表格发送验证

Question

我要对表格进行保护，如果用户在使用表格之后要在一分钟内发送另一条消息，他应该拒绝。其他方式应该通过每一件事。

现在我得到像这样的观点：

 <!-- If Success form message send display this --> 
     <?php if (isset($_GET['msgSuccessSent']) == 1) { ?> 
     <h1 class="page-title text-center">Dziękujemy za wysłanie wiadomości</h1> 
     <div class="text-center"> 
      <a href="form.php" class="btn btn-default text-center">Wyślij kolejną wiadomość</a> 
     </div> 
     <?php } else { ?> 

     <?php if (isset($_GET['msgTimerError']) == 1) { ?> 
      <div id="errorMessage" class="alert alert-danger" role="alert">Przed wysłaniem kolejnej wiadomości musisz odczekać conajmniej minutę.</div> 
     <?php } ?> 


     <!-- If message isn't sent display form --> 
     <h1 class="page-title text-center">Formularz kontaktowy</h1> 

     <!-- Contact form --> 
     <form action="contact_send.php" method="post"> 

      <!-- First name input --> 
      <div class="form-group"> 
      <label for="firstName">Imię</label> 
      <input type="text" class="form-control" id="firstName" name="firstName" placeholder="Wpisz swoje imię"> 
      </div> 

      <!-- Second name input --> 
      <div class="form-group"> 
      <label for="secondName">Nazwisko</label> 
      <input type="text" class="form-control" id="secondName" name="secondName" placeholder="Wpisz swoje nazwisko"> 
      </div> 

      <!-- Phone number input --> 
      <div class="form-group"> 
      <label for="phoneNumber">Telefon kontaktowy</label> 
      <input type="tel" class="form-control" id="phoneNumber" name="phoneNumber" placeholder="Wpisz swój numer telefonu"> 
      </div> 

      <!-- Email address input --> 
      <div class="form-group"> 
      <label for="email">Adres e-mail</label> 
      <input type="email" class="form-control" id="email" name="email" placeholder="Wpisz swój adres e-mail"> 
      </div> 

      <!-- Message textarea --> 
      <div class="form-group"> 
      <label for="message">Treść wiadomości</label> 
      <textarea type="text" class="form-control" id="message" name="message" rows="3"></textarea> 
      </div> 

      <!-- Send message button --> 
      <button type="reset" class="btn btn-default">Wyczyść formularz</button> 

      <button type="submit" class="btn btn-default pull-right">Wyślij</button> 


     </form> 
     <!-- Contact form end --> 

     <!-- End of If message isn't sent display form --> 
     <?php } ?> 

这是我contact_send.php文件：如果在数据库中存在一行用户IP和日期

<?php 
    // Uncomment if you want to use session to check last form send 
    session_start(); 
    $_SESSION['time'] = date('H:i:s'); 

    header('Content-type: text/plain; charset=utf-8'); 

    # Database connection settings 
    $dbHost = 'localhost'; // database hostname 
    $dbName = 'contactForm'; // database name 
    $dbUser = 'root'; // database user name 
    $dbPswd = ''; // database password 

    // Set connection 
    $connectionDb = new mysqli($dbHost, $dbUser, $dbPswd, $dbName); 
    // Check connection 
    if ($connectionDb->connect_error) { 
     die("Connection failed: " . $connectionDb->connect_error); 
    } 

    mysqli_set_charset($connectionDb, 'utf8'); // change charset for mysqli to utf8 

    # Require ContactSend and DatabaseQuery class 
    require 'contact.class.php'; 
    # Get ContactSend class 
    $sendEmail = new ContactSend(); 

    $ipAddress = $_SERVER['REMOTE_ADDR']; // get user ip address 
    $currentDate = date('Y-m-d H:i:s'); // get Date time when user send form 
    # *** 
    # Here I check if time of last form send is greater than minute 
    # *** 
    $sqlCheck = "SELECT * FROM contactForm WHERE ipAddress = '$_SERVER[REMOTE_ADDR]' AND dateSend > DATE_SUB(NOW(),INTERVAL 1 MINUTE)"; 
    if ($connectionDb->query($sqlCheck) === TRUE) { 
    $sendEmail->redirectToForm('form.php?msgTimerError=1'); 
    } else { 

    // insert form values into database 
    $sqlQueryInsert = 
    "INSERT INTO contactForm (
     firstName, 
     secondName, 
     phoneNumber, 
     email, 
     message, 
     dateSend, 
     ipAddress) 
    VALUES (
     '$_POST[firstName]', 
     '$_POST[secondName]', 
     '$_POST[phoneNumber]', 
     '$_POST[email]', 
     '$_POST[message]', 
     '$currentDate', 
     '$ipAddress' 
    )"; 

    // if data was save send mail and redirect to form 
    if ($connectionDb->query($sqlQueryInsert) === TRUE) { 

    # Get Parametrs from form 
    $sendEmail->sendTo = "kuchar.rafal@gmail.com"; // here insert your email address that you want get mails 
    $sendEmail->subject = "Tytuł wiadomości"; // here insert Subject of email 
    $sendEmail->firstName = $_POST['firstName']; // get user first name 
    $sendEmail->secondName = $_POST['secondName']; // get user second name 
    $sendEmail->phoneNumber = $_POST['phoneNumber']; // get user phone number 
    $sendEmail->email = $_POST['email']; // get user email address 
    // make mail content and insert form values into it 
    $sendEmail->message = " 
     Imię: " . $_POST['firstName'] . " 
     Nazwisko: " . $_POST['secondName'] . " 
     Numer telefonu: " . $_POST['phoneNumber'] . " 
     Adres email: " . $_POST['email'] . " 
     Wiadomość: " . $_POST['message']; 

    $sendEmail->mailSender(); // send mail 

    } else { 
     echo "Error: " . $sqlQueryInsert . "<br>" . $connectionDb->error; // display error if database connection or query has error 
    } 

    // close connection to database 
    $connectionDb->close(); 
    // redirect to form 
    $sendEmail->redirectToForm('form.php?msgSuccessSent=1'); 

} 
?> 

$msgTimerError应显示的创造少于其他方式，它应该只显示表单。

$sqlCheck是在数据库中检查，如果如果它不将其与msgTimerError=1重定向用户form.php与方法得到最后的形式发送的时间大于分钟以上，否则会增加新的表单值的数据库和发送邮件。

Answer 1

好吧，我在contact_send.php更改行，以便它的工作原理...（IM很惭愧......）

# Check if user send form less than minute, if true return to form with error 
    $sqlCheck = "SELECT * FROM contactForm WHERE ipAddress = '$ipAddress' AND dateSend > DATE_SUB(NOW(),INTERVAL 1 MINUTE) LIMIT 1"; 
    $result = $connectionDb->query($sqlCheck); 
    if (mysqli_fetch_row($result)) { 
    $sendEmail->redirectToForm('form.php?msgTimerError=1'); // return to form page 
    } else {