up vote 0 down vote favorite

I was using this

$end = $row['EndPro'];
    $email1= $_SESSION['Email'];

        $stmt = $con -> prepare ("SELECT 
       * 
            FROM 
       users 
            WHERE 
       Email = '$email1'
            AND 

       TrustStatus = 1
        AND

     now() < '$end'    

       LIMIT 1");

       $stmt-> execute ( array($email1));
       $row =$stmt -> fetch();
       $count = $stmt-> rowCount();


       if($count>0 ){

To give people access to specific page using the date inserted (ProEnd) so if today's date is smaller than the date inserted, the person would have an access into the page

The problem is that if I change the date and the time on my PC, I can access the page and trick the system even if the time inserted in database was higher than the current time

How can I make a date that is related to mysql&database not to the PC's date?

share|improve this question
  • 1
    It's because your PC is the system where the database gets the data to compare. The user can't do the same "trick". – Felippe Duarte 30 mins ago
  • You always have system time in the database and user can't manipulate. If you have DB/PHP on your pc - only then can it affect. – b4x 26 mins ago

Your Answer

 

By clicking "Post Your Answer", you acknowledge that you have read our updated terms of service, privacy policy and cookie policy, and that your continued use of the website is subject to these policies.

Browse other questions tagged or ask your own question.