Changes to the search code

- Add a configurable flood control limit to searching - Change the way old search results are removed to deal with an issue with mysql 5 crashing on large queries Note to translators: This adds new language variables Note to designers: This changes a template file There are also database changes assosciated with this change, these will follow later git-svn-id: file:///svn/phpbb/branches/phpBB-2_0_0@5528 89ea8834-ac86-4346-8a33-228a782c2dd0
2025-06-27 21:58:52 +00:00 · 2006-02-05 15:59:48 +00:00 · 2006-02-05 15:59:48 +00:00 · e76b6dac9b
commit e76b6dac9b
parent 91a14a3d9a
5 changed files with 39 additions and 23 deletions
--- a/phpBB/admin/admin_board.php
+++ b/phpBB/admin/admin_board.php
@ -191,6 +191,8 @@ $template->assign_vars(array(
 	"L_MAX_POLL_OPTIONS" => $lang['Max_poll_options'],
 	"L_FLOOD_INTERVAL" => $lang['Flood_Interval'],
 	"L_FLOOD_INTERVAL_EXPLAIN" => $lang['Flood_Interval_explain'], 
+	"L_SEARCH_FLOOD_INTERVAL" => $lang['Search_Flood_Interval'],
+	"L_SEARCH_FLOOD_INTERVAL_EXPLAIN" => $lang['Search_Flood_Interval_explain'], 

 	'L_MAX_LOGIN_ATTEMPTS'			=> $lang['Max_login_attempts'],
 	'L_MAX_LOGIN_ATTEMPTS_EXPLAIN'	=> $lang['Max_login_attempts_explain'],
@ -276,6 +278,7 @@ $template->assign_vars(array(
 	"BOARD_EMAIL_FORM_DISABLE" => $board_email_form_no, 
 	"MAX_POLL_OPTIONS" => $new['max_poll_options'], 
 	"FLOOD_INTERVAL" => $new['flood_interval'],
+	"SEARCH_FLOOD_INTERVAL" => $new['search_flood_interval'],
 	"TOPICS_PER_PAGE" => $new['topics_per_page'],
 	"POSTS_PER_PAGE" => $new['posts_per_page'],
 	"HOT_TOPIC" => $new['hot_threshold'],
--- a/phpBB/language/lang_english/lang_admin.php
+++ b/phpBB/language/lang_english/lang_admin.php
@ -341,6 +341,10 @@ $lang['Allow_autologin_explain'] = 'Determines whether users are allowed to sele
 $lang['Autologin_time'] = 'Automatic login key expiry';
 $lang['Autologin_time_explain'] = 'How long a autologin key is valid for in days if the user does not visit the board. Set to zero to disable expiry.';

+// Search Flood Control - added 2.0.20
+$lang['Search_Flood_Interval'] = 'Search Flood Interval';
+$lang['Search_Flood_Interval_explain'] = 'Number of seconds a user must wait between search requests'; 
+
 //
 // Forum Management
 //
--- a/phpBB/language/lang_english/lang_main.php
+++ b/phpBB/language/lang_english/lang_main.php
@ -784,6 +784,7 @@ $lang['No_searchable_forums'] = 'You do not have permissions to search any forum
 $lang['No_search_match'] = 'No topics or posts met your search criteria';
 $lang['Found_search_match'] = 'Search found %d match'; // eg. Search found 1 match
 $lang['Found_search_matches'] = 'Search found %d matches'; // eg. Search found 24 matches
+$lang['Search_Flood_Error'] = 'You cannot make another search so soon after your last; please try again in a short while.';

 $lang['Close_window'] = 'Close Window';

--- a/phpBB/search.php
+++ b/phpBB/search.php
@ -153,12 +153,31 @@ else if ( $search_keywords != '' || $search_author != '' || $search_id )
 	//
 	// Search ID Limiter, decrease this value if you experience further timeout problems with searching forums
 	$limiter = 5000;
+	$current_time = time();

