I have a PHP / CodeIgniter site with basic social functionality which obviously includes an "Add friend" link. When clicking this link an AJAX call is made in the background, which adds the user associated with the link as a friend of the logged in user. Also the link transforms into "Remove friend" which does what it says on the tin, just the way "Add friend" does.
When "Add friend" is clicked the user who's added as a friend is notified via e-mail that he or she has been added as a friend. This is where my question comes in: I want to avoid spamming the user with these notification e-mails if the logged in user keeps clicking add / remove / add / remove / etc.
My idea is to set up sort of an add history table which records the 2 user ids and a timestamp. And I'd only send out an e-mail if the (current time - timestamp) is bigger than a set value. And every time a user would re-add a friend I'd update the timestamp to the current time so it "extends" the valability of the spam control. With this method I could also control if a user wants to add too many friends in a given interval.
This table would be cleared from time to time for records with the timestamp farther away in the past than a given value.
This is my idea, if you have other ones or used different methods please share.
Thanks for reading.
Sounds to me like the best option. To simplify, I'd probably send out the email if the record exists at all (instead of checking based on a timestamp), and then set up a cron to systematically dispose of the old ones - that way you can have a bit more control over the time limits (your "limiting" logic would go into the cron script, so you could decide whether to remove the records or not based on more complicated parameters than just a timestamp - e.g. don't remove the record if a particular user has a large amount of activity, to stop spammers. You could even be user or account-type specific, but I do have a tendency to go overboard...)
As far as I can tell, Facebook has "Add Friend" -> "Pending request". From there, you can't do anything until the other person responds, so you can't spam requests at all, but I guess that depends if you require confirmation on the other end, and it's subject to your own tastes.