How to expire the activation link in PHP?

Question

I have a php script that sends an activation link via email to the users so they can activate their account. The link is like this: mysite.com/activation.phpid?id=20

Answer 1

Just add an extra field in your database with the expiration date of the link. When the link is clicked you can then check the date to make sure it isn't expired.

edit

I'm guessing at your column and table names.

SELECT IF (DATEDIFF(date_registered, CURRENT_TIMESTAMP) <= 0, 1, 0) AS expired
FROM users
WHERE id = 20

If expired is 1 then the link is expired. If it is 0 then it is valid.

Answer 2

Make the link like this:

$time = time();
$hash = md5($id . $time . "somerandomsalt"); // check this again in activation.php
$link = "activation.php?id=" . $id . "&hash=" . $hash . "&time=" . $time;

Then in activation.php you check if the hash matches. Oh, and check the time of course :P

You could obfuscate it a bit to hide the id, hash and time query parameters, but this is the basics.