Same name and namespace in other branches
  1. 4.6.x includes/common.inc \flood_is_allowed()
  2. 4.7.x includes/common.inc \flood_is_allowed()
  3. 5.x includes/common.inc \flood_is_allowed()
  4. 6.x includes/common.inc \flood_is_allowed()

Checks whether a user is allowed to proceed with the specified event.

Events can have thresholds saying that each user can only do that event a certain number of times in a time window. This function verifies that the current user has not exceeded this threshold.

Parameters

$name: The unique name of the event.

$threshold: The maximum number of times each user can do this event per time window.

$window: Number of seconds in the time window for this event (default is 3600 seconds, or 1 hour).

$identifier: Unique identifier of the current user. Defaults to their IP address.

Return value

TRUE if the user is allowed to proceed. FALSE if they have exceeded the threshold and should not be allowed to proceed.

3 calls to flood_is_allowed()
FloodFunctionalTest::testCleanUp in modules/system/system.test
Test flood control mechanism clean-up.
user_login_authenticate_validate in modules/user/user.module
A validate handler on the login form. Check supplied username/password against local users table. If successful, $form_state['uid'] is set to the matching user ID.
user_pass_validate in modules/user/user.pages.inc
Form validation handler for user_pass().

File

includes/common.inc, line 1406
Common functions that many Drupal modules will need to reference.

Code

function flood_is_allowed($name, $threshold, $window = 3600, $identifier = NULL) {
  if (!isset($identifier)) {
    $identifier = ip_address();
  }
  $number = db_query("SELECT COUNT(*) FROM {flood} WHERE event = :event AND identifier = :identifier AND timestamp > :timestamp", array(
    ':event' => $name,
    ':identifier' => $identifier,
    ':timestamp' => REQUEST_TIME - $window,
  ))
    ->fetchField();
  return $number < $threshold;
}