I need a decent way to prevent people from posting more then two messages in about 7 seconds on my tagboard.

Can i get some thoughts and ideas on the best way to do this?

Set a cookie, user their IP address (flawed) or use their username (if present) and insert it into your database (assuming you are using some sort of database) along with the time of posting. Then on every post check the last post date that matches the above selected ID method and ensure that it has been far enough in the future to allow posting again.

If you are using a SQL server, you'd do something like this:

select posttime from messages where id='$ident' and posttime > (time() - 7);
if(results)
Do not allow to post
else
insert into messages (id, posttime, message) values
('$ident', time(), '$message');

actually i'm using a .txt file for data storage. But i could still use cookies for that. The main thing is, how do i detect if seven seconds has gone by to allow another post?

Yes, i'm still fairly new to php. but i'm catching on! :D

the cookie's value could contain the time of posting last

then, when they submit, it checks the cookie to see if the current time and the 'last post' time are far enough apart.

Alright, this is what I did :

I set a cookie to be expired in 1 second

setcookie("hasposted", "true", time()+1, "/", "$SERVER_NAME", 0 );

Then, I added this to where I process the tags -

$floodmsg = "You're flooding. Wait to post...";
if( isset( $hasposted ) ) { echo "$floodmsg"; }

Which works.. but the cookie doesn't expire in a second ( I have it set that low for testing right now ) and I get a warning saying headers have already been sent - because I automatically send them back to the page where the tags are after posting with

header("Location: tag.php");}

Maybe i'm just tired, but I just can't understand how to do this w/o generating an error :(

you dont even need to have a cookie for that. just save the user's last posting time in your storage - flat file or database. then when the user attempts to post another message, cross check the current time with the user's last post time.

Its probably preferrable that you don't use a cookie. Someone truly malicious with half a clue will look at the cookie, figure it out, disable cookies then continue flooding.

^yes, store the timestamp in a file.

-r

edit: I decided to go with cookies for now - i'm doing a re-write of the board, so I won't be using them for long. Until then.. :sigh: