AS1024
/
itflow
mirror of https://github.com/itflow-org/itflow
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Renamed Profile to Account, Added a user Side nav to seperate various user preference entities

This commit is contained in:
johnnyq 2024-01-13 17:15:20 -05:00
parent b2ad67e26d
commit 813e8c7e59
10 changed files with 477 additions and 285 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
inc_all_user.php Normal file
View File

@ -0,0 +1,21 @@
<?php
require_once "config.php";
require_once "functions.php";
require_once "check_login.php";
validateAdminRole();
require_once "header.php";
require_once "top_nav.php";
require_once "user_side_nav.php";
require_once "inc_wrapper.php";
require_once "inc_alert_feedback.php";
require_once "pagination_head.php";

133
post/profile.php
View File

@ -4,17 +4,15 @@
* ITFlow - GET/POST request handler for user profiles (tech/agent)
*/
if (isset($_POST['edit_profile'])) {
if (isset($_POST['edit_your_user_details'])) {
// CSRF Check
validateCSRFToken($_POST['csrf_token']);
$user_id = $session_user_id;
$name = sanitizeInput($_POST['name']);
$email = sanitizeInput($_POST['email']);
$new_password = trim($_POST['new_password']);
$sql = mysqli_query($mysqli,"SELECT user_avatar FROM users WHERE user_id = $user_id");
$sql = mysqli_query($mysqli,"SELECT user_avatar FROM users WHERE user_id = $session_user_id");
$row = mysqli_fetch_array($sql);
$existing_file_name = sanitizeInput($row['user_avatar']);
@ -22,21 +20,12 @@ if (isset($_POST['edit_profile'])) {
$extended_log_description = '';
// Email notification when password or email is changed
$user_old_email_sql = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT user_email FROM users WHERE user_id = $user_id"));
$user_old_email_sql = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT user_email FROM users WHERE user_id = $session_user_id"));
$user_old_email = $user_old_email_sql['user_email'];
if (!empty($config_smtp_host) && (!empty($new_password) || $user_old_email !== $email)) {
if (!empty($config_smtp_host) && ($user_old_email !== $email)) {
// Determine exactly what changed
if ($user_old_email !== $email && !empty($new_password)) {
$details = "Your e-mail address and password were changed. New email: $email.";
}
elseif ($user_old_email !== $email) {
$details = "Your email address was changed. New email: $email.";
}
elseif (!empty($new_password)) {
$details = "Your password was changed.";
}
$details = "Your email address was changed. New email: $email.";
$subject = "$config_app_name account update confirmation for $name";
$body = "Hi $name, <br><br>Your $config_app_name account has been updated, details below: <br><br> <b>$details</b> <br><br> If you did not perform this change, contact your $config_app_name administrator immediately. <br><br>Thanks, <br>ITFlow<br>$session_company_name";
@ -61,15 +50,15 @@ if (isset($_POST['edit_profile'])) {
$file_tmp_path = $_FILES['file']['tmp_name'];
// directory in which the uploaded file will be moved
$upload_file_dir = "uploads/users/$user_id/";
$upload_file_dir = "uploads/users/$session_user_id/";
$dest_path = $upload_file_dir . $new_file_name;
move_uploaded_file($file_tmp_path, $dest_path);
// Delete old file
unlink("uploads/users/$user_id/$existing_file_name");
unlink("uploads/users/$session_user_id/$existing_file_name");
// Set Avatar
mysqli_query($mysqli,"UPDATE users SET user_avatar = '$new_file_name' WHERE user_id = $user_id");
mysqli_query($mysqli,"UPDATE users SET user_avatar = '$new_file_name' WHERE user_id = $session_user_id");
// Extended Logging
$extended_log_description .= ", profile picture updated";
@ -81,38 +70,12 @@ if (isset($_POST['edit_profile'])) {
}
}
if (!empty($new_password)) {
$new_password = password_hash($new_password, PASSWORD_DEFAULT);
$user_specific_encryption_ciphertext = encryptUserSpecificKey($_POST['new_password']);
mysqli_query($mysqli,"UPDATE users SET user_password = '$new_password', user_specific_encryption_ciphertext = '$user_specific_encryption_ciphertext' WHERE user_id = $user_id");
$extended_log_description .= ", password changed";
$logout = true;
}
// Enable extension access, only if it isn't already setup (user doesn't have cookie)
if (isset($_POST['extension']) && $_POST['extension'] == 'Yes') {
if (!isset($_COOKIE['user_extension_key'])) {
$extension_key = randomString(156);
mysqli_query($mysqli, "UPDATE users SET user_extension_key = '$extension_key' WHERE user_id = $user_id");
$extended_log_description .= ", extension access enabled";
$logout = true;
}
}
// Disable extension access
if (!isset($_POST['extension'])) {
mysqli_query($mysqli, "UPDATE users SET user_extension_key = '' WHERE user_id = $user_id");
$extended_log_description .= ", extension access disabled";
}
mysqli_query($mysqli,"UPDATE users SET user_name = '$name', user_email = '$email' WHERE user_id = $user_id");
mysqli_query($mysqli,"UPDATE users SET user_name = '$name', user_email = '$email' WHERE user_id = $session_user_id");
//Logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'User Preferences', log_action = 'Modify', log_description = '$session_name modified their preferences$extended_log_description', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id");
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'User Details', log_action = 'Modify', log_description = '$session_name modified their details $extended_log_description', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id");
$_SESSION['alert_message'] = "User preferences updated";
$_SESSION['alert_message'] = "User details updated";
if ($logout) {
header('Location: post.php?logout');
@ -122,6 +85,80 @@ if (isset($_POST['edit_profile'])) {
}
}
if (isset($_POST['edit_your_user_password'])) {
// CSRF Check
validateCSRFToken($_POST['csrf_token']);
$new_password = trim($_POST['new_password']);
// Email notification when password or email is changed
$user_sql = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT user_name, user_email FROM users WHERE user_id = $session_user_id"));
$name = $user_sql['user_name'];
$user_email = $user_sql['user_email'];
if (!empty($config_smtp_host)){
$details = "Your password was changed.";
$subject = "$config_app_name account update confirmation for $name";
$body = "Hi $name, <br><br>Your $config_app_name account has been updated, details below: <br><br> <b>$details</b> <br><br> If you did not perform this change, contact your $config_app_name administrator immediately. <br><br>Thanks, <br>ITFlow<br>$session_company_name";
$data = [
[
'from' => $config_mail_from_email,
'from_name' => $config_mail_from_name,
'recipient' => $user_email,
'recipient_name' => $name,
'subject' => $subject,
'body' => $body
]
];
$mail = addToMailQueue($mysqli, $data);
}
$new_password = password_hash($new_password, PASSWORD_DEFAULT);
$user_specific_encryption_ciphertext = encryptUserSpecificKey($_POST['new_password']);
mysqli_query($mysqli,"UPDATE users SET user_password = '$new_password', user_specific_encryption_ciphertext = '$user_specific_encryption_ciphertext' WHERE user_id = $session_user_id");
//Logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'User Preferences', log_action = 'Modify', log_description = '$session_name changed their password', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id");
$_SESSION['alert_message'] = "Your password was updated";
header('Location: post.php?logout');
}
if (isset($_POST['edit_your_user_browser_extention'])) {
// CSRF Check
validateCSRFToken($_POST['csrf_token']);
// Enable extension access, only if it isn't already setup (user doesn't have cookie)
if (isset($_POST['extension']) && $_POST['extension'] == 'Yes') {
if (!isset($_COOKIE['user_extension_key'])) {
$extension_key = randomString(156);
mysqli_query($mysqli, "UPDATE users SET user_extension_key = '$extension_key' WHERE user_id = $session_user_id");
$extended_log_description .= "enabled browser extension access";
$logout = true;
}
}
// Disable extension access
if (!isset($_POST['extension'])) {
mysqli_query($mysqli, "UPDATE users SET user_extension_key = '' WHERE user_id = $session_user_id");
$extended_log_description .= "disabled browser extension access";
}
//Logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'User Preferences', log_action = 'Modify', log_description = '$session_name $extended_log_description', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id");
$_SESSION['alert_message'] = "User preferences updated";
header("Location: " . $_SERVER["HTTP_REFERER"]);
}
if (isset($_POST['verify'])) {

6
top_nav.php
View File

@ -153,10 +153,10 @@
</li>
<!-- Menu Footer-->
<li class="user-footer">
<a href="user_profile.php" class="btn btn-default btn-flat"><i
class="fas fa-cog mr-2"></i>Profile</a>
<a href="user_details.php" class="btn btn-default btn-flat"><i
class="fas fa-cog mr-2"></i>Account</a>
<a href="post.php?logout" class="btn btn-default btn-flat float-right"><i
class="fas fa-sign-out-alt mr-2"></i>Sign out</a>
class="fas fa-sign-out-alt mr-2"></i>Logout</a>
</li>
</ul>
</li>

95
user_activity.php Normal file
View File

@ -0,0 +1,95 @@
<?php
require_once "inc_all_user.php";
$sql_recent_logins = mysqli_query($mysqli, "SELECT * FROM logs
WHERE log_type = 'Login' OR log_type = 'Login 2FA' AND log_action = 'Success' AND log_user_id = $session_user_id
ORDER BY log_id DESC LIMIT 3"
);
$sql_recent_logs = mysqli_query($mysqli, "SELECT * FROM logs
WHERE log_user_id = $session_user_id AND log_type NOT LIKE 'Login'
ORDER BY log_id DESC LIMIT 5"
);
?>
<div class="card card-dark">
<div class="card-header">
<h3 class="card-title"><i class="fas fa-fw fa-sign-in-alt mr-2"></i>Your Recent Sign ins</h3>
</div>
<table class="table table-borderless">
<tbody>
<?php
while ($row = mysqli_fetch_array($sql_recent_logins)) {
$log_id = intval($row['log_id']);
$log_ip = nullable_htmlentities($row['log_ip']);
$log_user_agent = nullable_htmlentities($row['log_user_agent']);
$log_user_os = getOS($log_user_agent);
$log_user_browser = getWebBrowser($log_user_agent);
$log_created_at = nullable_htmlentities($row['log_created_at']);
?>
<tr>
<td><i class="fa fa-fw fa-clock text-secondary mr-2"></i><?php echo $log_created_at; ?></td>
<td><?php echo $log_user_os; ?></td>
<td><?php echo $log_user_browser; ?></td>
<td><i class='fa fa-fw fa-globe text-secondary'></i> <?php echo $log_ip; ?></td>
</tr>
<?php } ?>
</tbody>
</table>
<div class="card-footer">
<a href="logs.php?q=<?php echo "$session_name successfully logged in"; ?>">See More...</a>
</div>
</div>
<div class="card card-dark">
<div class="card-header">
<h3 class="card-title"><i class="fas fa-fw fa-history mr-2"></i>Your Recent Activity</h3>
</div>
<table class="table">
<tbody>
<?php
while ($row = mysqli_fetch_array($sql_recent_logs)) {
$log_id = intval($row['log_id']);
$log_type = nullable_htmlentities($row['log_type']);
$log_action = nullable_htmlentities($row['log_action']);
$log_description = nullable_htmlentities($row['log_description']);
$log_created_at = nullable_htmlentities($row['log_created_at']);
if ($log_action == 'Create') {
$log_icon = "plus text-success";
} elseif ($log_action == 'Modify') {
$log_icon = "edit text-info";
} elseif ($log_action == 'Delete') {
$log_icon = "trash-alt text-danger";
} else {
$log_icon = "pencil";
}
?>
<tr>
<td><i class="fa fa-fw fa-clock text-secondary mr-2"></i><?php echo $log_created_at; ?></td>
<td><strong><i class="fa fa-fw text-secondary fa-<?php echo $log_icon; ?>"></i> <?php echo $log_type; ?></strong></td>
<td><span class="text-secondary"><?php echo $log_description; ?></span></td>
</tr>
<?php
}
?>
</tbody>
</table>
<div class="card-footer">
<a href="logs.php?q=<?php echo nullable_htmlentities($session_name); ?>">See More...</a>
</div>
</div>
<?php
require_once "footer.php";

35
user_browser_extension.php Normal file
View File

@ -0,0 +1,35 @@
<?php
require_once "inc_all_user.php";
?>
<div class="card card-dark">
<div class="card-header py-3">
<h3 class="card-title"><i class="fas fa-fw fa-cog mr-2"></i>Browser Extension</h3>
</div>
<div class="card-body">
<form action="post.php" method="post" enctype="multipart/form-data" autocomplete="off">
<input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token'] ?>">
<?php if ($session_user_role > 1) { ?>
<div class="form-group">
<div class="form-check">
<input type="checkbox" class="form-check-input" name="extension" id="extension" value="Yes" <?php if (isset($_COOKIE['user_extension_key'])) {echo "checked";} ?>>
<label class="form-check-label" for="extension">Enable Browser Extention?</label>
<p class="small">Note: You must log out and back in again for these changes take effect.</p>
</div>
</div>
<?php } ?>
<button type="submit" name="edit_your_user_browser_extension" class="btn btn-primary btn-block mt-3"><i class="fas fa-check mr-2"></i>Save</button>
</form>
</div>
</div>
<?php
require_once "footer.php";

61
user_details.php Normal file
View File

@ -0,0 +1,61 @@
<?php
require_once "inc_all_user.php";
?>
<div class="card card-dark">
<div class="card-header py-3">
<h3 class="card-title"><i class="fas fa-fw fa-user mr-2"></i>Your User Details</h3>
</div>
<div class="card-body">
<form action="post.php" method="post" enctype="multipart/form-data" autocomplete="off">
<input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token'] ?>">
<center class="mb-3 px-5">
<?php if (empty($session_avatar)) { ?>
<i class="fas fa-user-circle fa-8x text-secondary"></i>
<?php } else { ?>
<img alt="User avatar" src="<?php echo "uploads/users/$session_user_id/" . nullable_htmlentities($session_avatar); ?>" class="img-fluid">
<?php } ?>
<h4 class="text-secondary mt-2"><?php echo nullable_htmlentities($session_user_role_display); ?></h4>
</center>
<hr>
<div class="form-group">
<label>Your Name <strong class="text-danger">*</strong></label>
<div class="input-group">
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-user"></i></span>
</div>
<input type="text" class="form-control" name="name" placeholder="Full Name" value="<?php echo stripslashes(nullable_htmlentities($session_name)); ?>" required>
</div>
</div>
<div class="form-group">
<label>Your Email <strong class="text-danger">*</strong></label>
<div class="input-group">
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-envelope"></i></span>
</div>
<input type="email" class="form-control" name="email" placeholder="Email Address" value="<?php echo nullable_htmlentities($session_email); ?>" required>
</div>
</div>
<div class="form-group">
<label>Your Avatar</label>
<input type="file" class="form-control-file" accept="image/*;capture=camera" name="file">
</div>
<button type="submit" name="edit_your_user_details" class="btn btn-primary btn-block mt-3"><i class="fas fa-check mr-2"></i>Save</button>
</form>
</div>
</div>
<?php
require_once "footer.php";

35
user_preferences.php Normal file
View File

@ -0,0 +1,35 @@
<?php
require_once "inc_all_user.php";
?>
<div class="card card-dark">
<div class="card-header py-3">
<h3 class="card-title"><i class="fas fa-fw fa-globe mr-2"></i>Browser Extension</h3>
</div>
<div class="card-body">
<form action="post.php" method="post" enctype="multipart/form-data" autocomplete="off">
<input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token'] ?>">
<?php if ($session_user_role > 1) { ?>
<div class="form-group">
<div class="form-check">
<input type="checkbox" class="form-check-input" name="extension" id="extension" value="Yes" <?php if (isset($_COOKIE['user_extension_key'])) {echo "checked";} ?>>
<label class="form-check-label" for="extension">Enable Browser Extention?</label>
<p class="small">Note: You must log out and back in again for these changes take effect.</p>
</div>
</div>
<?php } ?>
<button type="submit" name="edit_your_user_browser_extension" class="btn btn-primary btn-block mt-3"><i class="fas fa-check mr-2"></i>Save</button>
</form>
</div>
</div>
<?php
require_once "footer.php";

234
user_profile.php
View File

@ -1,234 +0,0 @@
<?php
require_once "inc_all.php";
$sql_recent_logins = mysqli_query($mysqli, "SELECT * FROM logs
WHERE log_type = 'Login' OR log_type = 'Login 2FA' AND log_action = 'Success' AND log_user_id = $session_user_id
ORDER BY log_id DESC LIMIT 3"
);
$sql_recent_logs = mysqli_query($mysqli, "SELECT * FROM logs
WHERE log_user_id = $session_user_id AND log_type NOT LIKE 'Login'
ORDER BY log_id DESC LIMIT 5"
);
?>
<div class="row">
<div class="col-md-4">
<div class="card card-dark">
<div class="card-header py-3">
<h3 class="card-title"><i class="fas fa-fw fa-cog mr-2"></i>Your User Details</h3>
</div>
<div class="card-body">
<form action="post.php" method="post" enctype="multipart/form-data" autocomplete="off">
<input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token'] ?>">
<center class="mb-3 px-5">
<?php if (empty($session_avatar)) { ?>
<i class="fas fa-user-circle fa-8x text-secondary"></i>
<?php } else { ?>
<img alt="User avatar" src="<?php echo "uploads/users/$session_user_id/" . nullable_htmlentities($session_avatar); ?>" class="img-fluid">
<?php } ?>
<h4 class="text-secondary mt-2"><?php echo nullable_htmlentities($session_user_role_display); ?></h4>
</center>
<hr>
<div class="form-group">
<label>Your Name <strong class="text-danger">*</strong></label>
<div class="input-group">
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-user"></i></span>
</div>
<input type="text" class="form-control" name="name" placeholder="Full Name" value="<?php echo stripslashes(nullable_htmlentities($session_name)); ?>" required>
</div>
</div>
<div class="form-group">
<label>Your Email <strong class="text-danger">*</strong></label>
<div class="input-group">
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-envelope"></i></span>
</div>
<input type="email" class="form-control" name="email" placeholder="Email Address" value="<?php echo nullable_htmlentities($session_email); ?>" required>
</div>
</div>
<div class="form-group">
<label>Your New Password</label>
<div class="input-group">
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-lock"></i></span>
</div>
<input type="password" class="form-control" data-toggle="password" name="new_password" placeholder="Leave blank for no change" autocomplete="new-password" minlength="8">
<div class="input-group-append">
<span class="input-group-text"><i class="fa fa-fw fa-eye"></i></span>
</div>
</div>
</div>
<div class="form-group">
<label>Your Avatar</label>
<input type="file" class="form-control-file" accept="image/*;capture=camera" name="file">
</div>
<?php if ($session_user_role > 1) { ?>
<div class="form-group">
<div class="form-check">
<input type="checkbox" class="form-check-input" name="extension" id="extension" value="Yes" <?php if (isset($_COOKIE['user_extension_key'])) {echo "checked";} ?>>
<label class="form-check-label" for="extension">Enable Browser Extention?</label>
<p class="small">Note: You must log out and back in again for these changes take effect.</p>
</div>
</div>
<?php } ?>
<button type="submit" name="edit_profile" class="btn btn-primary btn-block mt-3"><i class="fas fa-check mr-2"></i>Save</button>
</form>
<hr>
<form action="post.php" method="post" autocomplete="off">
<input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token'] ?>">
<?php if (empty($session_token)) { ?>
<button type="submit" name="enable_2fa" class="btn btn-success btn-block mt-3"><i class="fa fa-fw fa-lock"></i><br> Enable 2FA</button>
<?php } else { ?>
<p>You have set up 2FA. Your QR code is below.</p>
<button type="submit" name="disable_2fa" class="btn btn-danger btn-block mt-3"><i class="fa fa-fw fa-unlock"></i><br>Disable 2FA</button>
<?php } ?>
<center>
<?php
require_once 'rfc6238.php';
//Generate a base32 Key
$secretkey = key32gen();
if (!empty($session_token)) {
//Generate QR Code based off the generated key
print sprintf('<img src="%s"/>', TokenAuth6238::getBarCodeUrl($session_name, ' ', $session_token, $_SERVER['SERVER_NAME']));
echo "<p class='text-secondary'>$session_token</p>";
}
?>
</center>
<input type="hidden" name="token" value="<?php echo $secretkey; ?>">
</form>
<?php if (!empty($session_token)) { ?>
<form action="post.php" method="post" autocomplete="off">
<div class="form-group">
<div class="input-group">
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-key"></i></span>
</div>
<input type="text" class="form-control" inputmode="numeric" pattern="[0-9]*" name="code" placeholder="Verify 2FA Code" required>
<div class="input-group-append">
<button type="submit" name="verify" class="btn btn-success">Verify</button>
</div>
</div>
</div>
</form>
<?php } ?>
</div>
</div>
</div>
<div class="col-md-8">
<div class="card card-dark">
<div class="card-header">
<h3 class="card-title"><i class="fas fa-fw fa-sign-in-alt mr-2"></i>Your Recent Sign ins</h3>
</div>
<table class="table table-borderless">
<tbody>
<?php
while ($row = mysqli_fetch_array($sql_recent_logins)) {
$log_id = intval($row['log_id']);
$log_ip = nullable_htmlentities($row['log_ip']);
$log_user_agent = nullable_htmlentities($row['log_user_agent']);
$log_user_os = getOS($log_user_agent);
$log_user_browser = getWebBrowser($log_user_agent);
$log_created_at = nullable_htmlentities($row['log_created_at']);
?>
<tr>
<td><i class="fa fa-fw fa-clock text-secondary mr-2"></i><?php echo $log_created_at; ?></td>
<td><?php echo $log_user_os; ?></td>
<td><?php echo $log_user_browser; ?></td>
<td><i class='fa fa-fw fa-globe text-secondary'></i> <?php echo $log_ip; ?></td>
</tr>
<?php } ?>
</tbody>
</table>
<div class="card-footer">
<a href="logs.php?q=<?php echo "$session_name successfully logged in"; ?>">See More...</a>
</div>
</div>
<div class="card card-dark">
<div class="card-header">
<h3 class="card-title"><i class="fas fa-fw fa-history mr-2"></i>Your Recent Activity</h3>
</div>
<table class="table">
<tbody>
<?php
while ($row = mysqli_fetch_array($sql_recent_logs)) {
$log_id = intval($row['log_id']);
$log_type = nullable_htmlentities($row['log_type']);
$log_action = nullable_htmlentities($row['log_action']);
$log_description = nullable_htmlentities($row['log_description']);
$log_created_at = nullable_htmlentities($row['log_created_at']);
if ($log_action == 'Create') {
$log_icon = "plus text-success";
} elseif ($log_action == 'Modify') {
$log_icon = "edit text-info";
} elseif ($log_action == 'Delete') {
$log_icon = "trash-alt text-danger";
} else {
$log_icon = "pencil";
}
?>
<tr>
<td><i class="fa fa-fw fa-clock text-secondary mr-2"></i><?php echo $log_created_at; ?></td>
<td><strong><i class="fa fa-fw text-secondary fa-<?php echo $log_icon; ?>"></i> <?php echo $log_type; ?></strong></td>
<td><span class="text-secondary"><?php echo $log_description; ?></span></td>
</tr>
<?php
}
?>
</tbody>
</table>
<div class="card-footer">
<a href="logs.php?q=<?php echo nullable_htmlentities($session_name); ?>">See More...</a>
</div>
</div>
</div>
</div>
<?php
require_once "footer.php";

90
user_security.php Normal file
View File

@ -0,0 +1,90 @@
<?php
require_once "inc_all_user.php";
?>
<div class="card card-dark">
<div class="card-header py-3">
<h3 class="card-title"><i class="fas fa-fw fa-shield-alt mr-2"></i>Your Password</h3>
</div>
<div class="card-body">
<form action="post.php" method="post" enctype="multipart/form-data" autocomplete="off">
<input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token'] ?>">
<div class="form-group">
<label>Your New Password</label>
<div class="input-group">
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-lock"></i></span>
</div>
<input type="password" class="form-control" data-toggle="password" name="new_password" placeholder="Leave blank for no change" autocomplete="new-password" minlength="8">
<div class="input-group-append">
<span class="input-group-text"><i class="fa fa-fw fa-eye"></i></span>
</div>
</div>
</div>
<button type="submit" name="edit_your_user_password" class="btn btn-primary btn-block mt-3"><i class="fas fa-check mr-2"></i>Save</button>
</form>
</div>
</div>
<div class="card card-dark">
<div class="card-header py-3">
<h3 class="card-title"><i class="fas fa-fw fa-lock mr-2"></i>Mult-Factor Authentication</h3>
</div>
<div class="card-body">
<form action="post.php" method="post" autocomplete="off">
<input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token'] ?>">
<?php if (empty($session_token)) { ?>
<button type="submit" name="enable_2fa" class="btn btn-success btn-block mt-3"><i class="fa fa-fw fa-lock"></i><br> Enable 2FA</button>
<?php } else { ?>
<p>You have set up 2FA. Your QR code is below.</p>
<button type="submit" name="disable_2fa" class="btn btn-danger btn-block mt-3"><i class="fa fa-fw fa-unlock"></i><br>Disable 2FA</button>
<?php } ?>
<center>
<?php
require_once 'rfc6238.php';
//Generate a base32 Key
$secretkey = key32gen();
if (!empty($session_token)) {
//Generate QR Code based off the generated key
print sprintf('<img src="%s"/>', TokenAuth6238::getBarCodeUrl($session_name, ' ', $session_token, $_SERVER['SERVER_NAME']));
echo "<p class='text-secondary'>$session_token</p>";
}
?>
</center>
<input type="hidden" name="token" value="<?php echo $secretkey; ?>">
</form>
<?php if (!empty($session_token)) { ?>
<form action="post.php" method="post" autocomplete="off">
<div class="form-group">
<div class="input-group">
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-key"></i></span>
</div>
<input type="text" class="form-control" inputmode="numeric" pattern="[0-9]*" name="code" placeholder="Verify 2FA Code" required>
<div class="input-group-append">
<button type="submit" name="verify" class="btn btn-success">Verify</button>
</div>
</div>
</div>
</form>
<?php } ?>
</div>
<?php
require_once "footer.php";

52
user_side_nav.php Normal file
View File

@ -0,0 +1,52 @@
<!-- Main Sidebar Container -->
<aside class="main-sidebar sidebar-dark-<?php echo nullable_htmlentities($config_theme); ?> d-print-none">
<a class="brand-link pb-1 mt-1" href="clients.php">
<p class="h5"><i class="nav-icon fas fa-arrow-left ml-3 mr-2"></i> Go Back</strong></p>
</a>
<!-- Sidebar -->
<div class="sidebar">
<!-- Sidebar Menu -->
<nav>
<ul class="nav nav-pills nav-sidebar flex-column" data-widget="treeview" role="menu" data-accordion="false">
<li class="nav-item mt-3">
<a href="user_details.php" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "user_details.php") { echo "active"; } ?>">
<i class="nav-icon fas fa-user"></i>
<p>Details</p>
</a>
</li>
<li class="nav-item mt-2">
<a href="user_security.php" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "user_security.php") { echo "active"; } ?>">
<i class="nav-icon fas fa-shield-alt"></i>
<p>Security</p>
</a>
</li>
<li class="nav-item mt-2">
<a href="user_preferences.php" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "user_preferences.php") { echo "active"; } ?>">
<i class="nav-icon fas fa-cogs"></i>
<p>Preferences</p>
</a>
</li>
<li class="nav-item mt-2">
<a href="user_activity.php" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "user_activity.php") { echo "active"; } ?>">
<i class="nav-icon fas fa-clock"></i>
<p>Activity</p>
</a>
</li>
</ul>
</nav>
<!-- /.sidebar-menu -->
<div class="mb-3"></div>
</div>
<!-- /.sidebar -->
</aside>