code should work only for 1 year

[khizer03]

i have created a login page
were username and password is given, when the username and password match the login will be sucecssfully login

but the problem i am facing is i don't know how to make username and password to work only for 1 year after 1year it should not work please any body guide me with your valuable information

Thank you

[Psych]

With every system like this you should have a database of all usernames and password tokens (you shouldn't store plain text passwords, tokenise them, store them, and then check the tokenised password against the database for a match).
So assuming you have a database, you simply add a date field where you store when the password was created, this allows you to make passwords expire, think of it like membership, maybe you wish to force users to change thier passwords regularly in order to acheive better security.
Hope that helps.

[RichAlgeni]

Psych is spot on. You must have some sort of database constructed to be able to see if a password matches, right? Look at the Date() section under PureBasic Help. Take the current day's date when someone update's their password, add a year to it, and store the result:

Code: Select all

Debug Date()
Debug Date() + (365 * 86400)

There are 86400 seconds in a day, multiply by 365 days, and it should be close enough.

Psych makes a great point about storing passwords. Most people reuse passwords for different sites. Because of this, you should never store plain text passwords. Best practices dictates that we 'hash' the password, then store the hash. In PureBasic Help, search for Cipher Index, look under Contents. Hashes are 'one way' algorithms, that is, you can derive a hash from the password, but you can't derive the password from the hash. SHA1 has been a popular hashing algorithm, but it is now rated 'insecure'. SHA2 is the replacement for SHA1. Search the forums for examples of SHA2 code, as it is not yet native in PureBasic.

A mentor of mine once maintained, 'when you have the patient on the table, make all the cuts you need to make.' The reason I bring that up is that I would recommend you do a google search on ' password salt'. Salt, or salting is a method of adding data to a password so that the hash of the password is more difficult to determine. For instance, someone uses the password 'Password'. If you just hash the password, you are leaving yourself open to a rainbow table exploit. This is where someone just uses a simple table of common words to try to guess someone's password. You would write code that possibly adds something variable, yet consistent to the beginning of the password, such as the first name of the particular person, yet maybe spell it backwards. Then add something static to the end of the password, maybe your name spelled backwards, and vowels converted to numbers. You would then hash this string, and store the result. When this person attempts to log in, you run the same code, add salt to the beginning and the end of the password, hash it, and compare to what you previously saved. With just a relatively few lines of code, you now have a secure password system. Realize also that you will need to have some sort of verification process in place for when the inevitably forget their password! Maybe ask for their mother's middle name, school mascot, or whatever.

One more thing I like to do when someone enters an invalid password is to just Delay for a second before sending back an error message. This will effectively keep down the number of attempts if someone is trying to break into your system to 1 per second. Remember, sometimes you just have to make it a little more inconvenient for someone trying to break into YOUR system, rather than someone else's. Give them a reason to move on, and they will!