RanchiMall/php-mpos
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

After messing around for quite awhile now with the SQL NOW() and timestamp comparison, I've come to the conclusion it's much better for my sanity to do the expiration check in php - there seems to be some divergence between the way this is handled between SQL setups I've tested. So there you go.

Browse Source
This commit is contained in:
xisi 2014-01-17 18:04:29 -05:00
parent bacbb8c36c
commit 18f808a85b
1 changed files with 28 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
public/include/classes/token.class.php
View File

@ -6,6 +6,15 @@ if (!defined('SECURITY')) die('Hacking attempt');
class Token Extends Base {
protected $table = 'tokens';
/**
* Return time token was created
* @param id int Token ID
* @param time string Creation timestamp
**/
public function getCreationTime($token) {
return $this->getSingle($token, 'time', 'token', 's');
}
/**
* Fetch a token from our table
* @param name string Setting name
@ -30,13 +39,25 @@ class Token Extends Base {
* @return int 0 or 1
*/
public function isTokenValid($account_id, $token, $type) {
$stmt = $this->mysqli->prepare("SELECT * FROM $this->table WHERE account_id = ? AND token = ? AND type = ? AND UNIX_TIMESTAMP(time) < UNIX_TIMESTAMP(NOW()) LIMIT 1");
if ($stmt && $stmt->bind_param('isi', $account_id, $token, $type) && $stmt->execute())
$res = $stmt->get_result();
print_r($res);
return $res->num_rows;
return $this->sqlError();
if (!is_int($account_id) && !is_int($type)) {
$this->setErrorMessage("Invalid token");
return 0;
}
$expiretime = $this->tokentype->getExpiration($type);
$ctimedata = new DateTime($this->getCreationTime($token));
$checktime = $ctimedata->getTimestamp() + $expiretime;
$now = time();
// if start + checktime is LATER than now, ie valid
if ($checktime >= $now) {
$stmt = $this->mysqli->prepare("SELECT * FROM $this->table WHERE account_id = ? AND token = ? AND type = ? AND UNIX_TIMESTAMP(time) < UNIX_TIMESTAMP(NOW()) LIMIT 1");
if ($stmt && $stmt->bind_param('isi', $account_id, $token, $type) && $stmt->execute())
$res = $stmt->get_result();
return $res->num_rows;
return $this->sqlError();
} else {
$this->setErrorMessage("Token has expired");
return 0;
}
}
/**