From 813e8c7e59668fd141eb4bc670fb1e3d07a8549f Mon Sep 17 00:00:00 2001
From: johnnyq <johnny@pittpc.com>
Date: Sat, 13 Jan 2024 17:15:20 -0500
Subject: [PATCH] Renamed Profile to Account, Added a user Side nav to seperate
 various user preference entities

---
 inc_all_user.php           |  21 ++++
 post/profile.php           | 133 +++++++++++++--------
 top_nav.php                |   6 +-
 user_activity.php          |  95 +++++++++++++++
 user_browser_extension.php |  35 ++++++
 user_details.php           |  61 ++++++++++
 user_preferences.php       |  35 ++++++
 user_profile.php           | 234 -------------------------------------
 user_security.php          |  90 ++++++++++++++
 user_side_nav.php          |  52 +++++++++
 10 files changed, 477 insertions(+), 285 deletions(-)
 create mode 100644 inc_all_user.php
 create mode 100644 user_activity.php
 create mode 100644 user_browser_extension.php
 create mode 100644 user_details.php
 create mode 100644 user_preferences.php
 delete mode 100644 user_profile.php
 create mode 100644 user_security.php
 create mode 100644 user_side_nav.php

diff --git a/inc_all_user.php b/inc_all_user.php
new file mode 100644
index 00000000..614bfc4d
--- /dev/null
+++ b/inc_all_user.php
@@ -0,0 +1,21 @@
+<?php
+
+require_once "config.php";
+
+require_once "functions.php";
+
+require_once "check_login.php";
+
+validateAdminRole();
+
+require_once "header.php";
+
+require_once "top_nav.php";
+
+require_once "user_side_nav.php";
+
+require_once "inc_wrapper.php";
+
+require_once "inc_alert_feedback.php";
+
+require_once "pagination_head.php";
diff --git a/post/profile.php b/post/profile.php
index 3b2b9435..34d40abb 100644
--- a/post/profile.php
+++ b/post/profile.php
@@ -4,17 +4,15 @@
  * ITFlow - GET/POST request handler for user profiles (tech/agent)
  */
 
-if (isset($_POST['edit_profile'])) {
+if (isset($_POST['edit_your_user_details'])) {
 
     // CSRF Check
     validateCSRFToken($_POST['csrf_token']);
 
-    $user_id = $session_user_id;
     $name = sanitizeInput($_POST['name']);
     $email = sanitizeInput($_POST['email']);
-    $new_password = trim($_POST['new_password']);
 
-    $sql = mysqli_query($mysqli,"SELECT user_avatar FROM users WHERE user_id = $user_id");
+    $sql = mysqli_query($mysqli,"SELECT user_avatar FROM users WHERE user_id = $session_user_id");
     $row = mysqli_fetch_array($sql);
     $existing_file_name = sanitizeInput($row['user_avatar']);
 
@@ -22,21 +20,12 @@ if (isset($_POST['edit_profile'])) {
     $extended_log_description = '';
 
     // Email notification when password or email is changed
-    $user_old_email_sql = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT user_email FROM users WHERE user_id = $user_id"));
+    $user_old_email_sql = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT user_email FROM users WHERE user_id = $session_user_id"));
     $user_old_email = $user_old_email_sql['user_email'];
 
-    if (!empty($config_smtp_host) && (!empty($new_password) || $user_old_email !== $email)) {
+    if (!empty($config_smtp_host) && ($user_old_email !== $email)) {
 
-        // Determine exactly what changed
-        if ($user_old_email !== $email && !empty($new_password)) {
-            $details = "Your e-mail address and password were changed. New email: $email.";
-        }
-        elseif ($user_old_email !== $email) {
-            $details = "Your email address was changed. New email: $email.";
-        }
-        elseif (!empty($new_password)) {
-            $details = "Your password was changed.";
-        }
+        $details = "Your email address was changed. New email: $email.";
 
         $subject = "$config_app_name account update confirmation for $name";
         $body = "Hi $name, <br><br>Your $config_app_name account has been updated, details below: <br><br> <b>$details</b> <br><br> If you did not perform this change, contact your $config_app_name administrator immediately. <br><br>Thanks, <br>ITFlow<br>$session_company_name";
@@ -61,15 +50,15 @@ if (isset($_POST['edit_profile'])) {
             $file_tmp_path = $_FILES['file']['tmp_name'];
 
             // directory in which the uploaded file will be moved
-            $upload_file_dir = "uploads/users/$user_id/";
+            $upload_file_dir = "uploads/users/$session_user_id/";
             $dest_path = $upload_file_dir . $new_file_name;
             move_uploaded_file($file_tmp_path, $dest_path);
 
