<?php /* UserSpice 4 An Open Source PHP User Management System by the UserSpice Team at http://UserSpice.com This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see <http://www.gnu.org/licenses/>. */ ?> <?php require_once 'init.php'; ?> <?php require_once $abs_us_root.$us_url_root.'users/includes/header.php'; ?> <?php require_once $abs_us_root.$us_url_root.'users/includes/navigation.php'; ?> <?php if (!securePage($_SERVER['PHP_SELF'])){die();} ?> <?php $lang = array_merge($lang,array( "ADMIN_VERIFY_NOREF" => "There is no referrer, you cannot verify yourself. Please return to the Dashboard.", "INCORRECT_ADMINPW" => "Incorrect password. Administrator Verification Failed!" )); //PHP Goes Here! $errors = $successes = []; $form_valid=TRUE; $current=date("Y-m-d H:i:s"); $actual_link = Input::get('actual_link'); $page = Input::get('page'); if (empty($actual_link) || empty($page)) { $actual_link = ''; $page = ''; $errors[] = lang("ADMIN_VERIFY_NOREF"); } //Verify Admin Redirect $findUserQ = $db->query("SELECT last_confirm FROM users WHERE id = ?",array($user->data()->id)); $findUser = $findUserQ->first(); //get the current time $current=date("Y-m-d H:i:s"); //convert the string time to a time format php can use $ctFormatted = date("Y-m-d H:i:s", strtotime($current)); //convert the db time to a time format php can use $dbTime = strtotime($findUser->last_confirm); //take the db time and add 2 hours to it. $dbPlus = date("Y-m-d H:i:s", strtotime('+2 hours', $dbTime)); //See what you've got, uncomment this // echo $ctFormatted; // echo '<br>'; // echo $dbPlus; // echo '<br>'; if (strtotime($ctFormatted) < strtotime($dbPlus)){ Redirect::to($actual_link); } //Forms posted if (!empty($_POST)) { //Manually Add User if(!empty($_POST['verifyAdmin'])) { $password=Input::get('password'); if (password_verify($password,$user->data()->password)) { $fields = array( 'last_confirm' => $current, ); $db->update('users',$user->data()->id,$fields); if(!empty($actual_link)){ Redirect::to($actual_link); } } else { $errors[] = lang("INCORRECT_ADMINPW"); } } } ?> <div id="page-wrapper"> <div class="container"> <!-- Page Heading --> <div class="row"> <?=resultBlock($errors,$successes);?> <? if ($actual_link !='') { ?> <div class="col-xs-12 col-md-6"> <h1>Password Verification</h1> </div> </div> <div class="row"> <form class="verify-admin" action="adminverify.php?actual_link=<?=$actual_link?>&page=<?=$page?>" method="POST" id="payment-form"> <div class="col-md-5"> <div class="input-group"><input class="form-control" type="password" name="password" id="password" placeholder="Please enter your password..." required autofocus> <span class="input-group-btn"> <input class='btn btn-primary' type='submit' name='verifyAdmin' value='Verify' /> </span></div> <input type="hidden" value="<?=Token::generate();?>" name="csrf"> <? } ?> </div> </div> </form><br /> </div> </div> </div> </div> <!-- End of main content section --> <?php require_once $abs_us_root.$us_url_root.'users/includes/page_footer.php'; // the final html footer copyright row + the external js calls ?> <!-- Place any per-page javascript here --> <?php require_once $abs_us_root.$us_url_root.'users/includes/html_footer.php'; // currently just the closing /body and /html ?>