echo $row;
}
?>
</tbody>
</table>
<h1>Multi-factor authentication</h1>
<?php
if ($numactivedevs > 1) {
//Eligible for 2FA
$invalidChoices = array();
if ($currentF < 2) {
echo '<p class="text">You have multiple devices registered and activated and are able to use multi-factor authentication.</p>';
} else {
echo '<p class="text">You currently have ' . $currentF . '-factor authentication enabled. Changing your multi-factor authentication settings, changing address, or adding a new device requires approval from ' . $currentF . ' devices, or your recovery code and ' . ($currentF - 1) . ' more.</p>';
//multi-factor change in progress. Let's see how many have approved it.
foreach (getMFAVotes($curusr) as $factor => $votes) {
echo '<p class="text">A change to ' . $factor . '-factor auth has been approved by ' . count($votes) . "/{$currentF} required devices";
$iapproved = in_array($certid, $votes);
if ($iapproved) {
echo ', including the one you are currently using';
$invalidChoices[$factor] = true;
}
echo '.</p>';
}
}
echo '<form action="profile" method="post" onsubmit="return confirm('Do you really want to change your multi-factor authentication settings?');">
<input type="hidden" name="action" value="changefactor">
<p class="text"><strong>Require <select name="numfactors">';
for ($x = 1; $x <= $numdevs; $x++) {
if (!isset($invalidChoices[$x])) {
echo '<option value="' . $x . '"';
function requestMFAchange($user, $certid, $factors)
{
$currentMF = getMinFactors($user);
//If MFA is not enabled, just make the change
if ($currentMF < 2) {
setMFA($user, $factors);
} elseif (getMFAVotes($user, $certid)[$factors] >= $currentMF - 1) {
//This is our last required vote, make the change.
setMFA($user, $factors);
removeMFAVotes($user);
//And delete votes
} else {
addMFAVote($user, $certid, $factors, $currentMF);
return false;
}
return true;
}