             // Delete old file
-            unlink("uploads/users/$user_id/$existing_file_name");
+            unlink("uploads/users/$session_user_id/$existing_file_name");
 
             // Set Avatar
-            mysqli_query($mysqli,"UPDATE users SET user_avatar = '$new_file_name' WHERE user_id = $user_id");
+            mysqli_query($mysqli,"UPDATE users SET user_avatar = '$new_file_name' WHERE user_id = $session_user_id");
 
             // Extended Logging
             $extended_log_description .= ", profile picture updated";
@@ -81,38 +70,12 @@ if (isset($_POST['edit_profile'])) {
         }
     }
 
-    if (!empty($new_password)) {
-        $new_password = password_hash($new_password, PASSWORD_DEFAULT);
-        $user_specific_encryption_ciphertext = encryptUserSpecificKey($_POST['new_password']);
-        mysqli_query($mysqli,"UPDATE users SET user_password = '$new_password', user_specific_encryption_ciphertext = '$user_specific_encryption_ciphertext' WHERE user_id = $user_id");
-
-        $extended_log_description .= ", password changed";
-        $logout = true;
-    }
-
-    // Enable extension access, only if it isn't already setup (user doesn't have cookie)
-    if (isset($_POST['extension']) && $_POST['extension'] == 'Yes') {
-        if (!isset($_COOKIE['user_extension_key'])) {
-            $extension_key = randomString(156);
-            mysqli_query($mysqli, "UPDATE users SET user_extension_key = '$extension_key' WHERE user_id = $user_id");
-
-            $extended_log_description .= ", extension access enabled";
-            $logout = true;
-        }
-    }
-
-    // Disable extension access
-    if (!isset($_POST['extension'])) {
-        mysqli_query($mysqli, "UPDATE users SET user_extension_key = '' WHERE user_id = $user_id");
-        $extended_log_description .= ", extension access disabled";
-    }
-
-    mysqli_query($mysqli,"UPDATE users SET user_name = '$name', user_email = '$email' WHERE user_id = $user_id");
+    mysqli_query($mysqli,"UPDATE users SET user_name = '$name', user_email = '$email' WHERE user_id = $session_user_id");
 
     //Logging
-    mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'User Preferences', log_action = 'Modify', log_description = '$session_name modified their preferences$extended_log_description', log_ip = '$session_ip', log_user_agent = '$session_user_agent',  log_user_id = $session_user_id");
+    mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'User Details', log_action = 'Modify', log_description = '$session_name modified their details $extended_log_description', log_ip = '$session_ip', log_user_agent = '$session_user_agent',  log_user_id = $session_user_id");
 
-    $_SESSION['alert_message'] = "User preferences updated";
+    $_SESSION['alert_message'] = "User details updated";
 
     if ($logout) {
         header('Location: post.php?logout');
@@ -122,6 +85,80 @@ if (isset($_POST['edit_profile'])) {
     }
 }
 
