Exemplo n.º 1
0
function doRecover($username, $resetcode)
{
    $certid = getCertId();
    if ($certid == NULL) {
        die('You must be using a certificate to reset your account. Get one at <a href="getacert">getacert</a>');
    }
    if (getUser($certid) != NULL) {
        die('You do not need a reset, you are already logged in!');
    }
    global $authdb;
    $shacode = sha1($resetcode);
    $stmt = $authdb->prepare("SELECT username FROM users WHERE username = ? AND resetcode = ?");
    if ($stmt == false) {
        die("Could not prepare query users for reset code statement: " . $authdb->error);
    }
    $stmt->bind_param("ss", $username, $shacode);
    if (!$stmt->execute()) {
        die("Could not query users for reset code: " . $authdb->error);
    }
    $stmt->bind_result($username);
    $stmt->store_result();
    if (!$stmt->fetch()) {
        die('Invalid reset code or username.');
    }
    //Check if it's multi-factor
    $currentMF = getMinFactors($username);
    if ($currentMF > 1) {
        $votes = countKeyVotes($username, '', $certid);
        if ($votes < $currentMF - 1) {
            return "ERROR: This account has {$currentMF}-factor authentication enabled. In order to reset it and activate this key, you must approve the reset from " . ($currentMF - 1 - $votes) . ' of your devices.';
        }
        //OK, do it!
        setMFA($user, $factors);
    }
    //Save the new key
    associateKey($username, $certid);
    //Now generate a new recovery code
    return newReset($username);
}
Exemplo n.º 2
0
    if ($_POST['action'] == 'delete') {
        if ($_POST['username'] == $curusr) {
            die("You can't delete yourself! You can only delete other users.");
        }
        deleteUser($_POST['username']);
    } elseif ($_POST['action'] == 'promote') {
        setAdmin($_POST['username'], true);
    } elseif ($_POST['action'] == 'activate') {
        setActive($_POST['username'], true);
    } elseif ($_POST['action'] == 'demote') {
        if ($_POST['username'] == $curusr) {
            die("You can't demote yourself! You can only demote other admins.");
        }
        setAdmin($_POST['username'], false);
    } elseif ($_POST['action'] == 'newreset') {
        $reset = newReset($_POST['username']);
        echo '<h1>New reset code for ' . htmlspecialchars($_POST['username']) . ": {$reset}</h1>";
    }
}
?>
<h1>User Management</h1>
<form action="admin" method="post">
<p>Search: <input type="text" name="search" value=""></p>
<input type="submit" value="Go">
<?php 
echo getCSRFinputcode();
?>
</form>
<table>
<thead>
<tr><th>Username</th><th>Address</th><th>City</th><th>State</th><th>Postal/zip code</th><th>Country</th><th>Admin</th></tr>