diff options
-rw-r--r-- | include/config.inc.php | 3 | ||||
-rw-r--r-- | language/francais.php | 1 | ||||
-rw-r--r-- | picture.php | 54 |
3 files changed, 39 insertions, 19 deletions
diff --git a/include/config.inc.php b/include/config.inc.php index e664d37e5..da0fbf0b8 100644 --- a/include/config.inc.php +++ b/include/config.inc.php @@ -47,6 +47,8 @@ $conf['site_url'] = 'http://www.phpwebgallery.net'; $conf['forum_url'] = 'http://forum.phpwebgallery.net'; $conf['picture_ext'] = array('jpg','JPG','gif','GIF','png','PNG'); $conf['document_ext'] = array('doc','pdf','zip'); +$conf['top_number'] = 20; +$conf['anti-flood_time'] = 60; // seconds between 2 comments : 0 to disable database_connection(); // rertieving the configuration informations for site @@ -81,5 +83,4 @@ foreach ( $infos as $info ) { $conf[$info] = get_boolean( $row[$info] ); } } -$conf['top_number'] = 20; ?>
\ No newline at end of file diff --git a/language/francais.php b/language/francais.php index c0ddce19d..863525b9c 100644 --- a/language/francais.php +++ b/language/francais.php @@ -181,6 +181,7 @@ $lang['period_seconds'] = 'secondes par image'; $lang['slideshow_stop'] = 'stopper le diaporama'; $lang['comment_added'] = 'Votre commentaire a été enregistré'; $lang['comment_to_validate'] = 'Un administrateur doit valider votre commentaire pour qu\'il soit visible'; +$lang['comment_anti-flood'] = 'Système anti-flood : attendez un moment avant de déposer un message'; // end version 1.3 // page register diff --git a/picture.php b/picture.php index 84c1e18dd..ae8282e1b 100644 --- a/picture.php +++ b/picture.php @@ -287,7 +287,7 @@ $vtp->setGlobalVar( $handle, 'title', $intitule_titre.$intitule_file ); $lien_image = $cat_directory.$page['file']; -// calcul de la largeur et de la hauteur +// calculation of width and height if ( $page['width'] == "" ) { $taille_image = @getimagesize( $lien_image ); @@ -514,28 +514,46 @@ if ( $conf['show_comments'] ) if ( isset( $_POST['content'] ) and $_POST['content'] != '' ) { $author = $user['username']; - if ( $_POST['author'] != '' ) + if ( $_POST['author'] != '' ) $author = $_POST['author']; + + // anti-flood system + $reference_date = time() - $conf['anti-flood_time']; + $query = 'SELECT id'; + $query.= ' FROM '.PREFIX_TABLE.'comments'; + $query.= ' WHERE date > '.$reference_date; + $query.= " AND author = '".$author."'"; + $query.= ';'; + if ( mysql_num_rows( mysql_query( $query ) ) == 0 + or $conf['anti-flood_time'] == 0 ) { - $author = $_POST['author']; + $query = 'INSERT INTO '.PREFIX_TABLE.'comments'; + $query.= ' (author,date,image_id,content,validated) VALUES'; + $query.= " ('".$author."',".time().",".$page['id']; + $query.= ",'".htmlspecialchars( $_POST['content'], ENT_QUOTES)."'"; + if ( !$conf['comments_validation'] or $user['status'] == 'admin' ) + $query.= ",'true'"; + else + $query.= ",'false'"; + $query.= ');'; + mysql_query( $query ); + // information message + $vtp->addSession( $handle, 'information' ); + $message = $lang['comment_added']; + if ( $conf['comments_validation'] and $user['status'] != 'admin' ) + { + $message.= '<br />'.$lang['comment_to_validate']; + } + $vtp->setVar( $handle, 'information.content', $message ); + $vtp->closeSession( $handle, 'information' ); } - $query = 'INSERT INTO '.PREFIX_TABLE.'comments'; - $query.= ' (author,date,image_id,content,validated) VALUES'; - $query.= " ('".$author."',".time().",".$page['id']; - $query.= ",'".htmlspecialchars( $_POST['content'], ENT_QUOTES)."'"; - if ( !$conf['comments_validation'] or $user['status'] == 'admin' ) - $query.= ",'true'"; else - $query.= ",'false'"; - $query.= ');'; - mysql_query( $query ); - $vtp->addSession( $handle, 'information' ); - $message = $lang['comment_added']; - if ( $conf['comments_validation'] and $user['status'] != 'admin' ) { - $message.= '<br />'.$lang['comment_to_validate']; + // information message + $vtp->addSession( $handle, 'information' ); + $message = $lang['comment_anti-flood']; + $vtp->setVar( $handle, 'information.content', $message ); + $vtp->closeSession( $handle, 'information' ); } - $vtp->setVar( $handle, 'information.content', $message ); - $vtp->closeSession( $handle, 'information' ); } // comment deletion if ( isset( $_GET['del'] ) |