Im adding a comment section to my forums and i want to add a delay, Maybe 30 seconds or so to stop people spamming along with a captcha .
Whats the best way to do this? Only way i can think is using cookies, any other suggestions?
You could use PHP sessions to do something like this, but not sure how 'fool' proof it is.
The idea would be do something:
if(isset($_POST['cmdComment'])){
$_SESSION['comment_posted'] = time();
}
Then you could have a function say checkTime() which you could put inside there to subtract the session value from the time it is now. If the difference is >= 30 seconds, then continue with the post and set the $_SESSION['comment_posted'] to the new time, otherwise ignore the post request.
When a user post their comment, write the current timestamp in a session and add it additional 30 seconds:
$_SESSION['postedTime'] = time() + 30;
When you want to check if 30 seconds are passed, get the current timestamp and compare them: if the current timestamp is bigger then one in session, then 30 seconds are passed:
$timestamp = time();
if($timestamp > $_SESSION['postedTime'])
{
// allow posting
}
else
{
// decline
}
For more security, you could insert user's IP + post timestamp in the database.
When the comment is inserted in the database, make sure to keep track of the user and timestamp.
When the user goes to post again, check if the last comment he posted was 30seconds before.
Deal with this accordingly
A forum usually has members, well atleast I don't know any that do not have it.
Now if you post a comment I assume you put that in a table called something like Comment with an ID, POST_ID, USER_ID, MESSAGE, POST_DATETIME
Atleast thats how I would do it.
Now you have the datetime when the user last commented on the a certain post. Now you can query your database whether he or she can comment again
Related
I'm trying to add a feature in my application that totals how much time a user spends in the system by the week, month, etc.
$select = "SELECT TOTAL_HRS FROM timeclock WHERE USERNAME = '$sessuser' AND CLOCK_OUT BETWEEN '$dbpast' AND '$dbnow'";
I have a MySql result of two sample time entries: 00:00hr:04min:08s and 00:00hr:12min:52s. Users can have more.
TOTAL_HRS is a varchar column, so when I put a sum() on it, it returns a 0.
Here's what I have so far:
while($row = $query->fetch_assoc()){
print_r($row);
$sanitized = preg_replace("/[^0-9:]+/", "", $row);
print_r($sanitized);
$joinarr = implode(':', $sanitized);
$parts = explode(':', $joinarr);
print_r($parts);
$zerodate = new DateTime('0000-01-01 00:00:00');
$addhrs += $parts[1];
$addmin += $parts[2];
print_r($addhrs);
$interval = $zerodate->add(new DateInterval('P' .$parts[0].'DT'.$parts[1].'H'.$parts[2].'M'.$parts[3].'S'));
$totalhrs = $interval->format('%D:%Hhr:%Imin:%Ss');
print_r($totalhrs);
}
I get funky junk in return: 0%Sat:%0012Sat, 01 Jan 0000 00:12:52 +0100:%001121:%st52
What I need to return back is: something like: 00:00hr:17min:00s. I don't plan on storing this, just want it to display on a page.
I need some help figuring this out. I'm sure there is a better way. I'm not that great at functions. Or should I send the results through jquery and handle them there? Which side is more efficient at handling DateTime? The help would be much appreciated. Thanks!
You can calculate the number of seconds between two datetime values using TIMESTAMPDIFF() and then sum that. e.g.
SELECT SUM(TIMESTAMPDIFF(SECOND,CLOCK_IN,CLOCK_OUT)) AS TOTAL_SECS
FROM timeclock
WHERE USERNAME = '$sessuser' AND CLOCK_OUT BETWEEN '$dbpast' AND '$dbnow'
see: https://dev.mysql.com/doc/refman/5.7/en/date-and-time-functions.html#function_timestampdiff
You might currently be using TIMEDIFF() which gives you those "funky" values
I would do it like this:
Create a column in the database to save each session time on site. I would probably set it as an integer rather than a timestamp column. I just need it to return a number. I'd have a separate timestamp column to record the time of the visit.
