A bot probably wouldn't accept cookies so I'll rule that option out. How about adding a hidden form field containing the user's last post?

Wwll it's not a bot doing it, just annoying users. But I can't have a login for the chat; it would defeat the purpose of it.

Maybe store the post in a session variable? I'm not sure how that would correlate with other users though. Hmm...

With a hidden from field I'd still have to pull out the users last post which would be a database call...I want to avoid doing that because it would bog down the script even more in the long run(it's used a lot, I need to preserve CPU memory on php scripts).

session_start(); //If the session is already started, omit this

if ($_SESSION['last_post'] == $_POST['message'])
{
//Deny message
}
else
{
//Accept message
}

$_SESSION['last_post'] = $_POST['message'];

We need to do something about it. This shouldn't be ignored

Although I would not usually suggest a javascript option, have you thought about moving the processing to the users machine?

I would have thought that most people who are likely to be doing that sort of spam are not likely to be intelligent enough to just turn off javascript.

There will be some that get through, but try it and see. As if your cpu is taking a bit of a hammering this is a solution that doesnt eat any more of your resources.

Sessions would be great, however they will eat up more resources.

[edited by: PHP_Chimp at 8:30 pm (utc) on July 16, 2008]

I found a freeware Java chat for now, my server just can't take the pounding of a PHP/MYSQL chat and I'd rather not switch to a dedicated server until I build up a bankroll first. In due time though.

I did use some sessions, haha no wonder it crashed it the next day.