RalphLeMouf Posted November 30, 2011 Share Posted November 30, 2011 hello all - I have a social network for the cystic fibrosis community and we've had a spammer the passed couple of days. I have captchas set up and they work well, but in addition to those I want to limit the amount of blogs a user is allowed to post a day. I have been able to count and echo out the amount a user has made, but for some reason, when I use an if statement to stop the blog from posting it still post's. I have been working on this going on hour 8 now and need some major help Thanks in advnace. Here is my code if(isset($_POST['subComposeBlog'])) { $query = "SELECT COUNT(`id`) FROM `cysticBlogs` WHERE `Author` = '".$auth."' && `date` = NOW() && `status` = 'active'"; $request = mysql_query($query,$connection) or die(mysql_error()); $result = mysql_fetch_array($request); $valid = true; if($_POST['Category'] == "null") { $valid = false; $error_msgs[] = "Whoops! Please select a category for this blog."; } if(empty($_POST['blogTitle'])) { $valid = false; $error_msgs[] = "Whoops! Cannot submit a blog without a title,how are you going to attract people's attention to read your masterpiece?"; } if(empty($_POST['blogBody'])) { $valid = false; $error_msgs[] = "Whoops! Cannot submit a blog without a body,that would not be a blog now would it?"; } if($result['COUNT(`id`)'] > 3) { $valid = false; echo "Whoops! You can only write three blogs per day due to spam"; } if($valid) { $query = "INSERT INTO `cysticBlogs` ( `blogTitle`, `blogBody`, `date`, `time`, `Author`, `Category` ) VALUES ( '" . mysql_real_escape_string($_POST['blogTitle']) ."', '" . mysql_real_escape_string($_POST['blogBody']) ."', '" . date("Y-m-d") ."', '" . date("G:i:s") ."', '" . $auth->id ."', '" . mysql_real_escape_string($_POST['Category']) ."')"; mysql_query($query, $connection) or die (mysql_error()); header("Location: BlogsSecurity.php"); } } Quote Link to comment Share on other sites More sharing options...
blacknight Posted November 30, 2011 Share Posted November 30, 2011 after echo "Whoops! You can only write three blogs per day due to spam"; return; most like ly it will stop the script send send a finish tokem back for the function Quote Link to comment Share on other sites More sharing options...
RalphLeMouf Posted November 30, 2011 Author Share Posted November 30, 2011 unfortunately that did not work Quote Link to comment Share on other sites More sharing options...
blacknight Posted November 30, 2011 Share Posted November 30, 2011 "SELECT COUNT(`id`) FROM `cysticBlogs` WHERE `Author` = '".$auth."' && `date` = NOW() && `status` = 'active'"; to "SELECT COUNT(`id`) as `count FROM `cysticBlogs` WHERE `Author` = '".$auth."' && `date` = NOW() && `status` = 'active'"; if($result['COUNT(`id`)'] > 3) { to if($result['count'] > 3) that should do it ... Quote Link to comment Share on other sites More sharing options...
RalphLeMouf Posted November 30, 2011 Author Share Posted November 30, 2011 bummer...no dice. Quote Link to comment Share on other sites More sharing options...
blacknight Posted December 1, 2011 Share Posted December 1, 2011 what date for mat does your NOW() function spit out... Quote Link to comment Share on other sites More sharing options...
RalphLeMouf Posted December 1, 2011 Author Share Posted December 1, 2011 that is a wonderful question. I'm assuming I should put the date in a variable and echo it out to see... Quote Link to comment Share on other sites More sharing options...
