Oh no! Where's the JavaScript?
Your Web browser does not have JavaScript enabled or does not support JavaScript. Please enable JavaScript on your Web browser to properly view this Web site, or upgrade to a Web browser that does support JavaScript.

set_admin_pass

  1. Home
  2. Wiki
  3. PHPFusion Development
  4. set_admin_pass
Docs
PHPFusion Development
Core Functions verify_image uncompressIPv6 trimlink theme_exists stripslash stripinput stripget showdate set_admin_pass redirect profile_link preg_check phpentities parseubb parsesmileys parsebytesize make_captcha makepagenav makefileopts makefilelist isnum highlight_words hide_email groupaccess getuserlevel getusergroups getgroupname formatcode displaysmileys descript dbrows dbresult dbquery dbcount dbconnect dbarraynum dbarray cleanurl check_captcha check_admin_pass checkrights checkgroup censorwords cache_smileys cache_groups cache_bbcode addslashTheme FunctionsOther FunctionsMail FunctionsComments and RatingsPhoto Gallery FunctionsInfusions FunctionsOutput HandlingForum FunctionsBBCodesCustom includesJavascript Functions
Contributors
Falk added set_admin_pass on 07/11/2014
Falk added set_admin_pass on 07/11/2014

This function is used as an additional security feature and used in the admin area on pages where the admin can execute PHP commands directly to the server or enable upload of documents which such capabilities and the database backup feature.

The function will set the $_COOKIE[COOKIE_PREFIX.'admin'] if the submitted admin password matches the users admin password $userdata['user_admin_password']. This cookie allows the user to make changes without having to type the admin password constantly for each change or update within a set time of 60 minutes.

set_admin_pass

Quote

set_admin_pass ( string $password )


Parameters
password
User's admin password in clear text, not this will later be hashed with md5 by the function before checked against the original password to the user.

Return Values
This function will not return anything.

Example
Code
<?php

// Check if the user is an admin and that the aid link is correct

if (iADMIN || !defined("iAUTH") || $_GET['aid'] != iAUTH) { redirect("../index.php"); }

 

// Check if the form is submitted

if (isset($_POST['save'])) {

 // Check if the admin password is correct

 if (check_admin_pass(isset($_POST['admin_password']) ? stripinput($_POST['admin_password']) : "")) {

 // Set/update admin pass cookie/session

 set_admin_pass(isset($_POST['admin_password']) ? stripinput($_POST['admin_password']) : "");

 // Secure actions goes here

 } else {

 // Redirect if admin password fails

 redirect(FUSION_SELF.$aidlink);

 }

}

 

// Start the form

echo "<form name='inputform' method='post' action='".FUSION_SELF.$aidlink."'>n";

// Here goes other elements of the form

// Here comes the admin password part

if (!check_admin_pass(isset($_POST['admin_password']) ? stripinput($_POST['admin_password']) : "")) {

 echo "<input type='password' name='admin_password' value='".(isset($_POST['admin_password']) ? stripinput($_POST['admin_password']) : "")."' class='textbox' style='width:150px;' />n";

}

// Submit button

echo "<input type='submit' name='save' value='Submit' class='button' />n";

echo "</form>n";

?>

The above example demonstrates how the check_admin_pass() and set_admin_pass() works together.

Changelog
7.01.00 - Function added to PHPFusion

Notes
The function uses the $_SESSION[COOKIE_PREFIX.'admin'] is sessions are enables in stead of cookies.