I'd like to know how I'd expire a link after a use.
We have a password recovery system that sends an email to recovery that is working perfectly. In case, if the link does not open in 30 minutes, it expires, but I would like to know how to make this link expire after use, causing it to not be used more than once, does anyone have a tip to give? p>
I believe this can be solved as follows:
$hora = time();
$id = //id qualquer;
$seulink = "ativacao.php?id=" . $id . "&hora'=" . $hora;
And in the activation.php file you do the logic to check if the $hora parameter has a difference of more than half an hour from the current time. If it is larger, it does not allow activation.
You can also generate a hash based on the value of the current time and ID (to prevent the user from changing the value of &hora manually) and validate if that hash is possible at the time of the check in activation.php.
Since you want to disable the link after first use, you can create a table in the bank with two columns: id and jaUtilizado (boolean) and ativacao.php would make a select in the database by the id passed via parameter in url. If the jaUtilizado column is marked for that Id to activate at that point. If it is not marked, mark it and continue with the process.
For sure, you will have to save this information in the database.
I usually do the following:
For security, I do not suggest that you put the date in the url, since it can be manipulated. It is also preferable to save the date in the database.
The link looks like this:
meu_site/recupear_senha.php?token=token_que_vem_do_banco_de_dados
Next (Fictitious Code):
$token = filter_input(INPUT_GET, 'token');
// ou $token = $_GET['token']; //tanto faz
// Compara com a data de -30 minutos atrás
$data_expiracao = (new DateTime('-30 minutes'))->format('Y-m-d H:i:s');
$resultado = $query->execute("SELECT * FROM usuario WHERE token_email = ? AND data_token >= ?", [$token, $data_expiracao]);
if ($resultado !== false) {
// Pode confirar nesse token
// Remove o token de email do banco
$query->execute('UPDATE usuario WHERE token_email = ? SET token_email = NULL', [$token]);
} else {
//Expirou, mano! Pede outra solicitação.
}
The best way is to save a link with a date-time field in the database and with a boolean field to identify if it has already been used.
The link in which the user clicks will then be a link to the routine that makes a query to the bank. If the link has not yet been used and is within the time, then it does forward, if it does not return a message or error.
Here I made an example using an expiration method based on a period range:
<?php
function expireDate($dateStart, $dateEnd) {
$dateCurrent = new DateTime();
$dateEnd = new DateTime($dateEnd);
$dateEnd->format('Y-m-d H:i:s.uO');
$dateStart = new DateTime($dateStart);
$dateStart->format('Y-m-d H:i:s.uO');
if (($dateStart->getTimestamp() <= $dateCurrent->getTimestamp())
&& ($dateEnd->getTimestamp() >= $dateCurrent->getTimestamp())) {
//enquanto estiver no intervalo ele não expira (retorna falso)
return false;
}
//caso contrário retornará verdadeiro
return true;
}
?>
And in the view:
<?php
if(expireDate('2015-10-30 16:00:00', '2015-10-30 16:30:00') != true):
?>
<a href="#">seu link</a>
<?php endif; ?>