+if (isset($_POST['edit_your_user_password'])) {
+
+    // CSRF Check
+    validateCSRFToken($_POST['csrf_token']);
+
+    $new_password = trim($_POST['new_password']);
+
+    // Email notification when password or email is changed
+    $user_sql = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT user_name, user_email FROM users WHERE user_id = $session_user_id"));
+    $name = $user_sql['user_name'];
+    $user_email = $user_sql['user_email'];
+
+    if (!empty($config_smtp_host)){
+
+        $details = "Your password was changed.";
+
+        $subject = "$config_app_name account update confirmation for $name";
+        $body = "Hi $name, <br><br>Your $config_app_name account has been updated, details below: <br><br> <b>$details</b> <br><br> If you did not perform this change, contact your $config_app_name administrator immediately. <br><br>Thanks, <br>ITFlow<br>$session_company_name";
+
+        $data = [
+            [
+                'from' => $config_mail_from_email,
+                'from_name' => $config_mail_from_name,
+                'recipient' => $user_email,
+                'recipient_name' => $name,
+                'subject' => $subject,
+                'body' => $body
+            ]
+        ];
+        $mail = addToMailQueue($mysqli, $data);
+    }
+
+    $new_password = password_hash($new_password, PASSWORD_DEFAULT);
+    $user_specific_encryption_ciphertext = encryptUserSpecificKey($_POST['new_password']);
+    mysqli_query($mysqli,"UPDATE users SET user_password = '$new_password', user_specific_encryption_ciphertext = '$user_specific_encryption_ciphertext' WHERE user_id = $session_user_id");
+
+    //Logging
+    mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'User Preferences', log_action = 'Modify', log_description = '$session_name changed their password', log_ip = '$session_ip', log_user_agent = '$session_user_agent',  log_user_id = $session_user_id");
+
+    $_SESSION['alert_message'] = "Your password was updated";
+
+    header('Location: post.php?logout');
+}
+
+if (isset($_POST['edit_your_user_browser_extention'])) {
+
+    // CSRF Check
+    validateCSRFToken($_POST['csrf_token']);
+
+    // Enable extension access, only if it isn't already setup (user doesn't have cookie)
+    if (isset($_POST['extension']) && $_POST['extension'] == 'Yes') {
+        if (!isset($_COOKIE['user_extension_key'])) {
+            $extension_key = randomString(156);
+            mysqli_query($mysqli, "UPDATE users SET user_extension_key = '$extension_key' WHERE user_id = $session_user_id");
+
+            $extended_log_description .= "enabled browser extension access";
+            $logout = true;
+        }
+    }
+
+    // Disable extension access
+    if (!isset($_POST['extension'])) {
+        mysqli_query($mysqli, "UPDATE users SET user_extension_key = '' WHERE user_id = $session_user_id");
+        $extended_log_description .= "disabled browser extension access";
+    }
+
+    //Logging
+    mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'User Preferences', log_action = 'Modify', log_description = '$session_name $extended_log_description', log_ip = '$session_ip', log_user_agent = '$session_user_agent',  log_user_id = $session_user_id");
+
+    $_SESSION['alert_message'] = "User preferences updated";
+
+    header("Location: " . $_SERVER["HTTP_REFERER"]);
+}
+
 
