0

So i made cron job, which takes users registration time and if x time have passed cron job then sends him a reminder.

All parts are working reminder are send each time the cron job run, and is sent once.

But code never adds extra seconds to the registration time, and is sent even that time haven't passed yet. So if i set to check if 10minutes has passed but i run cron job 1min each, all users gets messages after 1 second

Code is here:

$filter = $staticMessage->filter.' AND join_date_time+1800 >= "'.$time.'"';

Any ideas?

From coments

'$mysqli->query("INSERT INTO chat (s_id,r_id,time,reminder_time,message,fake,online_day,auto) VALUES ('".$randomSender->id."','".$userId."','".$time."','".$time."','".$message."',0,0,2)");

                        if($userLastaccess+3900 <= time()){
                            $mysqli->query("INSERT INTO staticmessages_sent (static_id,fake_id,r_id,answer,send_date,email_out) VALUES ('".$staticMessage->id."','".$randomSender->id."','".$userId."','0','".$time."',1)");
                            chatMailNotification($userId,$message,$randomSender->id);
                        } else {
                            $mysqli->query("INSERT INTO staticmessages_sent (static_id,fake_id,r_id,answer,send_date) VALUES ('".$staticMessage->id."','".$randomSender->id."','".$userId."','0','".$time."')");
                        }

                        if($userLastaccess+3600 <= time()){
                            $push['time'] = date("H:i", time());
                            $event = 'chat'.$userId.$randomSender->id;
                            $noti= 'notification'.$userId;
                            $push['id'] = $randomSender->id;
                            $push['type'] = 1;
                            $push['icon'] = profilePhoto($randomSender->id);
                            $push['name'] = $randomSender->username;
                            $push['photo'] = 0;
                            $push['action'] = 'message';
                            if(is_numeric($sm['plugins']['pusher']['id'])){ 
                                $sm['push']->trigger($sm['plugins']['pusher']['key'], $event, $push);
                            }'
DarkBee
  • 16,592
  • 6
  • 46
  • 58
P4rm3san
  • 1
  • 1
  • 1
    What is `$time`? What is the final SQL statement being generated? What datatype is the `join_date_time` column? – kmoser May 03 '22 at 16:21
  • join_date_time is just Unix time stamp f.e: 1651584252, Final should be Join date + added extra seconds. – P4rm3san May 03 '22 at 16:24
  • _"Final should be..."_ But is it really? Can you show us *exactly* what the final SQL statement is? – kmoser May 03 '22 at 16:33
  • Kmoser added to the POST its to long to add to comment :) – P4rm3san May 03 '22 at 16:40
  • You are open for [SQL injection](https://stackoverflow.com/questions/601300/what-is-sql-injection) – DarkBee May 03 '22 at 16:48
  • I would start by removing the `"` from ` "'.$time.'"'`. You are comparing integer against a string. That can always cause issues. – Guido Faecke May 03 '22 at 17:09
  • @P4rm3san It's not clear how the coded you added relates to the original code you posted. – kmoser May 03 '22 at 20:17

1 Answers1

0

I would try something like this (Assuming userLastaccess is datetime):

$timenow = date("Y-n-j H:i:s");
$userLastaccess = strtotime ('+3900 second',$userLastaccess ); 

 if($userLastaccess <= $timenow){

And then for security you can use these two functions that improve code injection protection a bit: htmlspecialchars and mysqli_real_escape_string

Francisco S
  • 109
  • 7
  • I think the problem is here: $filter = $staticMessage->filter.' AND join_date_time+300 >= "'.$time.'"'; Join date is when user registered + 300 secs should be less or equal to current time. I think i am doing something wrong with this part "'.$time.'"'; ? – P4rm3san May 08 '22 at 21:04