adminverify.php 8/13/17
<?php
/*
UserSpice 4
An Open Source PHP User Management System
by the UserSpice Team at http://UserSpice.com
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
?>
<?php require_once 'init.php'; ?>
<?php require_once $abs_us_root.$us_url_root.'users/includes/header.php'; ?>
<?php require_once $abs_us_root.$us_url_root.'users/includes/navigation.php'; ?>
<?php if (!securePage($_SERVER['PHP_SELF'])){die();} ?>
<?php
$lang = array_merge($lang,array(
"ADMIN_VERIFY_NOREF" => "There is no referrer, you cannot verify yourself. Please return to the Dashboard.",
"INCORRECT_ADMINPW" => "Incorrect password. Administrator Verification Failed!"
));
//PHP Goes Here!
$errors = $successes = [];
$form_valid=TRUE;
$current=date("Y-m-d H:i:s");
$actual_link = Input::get('actual_link');
$page = Input::get('page');
if (empty($actual_link) || empty($page)) {
$actual_link = '';
$page = '';
$errors[] = lang("ADMIN_VERIFY_NOREF");
}
//Verify Admin Redirect
$findUserQ = $db->query("SELECT last_confirm FROM users WHERE id = ?",array($user->data()->id));
$findUser = $findUserQ->first();
//get the current time
$current=date("Y-m-d H:i:s");
//convert the string time to a time format php can use
$ctFormatted = date("Y-m-d H:i:s", strtotime($current));
//convert the db time to a time format php can use
$dbTime = strtotime($findUser->last_confirm);
//take the db time and add 2 hours to it.
$dbPlus = date("Y-m-d H:i:s", strtotime('+2 hours', $dbTime));
//See what you've got, uncomment this
// echo $ctFormatted;
// echo '<br>';
// echo $dbPlus;
// echo '<br>';
if (strtotime($ctFormatted) < strtotime($dbPlus)){
Redirect::to($actual_link);
}
//Forms posted
if (!empty($_POST)) {
//Manually Add User
if(!empty($_POST['verifyAdmin'])) {
$password=Input::get('password');
if (password_verify($password,$user->data()->password)) {
$fields = array(
'last_confirm' => $current,
);
$db->update('users',$user->data()->id,$fields);
if(!empty($actual_link)){
Redirect::to($actual_link);
}
} else {
$errors[] = lang("INCORRECT_ADMINPW");
}
}
}
?>
<div id="page-wrapper">
<div class="container">
<!-- Page Heading -->
<div class="row">
<?=resultBlock($errors,$successes);?>
<? if ($actual_link !='') { ?>
<div class="col-xs-12 col-md-6">
<h1>Password Verification</h1>
</div>
</div>
<div class="row">
<form class="verify-admin" action="adminverify.php?actual_link=<?=$actual_link?>&page=<?=$page?>" method="POST" id="payment-form">
<div class="col-md-5">
<div class="input-group"><input class="form-control" type="password" name="password" id="password" placeholder="Please enter your password..." required autofocus>
<span class="input-group-btn">
<input class='btn btn-primary' type='submit' name='verifyAdmin' value='Verify' />
</span></div>
<input type="hidden" value="<?=Token::generate();?>" name="csrf">
<? } ?>
</div>
</div>
</form><br />
</div>
</div>
</div>
</div>
<!-- End of main content section -->
<?php require_once $abs_us_root.$us_url_root.'users/includes/page_footer.php'; // the final html footer copyright row + the external js calls ?>
<!-- Place any per-page javascript here -->
<?php require_once $abs_us_root.$us_url_root.'users/includes/html_footer.php'; // currently just the closing /body and /html ?> Pasted: Aug 13, 2017, 7:10:33 pm
Views: 19