3 namespace Drupal\Core\Flood;
5 use Drupal\Core\Database\SchemaObjectExistsException;
6 use Symfony\Component\HttpFoundation\RequestStack;
7 use Drupal\Core\Database\Connection;
10 * Defines the database flood backend. This is the default Drupal backend.
12 class DatabaseBackend implements FloodInterface {
15 * The database table name.
17 const TABLE_NAME = 'flood';
20 * The database connection used to store flood event information.
22 * @var \Drupal\Core\Database\Connection
24 protected $connection;
29 * @var \Symfony\Component\HttpFoundation\RequestStack
31 protected $requestStack;
34 * Construct the DatabaseBackend.
36 * @param \Drupal\Core\Database\Connection $connection
37 * The database connection which will be used to store the flood event
39 * @param \Symfony\Component\HttpFoundation\RequestStack $request_stack
40 * The request stack used to retrieve the current request.
42 public function __construct(Connection $connection, RequestStack $request_stack) {
43 $this->connection = $connection;
44 $this->requestStack = $request_stack;
50 public function register($name, $window = 3600, $identifier = NULL) {
51 if (!isset($identifier)) {
52 $identifier = $this->requestStack->getCurrentRequest()->getClientIp();
56 $this->doInsert($name, $window, $identifier);
58 catch (\Exception $e) {
59 $try_again = $this->ensureTableExists();
65 $this->doInsert($name, $window, $identifier);
70 * Inserts an event into the flood table
73 * The name of an event.
75 * Number of seconds before this event expires.
76 * @param string $identifier
77 * Unique identifier of the current user.
79 * @see \Drupal\Core\Flood\DatabaseBackend::register
81 protected function doInsert($name, $window, $identifier) {
82 $this->connection->insert(static::TABLE_NAME)
85 'identifier' => $identifier,
86 'timestamp' => REQUEST_TIME,
87 'expiration' => REQUEST_TIME + $window,
95 public function clear($name, $identifier = NULL) {
96 if (!isset($identifier)) {
97 $identifier = $this->requestStack->getCurrentRequest()->getClientIp();
100 $this->connection->delete(static::TABLE_NAME)
101 ->condition('event', $name)
102 ->condition('identifier', $identifier)
105 catch (\Exception $e) {
106 $this->catchException($e);
113 public function isAllowed($name, $threshold, $window = 3600, $identifier = NULL) {
114 if (!isset($identifier)) {
115 $identifier = $this->requestStack->getCurrentRequest()->getClientIp();
118 $number = $this->connection->select(static::TABLE_NAME, 'f')
119 ->condition('event', $name)
120 ->condition('identifier', $identifier)
121 ->condition('timestamp', REQUEST_TIME - $window, '>')
125 return ($number < $threshold);
127 catch (\Exception $e) {
128 $this->catchException($e);
136 public function garbageCollection() {
138 $return = $this->connection->delete(static::TABLE_NAME)
139 ->condition('expiration', REQUEST_TIME, '<')
142 catch (\Exception $e) {
143 $this->catchException($e);
148 * Check if the flood table exists and create it if not.
150 protected function ensureTableExists() {
152 $database_schema = $this->connection->schema();
153 if (!$database_schema->tableExists(static::TABLE_NAME)) {
154 $schema_definition = $this->schemaDefinition();
155 $database_schema->createTable(static::TABLE_NAME, $schema_definition);
159 // If another process has already created the table, attempting to create
160 // it will throw an exception. In this case just catch the exception and do
162 catch (SchemaObjectExistsException $e) {
169 * Act on an exception when flood might be stale.
171 * If the table does not yet exist, that's fine, but if the table exists and
172 * yet the query failed, then the flood is stale and the exception needs to
180 protected function catchException(\Exception $e) {
181 if ($this->connection->schema()->tableExists(static::TABLE_NAME)) {
187 * Defines the schema for the flood table.
189 public function schemaDefinition() {
191 'description' => 'Flood controls the threshold of events, such as the number of contact attempts.',
194 'description' => 'Unique flood event ID.',
199 'description' => 'Name of event (e.g. contact).',
200 'type' => 'varchar_ascii',
206 'description' => 'Identifier of the visitor, such as an IP address or hostname.',
207 'type' => 'varchar_ascii',
213 'description' => 'Timestamp of the event.',
219 'description' => 'Expiration timestamp. Expired events are purged on cron run.',
225 'primary key' => ['fid'],
227 'allow' => ['event', 'identifier', 'timestamp'],
228 'purge' => ['expiration'],