comment 10 second minimum wait time between posts spam protection help

[Minimeallolla]

I have a comment section that is secure against everything except spam..

Is there anyway to do like a 10second minimum wait time between posts?

 

[Adam]

You could use a session variable to store a timestamp 10 seconds in the future. Set that as they make a post, and validate them by checking if the variable has been set, or if the value is more than the current time:

 

if (!isset($_SESSION['post_expire']) || $_SESSION['post_expire'] > time())
{
    // make post
    // ...

    // set post expire
    $_SESSION['post_expire'] = strtotime('now + 10 seconds');
}
else
{
    // user posted last then 10 seconds ago
}

 

Don't forget to start the session with session_start.

[Minimeallolla]

your comments make it so confusing lol \=

where would it go, before the if isset submit or after? \=

[Adam]

Well if you think about it logically, you don't want to try and make the post if the user hasn't submitted the form..? Put it after, and where I put the comment "make post" replace it with your PHP that makes the post. If you have any troubles just post your code.

[Minimeallolla]

so where you put //make post i put if (isset($_POST[;submit;]) )?

well this is my code, im sure you just putting it in will save lots of time explainning and blabla lol \=

if (isset($_POST['submit'])) {

$check = mysql_query("SELECT active FROM users WHERE active ='1' AND username='$username'") or die(mysql_error());

$check2 = mysql_num_rows($check);
if ($check2 != 1) {
       die('You are not allowed to comment untill your account is activated.');
   }else{

$comment = mysql_real_escape_string(stripslashes(trim($_POST['comment'])));

$insert = "INSERT INTO homecomments (username, comment)
VALUES ('[$username]', '[$comment]')";

$add_member = mysql_query($insert);
{
echo "<META HTTP-EQUIV=\"Refresh\" CONTENT=\"1; URL=index.php\">";
  }
}
} 

[Adam]

No. As I said you want to validate the timestamp after you've checked if the form was submitted, and handle the error as you have done previously. In your case:

 

session_start(); // note this!

if (isset($_POST['submit'])) {

    if (isset($_SESSION['post_expire']) && $_SESSION['post_expire'] > time()) {
        // user posted last then 10 seconds ago
        die('You posted less than 10 seconds ago.');
    }
    
// (...)

 

I flipped the logic within the condition as you're handling the errors differently to as I expected -- which by the way I'd look into exceptions for better error handling when you're ready.

 

At the point at which you make the insert you also need to set/update the session variable for the next time this code is run for that user:

 

    // make post
   $add_member = mysql_query($insert);

    // set post expire
    $_SESSION['post_expire'] = strtotime('now + 10 seconds');

[PFMaBiSmAd]

You cannot use a session to do this.

 

All the visitor/bot script needs to do is drop the existing session id, get another session, and they can post again. You must store the time of the last post using a method that the visitor/bot script does not have the ability to clear.

[Minimeallolla]

ok thanks.