Changeset 41 for trunk/picture.php


Ignore:
Timestamp:
Jul 26, 2003, 2:38:20 PM (21 years ago)
Author:
z0rglub
Message:

anti-flood system

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/picture.php

    r31 r41  
    288288$lien_image = $cat_directory.$page['file'];
    289289
    290 // calcul de la largeur et de la hauteur
     290// calculation of width and height
    291291if ( $page['width'] == "" )
    292292{
     
    515515  {
    516516    $author = $user['username'];
    517     if ( $_POST['author'] != '' )
    518     {
    519       $author = $_POST['author'];
    520     }
    521     $query = 'INSERT INTO '.PREFIX_TABLE.'comments';
    522     $query.= ' (author,date,image_id,content,validated) VALUES';
    523     $query.= " ('".$author."',".time().",".$page['id'];
    524     $query.= ",'".htmlspecialchars( $_POST['content'], ENT_QUOTES)."'";
    525     if ( !$conf['comments_validation'] or $user['status'] == 'admin' )
    526       $query.= ",'true'";
     517    if ( $_POST['author'] != '' ) $author = $_POST['author'];
     518
     519    // anti-flood system
     520    $reference_date = time() - $conf['anti-flood_time'];
     521    $query = 'SELECT id';
     522    $query.= ' FROM '.PREFIX_TABLE.'comments';
     523    $query.= ' WHERE date > '.$reference_date;
     524    $query.= " AND author = '".$author."'";
     525    $query.= ';';
     526    if ( mysql_num_rows( mysql_query( $query ) ) == 0
     527         or $conf['anti-flood_time'] == 0 )
     528    {
     529      $query = 'INSERT INTO '.PREFIX_TABLE.'comments';
     530      $query.= ' (author,date,image_id,content,validated) VALUES';
     531      $query.= " ('".$author."',".time().",".$page['id'];
     532      $query.= ",'".htmlspecialchars( $_POST['content'], ENT_QUOTES)."'";
     533      if ( !$conf['comments_validation'] or $user['status'] == 'admin' )
     534        $query.= ",'true'";
     535      else
     536        $query.= ",'false'";
     537      $query.= ');';
     538      mysql_query( $query );
     539      // information message
     540      $vtp->addSession( $handle, 'information' );
     541      $message = $lang['comment_added'];
     542      if ( $conf['comments_validation'] and $user['status'] != 'admin' )
     543      {
     544        $message.= '<br />'.$lang['comment_to_validate'];
     545      }
     546      $vtp->setVar( $handle, 'information.content', $message );
     547      $vtp->closeSession( $handle, 'information' );
     548    }
    527549    else
    528       $query.= ",'false'";
    529     $query.= ');';
    530     mysql_query( $query );
    531     $vtp->addSession( $handle, 'information' );
    532     $message = $lang['comment_added'];
    533     if ( $conf['comments_validation'] and $user['status'] != 'admin' )
    534     {
    535       $message.= '<br />'.$lang['comment_to_validate'];
    536     }
    537     $vtp->setVar( $handle, 'information.content', $message );
    538     $vtp->closeSession( $handle, 'information' );
     550    {
     551      // information message
     552      $vtp->addSession( $handle, 'information' );
     553      $message = $lang['comment_anti-flood'];
     554      $vtp->setVar( $handle, 'information.content', $message );
     555      $vtp->closeSession( $handle, 'information' );
     556    }
    539557  }
    540558  // comment deletion
Note: See TracChangeset for help on using the changeset viewer.