Login system that compares current date with MySQL date

Question

I'm trying to make a login system, that compares two dates, the actual, and the date in my DB.

Something like:

Dummy tries to log in, today is 04/17/2021 and in the "date" column on the database we have the date 04/16/2021, so he will be not redirected to "Dashboard.php", he will be redirected to "expired.html"

My login code is:

<?php
    require("conexao.php");

    if(isset($_POST["email"]) && isset($_POST["senha"]) && $conexao != null){
        $query = $conexao->prepare("SELECT * FROM usuarios WHERE email = ? AND senha = ?");
        $query->execute(array($_POST["email"], $_POST["senha"]));

        if($query->rowCount()){
            $user = $query->fetchAll(PDO::FETCH_ASSOC)[0];

            session_start();
            $_SESSION["usuario"] = array($user["nome"], $user["adm"], $user["data"]);

            echo "<script>window.location = '../dashboard/index.php'</script>";
        }else{
            echo "<script>window.location = '../index.html'</script>";
        }
    }else{
        echo "<script>window.location = '../index.html'</script>";
    }
?>

Have a look at https://technopoints.co.in/expiration-date-in-php/ this may help you — Dr Manish Lataa-Manohar Joshi, Apr 17 '21 at 20:12
Side note: Do not store passwords in clear text. Salt and hash them. Make sure not to use broken hash algorithms like MD5 or SHA1. In PHP you can use the [password_hash()](https://www.php.net/manual/en/function.password-hash.php) function. — sticky bit, Apr 17 '21 at 20:22
SELECT * FROM usuarios WHERE email = ? AND senha = ? AND date_column >= curdate(); — Strawberry, Apr 18 '21 at 06:26
**Never store passwords in clear text or using MD5/SHA1!** Only store password hashes created using PHP's [`password_hash()`](https://php.net/manual/en/function.password-hash.php), which you can then verify using [`password_verify()`](https://php.net/manual/en/function.password-verify.php). Take a look at this post: [How to use password_hash](https://stackoverflow.com/q/30279321/1839439) and learn more about [bcrypt & password hashing in PHP](https://stackoverflow.com/a/6337021/1839439) — Dharman, Apr 18 '21 at 14:52
You're going to want finer resolution than just a date. If your user logs in at 23:59, they're going to get expired one minute later. — Alex Howansky, Apr 18 '21 at 15:05

score 1 · Answer 1 · answered Apr 18 '21 at 15:05

All you need to do is fetch the date from the database and then compare it to today's date in the same format. Assuming that you have stored the date correctly in the database using Date data type then all you need is to create a Datetime object in PHP and get the date as a string.

<?php

require "conexao.php";
session_start();

if (isset($_POST["email"], $_POST["senha"])) {
    $query = $conexao->prepare("SELECT senha, nome, adm, data FROM usuarios WHERE email = ?");
    $query->execute(array($_POST["email"]));

    $user = $query->fetch();
    if ($user && password_verify($_POST["senha"], $user['senha'])) {
        // If the account is expired redirect to expired.html
        if ($user["data"] < date_create()->format('Y-m-d')) {
            exit(header("Location: expired.html"));
        }

        $_SESSION["usuario"] = array($user["nome"], $user["adm"], $user["data"]);
        exit(header("Location: ../dashboard/index.php"));
    } else {
        exit(header("Location: ../index.html"));
    }
} else {
    exit(header("Location: ../index.html"));
}

Login system that compares current date with MySQL date

1 Answers1