Jump to content

comment 10 second minimum wait time between posts spam protection help

Minimeallolla

By Minimeallolla
in PHP Coding Help

 Share

Recommended Posts

Adam Advanced Member

Adam

Posted
Posted

You could use a session variable to store a timestamp 10 seconds in the future. Set that as they make a post, and validate them by checking if the variable has been set, or if the value is more than the current time:

 

if (!isset($_SESSION['post_expire']) || $_SESSION['post_expire'] > time())
{
    // make post
    // ...

    // set post expire
    $_SESSION['post_expire'] = strtotime('now + 10 seconds');
}
else
{
    // user posted last then 10 seconds ago
}

 

Don't forget to start the session with session_start.

Adam Advanced Member

Adam

Posted
Posted

Well if you think about it logically, you don't want to try and make the post if the user hasn't submitted the form..? Put it after, and where I put the comment "make post" replace it with your PHP that makes the post. If you have any troubles just post your code.

Minimeallolla Regular Member

Minimeallolla

Posted
  • Author
Posted

so where you put //make post i put if (isset($_POST[;submit;]) )?

well this is my code, im sure you just putting it in will save lots of time explainning and blabla lol \=

if (isset($_POST['submit'])) {

$check = mysql_query("SELECT active FROM users WHERE active ='1' AND username='$username'") or die(mysql_error());

$check2 = mysql_num_rows($check);
if ($check2 != 1) {
       die('You are not allowed to comment untill your account is activated.');
   }else{

$comment = mysql_real_escape_string(stripslashes(trim($_POST['comment'])));

$insert = "INSERT INTO homecomments (username, comment)
VALUES ('[$username]', '[$comment]')";

$add_member = mysql_query($insert);
{
echo "<META HTTP-EQUIV=\"Refresh\" CONTENT=\"1; URL=index.php\">";
  }
}
}

Adam Advanced Member

Adam

Posted
Posted

No. As I said you want to validate the timestamp after you've checked if the form was submitted, and handle the error as you have done previously. In your case:

 

session_start(); // note this!

if (isset($_POST['submit'])) {

    if (isset($_SESSION['post_expire']) && $_SESSION['post_expire'] > time()) {
        // user posted last then 10 seconds ago
        die('You posted less than 10 seconds ago.');
    }
    
// (...)

 

I flipped the logic within the condition as you're handling the errors differently to as I expected -- which by the way I'd look into exceptions for better error handling when you're ready.

 

At the point at which you make the insert you also need to set/update the session variable for the next time this code is run for that user:

 

    // make post
   $add_member = mysql_query($insert);

    // set post expire
    $_SESSION['post_expire'] = strtotime('now + 10 seconds');

PFMaBiSmAd Advanced Member

PFMaBiSmAd

Posted
Posted

You cannot use a session to do this.

 

All the visitor/bot script needs to do is drop the existing session id, get another session, and they can post again. You must store the time of the last post using a method that the visitor/bot script does not have the ability to clear.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.