requestKeyAdd($_POST['username'], $certid, $certid);
echo "<p>Your request has been submitted. Please log in from an active device to approve this request.</p>\n\t<p>Then head to the <a href=\".\">home page</a> and you'll be logged in!</p>";
include 'footer.php';
exit;
}
}
?>
<form method="post" action="newdevice">
<input type="hidden" name="action" value="newdevice">
<p class="text">If you already have an existing account and want to add this device or certificate to it, enter your username and click Submit to put in an account access request.</p>
<p class="text"><input type="text" name="username" value=""> <input type="submit" value="Submit"></p>
<p class="text">Device making request: <code><?php
echo htmlspecialchars(getComputerInfo($_SERVER["HTTP_USER_AGENT"]));
?>
</code></p>
<p class="text">Certificate subject: <code><?php
echo htmlspecialchars(str_replace(',', ' ', $_SERVER["SSL_CLIENT_S_DN"]));
?>
</code></p>
<p class="text">Certificate issuer: <code><?php
echo htmlspecialchars(str_replace(',', ' ', $_SERVER["SSL_CLIENT_I_DN"]));
?>
</code></p>
<p class="text">Once you submit your request, you'll have to log in from one of your already-set-up devices to approve it.</p>
<?php
echo getCSRFinputcode();
?>
</form>
<?php
}
include 'footer.php';
$iapproved = in_array($certid, $votes);
if ($iapproved) {
echo ', including the one you are currently using';
$invalidChoices[$factor] = true;
}
echo '.</p>';
}
}
echo '<form action="profile" method="post" onsubmit="return confirm('Do you really want to change your multi-factor authentication settings?');">
<input type="hidden" name="action" value="changefactor">
<p class="text"><strong>Require <select name="numfactors">';
for ($x = 1; $x <= $numdevs; $x++) {
if (!isset($invalidChoices[$x])) {
echo '<option value="' . $x . '"';
if ($x === $currentF) {
echo ' selected';
}
echo '>' . $x . '</option>';
}
}
echo '</select> devices to add a new device or make other changes to your account.';
echo getCSRFinputcode() . '</strong></p>';
if ($currentF < 2) {
echo '<p class="text"><input type="submit" value="Apply"></p></form>';
} else {
echo '<p class="text"><input type="submit" value="Request"></p></form>';
}
} else {
echo '<p class="text">You do not have multiple active devices. Add another device to your account to use multi-factor authentication</p>';
}
include 'footer.php';
}
} else {
//Activate
$row .= '</td><td><form action="admin" method="post" onsubmit="return confirm('Do you really want to activate this user?');">
<input type="hidden" name="username" value="' . htmlspecialchars($user['username']) . '">';
$row .= getCSRFinputcode();
$row .= '<input type="hidden" name="action" value="activate">';
$row .= '<input type="Submit" value="Activate user"></form>';
}
//Delete button
$row .= '</td><td><form action="admin" method="post" onsubmit="return confirm('Do you really want to delete this user?');">
<input type="hidden" name="username" value="' . htmlspecialchars($user['username']) . '">';
$row .= getCSRFinputcode();
$row .= '<input type="hidden" name="action" value="delete">';
$row .= '<input type="Submit" value="Delete user"></form>';
//Generate new reset code button
if ($user['active']) {
$row .= '</td><td><form action="admin" method="post" onsubmit="return confirm('WARNING: This invalidates previous printed reset codes! Only use when mailing a new reset code. Continue?');">
<input type="hidden" name="username" value="' . htmlspecialchars($user['username']) . '">';
$row .= getCSRFinputcode();
$row .= '<input type="hidden" name="action" value="newreset">';
$row .= '<input type="Submit" value="Regenerate reset code"></form>';
}
$row .= '</td></tr>';
echo $row;
}
?>
</tbody>
</table>
<?php
include 'footer.php';
