On my new site I want to cut spam by limiting users to a maximum of 2 posts per hour (this may change to allow more but for now its 2) I devised a method for this using cookies, however, for some reason the site isn't setting the cookie, here's my code for the cookies:
$sql = "INSERT INTO mysql_table (timestamp,entry,uid,allowcomments) VALUES ('$timestamp','$entry','".rndTxt(16)."','$allowcommenting')";
$result = mysql_query($sql) or print ("Can't insert into table.<br />" . $sql . "<br />" . mysql_error());
if ($result != false) {
if(isset($_COOKIE['AnonPost']))
{
$hour = time() + 3600;
setcookie("AnonPost", "2", $hour);
}
else {
$hour = time() + 3600;
setcookie("AnonPost", "1", $hour);
}
print "<meta HTTP-EQUIV='REFRESH' content='0; url=index.php'>";
}
mysql_close();
And then a later if/else statement checks to see if it exists, and what the value is (if it doesn't exist they see the site as normal, if it does and the val=1 then it displays a message saying only one post left, and if the val=2 they get a message saying they've run out of posts this hour.)
This works on my localhost, but not on the site itself (http://aviatex14.co.uk/anonpost/ ) any idea's why?
Aside from that, I'm aware that this is not the best way to limit the posts, so, can anyone help me with limiting the form submission, or advise me on my cookie problem?
To reduce spam there are many methods
A captcha system. http://www.google.com/recaptcha
Email confirmation during account creation.
Spam recognition during post. Looks for spammy keywords.
Honeypot fields in forms. This uses CSS to hide a honeypot input field on each form. If the request comes to the server with that field filled in, you know a bot submitted the form and can ignore the request.
Reputation system like the one on stack exchange. You only give users permission to do certain things once they have built up a certain amount of repution.
Consideration 1: in order to set a cookie, it needs to be done before ANY HTML is sent to the page (so it's got to be right at the top of your script, along with session_start).
Consideration 2: speaking of session_start, you might want to consider setting a $_SESSION variable, rather than setting a cookie.
Using cookie (because it is stored on client side) is not a safe way to set a limitation. The user will be able to change it easily so you should try a server side method.
Here you can simply count a user's posts from your database. Something like this will give you number of posts of a user in the last hour :
select count(*) from mysql_table where uid='$uid' and timestamp > (DATE_ADD(now(), INTERVAL -1 HOUR););