requestKeyAdd($_POST['username'], $certid, $certid); echo "<p>Your request has been submitted. Please log in from an active device to approve this request.</p>\n\t<p>Then head to the <a href=\".\">home page</a> and you'll be logged in!</p>"; include 'footer.php'; exit; } } ?> <form method="post" action="newdevice"> <input type="hidden" name="action" value="newdevice"> <p class="text">If you already have an existing account and want to add this device or certificate to it, enter your username and click Submit to put in an account access request.</p> <p class="text"><input type="text" name="username" value=""> <input type="submit" value="Submit"></p> <p class="text">Device making request: <code><?php echo htmlspecialchars(getComputerInfo($_SERVER["HTTP_USER_AGENT"])); ?> </code></p> <p class="text">Certificate subject: <code><?php echo htmlspecialchars(str_replace(',', ' ', $_SERVER["SSL_CLIENT_S_DN"])); ?> </code></p> <p class="text">Certificate issuer: <code><?php echo htmlspecialchars(str_replace(',', ' ', $_SERVER["SSL_CLIENT_I_DN"])); ?> </code></p> <p class="text">Once you submit your request, you'll have to log in from one of your already-set-up devices to approve it.</p> <?php echo getCSRFinputcode(); ?> </form> <?php } include 'footer.php';
$iapproved = in_array($certid, $votes); if ($iapproved) { echo ', including the one you are currently using'; $invalidChoices[$factor] = true; } echo '.</p>'; } } echo '<form action="profile" method="post" onsubmit="return confirm('Do you really want to change your multi-factor authentication settings?');"> <input type="hidden" name="action" value="changefactor"> <p class="text"><strong>Require <select name="numfactors">'; for ($x = 1; $x <= $numdevs; $x++) { if (!isset($invalidChoices[$x])) { echo '<option value="' . $x . '"'; if ($x === $currentF) { echo ' selected'; } echo '>' . $x . '</option>'; } } echo '</select> devices to add a new device or make other changes to your account.'; echo getCSRFinputcode() . '</strong></p>'; if ($currentF < 2) { echo '<p class="text"><input type="submit" value="Apply"></p></form>'; } else { echo '<p class="text"><input type="submit" value="Request"></p></form>'; } } else { echo '<p class="text">You do not have multiple active devices. Add another device to your account to use multi-factor authentication</p>'; } include 'footer.php';
} } else { //Activate $row .= '</td><td><form action="admin" method="post" onsubmit="return confirm('Do you really want to activate this user?');"> <input type="hidden" name="username" value="' . htmlspecialchars($user['username']) . '">'; $row .= getCSRFinputcode(); $row .= '<input type="hidden" name="action" value="activate">'; $row .= '<input type="Submit" value="Activate user"></form>'; } //Delete button $row .= '</td><td><form action="admin" method="post" onsubmit="return confirm('Do you really want to delete this user?');"> <input type="hidden" name="username" value="' . htmlspecialchars($user['username']) . '">'; $row .= getCSRFinputcode(); $row .= '<input type="hidden" name="action" value="delete">'; $row .= '<input type="Submit" value="Delete user"></form>'; //Generate new reset code button if ($user['active']) { $row .= '</td><td><form action="admin" method="post" onsubmit="return confirm('WARNING: This invalidates previous printed reset codes! Only use when mailing a new reset code. Continue?');"> <input type="hidden" name="username" value="' . htmlspecialchars($user['username']) . '">'; $row .= getCSRFinputcode(); $row .= '<input type="hidden" name="action" value="newreset">'; $row .= '<input type="Submit" value="Regenerate reset code"></form>'; } $row .= '</td></tr>'; echo $row; } ?> </tbody> </table> <?php include 'footer.php';