aboutsummaryrefslogtreecommitdiffstats
path: root/picture.php
diff options
context:
space:
mode:
authorz0rglub <z0rglub@piwigo.org>2003-07-26 12:38:20 +0000
committerz0rglub <z0rglub@piwigo.org>2003-07-26 12:38:20 +0000
commita7eb0781cf7d5e6d3ba5673b2105656c5bca6712 (patch)
tree5fbb1f89f80fac62ecf5b0016c4b3dea31da8a2b /picture.php
parente1c6bb32bc52829b241cf9fd80bf0216935d3faf (diff)
anti-flood system
git-svn-id: http://piwigo.org/svn/trunk@41 68402e56-0260-453c-a942-63ccdbb3a9ee
Diffstat (limited to 'picture.php')
-rw-r--r--picture.php54
1 files changed, 36 insertions, 18 deletions
diff --git a/picture.php b/picture.php
index 84c1e18dd..ae8282e1b 100644
--- a/picture.php
+++ b/picture.php
@@ -287,7 +287,7 @@ $vtp->setGlobalVar( $handle, 'title', $intitule_titre.$intitule_file );
$lien_image = $cat_directory.$page['file'];
-// calcul de la largeur et de la hauteur
+// calculation of width and height
if ( $page['width'] == "" )
{
$taille_image = @getimagesize( $lien_image );
@@ -514,28 +514,46 @@ if ( $conf['show_comments'] )
if ( isset( $_POST['content'] ) and $_POST['content'] != '' )
{
$author = $user['username'];
- if ( $_POST['author'] != '' )
+ if ( $_POST['author'] != '' ) $author = $_POST['author'];
+
+ // anti-flood system
+ $reference_date = time() - $conf['anti-flood_time'];
+ $query = 'SELECT id';
+ $query.= ' FROM '.PREFIX_TABLE.'comments';
+ $query.= ' WHERE date > '.$reference_date;
+ $query.= " AND author = '".$author."'";
+ $query.= ';';
+ if ( mysql_num_rows( mysql_query( $query ) ) == 0
+ or $conf['anti-flood_time'] == 0 )
{
- $author = $_POST['author'];
+ $query = 'INSERT INTO '.PREFIX_TABLE.'comments';
+ $query.= ' (author,date,image_id,content,validated) VALUES';
+ $query.= " ('".$author."',".time().",".$page['id'];
+ $query.= ",'".htmlspecialchars( $_POST['content'], ENT_QUOTES)."'";
+ if ( !$conf['comments_validation'] or $user['status'] == 'admin' )
+ $query.= ",'true'";
+ else
+ $query.= ",'false'";
+ $query.= ');';
+ mysql_query( $query );
+ // information message
+ $vtp->addSession( $handle, 'information' );
+ $message = $lang['comment_added'];
+ if ( $conf['comments_validation'] and $user['status'] != 'admin' )
+ {
+ $message.= '<br />'.$lang['comment_to_validate'];
+ }
+ $vtp->setVar( $handle, 'information.content', $message );
+ $vtp->closeSession( $handle, 'information' );
}
- $query = 'INSERT INTO '.PREFIX_TABLE.'comments';
- $query.= ' (author,date,image_id,content,validated) VALUES';
- $query.= " ('".$author."',".time().",".$page['id'];
- $query.= ",'".htmlspecialchars( $_POST['content'], ENT_QUOTES)."'";
- if ( !$conf['comments_validation'] or $user['status'] == 'admin' )
- $query.= ",'true'";
else
- $query.= ",'false'";
- $query.= ');';
- mysql_query( $query );
- $vtp->addSession( $handle, 'information' );
- $message = $lang['comment_added'];
- if ( $conf['comments_validation'] and $user['status'] != 'admin' )
{
- $message.= '<br />'.$lang['comment_to_validate'];
+ // information message
+ $vtp->addSession( $handle, 'information' );
+ $message = $lang['comment_anti-flood'];
+ $vtp->setVar( $handle, 'information.content', $message );
+ $vtp->closeSession( $handle, 'information' );
}
- $vtp->setVar( $handle, 'information.content', $message );
- $vtp->closeSession( $handle, 'information' );
}
// comment deletion
if ( isset( $_GET['del'] )