Check to see if data is expired

[lore_lanu]

Hello everyone!

 

I am currently working on a reset password script, where, in the case of a lost password, a user can reset their password. (Duh.)

 

In the script, the user is prompted to enter their username and email, and, if that combination exists, the users are given an email with a link such as http://www.mysite.com/lostpass?=9dfk32l5rhe894h. The hash at the end is generated randomly. When the email is sent, the hash is stored in a mysql database (column lostpass) and the time is stored in a datetime column (expirelost). When the user clicks the link, the hash is stored by the $_GET method and checked against the database. If it exists, the user gets a new password.

 

I am having no problems with this part.

 

However, I would like the link to expire after 30 minutes of the time stored in expirelost. I am thinking something like this:

if(conditional that would allow date to be checked) {
         //your password has been reset
}

else {
        // error: link has expired
}

 

I have done many google searches, but nothing has worked. I think I have to use the DATE_SUB function? Not sure..

 

If anyone has any ideas or examples, please share them with me!

Thanks in advance!

[lonewolf217]

insert a timestamp into the database along with the hash. 

 

when you retrieve the hash to compare it when the user clicks the link, compare the current timestamp with the one in the database and reject the request if it is too old

[lore_lanu]

I save the current time using now() in the datetime column expirelost. Is using a timestamp to store this kind of request better? I'm open to all suggestions.

 

My question is, how can I check to see if the time is older than 30 minutes?

[lonewolf217]

you can use php's time() to input the unix timestamp.  then pull out the unix timestamp for the hash and compare them.  if the difference is greater than 60s * 30m, reject it

 

edit: i should note this is only one way to do it, there are a plethora of ways you can compare timestamps with date() amongst others.  this is just probably the simplest way to do what you require

[lore_lanu]

Thanks for your help so far.

 

Could you tell me what functions I could use to compare the stored time and the current time? I'm a little confused on that part.

 

I'm pretty new at this.

[lonewolf217]

assuming you know how to insert and pull from the database ill skip all that.

 

Step1:

Registration email is sent with a hash. 

Insert into database with hash and timestamp

 

Step2:

user clicks the link and is brought to the processing page.

 

Step3:

$currTime = time();  /// this will retrieve the current server time as a unix timestamp

$genTime = $row['genTime'];  // this will retrieve the timestamp from the database , also as a unix timestamp

 

Step4:

 

if( ($currTime - $genTime) > (30*60)) {  // compare the difference between the times to (30 minutes * 60 seconds = #of seconds in 30 minutes)

  //it is greater, so deny the validation

}

else {

  //it is less than 30 minutes, so allow the validation

}

[lore_lanu]

Oh my, that is very simple. I didn't expect it to be that easy. Thanks a ton for your help!

 

I'll leave this unsolved for now until I can test it out, though.