Forum Moderators: coopster
I`m trying to implement some kind of flood control feature in this guestbook script I`m writing. I figured the best way would be to create a timestamp, then compare the current time to that with the info set for amount of time to pass before someone can post again.
I`ve done it as a function as follows:
function floodControl() {
global $useripaddress;
$query = "SELECT post_timestamp FROM mg_visitors WHERE post_ipaddress = '$useripaddress'";
$result = mysql_query($query);
$row = mysql_fetch_array($result);if ($row)
{
$timedata = $row['post_timestamp'];
$query = "SELECT s_flood FROM mg_security";
$result = mysql_query($query);
$flood = mysql_fetch_array($result);
$time = $flood['s_flood'];if (time() - $timedata < ($time * 60))
{
echo "Flood Control Enabled";
exit;}
}else
{
return false;
}
}
The row [s_flood] contains the value 1 for 1 minute. This is assigned to the variable $time.
Problem is when I click "Sign", all I get is the message "Flood Control Enabled". I wait a minute but still cannot sign. I`m a little unsure about the time() function, so maybe I`ve screwed up.
Anyone have any ideas or know a better way to do this?
Thanks.
time() returns the number of seconds since Unix Epoch (January 1 1970 00:00:00 GMT)
I can't see what is causing the problem. Note that it relies on post_timestamp to be the same format as what time() returns, so perhaps echo post_timestamp to see what it is set to. If that is not it, perhaps someone with sharper eyes will come along soon.
The other thing to look at is how you are calling floodControl(). What are you assuming its return value to be?
Shawn
I`ve echoed the value of post_timestamp and it came out as follows:
20030622120554
I`m using the function in the if statement that executes if the "Sign" button is pressed. So, something like:
if ($_REQUEST['sign'])
{
The first part of the code checks to see if certain fields aren`t empty. The row s_flood contains the value 1, if this is set to 0 its disabled, if not then the floodControl() function activates....ie
if ($row['s_flood']>0)
{
floodControl();
}
echo "Thank you, your entry has been added";
exit;}
Obviously there`s more to the code, but you get the picture.
Thanks!
Looking at it, it seems that post_timestamp is a string, with the format yyyymmddhhmmss, whereas time() is an integer representing the number of seconds since the unix epoch.
So you could either change what you store in post_timestamp or else, when you do the check in floodControl(), extract the year, month, date, hours, min, seconds from post_timestamp, and use them to create an integer which is comparable to what time() returns, by passing them as arguments to mktime() (or gmmktime() if the post_timestamp is not in GMT).
Hope that makes sense.
Shawn
Hopefully I can get is sorted out.
:)
$query = "SELECT DATE_FORMAT(post_timestamp,'%Y-%m-%d %H:%i:%s') FROM mg_visitors WHERE post_ipaddress = '$useripaddress'";
Then
$timedata = strtotime($row[0]);
Haven't tested it, but should work. See mysql manual [mysql.com] and php manual [php.net] for more.
$flood_min = '600'; // minimum wait between posts, a value of 60 = 1 minute
$ip = $HTTP_SERVER_VARS["REMOTE_ADDR"];
$flood_ip = $ip;check_for_spamming();
function check_for_spamming() {
global $table_name, $ip, $flood_min, $spam;
$result = mysql_query("SELECT user_ip, user_timestamp FROM $table_name WHERE user_ip='$ip' ORDER BY user_timestamp DESC LIMIT 1");
$resulta = mysql_fetch_array($result);
$time = date("YmdHis");
if (($resulta[0] == $ip) && ($time - $flood_min) < ($resulta[1])) {
$spam = "1";
}
}
Basically what's happening is this. The database is queried for the users IP address, all the results returned are sorted by their timestamp, the latest of which is taken and its timestamp field is compared with the current time. If the two times are not a set amount apart, then the post is regarded as spam.
Marc :-)
Again, thank you for the help, appreciate it.
:)
Basically I posted, then tried again and got the error message, then waited a minute and reposted. Cool. However, after that I could post as many times as I wanted. It only worked once. Any ideas?
Afkamm, I`m afraid I couldn`t get yours to work at all. :(
ie.
if ($spam == "1") {
echo "Flooding the guestbook is prohibited!";
} else {
submit_message_into_database();
}Marc :-)
Have you done something with the $spam?
Thanks Marc, I realised that after posting. I`ve got it working fine. Woo Hoo!
This has been doing my head in for ages now.
Thanks again.
:)
For example, I wrote an ecards script and wanted the cards to expire after 20 days, but they were being deleted at 5 days or so. Tracked the problem down to date() and my ability to not understand large numbers very well :o) time() does the trick as it's all in seconds.
Marc :-)
What I`m also doing as an additional bit of security is setting a cookie for anyone who may be on a Proxy server and who`s IP addy changes each time, such as mine for instance. It was working great, but once I disconnected and reconnected I could post again. Now with the cookie in place it works fine.
Of course some people don`t have cookies enabled, but thats another story. I`m quite happy with the way things are working.
David.
:)
