Best Practice to Avoid Add Friend Abuse
I have a PHP / CodeIgniter site with basic social functionality that obviously includes an Add Friend link. When this link is clicked, an AJAX call is made in the background, which adds the user associated with the link as a friend of the logged in user. Also, the link transforms into "Remove Friend", which does what it says on the tin ribbon, just like "Add Friend".
When you click Add Friend, a user added as a friend is notified by email that he or she has been added as a friend. Here's my question: I want to avoid spamming the user with these email notifications if the logged in user continues to click "add / remove / add / remove / etc".
My idea is to create a sort of the add history table that has 2 user IDs and a timestamp recorded. And I would only send an email if (current time - timestamp) is greater than a given value. And every time the user re-adds a friend, I would update the timestamp to the current time so that it "enhances" the effectiveness of spam management. With this method, I could also control if the user wants to add too many friends in a given interval.
This table will be deleted from time to time for records with a timestamp in the past than the specified value.
This is my idea, if you have other or use different methods, please share it.
Thanks for reading.
a source to share
Sounds like the best option to me. To keep things simple, I would most likely send an email if the entry exists at all (instead of checking based on the timestamp) and then set up cron to systematically remove old ones - that way you can have a little control (your "marginal" logic will go into cron script, so you can decide whether to delete entries or not based on more complex parameters than just the timestamp - for example, don't delete an entry if a particular user has a lot of activity to stop spammers. You can even be customized or an account, but I have a tendency to overload ...)
As far as I can tell, Facebook has "Add Friend"
→ "Pending request"
. From there, you can't do anything until the other person responds, so you can't spam requests at all, but I guess it depends if you require confirmation on the other end and it depends on your own tastes.
a source to share
I think it's better if you add the add friend option in two directions. So the first user invites someone else to be his / her friend (changing "add friend" is a link to something like an "invite", which is not a link). The other person must then accept the first user as a friend. After that, both users can delete the friendship, but after that, if one of them decides to become a friend again, he can invite the other again. You can specify some kind of validity period for this invitation, or some restrictions (i.e. you can only invite someone else three times) ...
That way, you won't spam users with email (at least because some of them click the link too often) and people have a little more control over who they are friends with. Of course, this approach has some disadvantages (like what to do with ignored prompts, etc.).
The way you describe in your question I think is also a good way to deal with spam, you can also do something like limiting the number of times someone can add another user as a friend (i.e. once a day, three times a week, I don't know, something like that) ..
a source to share