First off, you probably need to change that table design - you should never store passwords in clear text - it is a major security risk. There is some information on how to do it here:
Password Storage: How to do it.[
^]
And remember: if this is web based and you have any European Union users then GDPR applies and that means you need to handle passwords as sensitive data and store them in a safe and secure manner. Text is neither of those and the fines can be .... um ... outstanding. In December 2018 a German company received a relatively low fine of €20,000 for just that.
Second - change your leads table to replace the "date_created" and "time_created" columns to a single timestamp column - DATETIME is fine - and use that as the basis for deciding if a lead should be shown.
Add a column to the Users table which is the delay in minutes between a lead being posted, and it being shown to this user. You can then use the
SQL DATEADD function[
^] to generate a "valid time" for showing the lead. Compare that with the
SQL GETDATE function[
^] and only display if it is greater than or equal to,