diff --git a/GameEngine/Units.php b/GameEngine/Units.php
index b80ccaac..48d9719c 100755
--- a/GameEngine/Units.php
+++ b/GameEngine/Units.php
@@ -310,7 +310,15 @@ class Units {
             
             $rallyPointLevel = ($village->resarray)['f39'];
             $invalidBuildings = [];
-            
+			
+			//Add Rate Limiting per Player - RECOMMENDED
+            if (!$database->checkAttackRateLimit($session->uid, 30)) {
+			$form->addError("error", "Too many attacks. Please wait.");
+			$_SESSION['errorarray'] = $form->getErrors();
+			header("Location: a2b.php");
+			exit;
+			//Add Rate Limiting per Player - RECOMMENDED
+}
             // fill the array with the invalid buildings
             if($rallyPointLevel >= 3 && $rallyPointLevel < 5){
                 for($i = 1; $i <= 37; $i++){
diff --git a/Templates/Alliance/assignpos.tpl b/Templates/Alliance/assignpos.tpl
index 41624d34..747a002c 100644
--- a/Templates/Alliance/assignpos.tpl
+++ b/Templates/Alliance/assignpos.tpl
@@ -25,7 +25,7 @@ include("alli_menu.tpl");
 								<?php
                                 foreach($memberlist as $member){
                                     //NOT WORKING IF I ACTIVATE THIS LINE 
-					//if($member['id'] != $session->uid && !$database->isAllianceOwner($member['id'])){
+									if($member['id'] != $session->uid && !$database->isAllianceOwner($member['id'])){
                                         echo "<option value=".$member['id'].">".$member['username']."</option>";
                                     }
                                 }
diff --git a/Templates/a2b/attack.tpl b/Templates/a2b/attack.tpl
index 257cda58..4d2fbbf6 100644
--- a/Templates/a2b/attack.tpl
+++ b/Templates/a2b/attack.tpl
@@ -326,5 +326,34 @@ $end = $tribe * 10;
 class="dynamic_img " src="img/x.gif" alt="OK" type="image" onclick="if (this.disabled==false) {document.getElementsByTagName('form')[0].submit();} this.disabled=true;" onLoad="this.disabled=false;"></p>
 
 <?php } ?>
+<script type="text/javascript">
+(function() {
+    var form = document.getElementById('attack_form');
+    var btn = document.getElementById('btn_ok');
+    var submitted = false;
+    
+    if (form && btn) {
+        form.addEventListener('submit', function(e) {
+            if (submitted) {
+                e.preventDefault();
+                return false;
+            }
+            submitted = true;
+            btn.disabled = true;
+            btn.style.opacity = '0.5';
+            btn.style.cursor = 'not-allowed';
+        });
+        
+        // Also prevent multiple clicks
+        btn.addEventListener('click', function(e) {
+            if (submitted) {
+                e.preventDefault();
+                e.stopPropagation();
+                return false;
+            }
+        });
+    }
+})();
+</script>
 </form>
 </div>