The following warnings occurred:
Warning [2] Undefined variable $unreadreports - Line: 26 - File: global.php(961) : eval()'d code PHP 8.2.25 (Linux)
File Line Function
/global.php(961) : eval()'d code 26 errorHandler->error
/global.php 961 eval
/showthread.php 28 require_once





× This forum is read only. As of July 23, 2019, the UserSpice forums have been closed. To receive support, please join our Discord by clicking here. Thank you!

  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Confirm Admin Password
#1
Hey!

Do you know how we can implement a "confirm your password" when access admin pages? e.g. admin_users.php admin_pages.php

I often leave my work computer unlocked which is where I access my stuff, and I don't have an audit setup on settings yet so if something happened in the settings I would never know.

Thank you!
  Reply
#2
Also, I would like this to be session related, so that you don't have to do it every time you visit the admin pages, but like every, idk, hour or so the session for admin times out, but doesn't log you out of the rest of the system.
  Reply
#3
Below is some very rough guidance but it is a point in the right direction.

I think the simplest way to do this would be to add a column to the users table called last_confirm or something like that and set it as timestamp.

Then on the pages you want to affirm password do something along the lines of wrapping the entire page in an if statement checking for the timestamp being within the limit)

You'll have to double check online how to subtract one timestamp from another

But from there you do
Code:
$current=date("Y-m-d h:i:s");
Code:
if ($user->data()->last_confirm - $current > 30//whatever the logic){

//make a form with a password input

//on subimit check
Code:
$password=Input::get('password');
Code:
if (password_verify($password,$this->data()->password)) {
Code:
$fields = (
Code:
'last_confirm' => $current,
Code:
);
Code:
$db->update('users',$users->data()->id,$fields);
Code:
} else {
Code:
die('Incorrect password!');
Code:
}
  Reply
#4
What do you think about having a file called, idk, verify.php and wrapping the pages with IF, and IF whatever value is true it pulls all the other stuff (form and submit) from the verify.php page, then I wouldn't have to spend a LOT of time editing all of the pages.
  Reply
#5
Brandin,

Could you not define this check in a function so you just need to add 2 lines to the top of each page and save wrapping every page in an if:

//include location to file with function defined
Code:
if(!verfifyadmin(){
//example function name
Code:
Redirect::to('usersc/adminconfirm.php);
Code:
}

Twist on a previous suggestion from Mudmin on another post. Hope this helps.
  Reply
#6
Hmmmm....that seems like it would work. Mudmin, do you think this would work well? What would I call in the function, what you put up above? Could I call this from custom functions??

Thanks.
  Reply
#7
I believe you would need to swap the operator around so would be some like:

//in custom functions
Code:
public static function verifyadmin() {
Code:
$current=date("Y-m-d h:i:s");
Code:
if ($user->data()->last_confirm - $current < 30//whatever the logic){
Code:
return true;
Code:
} else {

Code:
return false;
Code:
}
Code:
}

Then you would have the password form and submit check on the page you have been redirected to.
I think this is all correct but will wait for Mudmin's input.
  Reply
#8
Thanks for this Sabr! I'm about to be off for two days so I will give it a shot! Smile
  Reply
#9
Yep. Sorry about that. I usually try to post full solutions but I was in the middle of something on that one, so you got the quick and dirty version. Nice job.
  Reply
#10
No problem haha! I will try to slap it in later!
  Reply


Forum Jump:


Users browsing this thread: 3 Guest(s)