 if (isset($_POST['verify'])) {
 
diff --git a/top_nav.php b/top_nav.php
index d8f88455..77f95ee3 100644
--- a/top_nav.php
+++ b/top_nav.php
@@ -153,10 +153,10 @@
                 </li>
                 <!-- Menu Footer-->
                 <li class="user-footer">
-                    <a href="user_profile.php" class="btn btn-default btn-flat"><i
-                            class="fas fa-cog mr-2"></i>Profile</a>
+                    <a href="user_details.php" class="btn btn-default btn-flat"><i
+                            class="fas fa-cog mr-2"></i>Account</a>
                     <a href="post.php?logout" class="btn btn-default btn-flat float-right"><i
-                            class="fas fa-sign-out-alt mr-2"></i>Sign out</a>
+                            class="fas fa-sign-out-alt mr-2"></i>Logout</a>
                 </li>
             </ul>
         </li>
diff --git a/user_activity.php b/user_activity.php
new file mode 100644
index 00000000..12a4144e
--- /dev/null
+++ b/user_activity.php
@@ -0,0 +1,95 @@
+<?php
+require_once "inc_all_user.php";
+
+
+$sql_recent_logins = mysqli_query($mysqli, "SELECT * FROM logs
+    WHERE log_type = 'Login' OR log_type = 'Login 2FA' AND log_action = 'Success' AND log_user_id = $session_user_id
+    ORDER BY log_id DESC LIMIT 3"
+);
+
+$sql_recent_logs = mysqli_query($mysqli, "SELECT * FROM logs
+    WHERE log_user_id = $session_user_id AND log_type NOT LIKE 'Login'
+    ORDER BY log_id DESC LIMIT 5"
+);
+
+?>
+
+<div class="card card-dark">
+    <div class="card-header">
+        <h3 class="card-title"><i class="fas fa-fw fa-sign-in-alt mr-2"></i>Your Recent Sign ins</h3>
+    </div>
+    <table class="table table-borderless">
+        <tbody>
+        <?php
+
+        while ($row = mysqli_fetch_array($sql_recent_logins)) {
+            $log_id = intval($row['log_id']);
+            $log_ip = nullable_htmlentities($row['log_ip']);
+            $log_user_agent = nullable_htmlentities($row['log_user_agent']);
+            $log_user_os = getOS($log_user_agent);
+            $log_user_browser = getWebBrowser($log_user_agent);
+            $log_created_at = nullable_htmlentities($row['log_created_at']);
+
+            ?>
+
+            <tr>
+                <td><i class="fa fa-fw fa-clock text-secondary mr-2"></i><?php echo $log_created_at; ?></td>
+                <td><?php echo $log_user_os; ?></td>
+                <td><?php echo $log_user_browser; ?></td>
+                <td><i class='fa fa-fw fa-globe text-secondary'></i> <?php echo $log_ip; ?></td>
+            </tr>
+        <?php } ?>
+        </tbody>
+    </table>
+    <div class="card-footer">
+        <a href="logs.php?q=<?php echo "$session_name successfully logged in"; ?>">See More...</a>
+    </div>
+</div>
+
+<div class="card card-dark">
+    <div class="card-header">
+        <h3 class="card-title"><i class="fas fa-fw fa-history mr-2"></i>Your Recent Activity</h3>
+    </div>
+
+
+    <table class="table">
+        <tbody>
+        <?php
+
+        while ($row = mysqli_fetch_array($sql_recent_logs)) {
+            $log_id = intval($row['log_id']);
+            $log_type = nullable_htmlentities($row['log_type']);
+            $log_action = nullable_htmlentities($row['log_action']);
+            $log_description = nullable_htmlentities($row['log_description']);
+            $log_created_at = nullable_htmlentities($row['log_created_at']);
+
+            if ($log_action == 'Create') {
+                $log_icon = "plus text-success";
+            } elseif ($log_action == 'Modify') {
+                $log_icon = "edit text-info";
+            } elseif ($log_action == 'Delete') {
+                $log_icon = "trash-alt text-danger";
+            } else {
+                $log_icon = "pencil";
+            }
+
+            ?>
+
+            <tr>
+                <td><i class="fa fa-fw fa-clock text-secondary mr-2"></i><?php echo $log_created_at; ?></td>
+                <td><strong><i class="fa fa-fw text-secondary fa-<?php echo $log_icon; ?>"></i> <?php echo $log_type; ?></strong></td>
+                <td><span class="text-secondary"><?php echo $log_description; ?></span></td>
+
+            </tr>
+            <?php
+        }
+        ?>
+        </tbody>
+    </table>
+    <div class="card-footer">
+        <a href="logs.php?q=<?php echo nullable_htmlentities($session_name); ?>">See More...</a>
+    </div>
+</div>
+
+<?php
+require_once "footer.php";
diff --git a/user_browser_extension.php b/user_browser_extension.php
new file mode 100644
index 00000000..c6f55a2b
--- /dev/null
+++ b/user_browser_extension.php
@@ -0,0 +1,35 @@
+<?php
+require_once "inc_all_user.php";
+
+?>
+
+<div class="card card-dark">
+    <div class="card-header py-3">
+        <h3 class="card-title"><i class="fas fa-fw fa-cog mr-2"></i>Browser Extension</h3>
+    </div>
+    <div class="card-body">
+
+        <form action="post.php" method="post" enctype="multipart/form-data" autocomplete="off">
+            <input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token'] ?>">
+
+            <?php if ($session_user_role > 1) { ?>
+
+                <div class="form-group">
+                    <div class="form-check">
+                        <input type="checkbox" class="form-check-input" name="extension" id="extension" value="Yes" <?php if (isset($_COOKIE['user_extension_key'])) {echo "checked";} ?>>
+                        <label class="form-check-label" for="extension">Enable Browser Extention?</label>
+                        <p class="small">Note: You must log out and back in again for these changes take effect.</p>
+                    </div>
+                </div>
+
+            <?php } ?>
+
+            <button type="submit" name="edit_your_user_browser_extension" class="btn btn-primary btn-block mt-3"><i class="fas fa-check mr-2"></i>Save</button>
+
+        </form>
+
+    </div>
+</div>
+
+<?php
+require_once "footer.php";
diff --git a/user_details.php b/user_details.php
new file mode 100644
index 00000000..89d8c84e
--- /dev/null
+++ b/user_details.php
@@ -0,0 +1,61 @@
+<?php
+require_once "inc_all_user.php";
+
+?>
+
+<div class="card card-dark">
+    <div class="card-header py-3">
+        <h3 class="card-title"><i class="fas fa-fw fa-user mr-2"></i>Your User Details</h3>
+    </div>
+    <div class="card-body">
+
+        <form action="post.php" method="post" enctype="multipart/form-data" autocomplete="off">
+            <input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token'] ?>">
+
+            <center class="mb-3 px-5">
+                <?php if (empty($session_avatar)) { ?>
+                    <i class="fas fa-user-circle fa-8x text-secondary"></i>
+                <?php } else { ?>
+                    <img alt="User avatar" src="<?php echo "uploads/users/$session_user_id/" . nullable_htmlentities($session_avatar); ?>" class="img-fluid">
+                <?php } ?>
+                <h4 class="text-secondary mt-2"><?php echo nullable_htmlentities($session_user_role_display); ?></h4>
+            </center>
+
+            <hr>
+
+            <div class="form-group">
+                <label>Your Name <strong class="text-danger">*</strong></label>
+                <div class="input-group">
+                    <div class="input-group-prepend">
+                        <span class="input-group-text"><i class="fa fa-fw fa-user"></i></span>
+                    </div>
+                    <input type="text" class="form-control" name="name" placeholder="Full Name" value="<?php echo stripslashes(nullable_htmlentities($session_name)); ?>" required>
+                </div>
+            </div>
+
+            <div class="form-group">
+                <label>Your Email <strong class="text-danger">*</strong></label>
+                <div class="input-group">
+                    <div class="input-group-prepend">
+                        <span class="input-group-text"><i class="fa fa-fw fa-envelope"></i></span>
+                    </div>
+                    <input type="email" class="form-control" name="email" placeholder="Email Address" value="<?php echo nullable_htmlentities($session_email); ?>" required>
+                </div>
+            </div>
+
+            <div class="form-group">
+                <label>Your Avatar</label>
+                <input type="file" class="form-control-file" accept="image/*;capture=camera" name="file">
+            </div>
+
+            <button type="submit" name="edit_your_user_details" class="btn btn-primary btn-block mt-3"><i class="fas fa-check mr-2"></i>Save</button>
+
+
+        </form>
+                
+    </div>
+
+</div>
+
+<?php
+require_once "footer.php";
diff --git a/user_preferences.php b/user_preferences.php
new file mode 100644
index 00000000..1c5b2976
--- /dev/null
+++ b/user_preferences.php
@@ -0,0 +1,35 @@
+<?php
+require_once "inc_all_user.php";
+
+?>
+
+<div class="card card-dark">
+    <div class="card-header py-3">
+        <h3 class="card-title"><i class="fas fa-fw fa-globe mr-2"></i>Browser Extension</h3>
+    </div>
+    <div class="card-body">
+
+        <form action="post.php" method="post" enctype="multipart/form-data" autocomplete="off">
+            <input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token'] ?>">
+
+            <?php if ($session_user_role > 1) { ?>
+
+                <div class="form-group">
+                    <div class="form-check">
+                        <input type="checkbox" class="form-check-input" name="extension" id="extension" value="Yes" <?php if (isset($_COOKIE['user_extension_key'])) {echo "checked";} ?>>
+                        <label class="form-check-label" for="extension">Enable Browser Extention?</label>
+                        <p class="small">Note: You must log out and back in again for these changes take effect.</p>
+                    </div>
+                </div>
+
+            <?php } ?>
+
+            <button type="submit" name="edit_your_user_browser_extension" class="btn btn-primary btn-block mt-3"><i class="fas fa-check mr-2"></i>Save</button>
+
+        </form>
+
+    </div>
+</div>
+
+<?php
+require_once "footer.php";
diff --git a/user_profile.php b/user_profile.php
deleted file mode 100644
index 46a21994..00000000
--- a/user_profile.php
+++ /dev/null
@@ -1,234 +0,0 @@
-<?php
-require_once "inc_all.php";
-
-
-$sql_recent_logins = mysqli_query($mysqli, "SELECT * FROM logs
-    WHERE log_type = 'Login' OR log_type = 'Login 2FA' AND log_action = 'Success' AND log_user_id = $session_user_id
-    ORDER BY log_id DESC LIMIT 3"
-);
-
-$sql_recent_logs = mysqli_query($mysqli, "SELECT * FROM logs
-    WHERE log_user_id = $session_user_id AND log_type NOT LIKE 'Login'
-    ORDER BY log_id DESC LIMIT 5"
-);
-
-?>
-
-<div class="row">
-    <div class="col-md-4">
-        <div class="card card-dark">
-            <div class="card-header py-3">
-                <h3 class="card-title"><i class="fas fa-fw fa-cog mr-2"></i>Your User Details</h3>
-            </div>
-            <div class="card-body">
-
-                <form action="post.php" method="post" enctype="multipart/form-data" autocomplete="off">
-                    <input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token'] ?>">
-
-                    <center class="mb-3 px-5">
-                        <?php if (empty($session_avatar)) { ?>
-                            <i class="fas fa-user-circle fa-8x text-secondary"></i>
-                        <?php } else { ?>
-                            <img alt="User avatar" src="<?php echo "uploads/users/$session_user_id/" . nullable_htmlentities($session_avatar); ?>" class="img-fluid">
-                        <?php } ?>
-                        <h4 class="text-secondary mt-2"><?php echo nullable_htmlentities($session_user_role_display); ?></h4>
-                    </center>
-
-                    <hr>
-
-                    <div class="form-group">
-                        <label>Your Name <strong class="text-danger">*</strong></label>
-                        <div class="input-group">
-                            <div class="input-group-prepend">
-                                <span class="input-group-text"><i class="fa fa-fw fa-user"></i></span>
-                            </div>
-                            <input type="text" class="form-control" name="name" placeholder="Full Name" value="<?php echo stripslashes(nullable_htmlentities($session_name)); ?>" required>
-                        </div>
-                    </div>
-
-                    <div class="form-group">
-                        <label>Your Email <strong class="text-danger">*</strong></label>
-                        <div class="input-group">
-                            <div class="input-group-prepend">
-                                <span class="input-group-text"><i class="fa fa-fw fa-envelope"></i></span>
-                            </div>
-                            <input type="email" class="form-control" name="email" placeholder="Email Address" value="<?php echo nullable_htmlentities($session_email); ?>" required>
-                        </div>
-                    </div>
-
-                    <div class="form-group">
-                        <label>Your New Password</label>
-                        <div class="input-group">
-                            <div class="input-group-prepend">
-                                <span class="input-group-text"><i class="fa fa-fw fa-lock"></i></span>
-                            </div>
-                            <input type="password" class="form-control" data-toggle="password" name="new_password" placeholder="Leave blank for no change" autocomplete="new-password" minlength="8">
-                            <div class="input-group-append">
-                                <span class="input-group-text"><i class="fa fa-fw fa-eye"></i></span>
-                            </div>
-                        </div>
-                    </div>
-
-                    <div class="form-group">
-                        <label>Your Avatar</label>
-                        <input type="file" class="form-control-file" accept="image/*;capture=camera" name="file">
-                    </div>
-
-                    <?php if ($session_user_role > 1) { ?>
-
-                        <div class="form-group">
-                            <div class="form-check">
-                                <input type="checkbox" class="form-check-input" name="extension" id="extension" value="Yes" <?php if (isset($_COOKIE['user_extension_key'])) {echo "checked";} ?>>
-                                <label class="form-check-label" for="extension">Enable Browser Extention?</label>
-                                <p class="small">Note: You must log out and back in again for these changes take effect.</p>
-                            </div>
-                        </div>
-
-                    <?php } ?>
-
-                    <button type="submit" name="edit_profile" class="btn btn-primary btn-block mt-3"><i class="fas fa-check mr-2"></i>Save</button>
-
-
-                </form>
-
-                <hr>
-
-                <form action="post.php" method="post" autocomplete="off">
-                    <input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token'] ?>">
-
-                    <?php if (empty($session_token)) { ?>
-                        <button type="submit" name="enable_2fa" class="btn btn-success btn-block mt-3"><i class="fa fa-fw fa-lock"></i><br> Enable 2FA</button>
-                    <?php } else { ?>
-                        <p>You have set up 2FA. Your QR code is below.</p>
-                        <button type="submit" name="disable_2fa" class="btn btn-danger btn-block mt-3"><i class="fa fa-fw fa-unlock"></i><br>Disable 2FA</button>
-                    <?php } ?>
-
-                    <center>
-                        <?php
-
-                        require_once 'rfc6238.php';
-
-
-                        //Generate a base32 Key
-                        $secretkey = key32gen();
-
-                        if (!empty($session_token)) {
-
-                            //Generate QR Code based off the generated key
-                            print sprintf('<img src="%s"/>', TokenAuth6238::getBarCodeUrl($session_name, ' ', $session_token, $_SERVER['SERVER_NAME']));
-
-                            echo "<p class='text-secondary'>$session_token</p>";
-                        }
-
-                        ?>
-                    </center>
-
-                    <input type="hidden" name="token" value="<?php echo $secretkey; ?>">
-
-                </form>
-
-                <?php if (!empty($session_token)) { ?>
-                    <form action="post.php" method="post" autocomplete="off">
-                        <div class="form-group">
-                            <div class="input-group">
-                                <div class="input-group-prepend">
-                                    <span class="input-group-text"><i class="fa fa-fw fa-key"></i></span>
-                                </div>
-                                <input type="text" class="form-control" inputmode="numeric" pattern="[0-9]*" name="code" placeholder="Verify 2FA Code" required>
-                                <div class="input-group-append">
-                                    <button type="submit" name="verify" class="btn btn-success">Verify</button>
-                                </div>
-                            </div>
-                        </div>
-
-                    </form>
-                <?php } ?>
-            </div>
-        </div>
-    </div>
-
-    <div class="col-md-8">
-
-        <div class="card card-dark">
-            <div class="card-header">
-                <h3 class="card-title"><i class="fas fa-fw fa-sign-in-alt mr-2"></i>Your Recent Sign ins</h3>
-            </div>
-            <table class="table table-borderless">
-                <tbody>
-                <?php
-
-                while ($row = mysqli_fetch_array($sql_recent_logins)) {
-                    $log_id = intval($row['log_id']);
-                    $log_ip = nullable_htmlentities($row['log_ip']);
-                    $log_user_agent = nullable_htmlentities($row['log_user_agent']);
-                    $log_user_os = getOS($log_user_agent);
-                    $log_user_browser = getWebBrowser($log_user_agent);
-                    $log_created_at = nullable_htmlentities($row['log_created_at']);
-
-                    ?>
-
-                    <tr>
-                        <td><i class="fa fa-fw fa-clock text-secondary mr-2"></i><?php echo $log_created_at; ?></td>
-                        <td><?php echo $log_user_os; ?></td>
-                        <td><?php echo $log_user_browser; ?></td>
-                        <td><i class='fa fa-fw fa-globe text-secondary'></i> <?php echo $log_ip; ?></td>
-                    </tr>
-                <?php } ?>
-                </tbody>
-            </table>
-            <div class="card-footer">
-                <a href="logs.php?q=<?php echo "$session_name successfully logged in"; ?>">See More...</a>
-            </div>
-        </div>
-
-        <div class="card card-dark">
-            <div class="card-header">
-                <h3 class="card-title"><i class="fas fa-fw fa-history mr-2"></i>Your Recent Activity</h3>
-            </div>
-
-
-            <table class="table">
-                <tbody>
-                <?php
-
-                while ($row = mysqli_fetch_array($sql_recent_logs)) {
-                    $log_id = intval($row['log_id']);
-                    $log_type = nullable_htmlentities($row['log_type']);
-                    $log_action = nullable_htmlentities($row['log_action']);
-                    $log_description = nullable_htmlentities($row['log_description']);
-                    $log_created_at = nullable_htmlentities($row['log_created_at']);
-
-                    if ($log_action == 'Create') {
-                        $log_icon = "plus text-success";
-                    } elseif ($log_action == 'Modify') {
-                        $log_icon = "edit text-info";
-                    } elseif ($log_action == 'Delete') {
-                        $log_icon = "trash-alt text-danger";
-                    } else {
-                        $log_icon = "pencil";
-                    }
-
-                    ?>
-
-                    <tr>
-                        <td><i class="fa fa-fw fa-clock text-secondary mr-2"></i><?php echo $log_created_at; ?></td>
-                        <td><strong><i class="fa fa-fw text-secondary fa-<?php echo $log_icon; ?>"></i> <?php echo $log_type; ?></strong></td>
-                        <td><span class="text-secondary"><?php echo $log_description; ?></span></td>
-
-                    </tr>
-                    <?php
-                }
-                ?>
-                </tbody>
-            </table>
-            <div class="card-footer">
-                <a href="logs.php?q=<?php echo nullable_htmlentities($session_name); ?>">See More...</a>
-            </div>
-        </div>
-    </div>
-
-</div>
-
-<?php
-require_once "footer.php";
-
diff --git a/user_security.php b/user_security.php
new file mode 100644
index 00000000..d0076403
--- /dev/null
+++ b/user_security.php
@@ -0,0 +1,90 @@
+<?php
+require_once "inc_all_user.php";
+
+?>
+
+<div class="card card-dark">
+    <div class="card-header py-3">
+        <h3 class="card-title"><i class="fas fa-fw fa-shield-alt mr-2"></i>Your Password</h3>
+    </div>
+    <div class="card-body">
+        <form action="post.php" method="post" enctype="multipart/form-data" autocomplete="off">
+            <input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token'] ?>">
+
+            <div class="form-group">
+                <label>Your New Password</label>
+                <div class="input-group">
+                    <div class="input-group-prepend">
+                        <span class="input-group-text"><i class="fa fa-fw fa-lock"></i></span>
+                    </div>
+                    <input type="password" class="form-control" data-toggle="password" name="new_password" placeholder="Leave blank for no change" autocomplete="new-password" minlength="8">
+                    <div class="input-group-append">
+                        <span class="input-group-text"><i class="fa fa-fw fa-eye"></i></span>
+                    </div>
+                </div>
+            </div>
+
+            <button type="submit" name="edit_your_user_password" class="btn btn-primary btn-block mt-3"><i class="fas fa-check mr-2"></i>Save</button>
+
+        </form>
+    </div>
+</div>
+
+<div class="card card-dark">
+    <div class="card-header py-3">
+        <h3 class="card-title"><i class="fas fa-fw fa-lock mr-2"></i>Mult-Factor Authentication</h3>
+    </div>
+    <div class="card-body">
+        <form action="post.php" method="post" autocomplete="off">
+            <input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token'] ?>">
+
+            <?php if (empty($session_token)) { ?>
+                <button type="submit" name="enable_2fa" class="btn btn-success btn-block mt-3"><i class="fa fa-fw fa-lock"></i><br> Enable 2FA</button>
+            <?php } else { ?>
+                <p>You have set up 2FA. Your QR code is below.</p>
+                <button type="submit" name="disable_2fa" class="btn btn-danger btn-block mt-3"><i class="fa fa-fw fa-unlock"></i><br>Disable 2FA</button>
+            <?php } ?>
+
+            <center>
+                <?php
+
+                require_once 'rfc6238.php';
+
+                //Generate a base32 Key
+                $secretkey = key32gen();
+
+                if (!empty($session_token)) {
+
+                    //Generate QR Code based off the generated key
+                    print sprintf('<img src="%s"/>', TokenAuth6238::getBarCodeUrl($session_name, ' ', $session_token, $_SERVER['SERVER_NAME']));
+
+                    echo "<p class='text-secondary'>$session_token</p>";
+                }
+
+                ?>
+            </center>
+
+            <input type="hidden" name="token" value="<?php echo $secretkey; ?>">
+
+        </form>
+
+        <?php if (!empty($session_token)) { ?>
+            <form action="post.php" method="post" autocomplete="off">
+                <div class="form-group">
+                    <div class="input-group">
+                        <div class="input-group-prepend">
+                            <span class="input-group-text"><i class="fa fa-fw fa-key"></i></span>
+                        </div>
+                        <input type="text" class="form-control" inputmode="numeric" pattern="[0-9]*" name="code" placeholder="Verify 2FA Code" required>
+                        <div class="input-group-append">
+                            <button type="submit" name="verify" class="btn btn-success">Verify</button>
+                        </div>
+                    </div>
+                </div>
+
+            </form>
+        <?php } ?>
+    </div>
+
+<?php
+require_once "footer.php";
diff --git a/user_side_nav.php b/user_side_nav.php
new file mode 100644
index 00000000..2f1ee6e8
--- /dev/null
+++ b/user_side_nav.php
@@ -0,0 +1,52 @@
+<!-- Main Sidebar Container -->
+<aside class="main-sidebar sidebar-dark-<?php echo nullable_htmlentities($config_theme); ?> d-print-none">
+
+    <a class="brand-link pb-1 mt-1" href="clients.php">    
+        <p class="h5"><i class="nav-icon fas fa-arrow-left ml-3 mr-2"></i> Go Back</strong></p>
+    </a>
+
+    <!-- Sidebar -->
+    <div class="sidebar">
+
+        <!-- Sidebar Menu -->
+        <nav>
+
+            <ul class="nav nav-pills nav-sidebar flex-column" data-widget="treeview" role="menu" data-accordion="false">
+
+                <li class="nav-item mt-3">
+                    <a href="user_details.php" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "user_details.php") { echo "active"; } ?>">
+                        <i class="nav-icon fas fa-user"></i>
+                        <p>Details</p>
+                    </a>
+                </li>
+
+               <li class="nav-item mt-2">
+                    <a href="user_security.php" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "user_security.php") { echo "active"; } ?>">
+                        <i class="nav-icon fas fa-shield-alt"></i>
+                        <p>Security</p>
+                    </a>
+                </li>
+
+                <li class="nav-item mt-2">
+                    <a href="user_preferences.php" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "user_preferences.php") { echo "active"; } ?>">
+                        <i class="nav-icon fas fa-cogs"></i>
+                        <p>Preferences</p>
+                    </a>
+                </li>
+
+                <li class="nav-item mt-2">
+                    <a href="user_activity.php" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "user_activity.php") { echo "active"; } ?>">
+                        <i class="nav-icon fas fa-clock"></i>
+                        <p>Activity</p>
+                    </a>
+                </li>
+
+            </ul>
+        </nav>
+        <!-- /.sidebar-menu -->
+
+        <div class="mb-3"></div>
+        
+    </div>
+    <!-- /.sidebar -->
+</aside>