3
I wonder how I do to expire a link after a use.
We have a password recovery system that sends an email to recovery that is working perfectly. In this case, if the link is not opened in 30 minutes, it expires, but I would like to know how to make this link expire after use, making it can not be used more than one view, someone has a tip to give?
6
I believe this can be solved as follows:
$hora = time();
$id = //id qualquer;
$seulink = "ativacao.php?id=" . $id . "&hora'=" . $hora;
And in the active.php file you do the logica to check if the parameter $hora has a difference of more than half an hour from the current time. If it is larger, it does not allow activation.
You can also generate a hash based on the value of the current time and the ID (to prevent the user from changing the value of &hora manually) and validate whether that hash is possible at the time of checking in.php.
Since you want to disable the link after the first use, you can create a table in the database with two columns: id and jaUtilizado (Boolean) and the ativacao.php would make a select in the database by id passed via parameter in the url. If the column jaUtilizado is marked for that Id the activation for that point. If it is not marked, mark it and continue with the process.
For cases like this, it is always good to record in the database. As you said, the user can manipulate the url.
I think it would be less costly to control it through a hash. Sort of like this: $hash = md5($id . $hora . "testehash"); And then: $seulink = "ativacao.php?id=" . $id . "&hora'=" . $hora . "&hash=" .$hash; E then validate whether the url hash is possible based on inputs from id and hora.
Although this is correct, as I understood the AP already has this solution, it now needs to "block" the link after the user uses it.
I edited the answer giving a possible solution.
2
For sure, you will have to save this information in the database.
I usually do the following:
In the table referring to the user, when it asks for password recovery, record in a table field a randomly generated hash.
For security reasons, I do not suggest you put the date in the url, as it can be manipulated. It is preferable to also save the date in the database.
The link can be like this:
meu_site/recupear_senha.php?token=token_que_vem_do_banco_de_dados
Next (Fictitious code):
$token = filter_input(INPUT_GET, 'token');
// ou $token = $_GET['token']; //tanto faz
// Compara com a data de -30 minutos atrás
$data_expiracao = (new DateTime('-30 minutes'))->format('Y-m-d H:i:s');
$resultado = $query->execute("SELECT * FROM usuario WHERE token_email = ? AND data_token >= ?", [$token, $data_expiracao]);
if ($resultado !== false) {
// Pode confirar nesse token
// Remove o token de email do banco
$query->execute('UPDATE usuario WHERE token_email = ? SET token_email = NULL', [$token]);
} else {
//Expirou, mano! Pede outra solicitação.
}
So you don’t understand, -30 minutes is because the purchase made is: Se a data_token for maior ou igual que agora - 30 minutos. That is, it is valid from now until 30 minutes more. It is always confusing to mess with dates (at least for me it is)
2
Here I did an example using an expiration method based on a period interval:
<?php
function expireDate($dateStart, $dateEnd) {
$dateCurrent = new DateTime();
$dateEnd = new DateTime($dateEnd);
$dateEnd->format('Y-m-d H:i:s.uO');
$dateStart = new DateTime($dateStart);
$dateStart->format('Y-m-d H:i:s.uO');
if (($dateStart->getTimestamp() <= $dateCurrent->getTimestamp())
&& ($dateEnd->getTimestamp() >= $dateCurrent->getTimestamp())) {
//enquanto estiver no intervalo ele não expira (retorna falso)
return false;
}
//caso contrário retornará verdadeiro
return true;
}
?>
And in the view:
<?php
if(expireDate('2015-10-30 16:00:00', '2015-10-30 16:30:00') != true):
?>
<a href="#">seu link</a>
<?php endif; ?>
I’ll test yes, thank you very much, put the result later.
Served perfectly for my use, thank you.
1
The best way is to save a link with a date-time field in the database and with a bolean field to identify if it has already been used.
The link on which the clicka user will then be a link to the routine that queries the database. If the link has not yet been used and is within the time, then forward, if it does not return message or error.
Thank you for testing here, put the result for you later
Browser other questions tagged php link passwords
You are not signed in. Login or sign up in order to post.
You can use a flag in the database that it has already been accessed or even change the generated date to 30 minutes ago, so it will stop working too.
– Mastria