Ajai Sandy Ajai Sandy - 4 years ago 74
SQL Question

Making password filed empty in DB after timeout not working in php

am working on a project in which the user is given 60sec time to enter the OTP to the login page of the website.

Here I created a "Generate" button which generates the OTP , once click event is performed the timer will start and the user has 60 sec to login to the website if time exceeds 60 sec the OTP stored in the DB should be automatically deleted .

if(isset($_POST['generate']))
{
$timer = time();
if($timer == $timer+5)
{
$query = mysql_query("UPDATE user_login SET password='' WHERE username = 'ajai sandy'") ;
$qry_run = mysql_query($query);
}
$string = 'abcdefghijklmnopqrstuvwxyz0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ';
$string_shuffled = str_shuffle($string);
$password = substr($string_shuffled, 1, 7);
$password = base64_encode($password);
$query = mysql_query("UPDATE user_login SET password='".$password."' WHERE username = 'ajai sandy' ");
$qry_run = mysql_query($query);
}


The problem is password is not deleted after 60 sec . I tried this under php

Answer Source

The variable will never be more than itself :) ($variable will never equal $variable + something)

Make sure $timer is put outside of the validation (the if statement) and check against current time.

Something like this:

$originalTime = time();

if (isset($_POST['generate'])) {
    if (time() > $originalTime + 60) {
        // do your stuff
    }
}

EDIT: you actually will have to either add the $originalTime to a session variable or to a cookie and check against it on the next page. But the logic is the same: you will have to separate the original time from the time you're checking on post.

Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download