MyBB Community Forums

Full Version: [F] Search flooding, wait 0 seconds ??? [R] [C-Imad Jomaa]
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Pages: 1 2
Found this little thingy when trying to search on a portuguese forum (it is not mine).
This happens with MyBB 1.4.4 (I asked the admins), and you can browse the forums here: http://www.pokeforum-pt.com/
If someone wants my login username & password, please PM, me or register a new account.
Then you'll have to search, and search something again very fast (you have 60 secs) and see the 'you have to wait blabla seconds to..', and then, refresh the page till you get tens, eights, and if you can.. the zero.

Here's the bug: http://i306.photobucket.com/albums/nn270.../phail.png
Sorry if I forgot to inform you of anything else.
I've seen that before too. If you have 0 seconds to wait, you should be taken back to the search page.
I'm pretty sure I wasn't redirected to the search page. But I might be wrong, idk.
(2009-03-01, 01:35 PM)Mattalan Wrote: [ -> ]I've seen that before too. If you have 0 seconds to wait, you should be taken back to the search page.

I'm guessing it's rounded - if you have 0.432847324741 seconds to wait, it will show as "0 seconds"...
Should be rounded upward (ceil)

Just for the convenient of others, here is the related code:
search.php, lines 1163-1192 Wrote:
	// Check if search flood checking is enabled and user is not admin
	if($mybb->settings['searchfloodtime'] > 0 && $mybb->usergroup['cancp'] != 1)
	{
		// Fetch the time this user last searched
		if($mybb->user['uid'])
		{
			$conditions = "uid='{$mybb->user['uid']}'";
		}
		else
		{
			$conditions = "uid='0' AND ipaddress='".$db->escape_string($session->ipaddress)."'";
		}
		$timecut = TIME_NOW-$mybb->settings['searchfloodtime'];
		$query = $db->simple_select("searchlog", "*", "$conditions AND dateline >= '$timecut'", array('order_by' => "dateline", 'order_dir' => "DESC"));
		$last_search = $db->fetch_array($query);
		// Users last search was within the flood time, show the error
		if($last_search['sid'])
		{
			$remaining_time = $mybb->settings['searchfloodtime']-(TIME_NOW-$last_search['dateline']);
			if($remaining_time == 1)
			{
				$lang->error_searchflooding = $lang->sprintf($lang->error_searchflooding_1, $mybb->settings['searchfloodtime']);
			}
			else
			{
				$lang->error_searchflooding = $lang->sprintf($lang->error_searchflooding, $mybb->settings['searchfloodtime'], $remaining_time);
			}
			error($lang->error_searchflooding);
		}
	}

BTW, a 'LIMIT' should be added
Try this. Find in search.php

$remaining_time = $mybb->settings['searchfloodtime']-(TIME_NOW-$last_search['dateline']);

replace with

$remaining_time = $mybb->settings['searchfloodtime']-ceil((TIME_NOW-$last_search['dateline']));
(2009-03-02, 05:54 PM)Ryan Gordon Wrote: [ -> ]Try this....
Bad boy! Big Grin
Isn't is you that taught me to test & review many times before replying? lol

I've tested your solution with some var_dump() few times with no success

It's just occurred to me that the problem isn't with the rounding, where in the code the values being rounded?

The problem is with the query:
search.php, line 1176 Wrote:
		$query = $db->simple_select("searchlog", "*", "$conditions AND dateline >= '$timecut'", array('order_by' => "dateline", 'order_dir' => "DESC"));

Should be ('>' instead of '>='):
		$query = $db->simple_select("searchlog", "*", "$conditions AND dateline > '$timecut'", array('order_by' => "dateline", 'order_dir' => "DESC"));
(2009-03-02, 10:08 PM)dvb Wrote: [ -> ]
(2009-03-02, 05:54 PM)Ryan Gordon Wrote: [ -> ]Try this....
Bad boy! Big Grin
Isn't is you that taught me to test & review many times before replying? lol

1) That's why I said try this.
2) That's why I didn't mark it as fixed
3) I was at school so I couldn't test it.
4) It obviously wasn't going to "break" anything

Need more reasons?
lol I was just kidding...
I know you'll never submit a fix without to thoroughly test it

(2009-03-02, 10:08 PM)dvb Wrote: [ -> ]The problem is with the query:
search.php, line 1176 Wrote:
		$query = $db->simple_select("searchlog", "*", "$conditions AND dateline >= '$timecut'", array('order_by' => "dateline", 'order_dir' => "DESC"));

Should be ('>' instead of '>='):
		$query = $db->simple_select("searchlog", "*", "$conditions AND dateline > '$timecut'", array('order_by' => "dateline", 'order_dir' => "DESC"));

This is logically correct and also pass all my tests, look:
			$remaining_time = $mybb->settings['searchfloodtime']-(TIME_NOW-$last_search['dateline']);
Is equal to (simple math Toungue ):
			$remaining_time = $mybb->$last_search['dateline']-$timecut;
And this is equal to 0 only if $last_search['dateline']==$timecut, so this is the case we want to prevent in the query.
BTW, this will change the behavior a bit, but I don't think this second should be mattered.

Since it's annoying to test this bug I've explained the logic of the fix but if someone still wants to further test it I'm suggesting to put the search flooding setting to 3-4 and to "catch" the problematic second.
While testing if this fix works don't forget to check if it's actually fixed the problem (you could easily just miss the right second)

In cases like this I'm asking myself about automated tests Confused
Sorry I can't try anything, they're not my forums.
And even if I edit the files on my forums, it's a little hard to know if it works or not, since getting the 'wait 0 seconds' message is very rare (to me).

Thank you.
Pages: 1 2