1

I have a PHP function that I want to make available publically on the web - but it uses a lot of server resources each time it is called.

What I'd like to happen is that a user who calls this function is forced to wait for some time, before the function is called (or, at the least, before they can call it a second time).

I'd greatly prefer this 'wait' to be enforced on the server-side, so that it can't be overridden by dubious clients. I plan to insist that users log into an online account.

Is there an efficient way I can make the user wait, without using server resources? Would 'sleep()' be an appropriate way to do this? Are there any suggested problems with using sleep()? Is there a better solution to this?

Excuse my ignorance, and thanks!

Improve this question
4
  • why do you think sleep would help? I Commented Apr 2, 2012 at 22:08
  • I can believe that it wouldn't: the motivation for the question is to find out what would work. Commented Apr 2, 2012 at 22:09
  • what you really want to do? rate limit? Commented Apr 2, 2012 at 22:10
  • Problems with sleep? Users still can queue up and run several requests simultaneously. Commented Apr 2, 2012 at 22:12

5 Answers 5

Reset to default
1

sleep would be fine if you were using PHP as a command line tool for example. For a website though, your sleep will hold the connection open. Your webserver will only have a finite number of concurrent connections, so this could be used to DOS your site.

A better - but more involved - way would be to use a job queue. Add the task to a queue which is processed by a scheduled script and update the web page using AJAX or a meta-refresh.

Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

If I use AJAX, presumably that is client-side and could be over-ridden by the client? is that not correct?
The AJAX wouldn't be running the task - it would simply check the progress of the job that does run the task
oh, I see! thanks! so... um... the question becomes... how do I set up a job queue? ;)
Write each job to a database and use cron to run your processor script. The details are a bit big for this question, but have a go and ask if you get stuck!
1

sleep() is a bad idea in almost all possible situations. In your case, it's bad because it keeps the connection to the client open, and most webservers have a limit of open connections.

Improve this answer

1 Comment

yes, that's what I was worried about. Thanks for confirming that for me.
1

sleep() will not help you at all. The user could just load the page twice at the same time, and the command would be executed twice right after each other.

Instead, you could save a timestamp in your database for when your function was last invoked. Then, before invoking it, you should check the database to see if a suitable amount of time has passed. If it has, invoke the function and update the timestamp in the database.

Improve this answer

Comments

1

If you're planning on enforcing a user login, than the problem just got a whole lot simpler.

Have a record inn the database listing users and the last time they used your resource consuming service, and measure the time difference between then and now. If the time difference is too low, deny access and display an error message.

Improve this answer

Comments

0

This is best handled at the server level. No reason to even invoke PHP for repeat requests.

Like many sites, I use Nginx and you can use it's rate-limiting to block repeat requests over a certain number. So like, three requests per IP, per hour.

Improve this answer

2 Comments

@RonaldStewart, this is the industry standard solution. If you use Apache you can also enable rate-limiting.
apologies - at first only the first paragraph displayed.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.