Client side bind a javascript/jquery function to window.onload which saves to localstorage / sets a cookie to current timestamp when the page is loaded, use moment.js library to display total site time to user and have it count up in real time. Check to see if cookies already exist and if so process them before setting new values.
Either bind another function to window.onunload to save another cookie with the timestamp when the user navigates away from the site, or use setInterval to save the latest timestamp every minute or so while they are on the site.
On page load check if cookies/localstorage have values then subtract timestamp of page load from timestamp of page unload to get number of seconds they spent on site. Save that to database and use the timestamp of the unload event to set the timestamp of their visit.
Run relevant queries on the database to return total seconds on site in last day/week/month whatever and pass them to moment.js via ajax. It can displaying a counter like you describe from a string containing a value in seconds using about 2 lines of code.
I'm currently developing a "user rewarding" system in my website to reward the active users with a given virtual currency (points for example)
I'm having a problem thinking of a way to acomplish that.
I know that I would have to compare timestamps, but I have no idea when I should create the base timestamp, which I would use as the base for my calculations. I think I may not be explaining my question properly, so I will say it in a short manner: How can I check if the user has logged in the last 24 hours. When to create to create the timestamps that I will use for my calculations.
Thank you in advance for all of your answers.
I have a last_activity column in my users table
I'm just going to use some short-hand for this one:
OnRegister (to void giving instant points on first login):
user->lastPoints = now();
OnLogin:
if (user->lastPoints - now > 24h)
{
if (user->lastPoints - now < 48h)
{
user->rewardPoints();
}
user->lastPoints = now();
}
Hope this is what you're searching for.
Without knowing your application structure, it's hard to be specific, but update a 'last_activity' (or similar) field in your user table on occasion. Then check if that last_activity value is older than 24 hours.
Add some logic so the last_activity only gets updated every 15 minutes or so, and you won't be doing an extra DB write every page load.
Well you'd just have to store the timestamps each times your users log in. But if you want to check if they were online no matter if they had to login or not, you'd have implement an update to the timestamp on every page. You should also store the last update time in the cookie of the user so that you don't update at each page load but every ten minutes or what not.
Ok basically I have a form that a user submits but I need a 'cool down timer' so that the user cannot submit it again for a given amount of time.
I could not find out how to do this in php which would be preferred if possible.
Thanks in advance.
You can store in database (example: MySQL) timestamp of last successful submit and on every submit check if value from database + cool down time smaller or equal to current timestamp.
You can get current timestamp in PHP with time().
You have to use sessions for that!
When the user submits the form you have to add the timestamp to his sessions:
$_SESSION['last_submit'] = time();
Now when he submits the form again simply compare the timestamps, e. g. :
if(isset($_SESSION['last_submit']) && ((time() - $_SESSION['last_submit']) < 60 * 5)) { //time in seconds! 60 seconds = 1 Minute and 1 minute * 5 = 5 minutes!
die('Wait a few');
}
$_SESSION['last_submit'] = time();
// regular form processing here!
What we do here is to check first: is a previous timestap set? And then if time() - lastsubmit is less then 5 minutes.
If these all return true, the form was submitted to "early" and we simply die. If not we refresh the sessions' s timestamp and can move on.
And of course don' t forget to start the session!
session_start();
On the very top of the page!
As I' ve read in a comment (thanks again!) a user just could use another browser or clear the cookies. To prevent this (as good as possible) you have to take the IP into account as well.
For this you have to use a server-side database! Store the client' s IP into this database with the timestamp along and then in your if statement you don' t need to get the timestamp from the session, but from the database. Use the client' s IP to get the assoc. timestamp.
I have a site that has few request options (for example add photo, add comment). I want to limit of requests made by use per certain time, for example so he can't post more than 5 comments within hour, he can't add more than 5 photos per hour etc.
