Getting the function to call, and subtracting timestamps.
Confirm Admin Password
My current theory is to generate current datetime, fetch the "last confirm" time from db, run a diff between the two dates and if the result is less than 30mins then return true.
So where is it going wrong. Is it sending the datetime properly to the db?
Nope, the
-Calling the function, see reply (https://userspice.com/forums/topic/confirm-admin-password/#post-3487) and function is in reply (https://userspice.com/forums/topic/confirm-admin-password/#post-3500).
-Subtracting the
adminverify.php-Calling the function, see reply (https://userspice.com/forums/topic/confirm-admin-password/#post-3487) and function is in reply (https://userspice.com/forums/topic/confirm-admin-password/#post-3500).
-Subtracting the
$current$last_verifiedthe problem is formula for the time comparison.
Ok. I tested this and it works.
So, I have a column in my user table called last_confirm and it is formatted Y-m-d h:i:s, so it looks like this
2016-01-20 00:00:00
Then I wrote this function and put it in the usersc/includes/custom_functions.php
https://hastebin.com/kitifexufe.xml
Then, to invoke it, you need to pass the user id in there, so on whatever page you want to call it, do this...
<?php verifyadmin($user->data()->id) ?>
Give that a whirl.
So, I have a column in my user table called last_confirm and it is formatted Y-m-d h:i:s, so it looks like this
2016-01-20 00:00:00
Then I wrote this function and put it in the usersc/includes/custom_functions.php
https://hastebin.com/kitifexufe.xml
Then, to invoke it, you need to pass the user id in there, so on whatever page you want to call it, do this...
<?php verifyadmin($user->data()->id) ?>
Give that a whirl.
Mundmin, only concern is the h in your timestamp, should be H for 24-hour format, thoughts?
Yeah. That's fine. Just change to an H. It won't matter at all.
Just change it in all 3 places and you'll be good to go. The things you were missing were mainly the strtotime and the fact that you had to pass in the user's id manually because in the context of the function it doesn't know that.
You're an amazing human being mudmin! Now, can you help me tackle the referring URL? When I redirect to the page, I need to know what to redirect them back to if the login succeeds? Thoughts?
No problem.
So there are two ways to handle this...
In PHP, I would think you could do...
Then you might have to do some escaping and then pass that as a $_GET variable to the login page.
So something like
Then when you are processing login do
Then pass that off to the custom login script and
But I think I wrote a javascript snippet that I think works better. Here's how it works.
Replace your usersc/scripts/custom_login_script.php with the text of this file...
https://hastebin.com/apivosuwit.xml
When you are logged in, the userspice calls the login script.
The login script has a function that will essentially hit the back button twice in your browser.
Then it just automatically invokes the function.
So there are two ways to handle this...
In PHP, I would think you could do...
$actual_link = "http://$_SERVER[HTTP_HOST]$_SERVER[REQUEST_URI]";Then you might have to do some escaping and then pass that as a $_GET variable to the login page.
So something like
Redirect::to('login.php?FROM='.$actual_link);Then when you are processing login do
$from = Input::get('FROM');Then pass that off to the custom login script and
if(!empty($from)){
Redirect::to($from);
}But I think I wrote a javascript snippet that I think works better. Here's how it works.
Replace your usersc/scripts/custom_login_script.php with the text of this file...
https://hastebin.com/apivosuwit.xml
When you are logged in, the userspice calls the login script.
The login script has a function that will essentially hit the back button twice in your browser.
Then it just automatically invokes the function.
If you want to test it...
1. Logout.
2. Click the register button.
3. Click the login button.
4. Login.
5. Notice that you'll be redirected to the register page after logging in.
1. Logout.
2. Click the register button.
3. Click the login button.
4. Login.
5. Notice that you'll be redirected to the register page after logging in.
You work wonders mudmin! Thank you! This is a great feature!
haha. Glad it worked. I know it's kind of a backwards way of doing things, but it works really nice from the front end.
So, I got this working great, but I want to take it one step further to automate it. I've added "adminverify" column to the table, default value of 0, and I want to move my "verifyadmin" call to the header or navigation, wherever you think is best (I'm thinking header).
I want when a user visits a page, before it outputs content to check if the page name (e.g. admin.php) has a adminverify column value of 1, IF it does, call the function, if not, it just does its thing as per usual.
Function:
https://hastebin.com/agexojiwas.php
Call on Page:
I want when a user visits a page, before it outputs content to check if the page name (e.g. admin.php) has a adminverify column value of 1, IF it does, call the function, if not, it just does its thing as per usual.
Function:
https://hastebin.com/agexojiwas.php
Call on Page:
<?php verifyadmin($user->data()->id) ?>I don't think you need the extra column in the database for the. Since permission level 2 is admin (or you can make any other permission you want to set) is already taken care of by userspice. So all you have to do is
if(hasPerm([2],$user->data()->id)){
Now...where to put that line of code.
I would put it in usersc/includes/navigation.php
That will get it up in the header but prevent it from being overwritten by our updates.
if(hasPerm([2],$user->data()->id)){
//run function here.
}Now...where to put that line of code.
I would put it in usersc/includes/navigation.php
That will get it up in the header but prevent it from being overwritten by our updates.
Hey Mudmin,
I want to manually set certain pages to require authentication. Like the dashboard stuff, and a couple other sections, but for example, if I have "Manager" permission set, there could be pages in the Managers portal I want verification performed on, and some not, which is why I am adding this extra column.
Thank you.
I want to manually set certain pages to require authentication. Like the dashboard stuff, and a couple other sections, but for example, if I have "Manager" permission set, there could be pages in the Managers portal I want verification performed on, and some not, which is why I am adding this extra column.
Thank you.
Yep. So that code could easily sit at the top of those pages that you want the authentication. Sounds cool.
Also, note that I pushed out 4.2.3 to fix some minor security issues.
Also, note that I pushed out 4.2.3 to fix some minor security issues.
Mudmin,
My reasoning was to make it so I can code one thing to put in navigation.php that will run this function, check the admin_verify column for the page name. I can handle the whole actual function part, except for how to get the function to get me a value from the pages DB.
E.g. user visits admin_users.php and it has a admin_verify value of 1, it completes the function, but how can I get the function to check the DB and output that value of 0 or 1?
Thank you!
And I noticed that, I patched mine ;) Very easy!
My reasoning was to make it so I can code one thing to put in navigation.php that will run this function, check the admin_verify column for the page name. I can handle the whole actual function part, except for how to get the function to get me a value from the pages DB.
E.g. user visits admin_users.php and it has a admin_verify value of 1, it completes the function, but how can I get the function to check the DB and output that value of 0 or 1?
Thank you!
And I noticed that, I patched mine ;) Very easy!
Absolutely. So you can make a database table of all pages that need to check for additional authentication. You could even add another column to the "pages" table you already have and call it something like req_auth and put a 1 or 0.