AS1024/itflow
1
0
Fork 0
mirror of https://github.com/itflow-org/itflow synced 2026-02-28 19:04:52 +00:00
Code Issues Packages Projects Releases Wiki Activity

moved user preferences and user settings into /agent/user/ directory

Browse Source
This commit is contained in:
johnnyq
2025-09-23 19:17:14 -04:00
parent edabc5c33f
commit dba08714bf
10 changed files with 72 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
agent/user/includes/inc_all_user.php Normal file
View File

@@ -0,0 +1,14 @@
<?php
require_once "../../config.php";
require_once "../../functions.php";
require_once "../../includes/router.php";
require_once "../../includes/check_login.php";
require_once "../../includes/page_title.php";
require_once "../../includes/header.php";
require_once "../../includes/top_nav.php";
require_once "includes/user_side_nav.php";
require_once "../../includes/inc_wrapper.php";
require_once "../../includes/inc_alert_feedback.php";
require_once "../../includes/filter_header.php";

58
agent/user/includes/user_side_nav.php Normal file
View File

@@ -0,0 +1,58 @@
<!-- Main Sidebar Container -->
<aside class="main-sidebar sidebar-dark-<?php echo nullable_htmlentities($config_theme); ?> d-print-none">
<a class="brand-link pb-1 mt-1" href="../<?php echo $config_start_page ?>">
<p class="h5">
<i class="nav-icon fas fa-arrow-left ml-3 mr-2"></i>
<span class="brand-text">
Back | <strong>Account</strong>
</span>
</p>
</a>
<!-- Sidebar -->
<div class="sidebar">
<!-- Sidebar Menu -->
<nav>
<ul class="nav nav-pills nav-sidebar flex-column mt-2" data-widget="treeview" role="menu" data-accordion="false">
<li class="nav-item">
<a href="user_details.php" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "user_details.php") { echo "active"; } ?>">
<i class="nav-icon fas fa-user"></i>
<p>Details</p>
</a>
</li>
<li class="nav-item mt-2">
<a href="user_security.php" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "user_security.php") { echo "active"; } ?>">
<i class="nav-icon fas fa-shield-alt"></i>
<p>Security</p>
</a>
</li>
<li class="nav-item mt-2">
<a href="user_preferences.php" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "user_preferences.php") { echo "active"; } ?>">
<i class="nav-icon fas fa-cogs"></i>
<p>Preferences</p>
</a>
</li>
<li class="nav-item mt-2">
<a href="user_activity.php" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "user_activity.php") { echo "active"; } ?>">
<i class="nav-icon fas fa-clock"></i>
<p>Activity</p>
</a>
</li>
</ul>
</nav>
<!-- /.sidebar-menu -->
<div class="mb-3"></div>
</div>
<!-- /.sidebar -->
</aside>

46
agent/user/post.php Normal file
View File

@@ -0,0 +1,46 @@
<?php
/*
* ITFlow - User GET/POST request handler
*/
require_once "../../config.php";
require_once "../../functions.php";
require_once "../../includes/check_login.php";
// Define a variable that we can use to only allow running post files via inclusion (prevents people/bots poking them)
define('FROM_POST_HANDLER', true);
// Determine which files we should load
// Parse URL & get the path
$path = parse_url($_SERVER['HTTP_REFERER'], PHP_URL_PATH);
// Get the base name (the page name)
$module = explode(".", basename($path))[0];
// Strip off any _details bits
$module = str_ireplace('_details', '', $module);
// Dynamically load admin-related module POST logic
// Load all module POST logic
// Loads everything in post/user/
// Eventually, it would be nice to only specifically load what we need like we do for admins
foreach (glob("post/*.php") as $user_module) {
if (!preg_match('/_model\.php$/', basename($user_module))) {
require_once $user_module;
}
}
// Logout is the same for user and admin
require_once "../../post/logout.php";
// TODO: Find a home for these
require_once "../../post/ai.php";
require_once "../../post/misc.php";

313
agent/user/post/profile.php Normal file
View File

@@ -0,0 +1,313 @@
<?php
/*
* ITFlow - GET/POST request handler for user profiles (tech/agent)
*/
defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
if (isset($_POST['edit_your_user_details'])) {
validateCSRFToken($_POST['csrf_token']);
$name = sanitizeInput($_POST['name']);
$email = sanitizeInput($_POST['email']);
$signature = sanitizeInput($_POST['signature']);
$existing_file_name = sanitizeInput(getFieldById('users', $session_user_id, 'user_avatar'));
$logout = false;
$extended_log_description = '';
// Email notification when password or email is changed
$user_old_email_sql = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT user_email FROM users WHERE user_id = $session_user_id"));
$user_old_email = sanitizeInput($user_old_email_sql['user_email']);
// Sanitize Config Vars from get_settings.php and Session Vars from check_login.php
$config_mail_from_name = sanitizeInput($config_mail_from_name);
$config_mail_from_email = sanitizeInput($config_mail_from_email);
$config_app_name = sanitizeInput($config_app_name);
if (!empty($config_smtp_host) && ($user_old_email !== $email)) {
$details = "Your email address was changed. New email: $email.";
$subject = "$config_app_name account update confirmation for $name";
$body = "Hi $name, <br><br>Your $config_app_name account has been updated, details below: <br><br> <b>$details</b> <br><br> If you did not perform this change, contact your $config_app_name administrator immediately. <br><br>Thanks, <br>ITFlow<br>$session_company_name";
$data = [
[
'from' => $config_mail_from_email,
'from_name' => $config_mail_from_name,
'recipient' => $user_old_email,
'recipient_name' => $name,
'subject' => $subject,
'body' => $body
]
];
$mail = addToMailQueue($data);
}
// Photo
if (isset($_FILES['avatar']['tmp_name'])) {
if ($new_file_name = checkFileUpload($_FILES['avatar'], array('jpg', 'jpeg', 'gif', 'png', 'webp'))) {
$file_tmp_path = $_FILES['avatar']['tmp_name'];
// directory in which the uploaded file will be moved
$upload_file_dir = "../../uploads/users/$session_user_id/";
$dest_path = $upload_file_dir . $new_file_name;
move_uploaded_file($file_tmp_path, $dest_path);
// Delete old file
unlink("../uploads/users/$session_user_id/$existing_file_name");
// Set Avatar
mysqli_query($mysqli,"UPDATE users SET user_avatar = '$new_file_name' WHERE user_id = $session_user_id");
// Extended Logging
$extended_log_description .= ", avatar updated";
}
}
mysqli_query($mysqli,"UPDATE users SET user_name = '$name', user_email = '$email' WHERE user_id = $session_user_id");
mysqli_query($mysqli,"UPDATE user_settings SET user_config_signature = '$signature' WHERE user_id = $session_user_id");
logAction("User Account", "Edit", "$session_name edited their account $extended_log_description");
flash_alert("User details updated");
if ($logout) {
redirect('post.php?logout');
} else {
redirect();
}
}
if (isset($_GET['clear_your_user_avatar'])) {
validateCSRFToken($_GET['csrf_token']);
mysqli_query($mysqli,"UPDATE users SET user_avatar = NULL WHERE user_id = $session_user_id");
logAction("User Account", "Edit", "$session_name cleared their avatar");
flash_alert("Avatar cleared", 'error');
redirect();
}
if (isset($_POST['edit_your_user_password'])) {
validateCSRFToken($_POST['csrf_token']);
$new_password = trim($_POST['new_password']);
if (empty($new_password)) {
redirect('user_security.php');
}
// Email notification when password or email is changed
$user_sql = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT user_name, user_email FROM users WHERE user_id = $session_user_id"));
$name = sanitizeInput($user_sql['user_name']);
$user_email = sanitizeInput($user_sql['user_email']);
// Sanitize Config Vars from get_settings.php and Session Vars from check_login.php
$config_mail_from_name = sanitizeInput($config_mail_from_name);
$config_mail_from_email = sanitizeInput($config_mail_from_email);
$config_app_name = sanitizeInput($config_app_name);
if (!empty($config_smtp_host)){
$details = "Your password was changed.";
$subject = "$config_app_name account update confirmation for $name";
$body = "Hi $name, <br><br>Your $config_app_name account has been updated, details below: <br><br> <b>$details</b> <br><br> If you did not perform this change, contact your $config_app_name administrator immediately. <br><br>Thanks, <br>$config_app_name";
$data = [
[
'from' => $config_mail_from_email,
'from_name' => $config_mail_from_name,
'recipient' => $user_email,
'recipient_name' => $name,
'subject' => $subject,
'body' => $body
]
];
$mail = addToMailQueue($data);
}
$new_password = password_hash($new_password, PASSWORD_DEFAULT);
$user_specific_encryption_ciphertext = encryptUserSpecificKey($_POST['new_password']);
mysqli_query($mysqli,"UPDATE users SET user_password = '$new_password', user_specific_encryption_ciphertext = '$user_specific_encryption_ciphertext' WHERE user_id = $session_user_id");
logAction("User Account", "Edit", "$session_name changed their password");
flash_alert("Your password was updated");
redirect('post.php?logout');
}
if (isset($_POST['edit_your_user_preferences'])) {
validateCSRFToken($_POST['csrf_token']);
$calendar_first_day = intval($_POST['calendar_first_day']);
$dark_mode = intval($_POST['dark_mode'] ?? 0);
// Calendar
if (isset($calendar_first_day)) {
mysqli_query($mysqli, "UPDATE user_settings SET user_config_calendar_first_day = $calendar_first_day, user_config_theme_dark = $dark_mode WHERE user_id = $session_user_id");
}
// Enable extension access, only if it isn't already setup (user doesn't have cookie)
if (isset($_POST['extension']) && $_POST['extension'] == 'Yes') {
if (!isset($_COOKIE['user_extension_key'])) {
$extension_key = randomString(156);
mysqli_query($mysqli, "UPDATE users SET user_extension_key = '$extension_key' WHERE user_id = $session_user_id");
$extended_log_description .= "enabled browser extension access";
$logout = true;
}
}
// Disable extension access
if (!isset($_POST['extension'])) {
mysqli_query($mysqli, "UPDATE users SET user_extension_key = '' WHERE user_id = $session_user_id");
$extended_log_description .= "disabled browser extension access";
}
logAction("User Account", "Edit", "$session_name $extended_log_description");
flash_alert("User preferences updated");
redirect();
}
if (isset($_POST['enable_mfa'])) {
validateCSRFToken($_POST['csrf_token']);
require_once "../plugins/totp/totp.php";
// Grab the code from the user
$verify_code = trim($_POST['verify_code']);
// Ensure it's numeric
if (!ctype_digit($verify_code)) {
$verify_code = '';
}
// Grab the secret from the session
$token = $_SESSION['mfa_token'] ?? '';
// Verify
if (TokenAuth6238::verify($token, $verify_code)) {
// SUCCESS
mysqli_query($mysqli,"UPDATE users SET user_token = '$token' WHERE user_id = $session_user_id");
// Delete any existing MFA tokens - these browsers should be re-validated
mysqli_query($mysqli, "DELETE FROM remember_tokens WHERE remember_token_user_id = $session_user_id");
logAction("User Account", "Edit", "$session_name enabled MFA on their account");
flash_alert("Multi-Factor authentication enabled");
// Clear the mfa_token from the session to avoid re-use.
unset($_SESSION['mfa_token']);
// Check if the previous page is mfa_enforcement.php
if (isset($_SERVER['HTTP_REFERER'])) {
$previousPage = basename(parse_url($_SERVER['HTTP_REFERER'], PHP_URL_PATH));
if ($previousPage === 'mfa_enforcement.php') {
// Redirect back to mfa_enforcement.php
redirect("$config_start_page");
}
}
} else {
// FAILURE
flash_alert("Verification code invalid, please try again.", 'error');
// Set a flag to automatically open the MFA modal again
$_SESSION['show_mfa_modal'] = true;
// Check if the previous page is mfa_enforcement.php
if (isset($_SERVER['HTTP_REFERER'])) {
$previousPage = basename(parse_url($_SERVER['HTTP_REFERER'], PHP_URL_PATH));
if ($previousPage === 'mfa_enforcement.php') {
// Redirect back to mfa_enforcement.php
redirect();
}
}
}
redirect("user_security.php");
}
if (isset($_GET['disable_mfa'])){
if ($session_user_config_force_mfa) {
flash_alert("Multi-Factor authentication cannot be disabled for your account", 'error');
redirect();
}
validateCSRFToken($_GET['csrf_token']);
mysqli_query($mysqli,"UPDATE users SET user_token = '' WHERE user_id = $session_user_id");
// Delete any existing MFA tokens - these browsers should be re-validated
mysqli_query($mysqli, "DELETE FROM remember_tokens WHERE remember_token_user_id = $session_user_id");
// Sanitize Config Vars from get_settings.php and Session Vars from check_login.php
$config_mail_from_name = sanitizeInput($config_mail_from_name);
$config_mail_from_email = sanitizeInput($config_mail_from_email);
$config_app_name = sanitizeInput($config_app_name);
// Email notification
if (!empty($config_smtp_host)) {
$subject = "$config_app_name account update confirmation for $session_name";
$body = "Hi $session_name, <br><br>Your $config_app_name account has been updated, details below: <br><br> <b>2FA was disabled.</b> <br><br> If you did not perform this change, contact your $config_app_name administrator immediately. <br><br>Thanks, <br>ITFlow<br>$session_company_name";
$data = [
[
'from' => $config_mail_from_email,
'from_name' => $config_mail_from_name,
'recipient' => $session_email,
'recipient_name' => $session_name,
'subject' => $subject,
'body' => $body
]
];
$mail = addToMailQueue($data);
}
logAction("User Account", "Edit", "$session_name disabled MFA on their account");
flash_alert("Multi-Factor authentication disabled", 'error');
redirect();
}
if (isset($_POST['revoke_your_2fa_remember_tokens'])) {
validateCSRFToken($_POST['csrf_token']);
// Delete tokens
mysqli_query($mysqli, "DELETE FROM remember_tokens WHERE remember_token_user_id = $session_user_id");
logAction("User Account", "Edit", "$session_name revoked all their remember-me tokens");
flash_alert("Remember me tokens revoked", 'error');
redirect();
}

99
agent/user/user_activity.php Normal file
View File

@@ -0,0 +1,99 @@
<?php
require_once "includes/inc_all_user.php";
$sql_recent_logins = mysqli_query($mysqli, "SELECT * FROM logs
WHERE log_type = 'Login' OR log_type = 'Login 2FA' AND log_action = 'Success' AND log_user_id = $session_user_id
ORDER BY log_id DESC LIMIT 3"
);
$sql_recent_logs = mysqli_query($mysqli, "SELECT * FROM logs
WHERE log_user_id = $session_user_id AND log_type NOT LIKE 'Login'
ORDER BY log_id DESC LIMIT 5"
);
?>
<div class="card card-dark">
<div class="card-header">
<h3 class="card-title"><i class="fas fa-fw fa-sign-in-alt mr-2"></i>Your Recent Sign ins</h3>
</div>
<table class="table table-borderless">
<tbody>
<?php
while ($row = mysqli_fetch_array($sql_recent_logins)) {
$log_id = intval($row['log_id']);
$log_ip = nullable_htmlentities($row['log_ip']);
$log_user_agent = nullable_htmlentities($row['log_user_agent']);
$log_user_os = getOS($log_user_agent);
$log_user_browser = getWebBrowser($log_user_agent);
$log_created_at = nullable_htmlentities($row['log_created_at']);
?>
<tr>
<td><i class="fa fa-fw fa-clock text-secondary mr-2"></i><?php echo $log_created_at; ?></td>
<td><?php echo $log_user_os; ?></td>
<td><?php echo $log_user_browser; ?></td>
<td><i class='fa fa-fw fa-globe text-secondary'></i> <?php echo $log_ip; ?></td>
</tr>
<?php } ?>
</tbody>
</table>
<?php if (isset($session_is_admin) && $session_is_admin === true) { ?>
<div class="card-footer">
<a href="../admin/audit_log.php?q=<?php echo "$session_name successfully logged in"; ?>">See More...</a>
</div>
<?php } ?>
</div>
<div class="card card-dark">
<div class="card-header">
<h3 class="card-title"><i class="fas fa-fw fa-history mr-2"></i>Your Recent Activity</h3>
</div>
<table class="table">
<tbody>
<?php
while ($row = mysqli_fetch_array($sql_recent_logs)) {
$log_id = intval($row['log_id']);
$log_type = nullable_htmlentities($row['log_type']);
$log_action = nullable_htmlentities($row['log_action']);
$log_description = nullable_htmlentities($row['log_description']);
$log_created_at = nullable_htmlentities($row['log_created_at']);
if ($log_action == 'Create') {
$log_icon = "plus text-success";
} elseif ($log_action == 'Modify') {
$log_icon = "edit text-info";
} elseif ($log_action == 'Delete') {
$log_icon = "trash-alt text-danger";
} else {
$log_icon = "pencil";
}
?>
<tr>
<td><i class="fa fa-fw fa-clock text-secondary mr-2"></i><?php echo $log_created_at; ?></td>
<td><strong><i class="fa fa-fw text-secondary fa-<?php echo $log_icon; ?>"></i> <?php echo $log_type; ?></strong></td>
<td><span class="text-secondary"><?php echo $log_description; ?></span></td>
</tr>
<?php
}
?>
</tbody>
</table>
<?php if (isset($session_is_admin) && $session_is_admin === true) { ?>
<div class="card-footer">
<a href="../../admin/audit_log.php?q=<?php echo nullable_htmlentities($session_name); ?>">See More...</a>
</div>
<?php } ?>
</div>
<?php
require_once "../../includes/footer.php";

81
agent/user/user_details.php Normal file
View File

@@ -0,0 +1,81 @@
<?php
require_once "includes/inc_all_user.php";
?>
<div class="card card-dark">
<div class="card-header">
<h3 class="card-title"><i class="fas fa-cog mr-2"></i>User Preferences</h3>
</div>
<div class="card-body">
<form action="post.php" method="post" enctype="multipart/form-data" autocomplete="off">
<input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token'] ?>">
<div class="row">
<div class="col-md-3 text-center">
<?php if($session_avatar) { ?>
<img class="img-thumbnail" src="<?php echo "../../uploads/users/$session_user_id/" . nullable_htmlentities($session_avatar); ?>">
<a href="post.php?clear_your_user_avatar&csrf_token=<?= $_SESSION['csrf_token'] ?>" class="btn btn-outline-danger btn-block">Remove Avatar</a>
<hr>
<?php } ?>
<div class="form-group">
<label>Upload Avatar</label>
<input type="file" class="form-control-file" accept="image/*" name="avatar">
</div>
</div>
<div class="col-md-9">
<div class="form-group">
<label>Name <strong class="text-danger">*</strong></label>
<div class="input-group">
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-user"></i></span>
</div>
<input type="text" class="form-control" name="name" placeholder="Full Name" value="<?php echo stripslashes(nullable_htmlentities($session_name)); ?>" required>
</div>
</div>
<div class="form-group">
<label>Role</label>
<div class="input-group">
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-user-shield"></i></span>
</div>
<input type="text" class="form-control" value="<?php echo nullable_htmlentities($session_user_role_display); ?>" disabled>
</div>
</div>
<div class="form-group">
<label>Email <strong class="text-danger">*</strong></label>
<div class="input-group">
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-envelope"></i></span>
</div>
<input type="email" class="form-control" name="email" placeholder="Email Address" value="<?php echo nullable_htmlentities($session_email); ?>" required>
</div>
</div>
<div class="form-group">
<label>Signature</label>
<div class="input-group">
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-pen"></i></span>
</div>
<textarea class="form-control" name="signature" rows="4" placeholder="Create a signature automatically appended to tickets, emails etc"><?php echo getFieldById('user_settings',$session_user_id,'user_config_signature','html'); ?></textarea>
</div>
</div>
<button type="submit" name="edit_your_user_details" class="btn btn-primary btn-responsive"><i class="fas fa-check mr-2"></i>Save</button>
</div>
</div>
</form>
</div>
</div>
<?php
require_once "../../includes/footer.php";

54
agent/user/user_preferences.php Normal file
View File

@@ -0,0 +1,54 @@
<?php
require_once "includes/inc_all_user.php";
$row = mysqli_fetch_array(mysqli_query($mysqli, "SELECT user_config_calendar_first_day FROM user_settings WHERE user_id = $session_user_id"));
$user_config_calendar_first_day = intval($row['user_config_calendar_first_day']);
?>
<div class="card card-dark">
<div class="card-header">
<h3 class="card-title"><i class="fas fa-fw fa-globe mr-2"></i>Preferences</h3>
</div>
<div class="card-body">
<form action="post.php" method="post" enctype="multipart/form-data" autocomplete="off">
<input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token'] ?>">
<div class="form-group">
<h5>Dark Mode</h5>
<div class="btn-group btn-group-toggle" data-toggle="buttons">
<label class="btn btn-outline-primary <?php if ($user_config_theme_dark === 0) { echo "active"; } ?>">
<input type="radio" name="dark_mode" id="light-mode" autocomplete="off" <?php if ($user_config_theme_dark === 0) { echo "checked"; } ?>>
<i class="fas fa-sun mr-2"></i>Light
</label>
<label class="btn btn-outline-dark <?php if ($user_config_theme_dark === 1) { echo "active"; } ?>">
<input type="radio" name="dark_mode" id="dark-mode" autocomplete="off" value="1" <?php if ($user_config_theme_dark === 1) { echo "checked"; } ?>>
<i class="fas fa-moon mr-2"></i>Dark
</label>
</div>
</div>
<div class="form-group">
<label>Calendar starts on<strong class="text-danger">*</strong></label>
<div class="input-group">
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-calendar-day"></i></span>
</div>
<select class="form-control select2" name="calendar_first_day" required>
<option <?php if ($user_config_calendar_first_day == '0') { echo "selected"; } ?> value="0" >Sunday</option>
<option <?php if ($user_config_calendar_first_day == '1') { echo "selected"; } ?> value="1" >Monday</option>
</select>
</div>
</div>
<button type="submit" name="edit_your_user_preferences" class="btn btn-primary"><i class="fas fa-check mr-2"></i>Save</button>
</form>
</div>
</div>
<?php
require_once "../../includes/footer.php";

100
agent/user/user_security.php Normal file
View File

@@ -0,0 +1,100 @@
<?php
require_once "includes/inc_all_user.php";
// User remember me tokens
$sql_remember_tokens = mysqli_query($mysqli, "SELECT * FROM remember_tokens WHERE remember_token_user_id = $session_user_id");
$remember_token_count = mysqli_num_rows($sql_remember_tokens);
?>
<div class="card card-dark">
<div class="card-header">
<h3 class="card-title"><i class="fas fa-shield-alt mr-2"></i>Your Password</h3>
</div>
<div class="card-body">
<form action="post.php" method="post" enctype="multipart/form-data" autocomplete="off">
<input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token'] ?>">
<div class="form-group">
<label>Your New Password <strong class="text-danger">*</strong></label>
<div class="input-group">
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-lock"></i></span>
</div>
<input type="password" class="form-control" data-toggle="password" name="new_password" placeholder="Leave blank for no change" autocomplete="new-password" minlength="8" required>
<div class="input-group-append">
<span class="input-group-text"><i class="fa fa-fw fa-eye"></i></span>
</div>
</div>
</div>
<button type="submit" name="edit_your_user_password" class="btn btn-primary"><i class="fas fa-check mr-2"></i>Change</button>
</form>
<div class="float-right">
<?php if (empty($session_token)) { ?>
<button type="button" class="btn btn-primary" data-toggle="modal" data-target="#enableMFAModal">
<i class="fas fa-lock mr-2"></i>Enable MFA
</button>
<?php require_once "/modals/user_mfa_modal.php"; ?>
<?php } else { ?>
<a href="post.php?disable_mfa&csrf_token=<?php echo $_SESSION['csrf_token'] ?>" class="btn btn-danger"><i class="fas fa-unlock mr-2"></i>Disable MFA</a>
<?php } ?>
</div>
</div>
</div>
<?php if ($remember_token_count > 0) { ?>
<div class="card card-dark">
<div class="card-header py-3">
<h3 class="card-title"><i class="fas fa-fw fa-clock mr-2"></i>2FA Remember-Me Tokens</h3>
</div>
<div class="card-body">
<ul>
<?php while ($row = mysqli_fetch_array($sql_remember_tokens)) {
$token_id = intval($row['remember_token_id']);
$token_created = nullable_htmlentities($row['remember_token_created_at']);
echo "<li>ID: $token_id | Created: $token_created</li>";
} ?>
</ul>
<form action="post.php" method="post" autocomplete="off">
<input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token'] ?>">
<button type="submit" name="revoke_your_2fa_remember_tokens" class="btn btn-danger btn-block mt-3"><i class="fas fa-exclamation-triangle mr-2"></i>Revoke Remember-Me Tokens</button>
</form>
</div>
</div>
<?php } ?>
<?php
// Show the error alert if it exists:
if (!empty($_SESSION['alert_type']) && $_SESSION['alert_type'] == 'error') {
echo "<div class='alert alert-danger'>{$_SESSION['alert_message']}</div>";
// Clear it so it doesn't persist on refresh
unset($_SESSION['alert_type']);
unset($_SESSION['alert_message']);
}
// If the user just failed a TOTP verification, auto-open the modal:
if (!empty($_SESSION['show_mfa_modal'])) {
echo "
<script>
document.addEventListener('DOMContentLoaded', function() {
// jQuery or vanilla JS to open the modal
$('#enableMFAModal').modal('show');
});
</script>";
unset($_SESSION['show_mfa_modal']);
}
require_once "../../includes/footer.php";