AS1024
/
itflow
mirror of https://github.com/itflow-org/itflow
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
itflow/user_security.php

101 lines
3.9 KiB
PHP
Raw Blame History

<?php
require_once "includes/inc_all_user.php";
// User remember me tokens
$sql_remember_tokens = mysqli_query($mysqli, "SELECT * FROM remember_tokens WHERE remember_token_user_id = $session_user_id");
$remember_token_count = mysqli_num_rows($sql_remember_tokens);
?>
<div class="card card-dark">
<div class="card-header">
<h3 class="card-title"><i class="fas fa-shield-alt mr-2"></i>Your Password</h3>
</div>
<div class="card-body">
<form action="post.php" method="post" enctype="multipart/form-data" autocomplete="off">
<input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token'] ?>">
<div class="form-group">
<label>Your New Password <strong class="text-danger">*</strong></label>
<div class="input-group">
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-lock"></i></span>
</div>
<input type="password" class="form-control" data-toggle="password" name="new_password" placeholder="Leave blank for no change" autocomplete="new-password" minlength="8" required>
<div class="input-group-append">
<span class="input-group-text"><i class="fa fa-fw fa-eye"></i></span>
</div>
</div>
</div>
<button type="submit" name="edit_your_user_password" class="btn btn-primary"><i class="fas fa-check mr-2"></i>Change</button>
</form>
<div class="float-right">
<?php if (empty($session_token)) { ?>
<button type="button" class="btn btn-primary" data-toggle="modal" data-target="#enableMFAModal">
<i class="fas fa-lock mr-2"></i>Enable MFA
</button>
<?php require_once "modals/user_mfa_modal.php"; ?>
<?php } else { ?>
<a href="post.php?disable_mfa&csrf_token=<?php echo $_SESSION['csrf_token'] ?>" class="btn btn-danger"><i class="fas fa-unlock mr-2"></i>Disable MFA</a>
<?php } ?>
</div>
</div>
</div>
<?php if ($remember_token_count > 0) { ?>
<div class="card card-dark">
<div class="card-header py-3">
<h3 class="card-title"><i class="fas fa-fw fa-clock mr-2"></i>2FA Remember-Me Tokens</h3>
</div>
<div class="card-body">
<ul>
<?php while ($row = mysqli_fetch_array($sql_remember_tokens)) {
$token_id = intval($row['remember_token_id']);
$token_created = nullable_htmlentities($row['remember_token_created_at']);
echo "<li>ID: $token_id | Created: $token_created</li>";
} ?>
</ul>
<form action="post.php" method="post" autocomplete="off">
<input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token'] ?>">
<button type="submit" name="revoke_your_2fa_remember_tokens" class="btn btn-danger btn-block mt-3"><i class="fas fa-exclamation-triangle mr-2"></i>Revoke Remember-Me Tokens</button>
</form>
</div>
</div>
<?php } ?>
<?php
// Show the error alert if it exists:
if (!empty($_SESSION['alert_type']) && $_SESSION['alert_type'] == 'error') {
echo "<div class='alert alert-danger'>{$_SESSION['alert_message']}</div>";
// Clear it so it doesn't persist on refresh
unset($_SESSION['alert_type']);
unset($_SESSION['alert_message']);
}
// If the user just failed a TOTP verification, auto-open the modal:
if (!empty($_SESSION['show_mfa_modal'])) {
echo "
<script>
document.addEventListener('DOMContentLoaded', function() {
// jQuery or vanilla JS to open the modal
$('#enableMFAModal').modal('show');
});
</script>";
unset($_SESSION['show_mfa_modal']);
}
require_once "includes/footer.php";
Reference in New Issue View Git Blame Copy Permalink