Codeigniter: send email with expired time

1.6k views Asked by At

In my application I have a password forgot feature, so if a user loses their password they can click a menu and they'll get an email with a URL to reset their password.

I want to apply a time limit to this feature. So the user will not be able to reset their password with the same URL sent in the email, if beyond a certain time.

  public function password_post()
  {

    // $email  = trim($this->input->get_post('email'));
    $data = array (
      'username' => $this->input->get_post('username'),
      'idcardno'  => $this->input->get_post('idcardno')
    );

    $result = $this->model->user_exist($data);
    if ($result) {
      $idcardno = $data['idcardno'];
      $data['email'] = $this->db->get_where('mytable', array('idcardno' => $idcardno))->row()->email;
      $this->send_forgot_password($data);
      $this->response(array('success' => 'New password has sent to your email'), 200); // 200 being the HTTP response code
    } else {
      $this->response(array('error' => 'Your account doesnt exist'), 404);
    }
  }

and this is the method to send the email.

 private function send_forgot_password($data) {

    require(APPPATH.'controllers/mail-master/PHPMailerAutoload.php');

    // $email_encode=urlencode($data['email']);
    $mail = new PHPMailer;
    // $mail->SMTPDebug = 3;

    $mail->isSMTP();
    $mail->Host       = 'mail-id.myweb.com';
    $mail->SMTPAuth   = true;
    $mail->Username   = '[email protected]';
    $mail->Password   = 'mobile14';
    $mail->SMTPSecure = 'tls';
    $mail->Port       = 25;

    $emailcode = md5($this->config->item('salt') . $username);

    // Email body
    $mail->From     = '[email protected]';
    $mail->FromName = 'BNI Life';
    $mail->addAddress($data['email']);
    $mail->isHTML(true);

    $mail->Subject = 'Forgot Password';
    $mail->Body    =
    ' ';
    $mail->send();
  }
1

There are 1 answers

1
Tool On

In the table with users, you need to store the timestamp of when you sent the reset password email.

Then, when you are verifying the user's request for the provided reset link, you must compare the stored timestamp from database with current timestamp.

Something along the lines of:

$diff = time() - $mail_sent_timestamp;
//If $diff > 60*60*24*7,
//Diff greater then 7 days; Don't send the new PW to user.
//Else
//Send new password