How do I limit max website requests to 10 per user per day, using a database to record request counts?

Question

I have a person's username, and he is allowed ten requests per day. Every day the requests go back to 0,and old data is not needed.

What is the best way to do this?

This is the way that comes to mind, but I am not sure if it's the best way
(two fields, today_date, request_count):

1. Query the DB for the date of last request and request count.
2. Get result and check if it was today.
3. If today, check the request count, if less than 10, update query database to ++count .
4. If not today, update the DB with today's date and count = 1 .

Is there another way with fewer DB queries?

Answer 1

I think your solution is good. It is possible to reset the count on a daily basis too. That will allow you to skip a column, but you do need to run a cron job. If there are many users that won't have any requests at all, it is needless to reset their count each day.

But whichever you pick, both solutions are very similar in performance, data size and development time/complexity.

Answer 2

Just one column request_count . Then query this column and update it. As far as I know with stored procedures this may be possible in one single query. Even if not, it will be just two. Then create a cron job, that calls a script, that resets the column to 0 every day at 00:00.

Answer 3

To spare you some requests to the DB define

1. the maximum number of requests per day allowed.
2. the first day available to your application (date offset).

Then add a requestcount field to the database per user.

On the first request get the count from the db.

The count is always the number of the day multiplied with the maximum + 1 of requests per day plus the actual requests by that user:

   day * (max + 1) + n

So if on first request the count from the db is actually higher than allowed, block.

Otherwise if it's lower than the current day base, reset to the current day base (in the PHP variable)

And count up. Store this value into the DB.

This is one read operation, and in case the request is still valid, one write operation to the DB per request.

There is no need to run a cron job to clean this up.

That's actually the same as you propose in your question, but the day information is part of the counter value. So you can do more with one value at once, while counting up with +1 per request still works for the block.

Answer 4

You have to take into account that each user may be in a different time zone than your server, so you can't just store the count or the "day * max" trick. Try to get the time offset and then the start of the user's day can be stored in your "quotas" database. In mySQL, that would look like:

`start_day`=ADDTIME(CURDATE()+INTERVAL 0 SECOND,'$offsetClientServer')

Then simply look at this time the next time you check the quota. The quota check can all be done in one query.