Find records in array in time range

Question

I'm adding some account-spamming security to my registration script.

The aim is for the script to reject the user from creating a new account if over 10 accounts in the database match their IP address, and these ten accounts were made in the last hour.

This would allow people in a library, for instance, to create their accounts, whilst also preventing people from spamming accounts in our database.

I have the following code, but how would I check if 10 or more accounts were made in the last 1 hour?

if($count_existscheck==1) {
    echo 'account already exists.';
    exit();
}
if($count_existscheck==0) {
    // begin check for IPs
    $ip = $_SERVER['REMOTE_ADDR'];
    $sql_ipcheck = "SELECT * FROM members WHERE ip='$ip'";
    $result_ipcheck = mysql_query($sql_ipcheck);
    $count_ipcheck = mysql_num_rows($result_ipcheck);

    // if count =10 or >10, check if they were in the last hour
    if($count_ipcheck>9) {
        $row_ipcheck = mysql_fetch_assoc($result_ipcheck);
    }
}

Answer 1

Try this:

$onehourbefore = strtotime('-1 hour');
$sql_ipcheck = "SELECT * FROM members 
         WHERE ip = '$ip' AND lastregistration > $onehourbefore;
$result_ipcheck = mysql_query($sql_ipcheck);

if(mysql_num_rows($result_ipcheck)>=10) echo 'Access Denied';

You should have a column in tha members table called 'lastregistration' where you store the time of the registrations now in Unix timestamp.

(And you should check the time of your mysql server and the time of your webserver. And you should use mysqli_query() not mysql_query() ... )