flood_is_allowed

Versions
4.6 – 6: flood_is_allowed($name, $threshold)
7: flood_is_allowed($name, $threshold, $window = 3600, $identifier = NULL)

Check if the current visitor is allowed to proceed with the specified event.

The user is allowed to proceed if he did not trigger the specified event more than $threshold times in the specified time window.

Parameters

$name The name of the event.

$threshold The maximum number of the specified event allowed per time window.

$window Optional number of seconds over which to look for events. Defaults to 3600 (1 hour).

$identifier Optional identifier (defaults to the current user's IP address).

Return value

True if the user did not exceed the hourly threshold. False otherwise.

▸ 3 functions call flood_is_allowed()

▾ 3 functions call flood_is_allowed()

contact_personal_form in modules/contact/contact.pages.inc: Form builder; the personal contact form.
contact_site_form in modules/contact/contact.pages.inc: Form builder; the site-wide contact form.
user_login_authenticate_validate in modules/user/user.module: A validate handler on the login form. Check supplied username/password against local users table. If successful, $form_state['uid'] is set to the matching user ID.

Code

includes/common.inc, line 1678

<?php
function flood_is_allowed($name, $threshold, $window = 3600, $identifier = NULL) {
  if (!isset($identifier)) {
    $identifier = ip_address();
  }
  $number = db_query("SELECT COUNT(*) FROM {flood} WHERE event = :event AND identifier = :identifier AND timestamp > :timestamp", array(
    ':event' => $name,
    ':identifier' => $identifier,
    ':timestamp' => REQUEST_TIME - $window))
    ->fetchField();
  return ($number < $threshold);
}
?>