mysty Posted February 16, 2007 Share Posted February 16, 2007 I would like to control (in days) how long a user has access to a website. There are two ways to accomplish this that I can think of. I would like opinions as to whether either will work and if one will be more secure or more reliable than the other. Or, is there an even better way? I am using PHP5 and MySQL. 1) When a user first registers, a data stamp is put into one of the database columns, for example, reg_date and another date into a second column, for example, plus_date, is added to the database. The plus_date would be registration date plus 10 days. Then, when a user comes back and logs in, a script would check that plus_date minus todays date is greater than one. If so, login accepted, if not, login rejected. 2) When a user first registers, a server-side cookie is produced with an expiration date of 10 days. When the user returns and logs in, the cookie is checked. If the cookie is not expired, the login is accepted, if the cookie is expired, the login is rejected. Quote Link to comment Share on other sites More sharing options...
jcbarr Posted February 16, 2007 Share Posted February 16, 2007 I would personally think that something along the lines of option one would be the best method. I clear cookies on a regular basis and what would happen if its gone and I come back to the page, would I then get another tean days for free? Quote Link to comment Share on other sites More sharing options...
mysty Posted February 16, 2007 Author Share Posted February 16, 2007 Is method (1) secure and is it reliable? Quote Link to comment Share on other sites More sharing options...
Greaser9780 Posted February 16, 2007 Share Posted February 16, 2007 I agree. I think option 1 is the best way to go. Should be fairly secure. Quote Link to comment Share on other sites More sharing options...
Clinger Posted February 16, 2007 Share Posted February 16, 2007 I would say option 1 is your best option. Instead of using timestamps in MySQL, I sometimes do it myself to as well so you mysql statement will require no math. //Registration: $date=date("YmdHis"); //This will return YYYYMMDDHHIISS $expirationDate=$date+10000000; // 10 Days //Set your expDate mysql field to the $expirationDate value. Now when you check the login, you can do this: $date=date("YmdHis"); $sql="SELECT * FROM `Database` WHERE `expDate` > '{$date}'"; Quote Link to comment Share on other sites More sharing options...
Archadian Posted February 16, 2007 Share Posted February 16, 2007 I agree with Jcbarr...if the person clears the cookies then he'll get another 10 days and so on...i'd use MySQL to determine what you need. Quote Link to comment Share on other sites More sharing options...
jcbarr Posted February 16, 2007 Share Posted February 16, 2007 You don't even have to have both dates in the table, just add a few lines to check the date the user signed up and then add ten days to that date and compare it to the current date. Not too complicated and wouldn't be that hard to code either. Would keep your tables a bit smaller, which could come in handy if you have a lot of users. Quote Link to comment Share on other sites More sharing options...
mysty Posted February 18, 2007 Author Share Posted February 18, 2007 I am doing this (for free) for my son-in-law just so I can learn more about PHP. I use Dreamweaver and much of the coding is done automatically through DW. I said all that because I may be back from time to time as this forum seems to have people with a wealth of information and I have really learned quite a bit already just reading some of the posts. My son-in-law just sent me a note saying he wants to change and add three choices instead of just one. That is, he wants to offer 30 days, 60 days, and 90 days of access. Quote Link to comment Share on other sites More sharing options...
mysty Posted February 18, 2007 Author Share Posted February 18, 2007 Code: <?php require_once('Connections/conn_tester.php'); ?> <?php if (!function_exists("GetSQLValueString")) { function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") { $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue; $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue); switch ($theType) { case "text": $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; break; case "long": case "int": $theValue = ($theValue != "") ? intval($theValue) : "NULL"; break; case "double": $theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL"; break; case "date": $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; break; case "defined": $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue; break; } return $theValue; } } $editFormAction = $_SERVER['PHP_SELF']; if (isset($_SERVER['QUERY_STRING'])) { $editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']); } if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "newuser")) { $insertSQL = sprintf("INSERT INTO `user` (firstname, lastname) VALUES (%s, %s)", GetSQLValueString($_POST['firstname'], "text"), GetSQLValueString($_POST['lastname'], "text")); mysql_select_db($database_conn_tester, $conn_tester); $Result1 = mysql_query($insertSQL, $conn_tester) or die(mysql_error()); $insertGoTo = "2_reg.php"; if (isset($_SERVER['QUERY_STRING'])) { $insertGoTo .= (strpos($insertGoTo, '?')) ? "&" : "?"; $insertGoTo .= $_SERVER['QUERY_STRING']; } header(sprintf("Location: %s", $insertGoTo)); } if (!session_id()) session_start(); if (isset($_POST["Submit"])) { $_SESSION["fname"] = "".((isset($_POST["firstname"]))?$_POST["firstname"]:"") .""; } if (!session_id()) session_start(); if ($_SERVER["REQUEST_METHOD"] == "POST") { $_SESSION["lname"] = "".((isset($_POST["lastname"]))?$_POST["lastname"]:"") .""; } ?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <title>Registration Page - CPG Database</title> <table width="750" border="0" align="center"> <tr> <td><div align="center" class="pageName style4">New User Registration </div></td> </tr> <tr> <td class="subHeader"><form action="<?php echo $editFormAction; ?>" method="POST" name="newuser" class="services-red" id="newuser"> <label><span class="style3"><br /> </span><br /> <br /> <br /> First Name <input name="firstname" type="text" id="firstname" size="70" /> </label> <p> <label> Last Name <input name="lastname" type="text" id="lastname" size="70" /> </label> </p> <p> <label></label> How many days? <select name="select"> <option value=" " selected="selected">Please choose one</option> <option value="val+30">30 Days</option> <option value="val+60">60 Days</option> </select> </p> <p> <input type="submit" name="Submit" value=" Register New User " /> </p> <input type="hidden" name="MM_insert" value="newuser"> </form> <p> </p> </td> </tr> <tr> </tr> </table> <br /> <br /> </body> </html> This is a short page that I set up to test my site. If I knew what to put into the code in place of "val+30" and "val+60" I think I would be all set. I set up a database with columns as firstname, lastname, cur_date, and plus_date. The cur_date is an automatic timestamp putting in the current date (when the user registers). Then the user chooses from a list, how long they want access for - 30 days or 60 days. What I want here is a date put into the plus_date column that is either 30 days or 60 days beyond the cur_date. If I could do that, I could check on login if plus_date minus cur_date is > 1, then access is OK. Can anybody help with this? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.