Making password filed empty in DB after timeout not working in php

StackOverflow https://stackoverflow.com/questions/22384147

Question

am working on a project in which the user is given 60sec time to enter the OTP to the login page of the website.

Here I created a "Generate" button which generates the OTP , once click event is performed the timer will start and the user has 60 sec to login to the website if time exceeds 60 sec the OTP stored in the DB should be automatically deleted .

 if(isset($_POST['generate']))
    {
   $timer = time();
        if($timer == $timer+5)
       {
         $query = mysql_query("UPDATE user_login SET password='' WHERE username = 'ajai sandy'") ;
                     $qry_run = mysql_query($query);
       }
       $string = 'abcdefghijklmnopqrstuvwxyz0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ';
       $string_shuffled = str_shuffle($string);
       $password = substr($string_shuffled, 1, 7);
       $password = base64_encode($password);
       $query = mysql_query("UPDATE user_login SET password='".$password."' WHERE username = 'ajai sandy' ");
       $qry_run = mysql_query($query);
       }

The problem is password is not deleted after 60 sec . I tried this under php

Was it helpful?

Solution

The variable will never be more than itself :) ($variable will never equal $variable + something)

Make sure $timer is put outside of the validation (the if statement) and check against current time.

Something like this:

$originalTime = time();

if (isset($_POST['generate'])) {
    if (time() > $originalTime + 60) {
        // do your stuff
    }
}

EDIT: you actually will have to either add the $originalTime to a session variable or to a cookie and check against it on the next page. But the logic is the same: you will have to separate the original time from the time you're checking on post.

OTHER TIPS

That is because php is not stream-like. It will not remove itself after that amount of time.
A solution whole be selecting where the timer has not passed instead of the line exists.

So you make a column valid_until, and when they try to log in, you do 

WHERE valid_untill>=".( time()-60 )."

To clean up your database, you could add a cronjob to delete the old ones

Follow @Martijn advice

Because PHP is not naturally a thread language what you are trying to achieve is somehow tricky.

I would handle this problem by putting fields in the database for that. For example when you generate.

UPDATE user_login 
SET password='xxxxx', generated='true', created_time='xxxx' 
WHERE username = 'ajai sandy'

Then I would set up a php script to run every minute on a cron job to clear the password where that generated field is set to true and created time is past 60 seconds

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top