flood controll

[redarrow]

advane thank you.

can you advise me if i am doing this correctly.

flood is in the database ok like $record['flood'];
[code]
<?php

$time_now=time();

$flood=time()+3600;

if($flood<$time_now){

echo "sorry you next post is in 1 hour sorry";

}

?>

[/code]


my concept off a flood system
when a user post information from a form
insert into the database a flood set to time() now with the users id and so on
then select the $flood from the database and then use the above code format where flood<time()+3600;
meaning can not post untill 1 hour time.

does that seem correct cheers.

[pocobueno1388]

You spelt 'now' wrong...

[code]
if($flood<$time_know){
[/code]

To

[code]
if($flood<$time_now){
[/code]

[redarrow]

is the concept correct not the spelling cheers theo typo thanks.

[ToonMariner]

Not really as if you run that check each time the script runs flood will ALWAYS be greater than time now.

You need to store the time the person last posted in the database, check it and if its greater than the current time MINUS the period you do not wish them to be able to post again then prohibit the post

[Wintergreen]

So set a $_SESSION variable with the time they posted?  That sounds like the easiest way

[redarrow]

Does this look better not tested coded on here for advise ,and cheers and thank you for all your replys.

[code]
<?php session_start();

database_connection

$time_posted=addslashes($_POST['time_posted']);
$flood=addslashes($_POST['flood']);
$message=addslashes($_POST['message']);


$time_posted=time();
$time_posted=strtotime($time_posted);
$time_posted=$_SESSION['time_posted']=$time_posted;

$flood=time()+3600;
$flood=strtotime($flood);
$flood=$_SESSION['flood']=$flood;

if($_POST['submit']){

$query2="SELECT * FROM flood WHERE id='$id'":
$result2=mysql_query($query2)or die("database is dead query2");

while($record=mysql_fetch_assoc($result2)){

if($flood-$record['time_posted']){

echo "Sorry you have to wait 1 hour before posting agin";
exit;

}else{

$query1="INSERT INTO flood (id,time_posted,message)VALUES('$id','$time_posted','$message')";
$result1=mysql_query($query1)or die("database is dead query1");

echo "Please be warned that your next post is in one hour";
exit;
}
}
?>

<form method="POST" action="">
<input type=hidden" name=<?echo $id;?>">
<br>
Please write  message
<br>
<textarea name="message" col="20" rows="20">
<br>
<input type="submit" name="submit" value="send message">
</form>
[/code]

[redarrow]

well i tried it and i dont see why it shouldnt work maybe someone on here can see why cheers.

[Daniel0]

[code]<?php
// we have $last_post_time defined as when the user last posted
if($last_post_time+3600 > time())
{
// user may not post
}
else {
// user may post
}
?>[/code]

[zq29]

[code]<?php session_start();

database_connection //I would imagine this giving you an error

$time_posted=addslashes($_POST['time_posted']);
$flood=addslashes($_POST['flood']);
$message=addslashes($_POST['message']);


$time_posted=time(); //You're overwriting the previously created variable $time_posted
$time_posted=strtotime($time_posted);
$time_posted=$_SESSION['time_posted']=$time_posted; //Not sure what you're trying to do here - It's valid syntax though.

$flood=time()+3600;
$flood=strtotime($flood);
$flood=$_SESSION['flood']=$flood; //Again, valid syntax, but what are you trying to do?

if($_POST['submit']){

$query2="SELECT * FROM flood WHERE id='$id'":
$result2=mysql_query($query2)or die("database is dead query2");

while($record=mysql_fetch_assoc($result2)){

if($flood-$record['time_posted']){ //Will never evaluate to true

echo "Sorry you have to wait 1 hour before posting agin";
exit;

}else{

$query1="INSERT INTO flood (id,time_posted,message)VALUES('$id','$time_posted','$message')";
$result1=mysql_query($query1)or die("database is dead query1");

echo "Please be warned that your next post is in one hour";
exit;
}
}
?>

<form method="POST" action="">
<input type=hidden" name=<?echo $id;?>">
<br>
Please write  message
<br>
<textarea name="message" col="20" rows="20">
<br>
<input type="submit" name="submit" value="send message">
</form>[/code]

[b]EDIT:[/b] I have outlined some potential issues in your code, but Daniel0 has offered you a solution to your problem.

[redarrow]

i got this going to as for test 1 min and works but does it look ok.

thanks dan good code cheers semi

[code]
<?php session_start();

$db=mysql_connect("localhost","xxx","xxx");
mysql_select_db("tester",$db);

$id="00005";

$time_posted=addslashes($_POST['time_posted']);
$flood=addslashes($_POST['flood']);
$message=addslashes($_POST['message']);


$time_posted=time();
$time_posted=$_SESSION['time_posted']=$time_posted;


$flood=$_SESSION['flood']=$flood;



$query2="SELECT * FROM flood WHERE id='$id'";

$result2=mysql_query($query2)or die("database is dead query2");


while($record=mysql_fetch_assoc($result2)){

if($record['time_posted']+60 >time()){

echo "Sorry you have to wait 1 hour before posting agin";
exit;
}
}
if($_POST['submit']){

$query1="INSERT INTO flood (id,time_posted,message)VALUES('$id','$time_posted','$message')";
$result1=mysql_query($query1)or die("database is dead query1");

echo "Please be warned that your next post is in one hour";
exit;

}
?>
<html>
<body>
<form method="POST" action="">
<input type="text" name="id" value="<?echo $id;?>">
<br>
Please write  message
<br>
<input type="text" name="message" >
<br>
<input type="submit" name="submit" value="send message">
</form>
</html>
</body>
[/code]