A functional and simple rate limit control to prevent request attacks ready-to-use for PHP.
- Prepared statements (using PDO)
- Working under a customizable unique identifier
- It works under database and no drivers or cache management
- PHP > 7.3
- MySQL
- Import the .sql files found in the SQL Files folder to your database
- Download the rate.limit.php file and simply include it in the code where you will use it
require_once('rate.limit.php');
$myPDO = new PDO('mysql:host=localhost;dbname=your_db_name', 'user', 'password');
$RateLimitAdapter = new RateLimit(
Controller: "MyRateLimit", # The controller name of this rate limit
UniqIdenfier: "123-123-123", # Here you can enter the user's IP or in case it is after login, a token or user id (Recommended a IP Address)
MaxAttempsEach20Minutes: 10, # Maximum attempts the user must make in 20 minutes to be limited
LimitationTimeOnMinutes: 15, # The time that the user will be limited in MINUTES, 15 = 15 minutes
pdoConnection: $myPDO); # The connection to the database must be PDO
$CheckRateLimit = $RateLimitAdapter->CheckLimit();
# If the return of the function is NOT a boolean, it means that the user is limited
if (!is_bool($CheckRateLimit)) {
$MinsToBeDelimited = $CheckRateLimit->i;
$SecsToBeDelimited = $CheckRateLimit->s;
echo 'Too many requests!, please wait: ' . $MinsToBeDelimited . ' minutes and '. $SecsToBeDelimited . ' seconds.';
} else {
# Here you can proceed with your code ...
}Sorry for the comments and code written in Spanish, it was easier for me to understand the process when creating the code, anyway it is not very difficult to understand
If you find a problem or have a suggestion inside this library, please let me know by clicking here, if you want to improve the code, make it cleaner or even more secure, create a pull request.
Telegram: https://t.me/biitezBitcoin Addy: bc1qzz4rghmt6zg0wl6shzaekd59af5znqhr3nxmms