time between posting into tables?

[liamloveslearning]

hi, im having this problem where when a user sends a form he gets the error message saying he cant post for another 15 seconds, despit waiting 10 minutes it still appears, Ive checked all my code and it seems fine, is there any flaw's noticeable to anybody else?

 

<?php
session_start();
$user = $_SESSION['kt_login_id'];
    
    //Are they logged in or not?
    if(!$user)
        {
        echo "<br><p>Blah blah you arent logged in and stuff, you should do that or something</p><br>";
        }
        
    else
        {
        //Get your private message count
        $sql = mysql_query ("SELECT pm_count FROM members WHERE member_id='$user'");
        $row = mysql_fetch_array ($sql);
        $pm_count = $row['pm_count'];
        
        $percent = $pm_count/'50';
        $percent = $percent * '100';
        ?><?php
        //So here we get the variable submitted through the form to this page
        $reciever = $_POST['username'];
        $subject = $_POST['subject'];
        $message = $_POST['message'];
        $error = '0';
        
        //If they are all blank we jsut say to compose a message
        if(!$reciever AND !$subject AND !$message)
            {
            ?><?php
            }
        
        //Since this form was partially filled out we need to return an error message
        else
            {
            if (!$reciever)
                {
                $error = 'You must enter a reciever to your message';
                }
            
            if (!$subject)
                {
                $error = 'You must enter a subject';
                }
            
            if (!$message)
                {
                $error = 'You must enter a message';
                }
            
            //If the variable error is not set to zero, we have a problem and should show the error message
            if($error != '0')
                {
                echo "<p>$error</p><br>";
                }
            
            //There are no errors so far which means the form is completely filled out    
            else
                {
                //Are the trying to send a message to a real user or to something they just made up?
                $user_check = mysql_query("SELECT member_id FROM members WHERE member_id='$reciever'");
                $user_check = mysql_num_rows($user_check);
                
                //The user is real and not made up if this is true
                if($user_check > '0')
                    {
                    
                    
                    //If the two times have a difference greater or equal to 15, which is 15 seconds, they can submit the message, this is for flood protection
                    if($difference >= '15')
                        {
                        //Get their private message count
                        $sql = mysql_query ("SELECT pm_count FROM members WHERE member_id='$reciever'");
                        $row = mysql_fetch_array ($sql);
                        $pm_count = $row['pm_count'];
                        
                        //You cant have more than 50 private messages, if they try sending a message to a user with a full inbox return an error message
                        if(pm_count == '50')
                            {
                            $error = 'The user you are trying to send a message to has 50 private messages, sorry but we cant send your message untill that user deletes some of their messages.';
                            }
                            
                        else
                            {    
                            //And not we stick the message in the database with all the correct information
                            mysql_query("INSERT INTO messages_test (reciever, sender, subject, message) VALUES('$reciever', '$user', '$subject', '$message')") or die (mysql_error());
                            }
                            
                        //Let the user know everything went ok.
                        echo "<p>Message sent successfully!</p>";
                        }
                    
                    //Since they are trying to send messages faster than every 15 seconds, give them an error message    
                    else
                        {
                        $error = 'You must wait 15 seconds before sending another private message';
                        }
                    }
                
                //If they mis spelled or, made up a username, then give an error message telling them its wrong.
                else
                    {
                    $error = 'That username does not exist, please try again. Remember to check your spelling';
                    }
                }
            }
            
        //Since we may have set the error variable to something while trying to send the messae, we need another error check
        if($error != '0')
            {
            echo "<p>$error</p><br>";
            }
            
        else
            {
            //Here's the form for the input
            ?>
            <form name="send" method="post" action="mail_compose.php">
            <table width="100%">
              <tr>
                <td width="89" align="left" valign="top" class="message_rows_subject">Username</td>
                <td width="" align="left" valign="top"><input name="username" type="text" id="username" value="<?php echo "$reciever"; ?>" width="400px"></td>
              </tr>
              
              <tr>
                <td width="89" align="left" valign="top" class="message_rows_subject">Subject</td>
                <td width="" align="left" valign="top"><input name="subject" type="text" id="subject" value="<?php echo "$subject"; ?>" width="400px"></td>
              </tr>
              
              <tr>
                <td width="89" align="left" valign="top" class="message_rows_subject">Message Body</td>
                <td width="" align="left" valign="top"><textarea name="message" type="text" id="message" value="" cols="20" rows="20"style="width:470px;resize:none;"></textarea></td>
              </tr>
                  
              <tr>  
                <td width="89"><input type="submit" name="Submit" value="Send Message" /></td>
                <td> </td>
              </tr>
            </table>
            </center>
      </form>

[rhodesa]

$difference will always be undefined

...cus you never set it

[jonsjava]

beat me to it. We need to see the code that defines $difference

[liamloveslearning]

ah brilliant! thanks

[liamloveslearning]

sorry i misread the last post

 

heres my difference code, seems okay to me? yet it still wont post  :-\

 

      //There might already be a sessioned time variable, if so we need to get it for the flood check
                    $time = $_SESSION['time'];
                    
                    //If there is a time variable already, set it to the varialbe $old_time
                    if($time > '0')
                        {
                        $old_time = $time;
                        }
                    
                    //Here we get the minutes and seconds on the server time using the date function, and set that to the $time variable
                    //Now we find the difference between this time ($time) and the time that the page was submitted ($old_time)
                    $time = date('is');
                    $difference = $time - $old_time;
                    
                    $_SESSION['time'] = $time;
                    
                    //If the two times have a difference greater or equal to 15, which is 15 seconds, they can submit the message, this is for flood protection
                    if($difference >= '15')
                        {

[rhodesa]

I think you are looking for:

 

if(!$_SESSION['time'] || time()-$_SESSION['time'] > 15){
  $_SESSION['time'] = time();

 

Edit: That should replace all the above code