Well this is a plugboard script on one of my older websites, i was wondering if anyone could show how to add some flood protection, so people can only plug their site every 10 minutes, to stop idiots flooding the board, is there any other way other then setting cookies as thats easy for people to avoid, maybe a session or something...? Thanks in advance!

heres the code:

<?
$font = "verdana"; //Font used to display plugs
$fontsize = "1"; //Font size used to display plugs
$fontcolor = "000000"; //Font color used to display plugs
$bgcolor = "ffffff"; //Background color of the input boxes and button
$bordercolor = "ffffff"; //Bordercolor of the input boxes and button
$tablewidth = "400"; //Width of the plug's table
$maxdata = "17"; //Maximum plugs to show on the list at one time
$bannedurls = Array('http://geocities.com/adam_junior78/pluglist.html','http://geocities.com/adam_junior78/msn.html','http://www.geocities.com/adam_junior78/pluglist.html','http://www.geocities.com/adam_junior78/msn.html','http://www.entirehost.co.uk','http://www.entirehost.co.uk/','http://entirehost.co.uk','http://entirehost.co.uk/','http://www.bass.rough-draft.net','http://www.bass.rough-draft.net/','http://bass.rough-draft.net','http://bass.rough-draft.net/','http://www.igloe.net/solutions','http://www.igloe.net/solutions/','http://igloe.net/solutions','http://igloe.net/solutions/','http://www.igloe.net/','http://www.igloe.net','http://www.igloe.net/','http://igloe.net/');

if($action == "plug")
{
if ($url == "" || $url == "http://" || $sitename == "" || $sitename == "http://"){die("<center><font face='verdana' size='1'>You entered an invalid URL button or link, press the back button and try again.</center>");}
if(in_array($url, $bannedurls)) {die("<font face=verdana size=1><center>The url you entered is not allowed to be plugged because you did not follow our rules.<br><br>If you would like to unban your url please email to <a href='mailto:Support@plug-planet.co.uk?subject=Unban Request'>Support@plug-planet.co.uk</a>.</center>");}

$savefile = "buttonplug.db.php";
if (!file_exists($savefile))
{
$newfile = fopen($savefile,"w+");
fclose($newfile);
}
$ip = gethostbyname($REMOTE_ADDR);
$url = htmlentities(strip_tags($url));
$url = str_replace(array("\r", "\n"), '', $url);
$url = str_replace(array("?", "="), '', $url);
$sitename = htmlentities(strip_tags($sitename));
$sitename = str_replace(array("\r", "\n"), '', $sitename);
$lines = file("$savefile");
$add = "<?die ('Access unempowered')?>|$url|$sitename|$ip|";
$openfile = fopen("$savefile","w");
fwrite($openfile, "$add\n");
for ($i = 0; $i < $maxdata; $i++)
{
@fwrite($openfile, "$lines[$i]");
}
fclose($openfile);
echo "<script language=\"JavaScript\">window.location='buttonplug.php'</script>";
}
else {
echo <<<HTML
<table width="$tablewidth"><td width="$tablewidth"><center><font face=verdana size=1><a href='http://www.galaxy-webhosting.co.uk/' target='_blank'><img src='http://www.galaxy-webhosting.co.uk/button.gif' border='0'></a> <a href='http://www.skinnyturd.co.uk/' target='_blank'><img src='http://www.skinnyturd.co.uk/button.jpg' border='0'></a></font>
HTML;
$openfile = file("buttonplug.db.php");
$total = count($openfile);
for ($i=0; $i<$total; $i++):
list($UNEMPOWERED,$url,$sitename,$ip) = explode('|',chop($openfile[$i]));
$url = str_replace("http://","",$url);
$url = str_replace("www.","",$url);
echo "<a href=http://$url target=_blank <font face=verdana size=2 color=#ffffff><img src='$sitename' alt='www.$url' border='0' height='31' width='88'></a> ";
endfor;
echo <<<HTML
<font color="000000" face=verdana size=1><form method='post' action='buttonplug.php?action=plug'>Button URL<br><input value='http://' type='text' name='sitename' size='20' style='font-family: $font; color: #$fontcolor; font-size: 7pt; background-color: #$bgcolor; font-weight: none; border: 1px solid #000000'><br>
Site URL<br><input value='http://' type='text' name='url' size='20' style='font-family: $font; color: #$fontcolor; font-size: 7pt; background-color: #$bgcolor; font-weight: none; border: 1px solid #000000'><br><br>
<input type='submit' size='30' value=' Plug ' style='background-color: #$bgcolor; font-family: $font; color: #$fontcolor; font-size: 7pt; border: 1px solid #000000'>&nbsp;<input type='reset' value='Reset' style='background-color: #$bgcolor; font-family: $font; color: #$fontcolor; font-size: 7pt; border: 1px solid #000000'>
</form>
</td>
</table>
</center>
</form>
<style>a{text-decoration:none}</style>
<style>a:hover{text-decoration:underline}</style>
<Script language=JavaScript>
var message="";
///////////////////////////////////
function clickIE() {if (document.all) {(message);return false;}}
function clickNS(e) {if
(document.layers||(document.getElementById&&!document.all)) {
if (e.which==2||e.which==3) {(message);return false;}}}
if (document.layers)
{document.captureEvents(Event.MOUSEDOWN);document.onmousedown=clickNS;}
else{document.onmouseup=clickNS;document.oncontextmenu=clickIE;}
document.oncontextmenu=new Function("return false")
</script>
HTML;
}
?>

