I think I have what you are looking for. I finally made it on my own cause I couldn't find anything concrete here. There's probably 20 ways to do it, and mine might not be the best. But that's the fun of programming isn't it? 🙂
The following assumes you have a database with ID, Email, Password, IP, SessionID(uniquely generated string of numbers and letters), SessionStart (a MySQL datetime variable), SessionExpire (enum('Y','N'))
If SessionExpire is set to N, they will not expire and this is bypassed, but if it is Y then it goes through the check following...
It would be called as follows
page.php?SID=jkh324kj23h4234kj34h&UID=1
<snip>
$securitycheck = db_query("SELECT ID, Email, Password, IP, SessionID, SessionStart, SessionExpire FROM Users WHERE ID='".$UID."'");
get $num_rows here, I am using an adapted db_query which assigns it for me
if($num_rows!=1)
exit();
else
{
$U = db_fetch_object($securitycheck);
### Date check here
if($U->SessionExpire=="N")
{
$TimeOK=true;
}
else
{
$dt["Y"] = $U->SessionStart[0] . $U->SessionStart[1] . $U->SessionStart[2] . $U->SessionStart[3];
$dt["M"] = $U->SessionStart[5] . $U->SessionStart[6];
$dt["D"] = $U->SessionStart[8] . $U->SessionStart[9];
$dt["h"] = $U->SessionStart[11] . $U->SessionStart[12];
$dt["m"] = $U->SessionStart[14] . $U->SessionStart[15];
$dt["s"] = $U->SessionStart[17] . $U->SessionStart[18];
//echo $dt["Y"]."-".$dt["M"]."-".$dt["D"]." ".$dt["h"].":".$dt["m"].":".$dt["s"]."\n\n"; // Use to check with DB if you aren't sure you have the correct format
$DBTime = mktime($dt["h"], $dt["m"], $dt["s"], $dt["M"], $dt["D"], $dt["Y"]);
if((mktime() - $DBTime) < 3600) // 3600 is one hour, you can change if desired
$TimeOK=true;
else
$TimeOK=false;
}
if(($SID==$U->SessionID)&&($TimeOK))
{
echo "\nAll is good!";
}
}
</snip>
