How to check if a password is over one year old?

Question

I am trying to develop user login/signup using JSP in MVC. The program will be doing a simple login, create and update for the user. In the model part I am supposed to return 0, 1, 2, 3 based on the following criteria.

0 if the user is validated successfully 1 if the user is validated successfully but has a weak password 2 if the user is validated successfully but has an expired password (over 1 year old) 3 if the user is not validated

Here is the code for the validate method which I have done till now,

public int Validate() {

        try {
            Class.forName(driverName).newInstance();
        } catch (InstantiationException e) {
            // TODO Auto-generated catch block
            e.printStackTrace();
        } catch (IllegalAccessException e) {
            // TODO Auto-generated catch block
            e.printStackTrace();
        } catch (ClassNotFoundException e) {
            // TODO Auto-generated catch block
            e.printStackTrace();
        }
        try {

            Connection connection = DriverManager.getConnection(dbURL,
                    username, password);

            String verifyQuery = "SELECT COUNT(email), dateSet, strength FROM users WHERE email=? AND hashPassword=SHA2(CONCAT(?, salt), 256)";
            PreparedStatement verify = connection.prepareStatement(verifyQuery);

            verify.setString(1, email);
            verify.setString(2, pass);
            ResultSet verified = verify.executeQuery();
            while (verified.next()) {
                if (verified.getInt(1) == 1) {
                    email_db = verified.getString(2);
                    pass_db = verified.getString(3);
                    date = verified.getDate(5);
                    strength = verified.getString(6);

                }
            }

        } catch (SQLException e) {
            // TODO Auto-generated catch block
            e.printStackTrace();
        }

        if (email_db.equals(email) && pass_db.equals(pass)) {
            status = 0;
        }
        if (email_db.equals(email) && pass_db.equals(pass)
                && strength.equals("weak")) {
            status = 1;
        }
        if (email_db.equals(email) && pass_db.equals(pass) && date> ){

        }
        return status;
    }

I am confused about the Date part, any suggestions? Should I write a new method for the Date part?

To calculate the number of days between two dates: http://stackoverflow.com/questions/7103064/calculate-the-number-of-days-between-two-dates — Darius X., Feb 19 '13 at 04:11

Luiggi Mendoza · Accepted Answer · 2013-02-19T14:49:08.870

Using plain Java, you can achieve this using the java.util.Calendar and java.util.Date classes. Here's a code sample for a function that checks if it has passed a year using the current datetime

public boolean hasPassedAYear(Date date) {
    long currentDate = Calendar.getInstance().getTimeInMillis();
    long dateToEval = date.getTime();
    // 1000 => milliseconds to seconds
    // 60 => seconds to minutes
    // 60 => minutes to hours
    // 24 => hours to days
    long days = (currentDate - dateToEval) / (1000 * 60  * 60 * 24);
    return days >= 365;
}

Still, if you want a good code (like everyone), you should use Joda Time that provides a better Date/Time handling. This would be the same function but using Joda time library:

public boolean hasPassedAYear(Date date) {
    DateTime currentDate = new DateTime();
    DateTime dateToEval = new DateTime(date);
    Interval interval = new Interval(dateToEval, currentDate);
    return interval.toPeriod().getYears() >= 1;
}

It's up to you which method to choose. IMHO, I would use the code with Joda Time for the ease of readability, understanding and maintenance.

@user2082191 sure, that's why I added the plain Java solution first. Indeed, I still think it would be better to handle datetime operations using Joda, as you can see is pretty easy to use. Also, note that the plain Java solution doesn't do any calculation about leap year (366 days), while Joda Time already handles it. — Luiggi Mendoza, Feb 19 '13 at 04:38

score 0 · Answer 2 · edited May 23 '17 at 10:24

0

I assume the date that you get from the database is the date when the password was created/last modified . In that case will a compare to today's date to get the number of days not work ? Check this post and answers for sample code .

edited May 23 '17 at 10:24

Community

1
1

answered Feb 19 '13 at 04:08

RadAl

404
5
23

score 0 · Answer 3 · answered Feb 19 '13 at 04:16

Try below code

java.util.Date lastDate = result.getTimestamp("date");
java.util.Date todaysDate = new java.util.Date(System.currentTimeMillis());

long days1 = lastDate.getTime()/(60*60*24*1000);
long days2 = todaysDate.getTime()/(60*60*24*1000);

long difference = days2-days1;

score 0 · Answer 4 · answered Feb 19 '13 at 04:26

You can use use this code..

if (email_db.equals(email) && pass_db.equals(pass) ){


Date dt = date;//Your Date from database 
Calendar passCreatedOn = Calendar.getInstance(); 
passCreatedOn.setTime(dt);


Calendar today=Calendar.getInstance();
Integer noOfDays=( (today.getTime() - passCreatedOn.getTime()) / (1000 * 60 * 60 * 24));
if(noOfDays>365)
{
    return 2
}
}

How to check if a password is over one year old?

4 Answers4