No mailsending to $username after n hours?

Breekan

I made a function that would email a given user "$username" containing his username and password for the site. However, someone could just enter someone's name and keep requesting for the password, flooding the poor guy's Email box. How can I make it so, for instance, after retrieving the pass, you can't use that function to email $username for another 72 hours?

iongion

you need something like a cookie for the server ... after each email sended you;ll create a timer function :

in cgi :

you make a structure containing the start and the end of the

interval.

struct interval
{
date start;
date end;
}

int testinterval(date current_date, interval interv)
{
// check the differecens between current_date and interv.end;
// if interv.end is "later" thant current_date then return 0;
// else return 1;
}

and in your application that sends mail you first create an object
of interval type.(you must create it once for each users that uses you mail service->and recreate it again if it expired)

then on each try for your user to send a mail you call testinterval(current_date,currentuserinterval)

if it returns 0 it can't send mail
else if returns 1 than do send mail.

my appologies for the cgi but it is verry easy to transform it into php (i am kind of new for php and i;m suffering from "C" sympthome )

Breekan

Thank you, this was very helpful ^_

bobthedog

I am guessing your username and password are stored in a database on the server.

How about just adding an extra field which holds the last time/date that you sent them a password? If this is more than 72 hours ago then go and send it out. If not then don't.

Everytime a new password is actually sent, just update this field for the user to be the current time/date stamp.

Breekan

how would one check if 72 hours has passed between two given times?

I have heard of a thing valled mktime. Is this possible to use somehow? To make a timestamp of actually the time 72 hours FROM now and then from then on checking to see if the current time exceeds it or not?

How is this accomplished?

bobthedog

Well - tbh - it depends how your database is structured.

I generally make a datetime field within the database, and then when checking the timeframe, I let SQL do all the work for me (cos it's normally easier than writing a lot more code to do it in PHP), so I have less PHP to do. MySQL has a handy little function called UNIX_TIMESTAMP, which returns a number representing the number of seconds which have passed since some time in 1970 (ish)

So - imagine our table (tabUsers) with three columns - user, pwd, and lastsendtime.

Our SQL would then look something like

SELECT * FROM tabUsers WHERE (lastsendtime = NULL) OR UNIX_TIMESTAMP(lastsendtime) < (UNIX_TIMESTAMP(now()) - 259200) AND user='fred'

So - this attempts to select fred's record as long as a password wasn't sent within the last 72 hours (259200 is the number of seconds in 72 hours).

So - if you know 'fred' exists then a record will only be returned if he hasn't had a mail within the last 72 hours. We have to do the NULL check just to make sure that if it is NULL, then a mail will still be sent out to that person (easier than trying to play around and find out what SQL will actually return for this case!).

So - all you then have to do in PHP is select that QUERY and see if any results are returned!

Breekan

if ($result != 0){
$goodtogo = mysql_fetch_row(mysql_query("SELECT distinct pwrecov from $table_name WHERE ((pwrecov is NULL) OR ((UNIX_TIMESTAMP(pwrecov) > (UNIX_TIMESTAMP(now()) - 259200))) AND user=\"$user\""));

Why does this give me an error/warning that it isn't a valid MySQL result resource?

Breekan

else{
echo "Please wait ";
$temptime1 = mysql_fetch_row(mysql_query("select distinct pwrecov from users where user=\"$user\""));
$temptime2 = mysql_fetch_row(mysql_query("SELECT UNIX_TIMESTAMP(now())"));
$temptime3 = $temptime2 - $temptime1;
$temptime3 = 259200 - $temptime3;
echo date("H hours, i minutes, and s seconds", mktime(0,0,$temptime3));
}

This also gives me errors

Weedpacket

if ($result != 0){
$query="SELECT distinct
	pwrecov
from
	$table_name
WHERE
	((pwrecov is NULL)
	OR ((UNIX_TIMESTAMP(pwrecov) > (UNIX_TIMESTAMP(now()) - 259200)))
	AND user=\"$user\"";
$query_result = mysql_query($query)
	or die("MySQL Error on `$query' - error message given is: ".mysql_error());

$goodtogo = mysql_fetch_row($query_result);

Is that "A OR (B AND C)" or "(A OR 😎 AND C"

Weedpacket

Originally posted by Breekan
else{
echo "Please wait ";
$temptime1 = ...

This also gives me errors

This would partly be because $temptime1 and $temptime2 are arrays. (What's wrong with "$temptime2=time();"?)

Also, mktime() won't give you anything in hours, minutes, and seconds.

bobthedog

Is that "A OR (B AND C)" or "(A OR 😎 AND C"

I'll leave it to you to guess this bit 🙂 Muahahahaha.

But - for the lesser amongst you out there.... it should be..

(A OR 😎 AND C (see Weedpackets example)

Weedpacket

If pwrecov was non-null and had a default value that was most definitely more than 72 hours ago (from ... now! ... say) then checking to see if it's null wouldn't be necessary any more.

Does MySQL have a Postgres-like age() function?

bobthedog

It doesn't have it as far as I know.

However, you could probably replicate it using PERIOD_DIFF(), or DATE_SUB(), or some of the other date/time functions MySQL has.

Weedpacket

period_diff() sounds like the one I mean (given two timestamps, returns the interval between them; given one, returns the interval between then and now).

I should have said "a function like PostgreSQL's 'age()'".