...

View Full Version : Password resetting.



CyberPirate
05-10-2009, 12:18 AM
Hello, I'm currently creating a feature on my site so people can reset their passwords if they've forgetten theirs. I tried to reset my password here on CodingForums just too see how the reset link looked like etc, and I noticed it said

"If you did not request this, please ignore it. It will expire and become useless in 24 hours time.

And I was wondering how this works? I mean, the identifier that will be passed from the email over the PHP is probably stored in a MySQL database or something and then check whether the user ID specified in the link in the email holds the identifier that was set when you requested a new password. This I have done already.

Now I want the link to become useless in 24 hours and I was wondering how to do it? Cron job?

timgolding
05-10-2009, 12:29 AM
I mean if your storing the code in an SQL database why not just store the time it was created in there too. Then when they click the link you can check the current time against the time in the database to see if it expired.

CyberPirate
05-10-2009, 12:33 AM
Yeah, I was thinking of doing that. Maybe I should, but if there are any better solutions please tell me.

timgolding
05-10-2009, 12:59 AM
Well i think that would be better than using a cron job. I can't think of any reason that you wouldn't want to do it that way. I expect that's what vBulletin would have done. But without downloading and reverse engineering can't be sure.

Just creat another column in your database:



ALTER TABLE `table_name` ADD `time_in` INT( 10 ) NOT NULL ;


Then when the reset password is created just do a



$time = time();


That will get the timestamp that can go into the database
Then use


//After the select query and puting time_in into $row['time_in'] with mysql_fetch_assoc

$time = time();

if(((int)$row["time_in"]+(60*60*24))> (int)$time )
{
// reset password
}
else
{
// Do whatever
}

CyberPirate
05-10-2009, 01:01 AM
This will do wonder, thanks a lot!

EDIT:
Why are you using (int) in front of the variables?

timgolding
05-10-2009, 01:36 AM
This will do wonder, thanks a lot!

EDIT:
Why are you using (int) in front of the variables?

I just put the int infront to type cast the variables because I'm not sure if they will be strings. If they are strings then the additions and comparison possibly won't work. Actually the main reason is because i didn't test them and this is fail safe. Plus I'm sure the last time i did comparisons on time functions it didn't work and I had to type cast them.

Oh just to tell you what type casting means. It just means changing what type a variable is e.g


$a= (string)1;
// is same as
$a = '1';

$b = (array)'hello';
//is same as
$b = array('hello');

$c = (int)'2';
//is same as
$c = 2;

// etc...


http://uk.php.net/manual/en/language.types.type-juggling.php#language.types.typecasting



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum