Jump to content

Recommended Posts

hello all -

 

I have a social network for the cystic fibrosis community and we've had a spammer the passed couple of days. I have captchas set up and they work well, but in addition to those I want to limit the amount of blogs a user is allowed to post a day.

 

I have been able to count and echo out the amount a user has made, but for some reason, when I use an if statement to stop the blog from posting it still post's. I have been working on this going on hour 8 now and need some major help

 

Thanks in advnace. Here is my code

 

if(isset($_POST['subComposeBlog'])) {

$query = "SELECT COUNT(`id`) FROM `cysticBlogs` WHERE `Author` = '".$auth."' && `date` = NOW() && `status` = 'active'";
$request = mysql_query($query,$connection) or die(mysql_error());
$result = mysql_fetch_array($request);

        $valid = true;



if($_POST['Category'] == "null") {
	$valid = false;
	$error_msgs[] = "Whoops! Please select a category for this blog.";
}

if(empty($_POST['blogTitle'])) { 
	$valid = false;
	$error_msgs[] = "Whoops! Cannot submit a blog without a title,how are you going to attract people's attention to read your masterpiece?";

}

if(empty($_POST['blogBody'])) {
	$valid = false;
	$error_msgs[] = "Whoops! Cannot submit a blog without a body,that would not be a blog now would it?";

}

if($result['COUNT(`id`)'] > 3) {
	$valid = false;
	echo "Whoops! You can only write three blogs per day due to spam";
 }

         if($valid) {

$query = "INSERT INTO `cysticBlogs` (
									`blogTitle`,
									`blogBody`,
									`date`,
									`time`,
									`Author`,
									`Category`
								) VALUES (
									'" . mysql_real_escape_string($_POST['blogTitle']) ."',
									'" . mysql_real_escape_string($_POST['blogBody']) ."',
									'" . date("Y-m-d") ."',
									'" . date("G:i:s") ."',    
									'" . $auth->id ."',
									'" . mysql_real_escape_string($_POST['Category']) ."')";

									mysql_query($query, $connection) or die (mysql_error());
									header("Location: BlogsSecurity.php");

	}
}

Link to comment
https://forums.phpfreaks.com/topic/252165-limiting-number-of-posts-per-user-a-dy/
Share on other sites

"SELECT COUNT(`id`) FROM `cysticBlogs` WHERE `Author` = '".$auth."' && `date` = NOW() && `status` = 'active'";

to

"SELECT COUNT(`id`) as `count  FROM `cysticBlogs` WHERE `Author` = '".$auth."' && `date` = NOW() && `status` = 'active'";

 

if($result['COUNT(`id`)'] > 3) {

to

if($result['count'] > 3)

 

that should do it ...

Yeah, the problem is likely due to the fact that NOW() returns a timestamp (down to the second). You could try and manipulate the value of NOW() and your 'date' field to only be a month-day-year value, but there is an easier solution. Do your count based upon the 'date' being >= the date_sub() of NOW() - 1 day. Not sure of the exact syntax. Let me check.

 

EDIT: IN addition to that your code to test the results isn't doing anything.

 

OK< I have rewritten what you had. Here are some things to note:

 

1. You should pre-process the post data to trim the values. Otherwise a value of nothing but spaces would pass validation.

2. No need to use a $valid variable. Just check the count() of the $error_msgs array.

3. I would only run the DB check to see if the user had exceeded the daily limit if all the other validations passed. DB transactions are costly and should only be done if necessary.

4. You have two separate fields for date and time. You could use a timestamp field that is automatically populated when the record is created. Then you don't need to include it in the INSERT statement - it just happens automatically. If you do this, then you would use the follwing int he query to get the posts for the last 24 hours AND `date` >= DATE_SUB(NOW(), INTERVAL 1 DAY)

5. If you stick with separate fields for date and time, then you would use AND `date` = CURDATE()

 

There might be some minor errors, but give this a try

$allowed_posts_per_day = 3

if(isset($_POST['subComposeBlog']))
{
    //Preprocess post vars
    $category = (isset($_POST['Category']))  ? trim($_POST['Category']) : '';
    $title    = (isset($_POST['blogTitle'])) ? trim($_POST['blogTitle']) : '';
    $body     = (isset($_POST['blogBody']))  ? trim($_POST['blogBody']) : '';
    //Create error array
    $error_msgs = array();

    if(empty($category) || $category=='null')
    {
        $error_msgs[] = "Whoops! Please select a category for this blog.";
    }
    if(empty($title))
    { 
        $error_msgs[] = "Whoops! Cannot submit a blog without a title, how are you going to attract people's attention to read your masterpiece?";
    }
    if(empty($body))
    {
        $error_msgs[] = "Whoops! Cannot submit a blog without a body,that would not be a blog now would it?";
    }

    if(count($error_msgs) == 0)
    {
        //Get number of posts by user in last 24 hours
        $query = "SELECT COUNT(`id`)
                  FROM `cysticBlogs`
                  WHERE `Author` = '{$auth}'
                    AND `date` = CURDATE()
                    AND `status` = 'active'";
        $result = mysql_query($query, $connection) or die(mysql_error());
        $post_count = mysql_result($result, 0);

        if($post_count > $allowed_posts_per_day)
        {
            $error_msgs[] = "Whoops! You can only write three blogs per day due to spam";
        }
    }

    if(count($error_msgs) > 0)
    {
        //There were errors
        echo "The following errors occured:\n";
        echo "<ul>\n";
        foreach($error_msgs as $error)
        {
            echo "<li>$error</li>\n";
        }
        echo "</ul>\n";
    }
    else
    {
        //No errors, insert post
        $query = "INSERT INTO `cysticBlogs`
                      (`blogTitle`, `blogBody`, `date`, `time`, `Author`, `Category`)
                  VALUES ('" . mysql_real_escape_string($title) ."',
                          '" . mysql_real_escape_string($body) ."',
                          '" . date("Y-m-d") ."',
                          '" . date("G:i:s") ."',    
                          '" . $auth->id ."',
                          '" . mysql_real_escape_string($category). "'";
                                        
        mysql_query($query, $connection) or die (mysql_error());
        header("Location: BlogsSecurity.php");
    }
}

 

EDIT: I just realized that you REALLY need to change how you are storing your dates. If you are using PHP to generate the dates, then you can't rely upon MySQL to run any queries using dates since the PHP server and MySQL server can have different date/time settings. Use MySQL to set and work with the dates.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.