I am working on a password reset and I am at the part of where I am checking if the token is within the time range.
This is my code :
$tokentime = substr($dbtoken[0], 0, 4); // get the DB time that I store with date('hi') . $token
$now = date('hi'); // Create the now time in same format as $tokentime
var_dump($now); // This generates : 0838 (couple mines ago)
var_dump($tokentime); this generates : 0652 (102 minutes ago)
var_dump(strtotime($now)); // convert 8380 to unix time
var_dump(strtotime($tokentime)); // convert 0652 into unix time
if (strtotime($now) - strtotime($tokentime) >= 600) { // If the unix seconds are equal to or greater then 600 seconds
echo "Token Expired";
} else {
echo "Not Expiered";
}
Is my way of thinking correct?
This is the var_dump values :
string(4) "0838" string(4) "0652" int(1377175080) int(1377168720) Token Expired
I have it set to expire in 10 minutes of 600 seconds.
This is my first time working checking differences in time, and storing date values inside of a token like so. I just wanted to know if this is correct way of finding differences in time.
That's simple: At some moment in time value of time() in your token. Later:
if (time()-tokentime) > 600)
{
// expired
}
time() will get you so called UNIX timestamp which is timezone independent.