Restrict access to functionality for user by IP address

Dan Hanly picture Dan Hanly · Feb 28, 2011 · Viewed 15.9k times · Source

I have a website that allows a functionality for any user but each user is only allowed to use it a fixed amount of times.

Allow me to go into some more detail, our "anonymous/guest" user is allowed to search on the database for entries only 3 times per 24 hours. Is there a way I can use the IP to track the users attempts at this, restricting them after 3 attempts and then get it to expire after 24 hours?

The website is built in PHP but whatever language serves this functionality, I am open to it.

EDIT:

This idea comes from a client, they have a list of "stockists" stocking their products and they want to make this information available to users of the website. However, he doesn't want competitors taking advantage of his system and "undercutting" him on his stockists. Hence the restriction. If you can suggest a better way to achieve the same then that'd be amazing

Cheers, Dan

Answer

Eduard7 picture Eduard7 · Feb 28, 2011

You have to use the $_SERVER global variable, like this:

if ($_SERVER['REMOTE_ADDR'] == '127.0.0.1') {
  // restrict
}

But You have to consider kojiro's note: it's not a good idea to restrict by IP address.

Edit: to be constructive.

If you want to do it on low level, you can use cookies. These variables stored in the user's browser, if the user clear the cookies locally, he/she can override your restriction.
http://www.php.net/manual/en/function.setcookie.php

The better solution is to use sessions for this filter:
http://php.net/manual/en/session.examples.basic.php