Delete password after first use

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
znupii
Forum Newbie
Posts: 1
Joined: Mon Feb 27, 2012 6:45 am

Delete password after first use

Post by znupii »

Hello all,
This is my first post here.
After searching the web and nothing found, I decided to open a topic on this forum.
I want to code a little trick, as following:

- I want to store 50 random passwords in a database.
- I will create an index.php, where the users having ONE of the 50 passwords can connect -> index.php has only a text input and a submit button. if you input the correct password received from me, you have access to a form in order to place some some kind of sport bet.
- the challenge comes up when I thought that the password should be used only ONE time - I mean, after the user fills the form and submit, the data are stored in DB and the random password should be deleted, in order to deny other entries using that password.
So my question: - is there a way to delete the random password after the usage ? Or to be disabled in order to deny another entries using it.
Thanks in advance.
temidayo
Forum Contributor
Posts: 109
Joined: Fri May 23, 2008 6:17 am
Location: Nigeria

Re: Delete password after first use

Post by temidayo »

Create an extra field in your database table(preferably tinyInt), you can call is "used" or something similar. Let it default to 0.
Once a password is used you set the field to 1.

When you are checking for a password make sure you check for a row that has that field set to 0.
User avatar
social_experiment
DevNet Master
Posts: 2793
Joined: Sun Feb 15, 2009 11:08 am
Location: .za

Re: Delete password after first use

Post by social_experiment »

znupii wrote:I want to store 50 random passwords in a database.
This could be a costly mistake; storing passwords in any form should be avoided; rather create a hash value and store that in the database. That way if your database is exposed an attacker won't have 50 passwords which can be used against your system.

If the passwords are once-off, a delete SQL query should solve the problem. You don't give any specifics about the database construction but it would be a good idea to make the 'password' column UNIQUE to prevent duplicate entries

Code: Select all

<?php 
// after authentication remove the row containing the password.
$qry = "DELETE FROM `table` WHERE `password` = '" . $password . "' ";
?>
“Don’t worry if it doesn’t work right. If everything did, you’d be out of a job.” - Mosher’s Law of Software Engineering
Post Reply