sleep

(PHP 4, PHP 5)

sleep — 延缓执行

说明

int sleep ( int $seconds )

程序延迟执行指定的 seconds 的秒数。

参数

seconds: 暂停的秒数。

返回值

成功时返回 0，错误时返回 FALSE。

如果函数的调用被一个信号中止，sleep() 会返回一个非零的值。在Windows上，该值总是 192（即Windows API常量WAIT_IO_COMPLETION的值）。其他平台上，该返回值是剩余未sleep的秒数。

错误/异常

如果指定的 seconds 是负数，该函数会产生一个 E_WARNING 级别的错误。

更新日志

版本	说明
5.3.4	在PHP 5.3.4之前，Windows平台下无论 sleep() 是否成功调用，总是会返回一个 `NULL`。

范例

Example #1 sleep() 的例子


<?php

// current time
echo date('h:i:s') . "\n";

// sleep for 10 seconds
sleep(10);

// wake up !
echo date('h:i:s') . "\n";

?>

该例子会在休眠10秒后输出。

05:31:23
05:31:33

参见

usleep() - 以指定的微秒数延迟执行
time_nanosleep() - 延缓执行若干秒和纳秒
time_sleep_until() - 使脚本睡眠到指定的时间为止。
set_time_limit() - 设置脚本最大执行时间

PHP手册 - N: 延缓执行

用户评论:

Bryan (09-Apr-2012 04:00)

You should not use sleep() to prevent brute force attacks. This approach does nothing to stop an attacker, and is more likely to result in DOSing your website.

cyril dot garsaud at gmail dot com (27-Jan-2012 04:31)

@Barlow: Nope, the attacker could still send a big ammount of POST requests and one of them may work. What we need to do is slow down his session until he succeeds. <?php session_start(); if(isset($_SESSION['failed'])) sleep(2); public function handle_login() { if($uid = user::check_password($_REQUEST['email'], $_REQUEST['password'])) { session_destroy(); return self::authenticate_user($uid); } else { $_SESSION['failed'] = 1; return self::login_failed(); } } ?>

barlow at fhtsolutions dot com (24-Sep-2011 02:33)

You should put sleep into both the pass and fail branches, since an attacker can check whether the response is slow and use that as an indicator - cutting down the delay time. But a delay in both branches eliminates this possibility.

code {@} ashleyhunt [dot] co [dot] uk (30-Jul-2011 02:31)

A really simple, but effective way of majorly slowing down bruit force attacks on wrong password attempts. In my example below, if the end-user gets the password correct, they get to log in at full speed, as expected. For every incorrect password attempt, the users response is delayed by 2 seconds each time; mitigating the chances of a full bruit force attack by a limit of 30 lookups a minute. I hope this very simple approach will help make your web applications that little bit more secure. Ashley <?php public function handle_login() { if($uid = user::check_password($_REQUEST['email'], $_REQUEST['password'])) { return self::authenticate_user($uid); } else { // delay failed output by 2 seconds // to prevent bruit force attacks sleep(2); return self::login_failed(); } } ?>

soulhunter1987 at post dot ru (18-Aug-2010 08:49)

Since sleep() can be interrupted by signals i've made a function which can also be interrupted, but will continue sleeping after the signal arrived (and possibly was handled by callback). It's very useful when you write daemons and need sleep() function to work as long as you 'ordered', but have an ability to accept signals during sleeping. <?php function my_sleep($seconds) { $start = microtime(true); for ($i = 1; $i <= $seconds; $i ++) { @time_sleep_until($start + $i); } } ?>

toddjt78 at msn dot com (10-May-2010 03:39)

Simple function to report the microtime since last called or the microtime since first called. <?php function stopWatch($total = false,$reset = true){ global $first_called; global $last_called; $now_time = microtime(true); if ($last_called === null) { $last_called = $now_time; $first_called = $now_time; } if ($total) { $time_diff = $now_time - $first_called; } else { $time_diff = $now_time - $last_called; } if ($reset) $last_called = $now_time; return $time_diff; } ?> $reset - if true, resets the last_called value to now $total - if true, returns the time since first called otherwise returns the time since last called

jimmy at powerzone dot dk (06-Mar-2010 04:26)

