...

View Full Version : PHP Upload Form Spam/Flood



UnSTaBLE
03-14-2007, 09:14 PM
Ok I was wanting to make a php upload form for ppl to upload their images. Now I got this code works perfect only allows image files certain size etc but what I would like to add is code that will only allow them to upload a image once every so often (as I see fit) So I don't get flooded with images.





<?php

define ("MAX_SIZE","50");

function getExtension($str) {
$i = strrpos($str,".");
if (!$i) { return ""; }
$l = strlen($str) - $i;
$ext = substr($str,$i+1,$l);
return $ext;
}

$errors=0;

if(isset($_POST['Submit']))
{

$image=$_FILES['image']['name'];

if ($image)
{

$filename = stripslashes($_FILES['image']['name']);

$extension = getExtension($filename);
$extension = strtolower($extension);

if (($extension != "jpg") && ($extension != "jpeg") && ($extension != "png") && ($extension != "gif"))
{

echo '<h1>Unknown extension!</h1>';
$errors=1;
}
else
{

$size=filesize($_FILES['image']['tmp_name']);

if ($size > MAX_SIZE*1024)
{
echo '<h1>You have exceeded the size limit!</h1>';
$errors=1;
}

$image_name=time().'.'.$extension;

$newname="uploads/".$image_name;

$copied = copy($_FILES['image']['tmp_name'], $newname);
if (!$copied)
{
echo '<h1>Copy unsuccessfull!</h1>';
$errors=1;
}}}}

if(isset($_POST['Submit']) && !$errors)
{
echo "<h1>File Uploaded Successfully! Try again!</h1>";
}

?>

<form name="newad" method="post" enctype="multipart/form-data" action="">
<table>
<tr><td><input type="file" name="image"></td></tr>
<tr><td><input name="Submit" type="submit" value="Upload image"></td></tr>
</table>
</form>

reashlin
03-14-2007, 09:34 PM
you could create a cookie of x time that will only be created once a user posts an image...

then only allow another image to be uploaded once the cookie is gone again...

there are ways around this but it could work partially for what you want

Nightfire
03-14-2007, 09:47 PM
When the file is uploaded, insert a timestamp in a db, along with their username. Then simply check the time before allowing them to upload another one.

Cookies can be deleted and manipulated easily, so don't rely on that

UnSTaBLE
03-14-2007, 10:09 PM
Well see the problem with the username thing is I don't have any registered users. And I don't know how to create a timestamp.

Nightfire
03-14-2007, 10:20 PM
Without having registered users, you're not going to prevent flooding easily. It'll be a mammoth task.

How much php do you know? It'll help when we give you replies, just so we're not baffling you and assuming you know what we're talking about

UnSTaBLE
03-15-2007, 12:38 PM
I don't know much thats for sure. I know enough to get by. I guess I'd put myself between beginner and intermediate in php. I don't believe any of my users will flood me I just want it incase somebody wants to try messing with my site. Thanks

Inigoesdr
03-15-2007, 05:48 PM
Then just store the IP and timestamp. When you load the upload page check the database and don't even show the form so people won't go through the trouble of uploading a file just to be told that it wasn't saved.

UnSTaBLE
03-15-2007, 09:20 PM
Then just store the IP and timestamp. When you load the upload page check the database and don't even show the form so people won't go through the trouble of uploading a file just to be told that it wasn't saved.

Ok sounds good but how do I do this? I know nothing of storing IPs and timestamps. or how do have it check the database before it shows the upload form.



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum