Oh no! Where's the JavaScript?
Your Web browser does not have JavaScript enabled or does not support JavaScript. Please enable JavaScript on your Web browser to properly view this Web site, or upgrade to a Web browser that does support JavaScript.
Sign In
Not a member yet? Click here to register.

check_admin_pass

This function is used as an additional security feature
The function will check if the $password matches the user's Administrative password or if the Administrator┬┤s cookie or session is set and is valid.

check_admin_pass

Quote

check_admin_pass ( string $password )


Parameters
password
User's Administrative password in clear text, this will later be hashed with md5 by the function before checked against the original password to the user.

Return Values
This function will return true if the if the $password matches the user's Administrative password or if the Administrator┬┤s cookie or session is set and is valid.

Example
Code
<?php
// Check if the user is an admin and that the aid link is correct
if (iADMIN || !defined("iAUTH") || $_GET['aid'] != iAUTH) { redirect("../index.php"); }
 
// Check if the form is submitted
if (isset($_POST['save'])) {
 // Check if the admin password is correct
 if (check_admin_pass(isset($_POST['admin_password']) ? stripinput($_POST['admin_password']) : "")) {
 // Set/update admin pass cookie/session
 set_admin_pass(isset($_POST['admin_password']) ? stripinput($_POST['admin_password']) : "");
 // Secure actions goes here
 } else {
 // Redirect if admin password fails
 redirect(FUSION_SELF.$aidlink);
 }
}
 
// Start the form
echo "<form name='inputform' method='post' action='".FUSION_SELF.$aidlink."'>\n";
// Here goes other elements of the form
// Here comes the admin password part
if (!check_admin_pass(isset($_POST['admin_password']) ? stripinput($_POST['admin_password']) : "")) {
 echo "<input type='password' name='admin_password' value='".(isset($_POST['admin_password']) ? stripinput($_POST['admin_password']) : "")."' class='textbox' style='width:150px;' />\n";
}
// Submit button
echo "<input type='submit' name='save' value='Submit' class='button' />\n";
echo "</form>\n";
?>


The above example demonstrates how the check_admin_pass() and set_admin_pass() works together.

Changelog
7.01.00 - Function added to PHP-Fusion

Notes
The function uses the $_SESSION[COOKIE_PREFIX.'admin'] if sessions are enables instead of cookies.


See also …


References