protected function request()
{
$userid = $this->userid(true);
if (isset($_SESSION['expired'])) {
echo '<p>Your password has expired.';
}
$f = new Form();
$f->start();
$f->text('pw-old', 'Existing Password:'******'Existing Password', true, true);
$f->text('pw-new1', 'New Password:'******'New Password', true, true);
$f->password_strength('pw-new1', $userid);
$f->text('pw-new2', 'Repeat:', 50, 'New Password', true, true);
if (YUBIKEY) {
$f->text('yubikey', 'YubiKey:', 50, '', true, true);
}
$f->button('action_set', 'Set');
$f->end();
}
function show_form($data = null)
{
if (empty($data['phone_method'])) {
$data['phone_method'] = 'sms';
}
$form = new Form();
$form->start($data);
$form->errors($this->err_flds);
if (!$this->is_logged_in()) {
$form->text('userid', 'Desired User ID:', 15, 'UserID');
$form->text('pw1', 'Password:'******'Password', true, true);
$form->password_strength('pw1', '');
$form->text('pw2', 'Repeat:', 50, 'Password', true, true);
}
$form->text('first', 'First Name:', 25, 'First Name');
$form->hspace(3);
$form->text('last', 'Last Name:', 25, 'Last Name', false);
$form->text('email', 'Email:', 75, '*****@*****.**');
$form->text('phone', 'Verification Phone:', 25, '303-555-1234');
$form->radio('phone_method', 'SMS (text)', 'sms');
$form->hspace(5);
$form->radio('phone_method', 'Voice', 'voice', false);
$form->button('action_register', $this->is_logged_in() ? 'Save' : 'Register');
// Next line for clickjacking example
//$form->button('action_disable', 'Disable 2FA');
$form->end();
$userid = isset($data['userid']) ? $data['userid'] : '';
echo <<<EOT
<script>
\$('#pw1').bind('keydown', function() {
PasswordDidChange('pw1', '{$userid}');
});
</script>
EOT;
}