Hello, I am trying to implent a 'Anti-Flood' protection system on my website.

You can post 5 times in 30 seconds, if you post more it will not allow it and say they need to wait.

It works fine, but after you have posted 5 times, it never allows you to post again, even after 30 seconds...

Here is the function:

function postMessage ($type, $idValue){
// This function handels all the postings, such as comment, form post etc.
// Anti flood, ip logging enabled
// $type = (0 = Content Comment, 1 = Profile Comment, 2 = Forum Comment, 3 = Portal Comment)
// $idValue = What id the comment is for (like member 135 or portal id 742)

$wait_time = 30; // In seconds.
$limit = time() - $wait_time; // this makes a timestamp from exactly five minutes ago.
$check = mysql_query("SELECT COUNT(*) AS result FROM `comment` WHERE `ip` = '".$_SERVER['REMOTE_ADDR']."' AND `timeS` < $limit");
$r = mysql_fetch_array($check, MYSQL_ASSOC);
$number = $r['result'];
$set_amount = 5;
if($number < $set_amount) { // If they're below the limit (i.e. if they're not spammers :P)

$author = $_SESSION['username']; // Get the username
$forType = $type;
$forId = $idValue;
$date = date("F j, Y, g:i a"); // Set the date format
$ip = $_SERVER['REMOTE_ADDR']; // Get the users IP
$content2 = $_POST['content'];
$extra = $_POST['extra'];

if($type == 0){
$forType = 'content';
}
elseif($type == 1){
$forType = 'profile';
}
elseif($type == 2){
$forType = 'forum';
}
elseif($type == 3){
$forType = 'portal';
}

$sql="INSERT INTO comment(author, forType, forId, date, ip, content, extra, timeS)VALUES('$author', '$forType', '$forId', '$date', '$ip', '$content2', '$extra', '".time()."')";
$result=mysql_query($sql);
echo mysql_error();
echo 'Your post was added.';

// As the post was added, add 1 to their comment count
if($_SESSION['username'] !==$_GET['id']){
$sql1="UPDATE members SET hits = hits +1 WHERE username='$member'";
$result1=mysql_query($sql1);
}
}
else
{
echo 'Sorry but you can\'t post more than '.$set_amount.' times in 30 seconds. Try again later.';
}
} // End Function

Any ideas of how to get it working?

The way I would do this would be to use a session to store the last time someone posted then when that person tries to post again check if the last time he posted was within 10 seconds.


if ( !empty ( $_SESSION['lastpost'] ) && $_SESSION['lastpost'] < time() - 10 )
{
$_SESSION['lastpost'] = time();
// insert post
}
else
{
echo 'You cannot post twice within 10 seconds';
}

Thanks, that makes it allot more easy to work with :P

But that's a bad idea because they can simply clear their session data can't they?

But that's a bad idea because they can simply clear their session data can't they?
if they clear session they can't post, access page, ..., I assume OP use session for that too.

regards

It might be one of those open commenting? Besides it's not hard to relogin it'll take less than 10 seconds to.

It might be one of those open commenting?
I don't know, OP said that Mwnciau suggestion is ok

Besides it's not hard to relogin it'll take less than 10 seconds to.
agree but this way is no flood, see the OP post, and all story starts again after login, :)
If I'm not wrong I seen some sql in the script, :)

regards

It might be one of those open commenting? Besides it's not hard to relogin it'll take less than 10 seconds to.

If the session isn't set you could set the time to prevent that, and change the message to "You can't post for another X seconds"

If the session isn't set you could set the time to prevent that, and change the message to "You can't post for another X seconds"

Or store the time limit in the database and re-set it in the session when the user logs in, so logging out/in won't matter.