0

I have an Active Directory Server and an Apache Web Server. Both Servers have the correct date and time.

I use a PHP Script to show the last login and the last password reset of an user. That is working great, but both values show the time exactly two hours in the past. I do the password reset direct on the Active Directory Server, not via script.

I know, that the value "lastlogontimestamp" will only be refresh if it is greater than 14 days. So for testing this value, I create new users

I have no idea what's the problem and what I can do to solve this in a clean way. Of course, I could manually add two hours, but I think, this is' a clean way.

I hope anyone could help me.

Here is my code to get the last logon:

$lastLogonTimestamp = isset($userEntry['lastlogontimestamp']) ? $userEntry['lastlogontimestamp'][0] : 0;
$lastLogon = $lastLogonTimestamp != 0 ? date("Y-m-d H:i:s", intval($lastLogonTimestamp / 10000000 - 11644473600)) : 'N/A';

Here is my code, to get the last password reset:

$pwdLastSetTimestamp = isset($userEntry['pwdlastset'][0]) ? $userEntry['pwdlastset'][0] : 0;
if ($pwdLastSetTimestamp != 0) {
    $unixTimestamp = (int)($pwdLastSetTimestamp / 10000000 - 11644473600);
    $dateTime = DateTime::createFromFormat('U', (string)$unixTimestamp);
    if ($dateTime instanceof DateTime && $dateTime->format('U') === (string)$unixTimestamp) {
        $tag = $dateTime->format('d');
        $monatIndex = (int)$dateTime->format('m') - 1;
        $monatsnamen = ['Januar', 'Februar', 'März', 'April', 'Mai', 'Juni', 'Juli', 'August', 'September', 'Oktober', 'November', 'Dezember'];
        $monat = $monatsnamen[$monatIndex];
        $jahr = $dateTime->format('Y');
        $uhrzeit = $dateTime->format('H:i');

        $passwordLastSet = "$tag. $monat $jahr um $uhrzeit Uhr";
    } else {
        $passwordLastSet = 'Ungültiges Datum';
    }
} else {
    $passwordLastSet = 'N/A';
}
TheQuestionmark
  • 69
  • 1
  • 10
  • 3
    A two hour difference looks exactly like the difference between summer time in Germany (you have German language text in your snippet) and UTC. You have a time zone set incorrectly somewhere. – Tangentially Perpendicular Jul 18 '23 at 22:03
  • But the values of last login and last password reset are stored and read directly from the Active Directory Server. So the script should use these date and time values? It shouldn't matter which time the web server or PHP have, or do I understand something wrong? – TheQuestionmark Jul 18 '23 at 22:25
  • 2
    Date and time values are inherently “local”, even if the local is UTC and you live in Greenwich. You have a time zone set incorrectly somewhere – jmoreno Jul 18 '23 at 23:29

1 Answers1

1

It's a good practice to always have timestamps/datetimes stored in UTC. You just need to represent/display them properly, that is, according to the user's local timezone, for example :

$timezone = new DateTimeZone('Europe/Berlin');
$dateTime = DateTime::createFromFormat('U', (string)$unixTimestamp, $timezone);

Obviously having the timezone hardcoded as in the above snippet is not recommended if you have users coming from different regions, so the next step is to get the user timezone from the browser and pass them to the server using cookies or session so that your script can use the proper timezone.

Both Servers have the correct date and time.

Well, either it is correct (UTC timestamp in db, represented with proper timezone), either not precisely because local timestamps are stored instead of UTC timestamps. In the latter case, you will need to reset them in your databases.

EricLavault
  • 12,130
  • 3
  • 23
  • 45