Built in form flood protection?

Does Yii have anything built in to prevent repeated posts of form data apart from using a captcha?

I’m writing a messenging system and I’m wondering the best way to prevent someone manually or automatically sending a message to every member on the site in a few minutes.

I thought maybe creating a table (or maybe in their session) that counts each DB insert a user makes and when it reaches a certain amount over a set time, freezing that account for 5 minutes while alerting me via email.

I’ve seen systems where posting is slowed to a crawl so that might be an option.

No, Yii does not have something like that. You could write a AntiSpam component. Then in your controllers you should be able to:




if (Yii::app()->antiSpam->check($this->action->id))

{


   // Send message to user...


   // Now we keep track of the send message. check() should return false after a certain amount is reached (maybe configureable through config?)

   Yii::app()->antiSpam->track($this->action->id);


}

else

{

   die('spammer!');

}



There are many way to handle this.

Just got around to wanting to implement this and am wondering if extending CHttpRequest somehow so every single POST request is logged from a user and/or ip is the way to go.

This would prevent an attacker moving through the site trying to insert spam using any forms.

A month ago an extension was posted:

extension/aii-anti-spam-behavior/

It appears to suit your needs. :)