Greetings,

I'm taking my first stab at using a form to insert data into a MySQL DB. In another thread of mine, Jona suggested using sessions to make sure users don't post more than once every n seconds, and I figured I'd try doing that. Unfortunately, I've run into problems. I don't really know anything about sessions, so any resourCes on 'em would be great. :)

I get these three error messages:

Warning: session_start(): open(/tmp\sess_9ccd467acddd73c7f253d6f40df41e00, O_RDWR) failed: No such file or directory (2) in c:\path\to\file.php on line 2


Warning: Unknown(): open(/tmp\sess_9ccd467acddd73c7f253d6f40df41e00, O_RDWR) failed: No such file or directory (2) in Unknown on line 0


Warning: Unknown(): Failed to write session data (files). Please verify that the current setting of session.save_path is correct (/tmp) in Unknown on line 0


Form page:

<?php
session_start();
$_SESSION["lptime"] = time();
?>

update_db.php page:

session_start();
if(isset($_SESSION["lptime"])) {
$_SESSION["ctime"] = time() - $_SESSION["lptime"];
}
if($_SESSION["ctime"] < 60) {
$msg = "<p>You cannot post more than once every 60 seconds.</p>\n";
}


The code for the update_db.php page isn't at the very top, if that makes a difference.

you need a tmp dirrectory. It's where sessions get stored on the server. I believe its supose to be 1 level above the php dirrectory........ i could be wrong. It might need to be inside the php dirrectory (php/tmp).

Try creating a folder called tmp in a few random places....

well im not sure about the sessions but why not do it with the database

create a row called lastpost and then when inserting the data with the comment insert the time() function and then do it like this



if(mysql_num_rows($result)==0)
{
$lastPostTime="never";
}

$row=mysql_fetch_assoc($result);
$lastPostTime=$row["lastpost"];



if($lastPostTime > $time-60){
echo"You can only reply once every 60 seconds";
}

[/php]
andof course the time variable would equal 60

I sorta get that, but not completely. How would you make sure you're comparing the times of the same person?

you use that + an and ($row['ip']==$_SERVER['REMOTE_'ADDR'])

just a note...

you really should figure out why you dont have a tmp dirrectory. It's important. My guess is you probably deleted it since it is usually empty- not knowing what it does.

well gl with everything :)

Yes, I believe I might've deleted it a while ago, not knowing what it did, and since it was empty. :D

I created a new tmp directory, and got the session thing working, so I'm going to stick with that, since I know absolutely nothing about getting the DB thing to work just yet. :p

Thanks all!

yar ;)

Originally posted by The Cheat
not knowing what it does.

And he'd continue not knowing it forever just because... :p

Originally posted by PaulJr
...since I know absolutely nothing about getting the DB thing to work just yet.

Well, you should be logging IP's (in the event that someone decides to be mean to you and try to mess up your site or flood it) in the database, anyway. It's the same exact concept as with sessions, only you're using a database - in other words, you're keeping records this time... I know it's not necessary, since you've gone with sessions, but let me explain the process to you in the event that you ever decide to veer in another direction...

Create a few fields: last_post_time and ipaddr. The default values should be empty, and they shouldn't be key fields - just small texts.
Before a user posts...


$query = "SELECT `last_post_time` from `table` WHERE `ip` = '". $_SERVER["REMOTE_ADDR"] ."'";


Set that to a variable, say $lptime, then create a new variable for the current time, call it $ctime = time().

Then...


if($ctime - $lptime < 60){
echo("<p>You cannot post more than once every sixty seconds.</p>\n");
exit;
}


When a user posts...


"UPDATE `table` WHERE `ip` = '". $_SERVER["REMOTE_ADDR"] ."' SET (`last_post_time`) VALUES (`". $ctime ."`)"


Hope that helps. :)

well hes running his own server, so isn't apache going to be logging all of the ip's (activity) automaticly for him...?

also most paid hosts log that stuff for you too..

hmm i had this working before but it doesnt get the last post anymore allowing for flooding


$query3 = "SELECT `lastpost` from `comments` WHERE `ip` = '". $_SERVER["REMOTE_ADDR"] ."'";
$result3=mysql_query($query3);
if(!$result3){echo"Database error";
}
if(mysql_num_rows($result)==0)
{
$lastPostTime="never";
}

$row=mysql_fetch_assoc($result3);
$lastPostTime=$row["lastpost"];
echo $lastPostTime;

Refresh, does it give you an error?

Also, the Cheat, I don't run Apache as my localhost, so I wouldn't know; but yes, my paid host logs all activity including IP's. Though, I'm curious as to how you would go about determining the IP address of any particular user without first storing the information in the database...

nevermind I got it fixed.

Excellent! :)

Jona:
I am logging IPs, yes. I just figured it'd be a good idea to do that.
I think I understand that, but it's a bit over my head at this point, so I think I'll stick to my sessions for now. :D

Thanks!

P.S., I am running Apache/MySQL/PHP/phpMyAdmin off my 'puter, just for testing purpose.

Originally posted by Paul Jr
P.S., I am running Apache/MySQL/PHP/phpMyAdmin off my 'puter, just for testing purpose.

Same here, only I don't have Apache, I'm using Abyss Webserver X1 from Aprelium (http://www.aprelium.com/). Apache will probably take up too much room for this computer...