 	//
 	// Cycle through options ...
 	//
 	if ( $search_id == 'newposts' || $search_id == 'egosearch' || $search_id == 'unanswered' || $search_keywords != '' || $search_author != '' )
 	{
+		//
+		// Flood control
+		//
+		$where_sql = ($userdata['user_id'] == ANONYMOUS) ? "se.session_ip = '$user_ip'" : 'se.session_user_id = ' . $userdata['user_id'];
+		$sql = 'SELECT MAX(sr.search_time) AS last_search_time
+			FROM ' . SEARCH_TABLE . ' sr, ' . SESSIONS_TABLE . " se
+			WHERE sr.session_id = se.session_id
+				AND $where_sql";
+		if ($result = $db->sql_query($sql))
+		{
+			if ($row = $db->sql_fetchrow($result))
+			{
+				if (intval($row['last_search_time']) > 0 && ($current_time - intval($row['last_search_time'])) < intval($board_config['search_flood_interval']))
+				{
+					message_die(GENERAL_MESSAGE, $lang['Search_Flood_Error']);
+				}
+			}
+		}
 		if ( $search_id == 'newposts' || $search_id == 'egosearch' || ( $search_author != '' && $search_keywords == '' )  )
 		{
 			if ( $search_id == 'newposts' )
@ -629,28 +648,13 @@ else if ( $search_keywords != '' || $search_author != '' || $search_id )
 		}

 		//
-		// Finish building query (for all combinations)
-		// and run it ...
+		// Delete old data from the search result table
 		//
-		$sql = "SELECT session_id 
-			FROM " . SESSIONS_TABLE;
-		if ( $result = $db->sql_query($sql) )
+		$sql = 'DELETE FROM ' . SEARCH_TABLE . '
+			WHERE search_time < ' . ($current_time - (int) $board_config['session_length']);
+		if ( !$result = $db->sql_query($sql) )
 		{
-			$delete_search_ids = array();
-			while( $row = $db->sql_fetchrow($result) )
-			{
-				$delete_search_ids[] = "'" . $row['session_id'] . "'";
-			}
-
-			if ( count($delete_search_ids) )
-			{
-				$sql = "DELETE FROM " . SEARCH_TABLE . " 
-					WHERE session_id NOT IN (" . implode(", ", $delete_search_ids) . ")";
-				if ( !$result = $db->sql_query($sql) )
-				{
-					message_die(GENERAL_ERROR, 'Could not delete old search id sessions', '', __LINE__, __FILE__, $sql);
-				}
-			}
+			message_die(GENERAL_ERROR, 'Could not delete old search id sessions', '', __LINE__, __FILE__, $sql);
 		}

 		//
@ -691,12 +695,12 @@ else if ( $search_keywords != '' || $search_author != '' || $search_id )
 		$search_id = mt_rand();

 		$sql = "UPDATE " . SEARCH_TABLE . " 
-			SET search_id = $search_id, search_array = '" . str_replace("\'", "''", $result_array) . "'
+			SET search_id = $search_id, search_time = $current_time, search_array = '" . str_replace("\'", "''", $result_array) . "'
 			WHERE session_id = '" . $userdata['session_id'] . "'";
 		if ( !($result = $db->sql_query($sql)) || !$db->sql_affectedrows() )
 		{
-			$sql = "INSERT INTO " . SEARCH_TABLE . " (search_id, session_id, search_array) 
-				VALUES($search_id, '" . $userdata['session_id'] . "', '" . str_replace("\'", "''", $result_array) . "')";
+			$sql = "INSERT INTO " . SEARCH_TABLE . " (search_id, session_id, search_time, search_array) 
+				VALUES($search_id, '" . $userdata['session_id'] . "', $current_time, '" . str_replace("\'", "''", $result_array) . "')";
 			if ( !($result = $db->sql_query($sql)) )
 			{
 				message_die(GENERAL_ERROR, 'Could not insert search results', '', __LINE__, __FILE__, $sql);
--- a/phpBB/templates/subSilver/admin/board_config_body.tpl
+++ b/phpBB/templates/subSilver/admin/board_config_body.tpl
@ -55,6 +55,10 @@
 		<td class="row1">{L_FLOOD_INTERVAL} <br /><span class="gensmall">{L_FLOOD_INTERVAL_EXPLAIN}</span></td>
 		<td class="row2"><input class="post" type="text" size="3" maxlength="4" name="flood_interval" value="{FLOOD_INTERVAL}" /></td>
 	</tr>
+	<tr>
+		<td class="row1">{L_SEARCH_FLOOD_INTERVAL} <br /><span class="gensmall">{L_SEARCH_FLOOD_INTERVAL_EXPLAIN}</span></td>
+		<td class="row2"><input class="post" type="text" size="3" maxlength="4" name="search_flood_interval" value="{SEARCH_FLOOD_INTERVAL}" /></td>
+	</tr>
 	<tr>
 		<td class="row1">{L_MAX_LOGIN_ATTEMPTS}<br /><span class="gensmall">{L_MAX_LOGIN_ATTEMPTS_EXPLAIN}</span></td>
 		<td class="row2"><input class="post" type="text" size="3" maxlength="4" name="max_login_attempts" value="{MAX_LOGIN_ATTEMPTS}" /></td>