From d7fa727afabf29f8f14824d4b1fc2f2be65bfbc3 Mon Sep 17 00:00:00 2001
From: nikrou <nikrou@piwigo.org>
Date: Fri, 25 Jun 2010 19:45:19 +0000
Subject: Bug 1744 fixed : Incorrect use of timezone with SQLite Fixed
 anti-flood system.

Merge from trunk

git-svn-id: http://piwigo.org/svn/branches/2.1@6605 68402e56-0260-453c-a942-63ccdbb3a9ee
---
 admin/intro.php                              |  4 ++--
 include/dblayer/functions_mysql.inc.php      |  6 +++++-
 include/dblayer/functions_pdo-sqlite.inc.php |  5 +++++
 include/dblayer/functions_pgsql.inc.php      |  5 +++++
 include/dblayer/functions_sqlite.inc.php     |  5 +++++
 include/functions_comment.inc.php            | 10 ++++++----
 6 files changed, 28 insertions(+), 7 deletions(-)

diff --git a/admin/intro.php b/admin/intro.php
index e640feedc..112d33fe1 100644
--- a/admin/intro.php
+++ b/admin/intro.php
@@ -126,7 +126,7 @@ if ($conf['show_newsletter_subscription']) {
 
 $php_current_timestamp = date("Y-m-d H:i:s");
 $db_version = pwg_get_db_version();
-list($db_current_timestamp) = pwg_db_fetch_row(pwg_query('SELECT CURRENT_TIMESTAMP;'));
+list($db_current_date) = pwg_db_fetch_row(pwg_query('SELECT now();'));
 
 $query = '
 SELECT COUNT(*)
@@ -215,7 +215,7 @@ $template->assign(
     'U_CHECK_UPGRADE' => PHPWG_ROOT_PATH.'admin.php?action=check_upgrade',
     'U_PHPINFO' => PHPWG_ROOT_PATH.'admin.php?action=phpinfo',
     'PHP_DATATIME' => $php_current_timestamp,
-    'DB_DATATIME' => $db_current_timestamp,
+    'DB_DATATIME' => $db_current_date,
     )
   );
 
diff --git a/include/dblayer/functions_mysql.inc.php b/include/dblayer/functions_mysql.inc.php
index 5e0c4dcd4..aa56e1f98 100644
--- a/include/dblayer/functions_mysql.inc.php
+++ b/include/dblayer/functions_mysql.inc.php
@@ -560,7 +560,6 @@ function boolean_to_string($var)
  *
  */
 
-
 function pwg_db_get_recent_period_expression($period, $date='CURRENT_DATE')
 {
   if ($date!='CURRENT_DATE')
@@ -580,6 +579,11 @@ SELECT '.pwg_db_get_recent_period_expression($period);
   return $d;
 }
 
+function pwg_db_get_flood_period_expression($seconds)
+{
+  return 'SUBDATE(now(), INTERVAL '.$seconds.' SECOND)';
+}
+
 function pwg_db_get_hour($date) 
 {
   return 'hour('.$date.')';
diff --git a/include/dblayer/functions_pdo-sqlite.inc.php b/include/dblayer/functions_pdo-sqlite.inc.php
index ea47564f0..ce02af55c 100644
--- a/include/dblayer/functions_pdo-sqlite.inc.php
+++ b/include/dblayer/functions_pdo-sqlite.inc.php
@@ -499,6 +499,11 @@ function pwg_db_get_recent_period($period, $date='CURRENT_DATE')
   return $d;
 }
 
+function pwg_db_get_flood_period_expression($seconds)
+{
+  return 'datetime(\'now\', \'localtime\', \''.-$seconds.' seconds\')';
+}
+
 function pwg_db_get_hour($date)
 {
   return 'strftime(\'%H\', '.$date.')';
diff --git a/include/dblayer/functions_pgsql.inc.php b/include/dblayer/functions_pgsql.inc.php
index a9f033fc3..598a699f5 100644
--- a/include/dblayer/functions_pgsql.inc.php
+++ b/include/dblayer/functions_pgsql.inc.php
@@ -546,6 +546,11 @@ function pwg_db_get_recent_period($period, $date='CURRENT_DATE')
   return $d;
 }
 
+function pwg_db_get_flood_period_expression($seconds)
+{
+  return 'now() - \''.$seconds.' SECOND\'::interval';
+}
+
 function pwg_db_get_hour($date)
 {
   return 'EXTRACT(HOUR FROM '.$date.')';
diff --git a/include/dblayer/functions_sqlite.inc.php b/include/dblayer/functions_sqlite.inc.php
index 7e21e128c..109f5f21d 100644
--- a/include/dblayer/functions_sqlite.inc.php
+++ b/include/dblayer/functions_sqlite.inc.php
@@ -511,6 +511,11 @@ function pwg_db_get_recent_period($period, $date='CURRENT_DATE')
   return $d;
 }
 
+function pwg_db_get_flood_period_expression($seconds)
+{
+  return 'datetime(\'now\', \'localtime\', \''.-$seconds.' seconds\')';
+}
+
 function pwg_db_get_hour($date)
 {
   return 'strftime(\'%H\', '.$date.')';
diff --git a/include/functions_comment.inc.php b/include/functions_comment.inc.php
index 67fc40716..7f2fd9257 100644
--- a/include/functions_comment.inc.php
+++ b/include/functions_comment.inc.php
@@ -133,12 +133,14 @@ SELECT COUNT(*) AS user_exists
 
   if ($comment_action!='reject' and $conf['anti-flood_time']>0 )
   { // anti-flood system
-    $reference_date = date('c', time() - $conf['anti-flood_time']);
+    $reference_date = pwg_db_get_flood_period_expression($conf['anti-flood_time']);
+
     $query = '
-SELECT id FROM '.COMMENTS_TABLE.'
-  WHERE date > \''.$reference_date.'\'
+SELECT count(1) FROM '.COMMENTS_TABLE.'
+  WHERE date > '.$reference_date.'
     AND author_id = '.$comm['author_id'];
-    if ( pwg_db_num_rows( pwg_query( $query ) ) > 0 )
+    list($counter) = pwg_db_fetch_row(pwg_query($query));
+    if ( $counter > 0 )
     {
       array_push( $infos, l10n('Anti-flood system : please wait for a moment before trying to post another comment') );
       $comment_action='reject';
-- 
cgit v1.2.3