Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 8 of 8
  1. #1
    New Coder
    Join Date
    Nov 2006
    Posts
    15
    Thanks
    0
    Thanked 0 Times in 0 Posts

    PHP Upload Form Spam/Flood

    Ok I was wanting to make a php upload form for ppl to upload their images. Now I got this code works perfect only allows image files certain size etc but what I would like to add is code that will only allow them to upload a image once every so often (as I see fit) So I don't get flooded with images.


    Code:
    <?php
    
    define ("MAX_SIZE","50"); 
    
    function getExtension($str) {
    $i = strrpos($str,".");
    if (!$i) { return ""; }
    $l = strlen($str) - $i;
    $ext = substr($str,$i+1,$l);
    return $ext;
    }
    
    $errors=0;
    
    if(isset($_POST['Submit'])) 
    {
    
    $image=$_FILES['image']['name'];
    
    if ($image) 
    {
    
    $filename = stripslashes($_FILES['image']['name']);
    
    $extension = getExtension($filename);
    $extension = strtolower($extension);
    
    if (($extension != "jpg") && ($extension != "jpeg") && ($extension != "png") && ($extension != "gif")) 
    {
    
    echo '<h1>Unknown extension!</h1>';
    $errors=1;
    }
    else
    {
    
    $size=filesize($_FILES['image']['tmp_name']);
    
    if ($size > MAX_SIZE*1024)
    {
    echo '<h1>You have exceeded the size limit!</h1>';
    $errors=1;
    }
    
    $image_name=time().'.'.$extension;
    
    $newname="uploads/".$image_name;
    
    $copied = copy($_FILES['image']['tmp_name'], $newname);
    if (!$copied) 
    {
    echo '<h1>Copy unsuccessfull!</h1>';
    $errors=1;
    }}}}
    
    if(isset($_POST['Submit']) && !$errors) 
    {
    echo "<h1>File Uploaded Successfully! Try again!</h1>";
    }
    
    ?>
    
    <form name="newad" method="post" enctype="multipart/form-data" action="">
    <table>
    <tr><td><input type="file" name="image"></td></tr>
    <tr><td><input name="Submit" type="submit" value="Upload image"></td></tr>
    </table> 
    </form>

  • #2
    New to the CF scene
    Join Date
    Mar 2007
    Posts
    8
    Thanks
    0
    Thanked 0 Times in 0 Posts
    you could create a cookie of x time that will only be created once a user posts an image...

    then only allow another image to be uploaded once the cookie is gone again...

    there are ways around this but it could work partially for what you want

  • #3
    Senior Coder Nightfire's Avatar
    Join Date
    Jun 2002
    Posts
    4,265
    Thanks
    6
    Thanked 48 Times in 48 Posts
    When the file is uploaded, insert a timestamp in a db, along with their username. Then simply check the time before allowing them to upload another one.

    Cookies can be deleted and manipulated easily, so don't rely on that

  • #4
    New Coder
    Join Date
    Nov 2006
    Posts
    15
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Well see the problem with the username thing is I don't have any registered users. And I don't know how to create a timestamp.

  • #5
    Senior Coder Nightfire's Avatar
    Join Date
    Jun 2002
    Posts
    4,265
    Thanks
    6
    Thanked 48 Times in 48 Posts
    Without having registered users, you're not going to prevent flooding easily. It'll be a mammoth task.

    How much php do you know? It'll help when we give you replies, just so we're not baffling you and assuming you know what we're talking about

  • #6
    New Coder
    Join Date
    Nov 2006
    Posts
    15
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I don't know much thats for sure. I know enough to get by. I guess I'd put myself between beginner and intermediate in php. I don't believe any of my users will flood me I just want it incase somebody wants to try messing with my site. Thanks

  • #7
    Super Moderator Inigoesdr's Avatar
    Join Date
    Mar 2007
    Location
    Florida, USA
    Posts
    3,647
    Thanks
    2
    Thanked 406 Times in 398 Posts
    Then just store the IP and timestamp. When you load the upload page check the database and don't even show the form so people won't go through the trouble of uploading a file just to be told that it wasn't saved.

  • #8
    New Coder
    Join Date
    Nov 2006
    Posts
    15
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by Inigoesdr View Post
    Then just store the IP and timestamp. When you load the upload page check the database and don't even show the form so people won't go through the trouble of uploading a file just to be told that it wasn't saved.
    Ok sounds good but how do I do this? I know nothing of storing IPs and timestamps. or how do have it check the database before it shows the upload form.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •