From d284b0d50dabef2627ba9e38291f07e736dd0721 Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Tue, 18 Jan 2011 17:11:28 +1100 Subject: [PATCH] flood prevention --- inc/config.php | 12 ++++++++++-- inc/functions.php | 14 ++++++++++++++ post.php | 4 ++++ 3 files changed, 28 insertions(+), 2 deletions(-) diff --git a/inc/config.php b/inc/config.php index ae79edc4..f3906b1b 100644 --- a/inc/config.php +++ b/inc/config.php @@ -44,12 +44,19 @@ // How many seconds before you can post, after the first visit define('LURKTIME', 30, true); + + // How many seconds between each post + define('FLOOD_TIME', 4, true); + // How many seconds between each post with exactly the same content and same IP + define('FLOOD_TIME_IP_SAME', 120, true); + // Same as above but different IP address + define('FLOOD_TIME_SAME', 30, true); // Max body length define('MAX_BODY', 1800, true); define('THREADS_PER_PAGE', 10, true); - define('MAX_PAGES', 5, true); + define('MAX_PAGES', 10, true); define('THREADS_PREVIEW', 5, true); // For development purposes. Turns 'display_errors' on. Not recommended for production. @@ -68,10 +75,11 @@ define('ERROR_NONEXISTANT', 'Thread specified does not exist.', true); define('ERROR_LOCKED', 'Thread locked. You may not reply at this time.', true); define('ERROR_NOPOST', 'You didn\'t make a post.', true); + define('ERROR_FLOOD', 'Flood detected; Post discared.', true); define('ERR_INVALIDIMG','Invalid image.', true); define('ERR_FILESIZE', 'Maximum file size: %maxsz% bytes
Your file\'s size: %filesz% bytes', true); define('ERR_MAXSIZE', 'The file was too big.', true); - define('ERR_INVALIDZIP','Invalid archive!', true); + define('ERR_INVALIDZIP', 'Invalid archive!', true); // Moderator errors define('ERROR_INVALID', 'Invalid username and/or password.', true); diff --git a/inc/functions.php b/inc/functions.php index de188f0b..70a17d23 100644 --- a/inc/functions.php +++ b/inc/functions.php @@ -45,6 +45,20 @@ return $boards; } + function checkFlood($post) { + global $board; + + $query = prepare(sprintf("SELECT * FROM `posts_%s` WHERE (`ip` = :ip AND `time` >= :floodtime) OR (`ip` = :ip AND `body` = :body AND `time` >= :floodsameiptime) OR (`body` = :body AND `time` >= :floodsametime) LIMIT 1", $board['uri'])); + $query->bindValue(':ip', $_SERVER['REMOTE_ADDR']); + $query->bindValue(':body', $post['body'], PDO::PARAM_INT); + $query->bindValue(':floodtime', time()-FLOOD_TIME, PDO::PARAM_INT); + $query->bindValue(':floodsameiptime', time()-FLOOD_TIME_IP_SAME, PDO::PARAM_INT); + $query->bindValue(':floodsametime', time()-FLOOD_TIME_SAME, PDO::PARAM_INT); + $query->execute() or error(db_error($query)); + + return (bool)$query->fetch(); + } + function until($timestamp) { $difference = $timestamp - time(); if($difference < 60) { diff --git a/post.php b/post.php index d2306ca1..66247f4f 100644 --- a/post.php +++ b/post.php @@ -143,6 +143,10 @@ markup($post['body']); + // Check for a flood + if(checkFlood($post)) + error(ERROR_FLOOD); + if($post['has_file']) { // Just trim the filename if it's too long if(strlen($post['filename']) > 30) $post['filename'] = substr($post['filename'], 0, 27).'…';