1

I was trying to generate unique token for each user by hashing their email address, when they click on the "Remember Me" button, and i want to write the tokens to the database. For some reason this block of code caused error, but I'm not sure where the error(s) is/are.

    if (isset($_POST['remember']){
    $expDate1 = time() + (3600*24*30); // Sets the date to a month from now in milliseconds -> used for cookie
    $expDate2 = date('Y-m-d H:i:s', $expDate1); // Sets the date to a month from now in YYYY-MM-DD HH:ii:ss -> used for database
    $token = password_hash($Email, PASSWORD_DEFAULT);  // Generate a random token based on the user's email

    $sql = "INSERT INTO RememberMe (userID, token, expDate) VALUES ('$userID', '$token', '$expDate2')";
    $result = db_query($sql);

    if ($result === false){
        die("DIE!"); 
    }

    setcookie("monster", $token, $expDate1, "/");
}
underthemistletoe
  • 59
  • 3
  • 2
    "Generate a random token based on the user's email" --- why not generate **a completely random token** instead? Using `openssl_random_pseudo_bytes` for example – zerkms Nov 11 '14 at 00:32
  • `$expDate = date('Y-m-d H:i:s', strtotime('+30 days'));` can replace your first two lines (*this is not your problem, though*). – Sam Nov 11 '14 at 00:33
  • "Sets the date to a month from now in milliseconds" --- btw, it's not in milliseconds – zerkms Nov 11 '14 at 00:34
  • possible duplicate of ["Keep Me Logged In" - the best approach](http://stackoverflow.com/questions/1354999/keep-me-logged-in-the-best-approach) – DarkBee Nov 11 '14 at 00:38
  • How about let's start by posting any error messages/logs in your question? – ivan.sim Nov 11 '14 at 01:11

0 Answers0