Psycho Posted December 1, 2011 Share Posted December 1, 2011 Yeah, the problem is likely due to the fact that NOW() returns a timestamp (down to the second). You could try and manipulate the value of NOW() and your 'date' field to only be a month-day-year value, but there is an easier solution. Do your count based upon the 'date' being >= the date_sub() of NOW() - 1 day. Not sure of the exact syntax. Let me check. EDIT: IN addition to that your code to test the results isn't doing anything. Quote Link to comment Share on other sites More sharing options...
blacknight Posted December 1, 2011 Share Posted December 1, 2011 because thats your issue and NOW() isnot a php function ..... in my database i use time() spits out in seconds that way (60*60*24) = 1 day time()-(60*60*24) = yesterday this time Quote Link to comment Share on other sites More sharing options...
Psycho Posted December 1, 2011 Share Posted December 1, 2011 OK< I have rewritten what you had. Here are some things to note: 1. You should pre-process the post data to trim the values. Otherwise a value of nothing but spaces would pass validation. 2. No need to use a $valid variable. Just check the count() of the $error_msgs array. 3. I would only run the DB check to see if the user had exceeded the daily limit if all the other validations passed. DB transactions are costly and should only be done if necessary. 4. You have two separate fields for date and time. You could use a timestamp field that is automatically populated when the record is created. Then you don't need to include it in the INSERT statement - it just happens automatically. If you do this, then you would use the follwing int he query to get the posts for the last 24 hours AND `date` >= DATE_SUB(NOW(), INTERVAL 1 DAY) 5. If you stick with separate fields for date and time, then you would use AND `date` = CURDATE() There might be some minor errors, but give this a try $allowed_posts_per_day = 3 if(isset($_POST['subComposeBlog'])) { //Preprocess post vars $category = (isset($_POST['Category'])) ? trim($_POST['Category']) : ''; $title = (isset($_POST['blogTitle'])) ? trim($_POST['blogTitle']) : ''; $body = (isset($_POST['blogBody'])) ? trim($_POST['blogBody']) : ''; //Create error array $error_msgs = array(); if(empty($category) || $category=='null') { $error_msgs[] = "Whoops! Please select a category for this blog."; } if(empty($title)) { $error_msgs[] = "Whoops! Cannot submit a blog without a title, how are you going to attract people's attention to read your masterpiece?"; } if(empty($body)) { $error_msgs[] = "Whoops! Cannot submit a blog without a body,that would not be a blog now would it?"; } if(count($error_msgs) == 0) { //Get number of posts by user in last 24 hours $query = "SELECT COUNT(`id`) FROM `cysticBlogs` WHERE `Author` = '{$auth}' AND `date` = CURDATE() AND `status` = 'active'"; $result = mysql_query($query, $connection) or die(mysql_error()); $post_count = mysql_result($result, 0); if($post_count > $allowed_posts_per_day) { $error_msgs[] = "Whoops! You can only write three blogs per day due to spam"; } } if(count($error_msgs) > 0) { //There were errors echo "The following errors occured:\n"; echo "<ul>\n"; foreach($error_msgs as $error) { echo "<li>$error</li>\n"; } echo "</ul>\n"; } else { //No errors, insert post $query = "INSERT INTO `cysticBlogs` (`blogTitle`, `blogBody`, `date`, `time`, `Author`, `Category`) VALUES ('" . mysql_real_escape_string($title) ."', '" . mysql_real_escape_string($body) ."', '" . date("Y-m-d") ."', '" . date("G:i:s") ."', '" . $auth->id ."', '" . mysql_real_escape_string($category). "'"; mysql_query($query, $connection) or die (mysql_error()); header("Location: BlogsSecurity.php"); } } EDIT: I just realized that you REALLY need to change how you are storing your dates. If you are using PHP to generate the dates, then you can't rely upon MySQL to run any queries using dates since the PHP server and MySQL server can have different date/time settings. Use MySQL to set and work with the dates. Quote Link to comment Share on other sites More sharing options...
RalphLeMouf Posted December 1, 2011 Author Share Posted December 1, 2011 Thanks for all your caring help! I got it to work. I just changed NOW() to CUREDATE() in my existing code and it did it. You think that should reset after 24 hours? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.