What are the best practices for storing and checking password expiration time in PHP?
To store and check password expiration time in PHP, it is recommended to store the expiration time in the database along with the user's password hash. When a user logs in, check if the password has expired based on the expiration time stored in the database. If the password has expired, prompt the user to change their password.
// Store password expiration time in the database along with the user's password hash
$expiration_time = strtotime('+90 days'); // Set password expiration time to 90 days
$password_hash = password_hash($password, PASSWORD_DEFAULT);
// Check password expiration time when user logs in
if ($expiration_time < time()) {
// Password has expired, prompt user to change password
echo "Your password has expired. Please change your password.";
} else {
// Password is still valid, proceed with login
}
Keywords
Related Questions
- How can the number of online users, including both members and guests, be accurately tracked and displayed on a website using PHP?
- How can PHP developers effectively debug and troubleshoot issues related to function execution and parameter passing in a multi-function setup like the one described in the forum thread?
- Are there any specific resources or tutorials available for learning how to join tables in PHP?