My idea was to make/update session variable every time form action is sent, so it sums up to 5 (and if session var == 5 it would deny action on every form). My idea seems good in my mind, but i just can't find the way to reset certain session variable 1 hour from it's initation). Looking forward for any ideas
Do it from SQL using simple SQL commands you can get the number of items done in the past hour and thus no need to use session variables (which will die if a user reset it's session)
Check the number of "posts" for a specific element in the current hour
SELECT
COUNT(*)
FROM
my_elements_table
WHERE
HOUR(createdon) = HOUR(NOW())
AND DATE(createdon) = CURDATE()
AND createdby = the_user_you_are_checking
Check the number of "posts" for a specific element in the past hour
SELECT
COUNT(*)
FROM
my_elements_table
WHERE
DATE_ADD(createdon, INTERVAL 1 HOUR) > NOW()
AND createdby = the_user_you_are_checking
Obviously, adapt the SQL based on your database fields and tables but you should have a good starting point with that.
I guess you store data about the comments and the photos in a database, at least you have to do it about the comments, but I guess you do it for the photos as well. In that case I would save a timestamp for when the comment/photo was created and an ID of the user who created it, along with the rest of the information.
When a user then tries to add another photo or comment, you count the number of comments and photos in the db that were created by that particular user within the last 60 minutes. If it exceeds five, you discard the request, otherwise you add the information.
Well if you got users, you store them in a database, don't you ? Then why not just store the last time they commented something in the database and use that to check if they can comment ?
Make 5 variables in the session containing the time of the actions and every time a user is trying to post check to see first if all 5 have something recorded and if all of them have data check the time recorded.If all times are within one hour from the current time then deny access.
Another solution would be to query your database to return comments posted within your specified time frame and if the result count is higher than allowed, don't allow new comment.
Something like: "SELECT created_on FROM tblComments WHERE user_id=x"
With this I am making an assumption that you are storing comments in a database and that you have a field containing the post time.
I saw some website that after you have registered, you can use the service like posting a comment immediately.
You may have to wait for 5 or 10 minutes to be able to start, like this StackOverflow website.
Once you have asked question, you have to wait 20 minutes to select your answer.
If I want to do it in JavaScript or PHP can anyone show me how to do it? I assume you have to compare the time with current time-stamp, but don't know how to exactly implement it. Thanks in advance!
Assuming you have a datetime string stored in a variable, you could do something like:
// TODO: get a datetime string into $time
$minutes = 5;
if (strtotime($time) + $minutes * 60 < time()) {
// It's been 5 minutes since $time
}
In PHP:
$wait_time = 10*60; //10 minutes * 60 seconds
if(time() > $start_time + $wait_time) {
}
sure, you'll want to compare the date of posting, with the current date, but then formulate the conditions that will validate a new post or the selection of the same.
Each question that is posted will require server side storage, if not exclusively in a db then there will need to be at least a record in a table linking the question to the user.
Once a question has been posted you could either have the server side script that loads the question carry out the following tasks.
Get the question entry
Is the person that posted the question the current requesting user
[yes]
Is the request time minus the post time greater than (number of mins * 60)
[yes]
Include select answer buttons (html objects or buttons)
Alternatively you could always show the buttons and carry out the above logic and return some indication that the user must wait x minutes before they can select an answer.
You have to store the creation time (of whatever object or saving) along with the item being created in the database. So for example, if you create a question on SO, they probably store the time you posted the question. Then when you go to view your question, they probably get the difference between the current time and the time stored.
So say that you want to implement a 20 minute wait after posting a question before you can select an answer. Then you upload a question at 5:00 PM. When you attempt to view your question at 5:05PM the same day, the difference in time is 5:05PM - 5:00PM, which is 5 minutes. Take 20 minutes - 5 minutes to get the time the user must wait, and send that back to the page.
From javascript you can get that time limit (15min), and create a setTimeout method to "unlock" the answer feature. The code would look something like this:
<input type="hidden" id="waitfor" value="15">
$(document).ready(function () {
var waitfor = $('#waitfor').val();
timer = setTimeout(function () {
// let the user know they can post an answer
}, waitfor * 60 * 1000);
});
Also, I'd let the user post an answer whenever they'd like, but prevent it being submitted on the client side if it hasn't been 20 minutes.