echo $row; } ?> </tbody> </table> <h1>Multi-factor authentication</h1> <?php if ($numactivedevs > 1) { //Eligible for 2FA $invalidChoices = array(); if ($currentF < 2) { echo '<p class="text">You have multiple devices registered and activated and are able to use multi-factor authentication.</p>'; } else { echo '<p class="text">You currently have ' . $currentF . '-factor authentication enabled. Changing your multi-factor authentication settings, changing address, or adding a new device requires approval from ' . $currentF . ' devices, or your recovery code and ' . ($currentF - 1) . ' more.</p>'; //multi-factor change in progress. Let's see how many have approved it. foreach (getMFAVotes($curusr) as $factor => $votes) { echo '<p class="text">A change to ' . $factor . '-factor auth has been approved by ' . count($votes) . "/{$currentF} required devices"; $iapproved = in_array($certid, $votes); if ($iapproved) { echo ', including the one you are currently using'; $invalidChoices[$factor] = true; } echo '.</p>'; } } echo '<form action="profile" method="post" onsubmit="return confirm('Do you really want to change your multi-factor authentication settings?');"> <input type="hidden" name="action" value="changefactor"> <p class="text"><strong>Require <select name="numfactors">'; for ($x = 1; $x <= $numdevs; $x++) { if (!isset($invalidChoices[$x])) { echo '<option value="' . $x . '"';
function requestMFAchange($user, $certid, $factors) { $currentMF = getMinFactors($user); //If MFA is not enabled, just make the change if ($currentMF < 2) { setMFA($user, $factors); } elseif (getMFAVotes($user, $certid)[$factors] >= $currentMF - 1) { //This is our last required vote, make the change. setMFA($user, $factors); removeMFAVotes($user); //And delete votes } else { addMFAVote($user, $certid, $factors, $currentMF); return false; } return true; }