Oh no! Where's the JavaScript?
Your Web browser does not have JavaScript enabled or does not support JavaScript. Please enable JavaScript on your Web browser to properly view this Web site, or upgrade to a Web browser that does support JavaScript.

check_admin_pass

  1. Home
  2. Wiki
  3. PHPFusion Development
  4. check_admin_pass
Docs
PHPFusion Development
Core Functions verify_image uncompressIPv6 trimlink theme_exists stripslash stripinput stripget showdate set_admin_pass redirect profile_link preg_check phpentities parseubb parsesmileys parsebytesize make_captcha makepagenav makefileopts makefilelist isnum highlight_words hide_email groupaccess getuserlevel getusergroups getgroupname formatcode displaysmileys descript dbrows dbresult dbquery dbcount dbconnect dbarraynum dbarray cleanurl check_captcha check_admin_pass checkrights checkgroup censorwords cache_smileys cache_groups cache_bbcode addslashTheme FunctionsOther FunctionsMail FunctionsComments and RatingsPhoto Gallery FunctionsInfusions FunctionsOutput HandlingForum FunctionsBBCodesCustom includesJavascript Functions
Contributors
Falk added check_admin_pass on 05/11/2014
Falk added check_admin_pass on 05/11/2014

This function is used as an additional security feature
The function will check if the $password matches the user's Administrative password or if the Administrator´s cookie or session is set and is valid.

check_admin_pass

Quote

check_admin_pass ( string $password )


Parameters
password
User's Administrative password in clear text, this will later be hashed with md5 by the function before checked against the original password to the user.

Return Values
This function will return true if the if the $password matches the user's Administrative password or if the Administrator´s cookie or session is set and is valid.

Example
Code
<?php

// Check if the user is an admin and that the aid link is correct

if (iADMIN || !defined("iAUTH") || $_GET['aid'] != iAUTH) { redirect("../index.php"); }

 

// Check if the form is submitted

if (isset($_POST['save'])) {

 // Check if the admin password is correct

 if (check_admin_pass(isset($_POST['admin_password']) ? stripinput($_POST['admin_password']) : "")) {

 // Set/update admin pass cookie/session

 set_admin_pass(isset($_POST['admin_password']) ? stripinput($_POST['admin_password']) : "");

 // Secure actions goes here

 } else {

 // Redirect if admin password fails

 redirect(FUSION_SELF.$aidlink);

 }

}

 

// Start the form

echo "<form name='inputform' method='post' action='".FUSION_SELF.$aidlink."'>n";

// Here goes other elements of the form

// Here comes the admin password part

if (!check_admin_pass(isset($_POST['admin_password']) ? stripinput($_POST['admin_password']) : "")) {

 echo "<input type='password' name='admin_password' value='".(isset($_POST['admin_password']) ? stripinput($_POST['admin_password']) : "")."' class='textbox' style='width:150px;' />n";

}

// Submit button

echo "<input type='submit' name='save' value='Submit' class='button' />n";

echo "</form>n";

?>


The above example demonstrates how the check_admin_pass() and set_admin_pass() works together.

Changelog
7.01.00 - Function added to PHPFusion

Notes
The function uses the $_SESSION[COOKIE_PREFIX.'admin'] if sessions are enables instead of cookies.