php & mysql - stopping repetitive posting

[helraizer]

Hi folks,

 

In my script I have this code:

 

<?php

unset($errors);

include ("linesfile.php5");
$filename = "data.line";
set_magic_quotes_runtime(0);

if ($_POST['submit'] && strlen($_POST['input']) < 5) {
    $errors[] .= _NO_5;
}
if ($_POST['submit'] && strlen($_POST['username']) < 3) {
    $errors[] .= _NO_2;
}
$dirty = array('rude word', 'another rude word', 'etc');
        
foreach($dirty AS $bad_word){
          if(preg_match("/$bad_word/i", $_POST['input'])) $errors[]= 'The word you entered, "'.$bad_word.'", has been detected as being offensive; your post has not been submitted. Sorry for any inconvenience.';
          }
          
  
    
        
?>
      		<div class="ddgb_entrybox">
	<table width="100%" border="0" cellspacing="8" cellpadding="0">
	<tr>
    <td width="42%" align="center" valign="top"></td>
	<td align="left" valign="top">
<?php

if (isset($_POST['submit']) && $errors[0] != null) {
    echo "<h2>" . _ERROR . "</h2><ul>";
    foreach ($errors as $f) {
        echo "<li>" . $f . "</li>";
    }
    echo "</ul>";
} elseif ($_POST['submit']) {
    // grab the inputted text
    $text = htmlspecialchars(stripcslashes($_POST['input'] . "\n"));
    $username = htmlspecialchars(stripslashes($_POST['username']));
    $color = $_POST['color'];
    $font = $_POST['font'];
    $ip = $_SERVER['REMOTE_ADDR'] . "\n";
    $ip1 = $_SERVER['REMOTE_ADDR'];
    $time = time();
    $_SESSION['username'] = $username;
    $_SESSION['color'] = $color;
    

    $data[] = "\n" . htmlspecialchars_decode(substr($username, 0, 10));
    $data[] = trim($color);
    $data[] = trim($font);
    $data[] = htmlspecialchars_decode(trim(substr($text, 0, 75)));

      


  //Process the post

    $datafile = new DataFile($filename);
    if (!$datafile->writeNewLine($data))
        die("Error writing to file");

}

?>

 

I have a database set up called `chatbox` with a table `post` having the fields 'time' and 'ip'.

 

The idea: when the user posts, their ip is stored in the database along with the time stamp from when they post using

 

$sql = "INSERT INTO `chatbox`.`post` (`time`, `ip`) VALUES ('$time, $ip)"; //$time being merely time() and $ip being $_SERVER['REMOTE_ADDR'];

$result = mysql_query($sql) or die('Error in SQL: ".mysql_error());

 

I was planning to then query the database to see whether that ip (user) posted within the last 30 seconds ( if($row['time'] < ($time + 30)) { } ) if they have then $errors[] = 'You have already posted once, please wait 30 seconds to post again';  if not then it will post the form.

 

I have the code to use but how would I impliment this into my code?

 

Thanks,

Sam

[craygo]

before your insert check to see if they have posted

 

<?php
$sql = "SELECT `time` FROM `post` WHERE `ip` = '".$_SERVER['REMOTE_ADDR']."' ORDER BY `time` DESC LIMIT 1";
$res = mysql_query($sql) or die(mysql_error());
$found = mysql_num_rows($res);
$row= mysql_fetch_assoc($res);
if(!$found){
// Insert Code


} else {
$current_time = time();
  if(($current_time-$row['time']) <= 30){
  // POsted too soon code


  } else {
  // Insert code


  }
}
?>

 

Ray

[rhodesa]

A tip...if you only care about the last time they posted, make IP your primary key and use:

 

$sql = "REPLACE INTO `chatbox`.`post` (`time`, `ip`) VALUES ('$time, $ip)";

 

Also, set up a cronjob that removes old entries hourly or nightly. This will keep your table lean and speed things up.