protected function action_forgot()
{
$this->hide_request();
echo <<<EOT
<p>
Your user ID and a temporary password will be sent
<br>
to the email you provided when you registered.
EOT;
$f = new Form();
$f->start();
$f->text('email', 'Email:', 100, '*****@*****.**');
$f->button('action_send', 'Send Email');
$f->end();
}
protected function request()
{
$userid = $this->userid(true);
if (isset($_SESSION['expired'])) {
echo '<p>Your password has expired.';
}
$f = new Form();
$f->start();
$f->text('pw-old', 'Existing Password:'******'Existing Password', true, true);
$f->text('pw-new1', 'New Password:'******'New Password', true, true);
$f->password_strength('pw-new1', $userid);
$f->text('pw-new2', 'Repeat:', 50, 'New Password', true, true);
if (YUBIKEY) {
$f->text('yubikey', 'YubiKey:', 50, '', true, true);
}
$f->button('action_set', 'Set');
$f->end();
}
protected function request()
{
$f = new Form();
$f->start($_POST);
if (isset($_REQUEST['choose'])) {
$f->hidden('choose', 'yes');
}
if (isset($_REQUEST['id'])) {
$f->hidden('id', $_REQUEST['id']);
}
$f->text('name', 'Name:', 50, 'Name');
$f->button('action_find', 'Find', false);
$f->button('action_new', 'New');
$f->end();
}
protected function action_choose()
{
$others = explode(",", $_POST['others']);
$chosen_name = $this->GetNameByID($_POST['pk']);
$f = new Form();
$f->start($_POST);
$f->hidden('pk', $_POST['pk']);
echo <<<EOT
<p>Do you want this person:
<p style='margin-left:20px;'>{$chosen_name}
<p>to replace these checked persons?
EOT;
foreach ($others as $p) {
$f->checkbox("replace[{$p}]", $this->GetNameByID($p));
}
echo <<<EOT
<p>The replaced persons will not be deleted,
so you can copy<br>any required data into the person
that replaces them.
EOT;
$f->button('action_replace', 'Replace');
echo "<button class=button type=button\n onclick='window.close();'>Cancel</button>";
$f->end();
}
protected function show_form($row)
{
$f = new Form();
$f->start($row);
$f->hidden('member_id', $row['member_id']);
$f->text('last', 'Last Name:', 30, 'Last Name');
$f->text('first', 'First:', 20, 'First Name', false);
$f->text('street', 'Street:', 50, 'Street');
$f->text('city', 'City:', 20, 'City');
$f->text('state', 'State:', 10, 'State', false);
$f->foreign_key('specialty_id', 'name', 'Specialty');
$f->radio('billing', 'Monthly', 'month');
$f->hspace(2);
$f->radio('billing', 'Yearly', 'year', false);
$f->hspace(2);
$f->radio('billing', 'Recurring', 'recurring', false);
$f->menu('contact', 'Contact:', array('phone', 'email', 'mail', 'none'), true, 'email');
$f->checkbox('premium', 'Premium:', false);
$f->date('since', 'Member Since:', false);
if ($this->ac->has_permission('member-edit')) {
$f->button('action_save', 'Save');
}
$f->end();
}
protected function show_form($data)
{
$f = new Form();
$f->start($data);
$f->text('role', 'Role:', 30, 'role');
echo '<p class=label>Permissions:';
$stmt = $this->db->query('select * from permission
left join
(select * from role_permission where role = :role) rp using (permission)
order by permission', array('role' => $data['role']));
for ($n = 1; $row = $stmt->fetch(); $n++) {
echo '<br>';
$fld = "fld_{$n}";
$checked = isset($row['role']) ? 'checked' : '';
echo "<input id={$fld} type=checkbox name=permission[]\n value={$row['permission']} {$checked}>";
$f->label($fld, $row['permission'], false);
}
$f->button('action_save', 'Save');
$f->end();
}
function show_form($data = null)
{
if (empty($data['phone_method'])) {
$data['phone_method'] = 'sms';
}
$form = new Form();
$form->start($data);
$form->errors($this->err_flds);
if (!$this->is_logged_in()) {
$form->text('userid', 'Desired User ID:', 15, 'UserID');
$form->text('pw1', 'Password:'******'Password', true, true);
$form->password_strength('pw1', '');
$form->text('pw2', 'Repeat:', 50, 'Password', true, true);
}
$form->text('first', 'First Name:', 25, 'First Name');
$form->hspace(3);
$form->text('last', 'Last Name:', 25, 'Last Name', false);
$form->text('email', 'Email:', 75, '*****@*****.**');
$form->text('phone', 'Verification Phone:', 25, '303-555-1234');
$form->radio('phone_method', 'SMS (text)', 'sms');
$form->hspace(5);
$form->radio('phone_method', 'Voice', 'voice', false);
$form->button('action_register', $this->is_logged_in() ? 'Save' : 'Register');
// Next line for clickjacking example
//$form->button('action_disable', 'Disable 2FA');
$form->end();
$userid = isset($data['userid']) ? $data['userid'] : '';
echo <<<EOT
<script>
\$('#pw1').bind('keydown', function() {
PasswordDidChange('pw1', '{$userid}');
});
</script>
EOT;
}
protected function show_form_yubikey()
{
echo <<<EOT
<p>
Position the input cursor in the field and
touch the Yubikey button for one second.
<br>
Then click the Verify button.
<p>
EOT;
$f = new Form();
$f->start();
$f->text('yubikey', 'YubiKey:', 50, '', true, true);
$f->button('action_yubikey', 'Verify', false);
$f->end();
}
function show_form($data = null)
{
$new = is_null($data);
if (empty($data['phone_method'])) {
$data['phone_method'] = 'sms';
}
$f = new Form();
$f->start($data);
$f->errors($this->err_flds);
$f->hidden('new', $new ? '1' : '0');
if ($new) {
$readonly = false;
$userid = '';
} else {
$readonly = true;
$userid = $data['userid'];
}
$f->text('userid', 'User ID:', 25, 'User ID', true, false, $readonly);
$f->text('first', 'First Name:', 25, 'First Name');
$f->hspace(3);
$f->text('last', 'Last Name:', 25, 'Last Name', false);
$f->text('email', 'Email:', 75, '*****@*****.**');
$f->text('phone', 'Verification Phone:', 25, '303-555-1234');
$f->radio('phone_method', 'SMS (text)', 'sms');
$f->hspace(5);
$f->radio('phone_method', 'Voice', 'voice', false);
echo '<p class=label>Roles:';
if ($new && false) {
$stmt = $this->db->query('select * from role order by role');
} else {
$stmt = $this->db->query('select * from role
left join (select * from user_role where userid = :userid) as ur using (role)
order by role', array('userid' => $userid));
}
for ($n = 1; $row = $stmt->fetch(); $n++) {
echo '<br>';
$fld = "fld_{$n}";
$checked = isset($row['userid']) ? 'checked' : '';
echo "<input id={$fld} type=checkbox name=role[]\n value={$row['role']} {$checked}>";
$f->label($fld, $row['role'], false);
}
$f->button('action_save', 'Save');
$f->end();
$this->ac->show_permissions($userid);
}
