aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--include/config.inc.php3
-rw-r--r--language/francais.php1
-rw-r--r--picture.php54
3 files changed, 39 insertions, 19 deletions
diff --git a/include/config.inc.php b/include/config.inc.php
index e664d37e5..da0fbf0b8 100644
--- a/include/config.inc.php
+++ b/include/config.inc.php
@@ -47,6 +47,8 @@ $conf['site_url'] = 'http://www.phpwebgallery.net';
$conf['forum_url'] = 'http://forum.phpwebgallery.net';
$conf['picture_ext'] = array('jpg','JPG','gif','GIF','png','PNG');
$conf['document_ext'] = array('doc','pdf','zip');
+$conf['top_number'] = 20;
+$conf['anti-flood_time'] = 60; // seconds between 2 comments : 0 to disable
database_connection();
// rertieving the configuration informations for site
@@ -81,5 +83,4 @@ foreach ( $infos as $info ) {
$conf[$info] = get_boolean( $row[$info] );
}
}
-$conf['top_number'] = 20;
?> \ No newline at end of file
diff --git a/language/francais.php b/language/francais.php
index c0ddce19d..863525b9c 100644
--- a/language/francais.php
+++ b/language/francais.php
@@ -181,6 +181,7 @@ $lang['period_seconds'] = 'secondes par image';
$lang['slideshow_stop'] = 'stopper le diaporama';
$lang['comment_added'] = 'Votre commentaire a été enregistré';
$lang['comment_to_validate'] = 'Un administrateur doit valider votre commentaire pour qu\'il soit visible';
+$lang['comment_anti-flood'] = 'Système anti-flood : attendez un moment avant de déposer un message';
// end version 1.3
// page register
diff --git a/picture.php b/picture.php
index 84c1e18dd..ae8282e1b 100644
--- a/picture.php
+++ b/picture.php
@@ -287,7 +287,7 @@ $vtp->setGlobalVar( $handle, 'title', $intitule_titre.$intitule_file );
$lien_image = $cat_directory.$page['file'];
-// calcul de la largeur et de la hauteur
+// calculation of width and height
if ( $page['width'] == "" )
{
$taille_image = @getimagesize( $lien_image );
@@ -514,28 +514,46 @@ if ( $conf['show_comments'] )
if ( isset( $_POST['content'] ) and $_POST['content'] != '' )
{
$author = $user['username'];
- if ( $_POST['author'] != '' )
+ if ( $_POST['author'] != '' ) $author = $_POST['author'];
+
+ // anti-flood system
+ $reference_date = time() - $conf['anti-flood_time'];
+ $query = 'SELECT id';
+ $query.= ' FROM '.PREFIX_TABLE.'comments';
+ $query.= ' WHERE date > '.$reference_date;
+ $query.= " AND author = '".$author."'";
+ $query.= ';';
+ if ( mysql_num_rows( mysql_query( $query ) ) == 0
+ or $conf['anti-flood_time'] == 0 )
{
- $author = $_POST['author'];
+ $query = 'INSERT INTO '.PREFIX_TABLE.'comments';
+ $query.= ' (author,date,image_id,content,validated) VALUES';
+ $query.= " ('".$author."',".time().",".$page['id'];
+ $query.= ",'".htmlspecialchars( $_POST['content'], ENT_QUOTES)."'";
+ if ( !$conf['comments_validation'] or $user['status'] == 'admin' )
+ $query.= ",'true'";
+ else
+ $query.= ",'false'";
+ $query.= ');';
+ mysql_query( $query );
+ // information message
+ $vtp->addSession( $handle, 'information' );
+ $message = $lang['comment_added'];
+ if ( $conf['comments_validation'] and $user['status'] != 'admin' )
+ {
+ $message.= '<br />'.$lang['comment_to_validate'];
+ }
+ $vtp->setVar( $handle, 'information.content', $message );
+ $vtp->closeSession( $handle, 'information' );
}
- $query = 'INSERT INTO '.PREFIX_TABLE.'comments';
- $query.= ' (author,date,image_id,content,validated) VALUES';
- $query.= " ('".$author."',".time().",".$page['id'];
- $query.= ",'".htmlspecialchars( $_POST['content'], ENT_QUOTES)."'";
- if ( !$conf['comments_validation'] or $user['status'] == 'admin' )
- $query.= ",'true'";
else
- $query.= ",'false'";
- $query.= ');';
- mysql_query( $query );
- $vtp->addSession( $handle, 'information' );
- $message = $lang['comment_added'];
- if ( $conf['comments_validation'] and $user['status'] != 'admin' )
{
- $message.= '<br />'.$lang['comment_to_validate'];
+ // information message
+ $vtp->addSession( $handle, 'information' );
+ $message = $lang['comment_anti-flood'];
+ $vtp->setVar( $handle, 'information.content', $message );
+ $vtp->closeSession( $handle, 'information' );
}
- $vtp->setVar( $handle, 'information.content', $message );
- $vtp->closeSession( $handle, 'information' );
}
// comment deletion
if ( isset( $_GET['del'] )