MDanz Posted September 8, 2009 Share Posted September 8, 2009 how would i do this? you have to wait 30 seconds to use submit button again for each individual user. like in forums.. u have to wait 30 seconds inbetween posts Quote Link to comment Share on other sites More sharing options...
Adam Posted September 8, 2009 Share Posted September 8, 2009 As the page is processed store the time within a session variable, then when they submit the form you can perform a bit of simple math between the current time() and the time stored within the session to check whether it's exceeded 30 seconds. Quote Link to comment Share on other sites More sharing options...
micmania1 Posted September 8, 2009 Share Posted September 8, 2009 When validating the users submission of the form: $_SESSION['last_clicked'] = strtotime("now"); Check if they are able to submit the form: if ($_SESSION['last_clicked'] < strtotime("-30 seconds")) { // Show Button } else { // Don't show button } Quote Link to comment Share on other sites More sharing options...
PFMaBiSmAd Posted September 8, 2009 Share Posted September 8, 2009 You need to store the time of the last action in a database of some kind (mysql, flat-file...). If you use a session, all someone needs to do is drop the session id, get a new session, and they can bypass the time value that was stored in old session. Quote Link to comment Share on other sites More sharing options...
Adam Posted September 8, 2009 Share Posted September 8, 2009 Clever, clever. I never though of that. Quote Link to comment Share on other sites More sharing options...
MDanz Posted September 8, 2009 Author Share Posted September 8, 2009 ok i have a timestamp in mysql for everything submitted .. here is how i insert a submit... how do i change it so you have to wait 30seconds to insert again. <?php // Create MySQL login values and // set them to your login information. $username = "Master"; $password = "pword"; $host = "localhost"; $database = "db"; // Make the connect to MySQL or die // and display an error. $link = mysql_connect($host, $username, $password); if (!$link) { die('Could not connect: ' . mysql_error()); } // Select your database mysql_select_db ($database); // Make sure the user actually // selected and uploaded a file $username = mysql_real_escape_string($_POST['username']); $hyperlink = mysql_real_escape_string($_POST['hyperlink']); $name = mysql_real_escape_string($_POST['name']); $summary = mysql_real_escape_string($_POST['summary']); $info = mysql_real_escape_string($_POST['info']); $keywords = mysql_real_escape_string($_POST['keywords']); // Create the query and insert // into our database. $query = "INSERT INTO Stacks"; $query .= "(`username`,`hyperlink`,`name`,`summary`,`info`,`keywords`) VALUES ('$username','$hyperlink','$name','$summary','$info','$keywords')"; $results = mysql_query($query, $link); if($query){ print "<br><font color=white>Your webpage has been uploaded. <a href='submit.php'>Return to Submit Page</a></font>"; } else { print "No image selected/uploaded"; } // Close our MySQL Link mysql_close($link); ?> Quote Link to comment Share on other sites More sharing options...
pneudralics Posted September 8, 2009 Share Posted September 8, 2009 how would i do this? you have to wait 30 seconds to use submit button again for each individual user. like in forums.. u have to wait 30 seconds inbetween posts I've done it using cookies. I usually have php check the cookie prior to submitting if they have a cookie more than an x amount of time it gives them an error when they submit. Once they are allowed to submit just update the cookie. Quote Link to comment Share on other sites More sharing options...
MDanz Posted September 9, 2009 Author Share Posted September 9, 2009 how would i do this? you have to wait 30 seconds to use submit button again for each individual user. like in forums.. u have to wait 30 seconds inbetween posts I've done it using cookies. I usually have php check the cookie prior to submitting if they have a cookie more than an x amount of time it gives them an error when they submit. Once they are allowed to submit just update the cookie. how do i do that Quote Link to comment Share on other sites More sharing options...
Adam Posted September 9, 2009 Share Posted September 9, 2009 I've done it using cookies. I usually have php check the cookie prior to submitting if they have a cookie more than an x amount of time it gives them an error when they submit. Once they are allowed to submit just update the cookie. What? That's less secure than the session method! The user could just change or remove the cookie... Quote Link to comment Share on other sites More sharing options...
micmania1 Posted September 9, 2009 Share Posted September 9, 2009 People can hack your cookie by using the address bar of the web browser. Type 'Javascript: alert(document.cookie);' into your address bar and you'll see how easy it is. Your best bet is using the database method. Quote Link to comment Share on other sites More sharing options...
MDanz Posted September 9, 2009 Author Share Posted September 9, 2009 i've applied a timestamp to each reply in the database.. now how do i apply that to the submit button <input type='submit' name='submit' value='Submit'> $posted = $row_data['posted']; <<<this is timestamp how do i do if $posted less than 30 seconds between previous $posted, then don't show submit button Quote Link to comment Share on other sites More sharing options...
pneudralics Posted September 9, 2009 Share Posted September 9, 2009 I've done it using cookies. I usually have php check the cookie prior to submitting if they have a cookie more than an x amount of time it gives them an error when they submit. Once they are allowed to submit just update the cookie. What? That's less secure than the session method! The user could just change or remove the cookie... It's only a 30 second timer. If you really want it to be secure, then probably database. I'm guessing you'll have to record the ip or id of the user and timestamp when the button is clicked. Then compare the ip or id and timestamp when the user comes back to the page. Then again the user might be able to just register another account within 30 seconds and click the submit button or go through a proxy and click the submit button within 30 seconds. Quote Link to comment Share on other sites More sharing options...
Adam Posted September 9, 2009 Share Posted September 9, 2009 I'm generally going to assume registering another account and clicking the submit button, within the 30 seconds, would make no impact to the other account at all. How would a proxy effect it? Quote Link to comment Share on other sites More sharing options...
pneudralics Posted September 9, 2009 Share Posted September 9, 2009 If he recorded the ip. I'm just trying to point out that it's only 30 seconds. Quote Link to comment Share on other sites More sharing options...
Daniel0 Posted September 9, 2009 Share Posted September 9, 2009 You need to store the time of the last action in a database of some kind (mysql, flat-file...). If you use a session, all someone needs to do is drop the session id, get a new session, and they can bypass the time value that was stored in old session. Combine with common anti-CSRF techniques and you'll have fixed it. Quote Link to comment Share on other sites More sharing options...
Adam Posted September 9, 2009 Share Posted September 9, 2009 If he recorded the ip. I'm just trying to point out that it's only 30 seconds. Well yeah, but there must be a reason for needing it. Quite possibly it's used as a form of spam protection though. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.