One time use of activation URL

Question

Hi I want to know how can I expire an activation link after 2 days sent tru email for my users who doesn't have their accounts activated yet.. My idea was to use COOKIES but I think its not possible to send COOKIES via email.. can I have some tips and other suggestion please? I've been searching for 6 days now...

Here is what I have so far

$con = new PDO("mysql:host=". db_host .";dbname=".db_name.'', db_username , db_password);

$con->setAttribute( PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION );

$c = $_GET['c'];


    if($c == 1){
$imputText = $_GET['v'];
$imputKey = "3173aLASOf";
$blockSize = 128;
$mode ="M_CBC";
$es = new ES($imputText, $imputKey, $blockSize,$mode);
$dec=$es->decrypt();


    $sql = "SELECT vtokn FROM tmp_user WHERE vtokn = :token LIMIT 1";

    $stmt = $con->prepare( $sql );

    $stmt->bindValue( "token", $dec, PDO::PARAM_STR );

    $stmt->execute();

    $sqlups = "UPDATE tmp_user SET conf = :c WHERE vtokn = :token AND conf= 0 LIMIT 1";

    $stmtups = $con->prepare( $sqlups );

    $stmtups->bindValue( "c", $_GET['c'], PDO::PARAM_STR );
    $stmtups->bindValue( "token", $dec, PDO::PARAM_STR );
    $stmtups->execute();
    $result = $stmt->fetchColumn();

    $sqltmps = "SELECT tmstamp FROM tmp_user WHERE vtokn = :token LIMIT 1";

    $stmttmps = $con->prepare( $sqltmps );

    $stmttmps->bindValue( "token", $dec, PDO::PARAM_STR );

    $stmttmps->execute();
    $result2 = $stmttmps->fetchColumn();
$tme =time()+60*2;
setcookie('exp','d',$result2);
    if(isset($_COOKIE['exp']) ){

    if($result === $dec){
        $sqltb = "SELECT * FROM tmp_user WHERE vtokn = :token LIMIT 1";

        $stmttb = $con->prepare( $sqltb );

        $stmttb->bindValue( "token", $dec, PDO::PARAM_STR );

        $stmttb->execute();


        foreach ($stmttb->fetchAll() as $rows) {
        $user=$rows['username'];
        $password=$rows['password'];
        $firstname=$rows['firstname'];
        $lastname=$rows['lastname'];
        }

        $sql2 = "INSERT INTO ofcl_users(email,password,acct_stat) VALUES( :username,:password,1 )";

        $stmt2 = $con->prepare( $sql2 );

        $stmt2->bindValue( "username", $user, PDO::PARAM_STR );
        $stmt2->bindValue( "password", $password, PDO::PARAM_STR );

        $stmt2->execute();

        echo $user." "."Is Now Activated<br/>" . "<a href='login.php'>Login Now</a>";
    $sqldel = "DELETE FROM tmp_user WHERE vtokn = :token AND conf= :c  LIMIT 1";

    $stmtdel = $con->prepare( $sqldel );

    $stmtdel->bindValue( "c", $_GET['c'], PDO::PARAM_STR );
    $stmtdel->bindValue( "token", $dec, PDO::PARAM_STR );

    $stmtdel->execute();
        }else
        {
            echo "Account was already activated" . $dec;
        }
    } else {
        echo $_GET['t']."Token Expired" . $tme;
    }
}

    else
    {
    echo "Invalid Token Reference: " . $dec;
    }

This script will run as soon as my link tru email was click the validation if its a link that is a 2 or 3 days old.. Is this correct?

Answer 1

Make use of Timestamp.

When Inserting a Token, make another field in database, say token_timestamp and use time() function for its value.

Then, at the time of Validating Activation Link, make a check something like this:

$current_time = time();
$max_time = 2*24*60*60; // Time in seconds
if (($current_time - $token_timestamp) > $max_time) {
    echo "Link Expired!";
}
else {
    // Do your Process for Activation here
}