From 17c8a9ab0ccbb5f03fbb550b6b01251769a84197 Mon Sep 17 00:00:00 2001
From: johnnyq <johnny@pittpc.com>
Date: Tue, 5 Sep 2023 23:44:42 -0400
Subject: [PATCH] FEATURE: Force MFA Part 2 - Added to add, edit user

---
 post/user.php       | 4 ++--
 post/user_model.php | 1 +
 user_add_modal.php  | 9 +++++++++
 user_edit_modal.php | 9 +++++++++
 users.php           | 1 +
 5 files changed, 22 insertions(+), 2 deletions(-)

diff --git a/post/user.php b/post/user.php
index 1d809598..363eb752 100644
--- a/post/user.php
+++ b/post/user.php
@@ -44,7 +44,7 @@ if (isset($_POST['add_user'])) {
     }
 
     // Create Settings
-    mysqli_query($mysqli, "INSERT INTO user_settings SET user_id = $user_id, user_role = $role");
+    mysqli_query($mysqli, "INSERT INTO user_settings SET user_id = $user_id, user_role = $role, user_config_force_mfa = $force_mfa");
 
     // Send user e-mail, if specified
     if (isset($_POST['send_email']) && !empty($config_smtp_host) && filter_var($email, FILTER_VALIDATE_EMAIL)) {
@@ -138,7 +138,7 @@ if (isset($_POST['edit_user'])) {
     }
 
     //Update User Settings
-    mysqli_query($mysqli, "UPDATE user_settings SET user_role = $role WHERE user_id = $user_id");
+    mysqli_query($mysqli, "UPDATE user_settings SET user_role = $role, user_config_force_mfa = $force_mfa WHERE user_id = $user_id");
 
     //Logging
     mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'User', log_action = 'Modify', log_description = '$session_name modified user $name $extended_log_description', log_ip = '$session_ip', log_user_agent = '$session_user_agent',  log_user_id = $session_user_id, log_entity_id = $user_id");
diff --git a/post/user_model.php b/post/user_model.php
index 919b662b..00c9a402 100644
--- a/post/user_model.php
+++ b/post/user_model.php
@@ -2,3 +2,4 @@
 $name = sanitizeInput($_POST['name']);
 $email = sanitizeInput($_POST['email']);
 $role = intval($_POST['role']);
+$force_mfa = intval($_POST['force_mfa']);
diff --git a/user_add_modal.php b/user_add_modal.php
index 6f3e806a..5c035c3c 100644
--- a/user_add_modal.php
+++ b/user_add_modal.php
@@ -76,6 +76,15 @@
                         </div>
                     </div>
 
+                    <div class="form-group">
+                        <div class="custom-control custom-checkbox">
+                            <input class="custom-control-input" type="checkbox" id="forceMFACheckBox" name="force_mfa" value=1>
+                            <label for="forceMFACheckBox" class="custom-control-label">
+                                Force MFA
+                            </label>
+                        </div>
+                    </div>
+
                 </div>
                 <div class="modal-footer bg-white">
                     <button type="submit" name="add_user" class="btn btn-primary text-bold"><i class="fas fa-check mr-2"></i>Create</button>
diff --git a/user_edit_modal.php b/user_edit_modal.php
index 90e54460..85e8caf3 100644
--- a/user_edit_modal.php
+++ b/user_edit_modal.php
@@ -89,6 +89,15 @@
                         <input type="file" class="form-control-file" accept="image/*;capture=camera" name="file">
                     </div>
 
+                    <div class="form-group">
+                        <div class="custom-control custom-checkbox">
+                            <input class="custom-control-input" type="checkbox" id="forceMFACheckBox<?php echo $user_id; ?>" name="force_mfa" value="1" <?php if($user_config_force_mfa == 1){ echo "checked"; } ?>>
+                            <label for="forceMFACheckBox<?php echo $user_id; ?>" class="custom-control-label">
+                                Force MFA
+                            </label>
+                        </div>
+                    </div>
+
                     <?php if (!empty($user_token)) { ?>
 
                         <div class="form-group">
diff --git a/users.php b/users.php
index 03ac0a94..3e7abe11 100644
--- a/users.php
+++ b/users.php
@@ -85,6 +85,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
                     }
                     $user_avatar = nullable_htmlentities($row['user_avatar']);
                     $user_token = nullable_htmlentities($row['user_token']);
+                    $user_config_force_mfa = intval($row['user_config_force_mfa']);
                     $user_role = $row['user_role'];
                     if ($user_role == 3) {
                         $user_role_display = "Administrator";