So I have a URL that should turn invalid after an hour. For some reason it never turns invalid. Here's the code,
<?php
session_start();
include_once '../db.php';
//DB query
$stmt = $con->prepare("SELECT token_created_at from reset WHERE token = :urltoken");
$stmt->bindValue(':urltoken', $_GET['token']);
$stmt->execute();
$stmt->setFetchMode(PDO::FETCH_ASSOC);
while($row = $stmt->fetch()) {
$token_created_at = $row['token_created_at'];
}
$_SESSION['token'] = $_GET['token'];
//Remove after testing
echo $token_created_at."<br>";
$my_dt = DateTime::createFromFormat('m-d-Y H:i:s', $token_created_at);
//Modify error
$expires_at = $my_dt->modify('+1 hour');
//Return current time to match
echo $current_time = date('m-d-Y H:i:s', time());
?>
<?php if($current_time < $expires_at) : ?>
<!DOCTYPE html>
<html>
<body>
<form method="post" action="a.php">
<input type="password" name="pass1" placeholder="Password">
<br>
<input type="password" name="pass2" placeholder="Password, again">
<br>
<input type="submit">
</form>
</body>
</html>
<?php else : ?>
<h1>Link expired</h1>
<?php endif; ?>
Any ideas? In the DB, token is stored as 06-27-2014 09:10:50 and current time is 06-28-2014 09:15:27, so it should be expired. Any ideas?
You are comparing a DateTime object against a string. You can't do that. Either compare both as strings or DateTime objects. I recommend that latter.
$current_time = new DateTime();
<?php if($current_time < $expires_at) : ?>
You also don't need to capture the result of $my_dt->modify('+1 hour'); as it modifies $my_dt in place. So you can do:
$my_dt->modify('+1 hour');
$current_time = new DateTime();
<?php if($current_time < $expires_at) : ?>