flood prevention

This commit is contained in:
Savetheinternet 2011-01-18 17:11:28 +11:00
parent 5c2b7dfe61
commit d284b0d50d
3 changed files with 28 additions and 2 deletions

View File

@ -44,12 +44,19 @@
// How many seconds before you can post, after the first visit
define('LURKTIME', 30, true);
// How many seconds between each post
define('FLOOD_TIME', 4, true);
// How many seconds between each post with exactly the same content and same IP
define('FLOOD_TIME_IP_SAME', 120, true);
// Same as above but different IP address
define('FLOOD_TIME_SAME', 30, true);
// Max body length
define('MAX_BODY', 1800, true);
define('THREADS_PER_PAGE', 10, true);
define('MAX_PAGES', 5, true);
define('MAX_PAGES', 10, true);
define('THREADS_PREVIEW', 5, true);
// For development purposes. Turns 'display_errors' on. Not recommended for production.
@ -68,10 +75,11 @@
define('ERROR_NONEXISTANT', 'Thread specified does not exist.', true);
define('ERROR_LOCKED', 'Thread locked. You may not reply at this time.', true);
define('ERROR_NOPOST', 'You didn\'t make a post.', true);
define('ERROR_FLOOD', 'Flood detected; Post discared.', true);
define('ERR_INVALIDIMG','Invalid image.', true);
define('ERR_FILESIZE', 'Maximum file size: %maxsz% bytes<br>Your file\'s size: %filesz% bytes', true);
define('ERR_MAXSIZE', 'The file was too big.', true);
define('ERR_INVALIDZIP','Invalid archive!', true);
define('ERR_INVALIDZIP', 'Invalid archive!', true);
// Moderator errors
define('ERROR_INVALID', 'Invalid username and/or password.', true);

View File

@ -45,6 +45,20 @@
return $boards;
}
function checkFlood($post) {
global $board;
$query = prepare(sprintf("SELECT * FROM `posts_%s` WHERE (`ip` = :ip AND `time` >= :floodtime) OR (`ip` = :ip AND `body` = :body AND `time` >= :floodsameiptime) OR (`body` = :body AND `time` >= :floodsametime) LIMIT 1", $board['uri']));
$query->bindValue(':ip', $_SERVER['REMOTE_ADDR']);
$query->bindValue(':body', $post['body'], PDO::PARAM_INT);
$query->bindValue(':floodtime', time()-FLOOD_TIME, PDO::PARAM_INT);
$query->bindValue(':floodsameiptime', time()-FLOOD_TIME_IP_SAME, PDO::PARAM_INT);
$query->bindValue(':floodsametime', time()-FLOOD_TIME_SAME, PDO::PARAM_INT);
$query->execute() or error(db_error($query));
return (bool)$query->fetch();
}
function until($timestamp) {
$difference = $timestamp - time();
if($difference < 60) {

View File

@ -143,6 +143,10 @@
markup($post['body']);
// Check for a flood
if(checkFlood($post))
error(ERROR_FLOOD);
if($post['has_file']) {
// Just trim the filename if it's too long
if(strlen($post['filename']) > 30) $post['filename'] = substr($post['filename'], 0, 27).'…';