If it does not work

0

I'm developing a website, some users will access it, and I need the password to expire every 30 days . I did this check, but it never crashes, even when the if is true. If anyone has any idea what might be wrong or a tip to improve, thank you. Below is the code in PHP .

  $cnpj               = $_POST['cnpj'];
  $senha              = $_POST['senha'];
  $hoje               = date('Y-m-d');

  $conexao            = mysqli_connect('localhost','root','') or print(mysqli_error());
  $db                 = mysqli_select_db($conexao, 'teste') or print(mysqli_error());

  $sql                = "SELECT * FROM usuario WHERE cnpj = '$cnpj' AND senha = '$senha'";
  $sql2               = "UPDATE usuario SET senha = 'expirou' WHERE cnpj = '$cnpj' and NOW() > data_senha"; 
  $sql3               = "UPDATE usuario SET data_senha = NOW() WHERE cnpj = '$cnpj'";
  $sql4               = "SELECT data_senha FROM usuario WHERE cnpj = '$cnpj'";

  $resultado_login    = mysqli_query($conexao, $sql);
  $data_senha         = mysqli_query($conexao, $sql4);

  if ($hoje >= $data_senha) {
    echo "<script> window.alert('Sua senha expirou! Entre em contato com a Rofran e solicite a nova senha.'); </script>";
    echo "<script> window.location.replace('../index.html'); </script>";
    $update_senha       = mysqli_query($conexao,$sql2);
    $update_data_senha  = mysqli_query($conexao,$sql3);
  }elseif(mysqli_num_rows($resultado_login) == 0){
    header("Location: ../erro.html");
    session_destroy();    
  }else{
    header("Location:../home.html");
    session_start();
  } 

I tested both date and return values, but in these tests I also noticed that they are not of the same type, even though they have the same yyyy-mm-d format.

    
asked by anonymous 31.01.2017 / 21:51

6 answers

0

After the help of @ aeslei and @AntonioAntunes, I changed the code and it is working. Here is the correct code:

<?php 

  $cnpj                  = $_POST['cnpj'];
  $senha                 = $_POST['senha'];
  $hoje                  = date('Y-m-d');

  $conexao               = mysqli_connect('localhost','root','') or print(mysqli_error());
  $db                    = mysqli_select_db($conexao, 'teste') or print(mysqli_error());

  $sql                   = "SELECT * FROM usuario WHERE cnpj = '$cnpj' AND senha = '$senha'";
  $sql2                  = "UPDATE usuario SET senha = 'expirou', data_senha = NOW() WHERE cnpj = '$cnpj' and NOW() > data_senha"; 
  $sql3                  = "SELECT data_senha FROM usuario WHERE cnpj = '$cnpj'";

  $resultado_login       = mysqli_query($conexao, $sql);
  $res_data_senha        = mysqli_fetch_assoc(mysqli_query($conexao, $sql3));
  $data_senha            = $res_data_senha["data_senha"];

  if($hoje >= $data_senha){
    echo "<script> window.alert('Sua senha expirou! Entre em contato e solicite a nova senha.'); </script>";
    echo "<script> window.location.replace('../index.html'); </script>";
    $update_senha_data   = mysqli_query($conexao, $sql2);
  }elseif(mysqli_num_rows($resultado_login) == 0){
    header("Location: ../erro.html");
    session_destroy();    
  }else{
    header("Location:../home.html");
    session_start();
  }

?>
    
01.02.2017 / 21:18
2

Well, we have some issues with this code.

The first of these is the content of $ data_password. It will always be just the text of the query, because there is no execution at any time, nor the achievement of the result.

The second of these is that by finding a record in the query, which is correct (which the user locates by cnpj and password), he already forwards the HTTP header that directs the browser to redirect to "home.html". So, whatever happens from there, the user will not realize - in this case the alert messages that would be generated by correcting the first error.

The third one is that the queries that should run at the end, within the if-checking dates, are never executed. You just create them as a string, but there is no call to the mysqli_query method, which would finally execute them.

Correcting these three, your code should already work.

    
01.02.2017 / 06:11
1

Consider this part of the code:

// ...
$data_senha = mysqli_query($conexao, $sql4);
if ($hoje >= $data_senha) {
// ...

The variable $data_senha does not have the date value, but a MySQLi_Result . To get the desired value, you need to use some fetch function, such as mysqli_fetch_assoc , which returns an array containing the selected values.

In addition, as already noted in another answer, you need to use the strtotime function to compare the dates.

As such ..

// ...
$resultado_data_senha = mysqli_fetch_assoc(mysqli_query($conexao, $sql4));
$data_senha = $resultado_data_senha["data_senha"];
if (strtotime($hoje) >= strtotime($data_senha)) {
// ...
    
01.02.2017 / 18:06
0

Make these changes and see if you're falling on the IF. Below the $ data_password, put:

$resultado_data = mysqli_query($conexao, $data_senha);
$linha= mysqli_fetch_assoc($resultado_data);

And replace if with:

if($hoje >= $linha['data_senha'])
    
31.01.2017 / 22:04
0

To compare dates you should use this way:

If(strtotime($hoje) >= strtotime($data_senha)){ }
    
31.01.2017 / 22:08
-2

A good way to debug would be to print the variable $ data_password and mysql return data to see if the information is crashing.

    
01.02.2017 / 17:03