I wrote a guestbook script and used flood protection, but of course each entry was logged with the user's ip address and time of post... I'm not sure if that is a possibility with yours.

$floodcontrol = "SELECT * FROM $posts WHERE ipaddress = '$ip' AND Date > (NOW() - INTERVAL '". $floodseconds . "' SECOND)";
$floodcontrolresult = mysql_query($floodcontrol);
$num_rows_flood = mysql_num_rows($floodcontrolresult);

while($num_rows_flood > 0)
{
echo "You're flooding. Wait to Post\n<br />";
echo "<br />You may only post every $floodseconds seconds";
exit;
}

It probably could work, but as i dont have all of your script i don't know what each thing means, im sure some one else reading this could intergrate this into my script...

It probably could work, but as i dont have all of your script i don't know what each thing means, im sure some one else reading this could intergrate this into my script...


Well, there's not too much in there that's very specific to my script.

$floodseconds would be the number of seconds you'd like someone to wait before they can post again.

The mysql column "ipaddress" is the user's IP address that was logged when they posted the first time.
$ip is the user's IP address now.

The mysql column "Date" is the date & time logged on their last post.

I'm not that advanced with PHP at the moment, lol... hopefully some one will help! :P

Can anyone help me add flood protection without using cookies please?

Since your script is not using a database (but rather a flat file) this makes for a bit of a challenge.

What you would need to do is add a timestamp to each entry in the text file (I hope you understand what I mean by that).

Your logic would then change to the following:

1. Read the contents of the file (use file() (http://php.net/file) for this)
2. Search the contents for an entry and with the same IP as the one coming in, and get its timestamp (use foreach (http://www.php.net/manual/en/control-structures.foreach.php) to step through the results of file and then use explode() (http://php.net/explode) to grab the IP address and timestamp for each entry).
3. If a matching IP address is found -- compare the difference in the timestamp of the old entry to the current time stamp (this is all done in the foreach loop in step 2).
3a. If the difference is less than a predefined limit (like say 90 seconds), show a message warning of flood protection
3b. If it is greater than the limit, add the post to the file.

I hate doing other people's work (unless its something very generic that a lot of people would use) so I hope this gets you started. Ask more specific questions to get more targeted help (Hint: do it for me is not a specific question, unless you are paying, in which case, post a request in the 'Other offers and Requests' forum :P)

lol well im no PHP coder, i only know the basics, and as you said this isn't really a basic script...

Can anyone help then? if not i will have to forgot about it, its not that important.