From f62d25d33b7e031cc2aa6c5d8f777cbbb0ba44c8 Mon Sep 17 00:00:00 2001
From: Roman Kelesidis <roman25052006.kelesh@gmail.com>
Date: Wed, 29 Mar 2023 00:32:44 +0700
Subject: [PATCH] Fixed broken flood control (#666)

---
 library/ajax/posts.php | 2 +-
 src/Legacy/Post.php    | 5 ++---
 2 files changed, 3 insertions(+), 4 deletions(-)

diff --git a/library/ajax/posts.php b/library/ajax/posts.php
index 0a782852a..c91c0f0a5 100644
--- a/library/ajax/posts.php
+++ b/library/ajax/posts.php
@@ -234,7 +234,7 @@ switch ($this->request['type']) {
         $sql = "SELECT MAX(p.post_time) AS last_post_time FROM " . BB_POSTS . " p WHERE $where_sql";
         if ($row = DB()->fetch_row($sql) and $row['last_post_time']) {
             if ($userdata['user_level'] == USER) {
-                if (TIMENOW - $row['last_post_time'] < $bb_cfg['flood_interval']) {
+                if ((TIMENOW - $row['last_post_time']) < $bb_cfg['flood_interval']) {
                     $this->ajax_die($lang['FLOOD_ERROR']);
                 }
             }
diff --git a/src/Legacy/Post.php b/src/Legacy/Post.php
index 922c98d51..daf3be915 100644
--- a/src/Legacy/Post.php
+++ b/src/Legacy/Post.php
@@ -105,10 +105,9 @@ class Post
 
         if ($mode == 'newtopic' || $mode == 'reply') {
             $sql = "SELECT MAX(p.post_time) AS last_post_time FROM " . BB_POSTS . " p WHERE $where_sql";
-
-            if ($row = DB()->fetch_row($sql) && $row['last_post_time']) {
+            if ($row = DB()->fetch_row($sql) and $row['last_post_time']) {
                 if ($userdata['user_level'] == USER) {
-                    if (TIMENOW - $row['last_post_time'] < $bb_cfg['flood_interval']) {
+                    if ((TIMENOW - $row['last_post_time']) < $bb_cfg['flood_interval']) {
                         bb_die($lang['FLOOD_ERROR']);
                     }
                 }