Mercurial > hg > isophonics-drupal-site

view core/lib/Drupal/Core/Flood/FloodInterface.php @ 13:5fb285c0d0e3

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Update Drupal core to 8.4.7 via Composer. Security update; I *think* we've been lucky to get away with this so far, as we don't support self-registration which seems to be used by the so-called "drupalgeddon 2" attack that 8.4.5 was vulnerable to.
author Chris Cannam
date Mon, 23 Apr 2018 09:33:26 +0100
parents 4c8ae668cc8c
children
line wrap: on
line source
<?php

namespace Drupal\Core\Flood;

/**
 * Defines an interface for flood controllers.
 */
interface FloodInterface {

  /**
   * Registers an event for the current visitor to the flood control mechanism.
   *
   * @param string $name
   *   The name of an event. To prevent unintended name clashes, it is recommended
   *   to use the module name first in the event name, optionally followed by
   *   a dot and the actual event name (e.g. "mymodule.my_event").
   * @param int $window
   *   (optional) Number of seconds before this event expires. Defaults to 3600
   *   (1 hour). Typically uses the same value as the isAllowed() $window
   *   parameter. Expired events are purged on cron run to prevent the flood
   *   table from growing indefinitely.
   * @param string $identifier
   *   (optional) Unique identifier of the current user. Defaults to the current
   *   user's IP address).
   */
  public function register($name, $window = 3600, $identifier = NULL);

  /**
   * Makes the flood control mechanism forget an event for the current visitor.
   *
   * @param string $name
   *   The name of an event.
   * @param string $identifier
   *   (optional) Unique identifier of the current user. Defaults to the current
   *   user's IP address).
   */
  public function clear($name, $identifier = NULL);

  /**
   * Checks whether a user is allowed to proceed with the specified event.
   *
   * Events can have thresholds saying that each user can only do that event
   * a certain number of times in a time window. This function verifies that
   * the current user has not exceeded this threshold.
   *
   * @param string $name
   *   The name of an event.
   * @param int $threshold
   *   The maximum number of times each user can do this event per time window.
   * @param int $window
   *   (optional) Number of seconds in the time window for this event (default is 3600
   *   seconds, or 1 hour).
   * @param string $identifier
   *   (optional) Unique identifier of the current user. Defaults to the current
   *   user's IP address).
   *
   * @return
   *   TRUE if the user is allowed to proceed. FALSE if they have exceeded the
   *   threshold and should not be allowed to proceed.
   */
  public function isAllowed($name, $threshold, $window = 3600, $identifier = NULL);

  /**
   * Cleans up expired flood events. This method is called automatically on
   * cron run.
   *
   * @see system_cron()
   */
  public function garbageCollection();

}