Confirm Admin Password

[mudmin]

No problem.

So there are two ways to handle this...

In PHP, I would think you could do...

Code:

$actual_link = "http://$_SERVER[HTTP_HOST]$_SERVER[REQUEST_URI]";

Then you might have to do some escaping and then pass that as a $_GET variable to the login page.

So something like

Code:

Redirect::to('login.php?FROM='.$actual_link);

Then when you are processing login do

Code:

$from = Input::get('FROM');

Then pass that off to the custom login script and

Code:

if(!empty($from)){

Code:

Redirect::to($from);

Code:

}

But I think I wrote a javascript snippet that I think works better. Here's how it works.

Replace your usersc/scripts/custom_login_script.php with the text of this file...

https://hastebin.com/apivosuwit.xml

When you are logged in, the userspice calls the login script.

The login script has a function that will essentially hit the back button twice in your browser.

Then it just automatically invokes the function.

[mudmin]

If you want to test it...

1. Logout.
2. Click the register button.
3. Click the login button.
4. Login.
5. Notice that you'll be redirected to the register page after logging in.

[Brandin]

You work wonders mudmin! Thank you! This is a great feature!

[mudmin]

haha. Glad it worked. I know it's kind of a backwards way of doing things, but it works really nice from the front end.

[Brandin]

So, I got this working great, but I want to take it one step further to automate it. I've added "adminverify" column to the table, default value of 0, and I want to move my "verifyadmin" call to the header or navigation, wherever you think is best (I'm thinking header).

I want when a user visits a page, before it outputs content to check if the page name (e.g. admin.php) has a adminverify column value of 1, IF it does, call the function, if not, it just does its thing as per usual.

Function:
https://hastebin.com/agexojiwas.php

Call on Page:

Code:

<?php verifyadmin($user->data()->id) ?>

[mudmin]

I don't think you need the extra column in the database for the. Since permission level 2 is admin (or you can make any other permission you want to set) is already taken care of by userspice. So all you have to do is

if(hasPerm([2],$user->data()->id)){

Code:

//run function here.

Code:

}

Now...where to put that line of code.

I would put it in usersc/includes/navigation.php
That will get it up in the header but prevent it from being overwritten by our updates.

[Brandin]

Hey Mudmin,

I want to manually set certain pages to require authentication. Like the dashboard stuff, and a couple other sections, but for example, if I have "Manager" permission set, there could be pages in the Managers portal I want verification performed on, and some not, which is why I am adding this extra column.

Thank you.

[mudmin]

Yep. So that code could easily sit at the top of those pages that you want the authentication. Sounds cool.

Also, note that I pushed out 4.2.3 to fix some minor security issues.

[Brandin]

Mudmin,

My reasoning was to make it so I can code one thing to put in navigation.php that will run this function, check the admin_verify column for the page name. I can handle the whole actual function part, except for how to get the function to get me a value from the pages DB.

E.g. user visits admin_users.php and it has a admin_verify value of 1, it completes the function, but how can I get the function to check the DB and output that value of 0 or 1?

Thank you!

And I noticed that, I patched mine Very easy!

[mudmin]

Absolutely. So you can make a database table of all pages that need to check for additional authentication. You could even add another column to the "pages" table you already have and call it something like req_auth and put a 1 or 0.