//Deleting a certificate. This doesn't require multi-factor auth. I suppose you could change that, but it's not as critical.
if ($_POST['action'] == 'revoke') {
if ($curusr === NULL) {
die("invalid certificate");
}
if ($_POST["certid"] == $certid) {
die("You can't delete your current certificate. You can only delete other devices.");
}
if ($numactivedevs <= $currentF and $devsbyid[$_POST["certid"]]["active"] === 1 and $devsbyid[$_POST["certid"]]['expires'] === '9999-01-01 00:00:00') {
die("You have {$currentF}-factor authentication and only {$numactivedevs} devices. You can't delete any more!");
}
//Now delete it. Don't worry, it only deletes it if it's owned by the current user
removeDeviceKey($_POST["certid"], $curusr);
} elseif ($_POST['action'] == 'approve') {
$temporary = isset($_POST['temporary']);
requestKeyAdd($curusr, $certid, $_POST["certid"], $temporary);
} elseif ($_POST['action'] == 'changefactor') {
$submittedfactors = intval($_POST['numfactors']);
if ($submittedfactors < 1 || $submittedfactors > $numactivedevs) {
die('Invalid number of factors ' . $submittedfactors);
}
//Marks that this cert supports changing factors to X
//Changing number of factors requires multi-factor votes and agreement
requestMFAchange($curusr, $certid, $submittedfactors);
} elseif ($_POST['action'] == 'updateaddress') {
if (!(isset($_POST['address']) and isset($_POST['city']) and isset($_POST['state']) and isset($_POST['postcode']) and isset($_POST['country']))) {
die("Must fill out all fields!");
}
requestAddressChange(getCertId(), $curusr, $_POST['address'], $_POST['city'], $_POST['state'], $_POST['postcode'], $_POST['country']);
} elseif ($_POST['action'] == 'canceladdress') {
removeAddressVotes($curusr);
//No cert!
?>
<p>First you need to get a certificate for this device. If you need a new one, you can <a href="getacert">get one here</a>. If you have one but didn't select it when loading this page, try closing and re-opening your browser, and be sure to select it when you load this page.</p>
<?php
} elseif ($curusr !== NULL) {
echo '<p>You are already set up! Your username is ' . htmlspecialchars($curusr) . '.</p>';
} elseif ($inactiveusr !== NULL) {
echo '<p>You have already requested to activate this certificate for user ' . htmlspecialchars($inactiveusr) . '.</p>';
} else {
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
if (!passesCSRFcheck()) {
die("Failed CSRF check. Cookies must be enabled for this site to work.");
}
if ($_POST['action'] == 'newdevice') {
//put in a request for a new device
requestKeyAdd($_POST['username'], $certid, $certid);
echo "<p>Your request has been submitted. Please log in from an active device to approve this request.</p>\n\t<p>Then head to the <a href=\".\">home page</a> and you'll be logged in!</p>";
include 'footer.php';
exit;
}
}
?>
<form method="post" action="newdevice">
<input type="hidden" name="action" value="newdevice">
<p class="text">If you already have an existing account and want to add this device or certificate to it, enter your username and click Submit to put in an account access request.</p>
<p class="text"><input type="text" name="username" value=""> <input type="submit" value="Submit"></p>
<p class="text">Device making request: <code><?php
echo htmlspecialchars(getComputerInfo($_SERVER["HTTP_USER_AGENT"]));
?>
</code></p>
<p class="text">Certificate subject: <code><?php
