diff --git a/README.md b/README.md index 7678db9..0381872 100644 --- a/README.md +++ b/README.md @@ -113,6 +113,8 @@ If your web server is behind a proxy server and `$_SERVER['REMOTE_ADDR']` only c Should your database tables for this library need a common prefix, e.g. `my_users` instead of `users` (and likewise for the other tables), pass the prefix (e.g. `my_`) as the third parameter to the constructor, which is named `$dbTablePrefix`. This is optional and the prefix is empty by default. +During development, you may want to disable the request limiting or throttling performed by this library. To do so, pass `false` to the constructor as the fourth argument, which is named `$throttling`. The feature is enabled by default. + ### Registration (sign up) ```php diff --git a/src/Auth.php b/src/Auth.php index ac5f4ca..0ff2e59 100644 --- a/src/Auth.php +++ b/src/Auth.php @@ -26,6 +26,8 @@ final class Auth extends UserManager { /** @var string the user's current IP address */ private $ipAddress; + /** @var bool whether throttling should be enabled (e.g. in production) or disabled (e.g. during development) */ + private $throttling; /** @var string the name of the cookie used for the 'remember me' feature */ private $rememberCookieName; @@ -33,11 +35,13 @@ final class Auth extends UserManager { * @param PdoDatabase|PdoDsn|\PDO $databaseConnection the database connection to operate on * @param string $ipAddress the IP address that should be used instead of the default setting (if any), e.g. when behind a proxy * @param string|null $dbTablePrefix (optional) the prefix for the names of all database tables used by this component + * @param bool|null $throttling (optional) whether throttling should be enabled (e.g. in production) or disabled (e.g. during development) */ - public function __construct($databaseConnection, $ipAddress = null, $dbTablePrefix = null) { + public function __construct($databaseConnection, $ipAddress = null, $dbTablePrefix = null, $throttling = null) { parent::__construct($databaseConnection, $dbTablePrefix); $this->ipAddress = !empty($ipAddress) ? $ipAddress : (isset($_SERVER['REMOTE_ADDR']) ? $_SERVER['REMOTE_ADDR'] : null); + $this->throttling = isset($throttling) ? (bool) $throttling : true; $this->rememberCookieName = self::createRememberCookieName(); $this->initSession(); @@ -1533,6 +1537,10 @@ final class Auth extends UserManager { * @throws AuthError if an internal problem occurred (do *not* catch) */ public function throttle(array $criteria, $supply, $interval, $burstiness = null, $simulated = null, $cost = null) { + if (!$this->throttling) { + return $supply; + } + // generate a unique key for the bucket (consisting of 44 or fewer ASCII characters) $key = Base64::encodeUrlSafeWithoutPadding( \hash(