Notice that sleep() delays execution for the current session, not just the script. Consider the following sample, where two computers invoke the same script from a browser, which doesn't do anything but sleep. PC 1 [started 14:00:00]: script.php?sleep=10 // Will stop after 10 secs PC 1 [started 14:00:03]: script.php?sleep=0 // Will stop after 7 secs PC 2 [started 14:00:05]: script.php?sleep=0 // Will stop immediately http://php.net/session_write_close may be used to address this problem.

mohd at Bahrain dot Bz (16-Dec-2009 09:12)

I hope this code will help somebody to solve the problem of not being able to flush or output the buffer to the browser (I use IE7). It may work for you with just [ echo str_repeat(".", 4096); ] and without even using ob_... and flush. <?php ob_start(); ob_implicit_flush(true); //[ OR ] echo "..."; ob_flush(); flush(); set_time_limit(0); function sleep_echo($secs) { $secs = (int) $secs; $buffer = str_repeat(".", 4096); //echo $buffer."\r\n<br />\r\n"; for ($i=0; $i<$secs; $i++) { echo date("H:i:s", time())." (".($i+1).")"."\r\n<br />\r\n".$buffer."\r\n<br />\r\n"; ob_flush(); flush(); sleep(1); //usleep(1000000); } } sleep_echo(30); ob_end_flush(); ?>

f dot schima at ccgmbh dot de (10-Nov-2009 02:48)

Remember that sleep() means "Let PHP time to do some other stuff". That means that sleep() can be interrupted by signals. That is important if you work with pcntl_signal() and friends.

Anonymous (08-Feb-2009 08:32)

This will allow you to use negative values or valuer below 1 second. <?php slaap(0.5); ?> <?php function slaap($seconds) { $seconds = abs($seconds); if ($seconds < 1): usleep($seconds*1000000); else: sleep($seconds); endif; } ?>

webseos at gmail dot com (27-Aug-2008 05:29)

This is a critical thing to use time delay function as sleep() Because a beginner can find that this is not working and he/she will see that all output appearing at a time. A good way to implement this is by using the function - ob_implicit_flush() then you don't need to use flush() function explicitly. A sample code : <?php ob_implicit_flush(true); for($i=0;$i<5;$i++) { $dis=<<<DIS <div style="width:200px; background-color:lime;border:1px; text-align:center;text-decoration:blink;"> $i </div> DIS; echo $dis; sleep(5); //flush(); }

marpetr at gmail dot com (18-Mar-2008 07:41)

Very useful to prevent password brute forcing! Simply add few seconds timeout to login script and the probability to guess the password decreases a lot!

linus at flowingcreativity dot net (08-Jul-2005 04:07)

This may seem obvious, but I thought I would save someone from something that just confused me: you cannot use sleep() to sleep for fractions of a second. This: <?php sleep(0.25) ?> will not work as expected. The 0.25 is cast to an integer, so this is equivalent to sleep(0). To sleep for a quarter of a second, use: <?php usleep(250000) ?>

MPHH (05-Jul-2003 08:33)

Note: The set_time_limit() function and the configuration directive max_execution_time only affect the execution time of the script itself. Any time spent on activity that happens outside the execution of the script such as system calls using system(), the sleep() function, database queries, etc. is not included when determining the maximum time that the script has been running.

hartmut at six dot de (25-Aug-2000 02:38)

it is a bad idea to use sleep() for delayed output effects as 1) you have to flush() output before you sleep 2) depending on your setup flush() will not work all the way to the browser as the web server might apply buffering of its own or the browser might not render output it thinks not to be complete netscape for example will only display complete lines and will not show table parts until the </table> tag arrived so use sleep if you have to wait for events and don't want to burn to much cycles, but don't use it for silly delayed output effects!