many thanks for your answer. I thought that if I add this snippet, I need to also activate form permission in my form. So you can confirm me I don't need to activate the form permission (Limit number of entries ) settings in my form?I tried the correction you sent me and seems to work. Can this snippet creates vulnerability in my website?</p>

A C replied 7 months ago

Hi Victor.

Somehow an IP address could submit 3 times the form even though the snippets working.

How can I prevent this?

Victor Font replied 7 months ago

Vulnerability? No.

IP address submitted 3x? I have know idea whet this means. How are you determining that? Don't forget, IP address are very unreliable when people use VPNs. I could change my VPN location every minute and submit a new entry defeating you security check because the IP changes each time.

A C replied 7 months ago

I meant the same IP address could submit the form 3 times in 3 minutes despite having the snippets set to 1 every 5 minutes.

I tested it and after I submit the form I need to wait 5 mins to submit another.

But how come this user could submit 3 times in 1 minute?

I checked and it's the same IP adress 3 times.

Victor Font replied 7 months ago

I have no idea. Troubleshooting errors on your site requires hands on. I'd only be guessing if I suggested what was happening.

A C replied 7 months ago

So I think I know how this is happening:

I have some radio buttons and looks like if you open sever windows with the same form you can submit it multiple times.

So if I submit my form using one tab in my browser, at the same time I can also submit it in the other open tab in my browser.

Any idea on how to avoid this?

Victor Font replied 7 months ago

I don't understand what the radio buttons have to do with anything, but it's probably because you're opening a new PHP session every time you reload the form in a new tab.

A C replied 7 months ago

Victor sorry I have a question: this limitation only works if entries are saved in Database? I am not saving them but sending them to a Google Shits document.

I noticed this snippet works only when entries are store in DB.

Is it possible to also limit submission when entries are. not stored?

Victor Font replied 7 months ago

No. You’re out of luck. Not saving the entries and doing what you want is outside of Formidable’s design. You can’t even do this with custom code. Work with the way the system is designed and it will work. Save the entries and delete them when you’re done with them.

Making the Best WordPress Plugin even better - Together

Take on bigger projects with confidence knowing you have access to an entire community of Formidable Experts and Professionals who have your back when the going gets tough. You got this!
Join the community
crossarrow-right