function uset($data, $user, $api, $err)
{
$pg = '<h1>User Settings</h1>';
if ($err != '') {
$pg .= "<span class=err>{$err}<br><br></span>";
}
$pg .= '<table cellpadding=20 cellspacing=0 border=1>';
$pg .= '<tr class=dc><td><span class=nb>';
$pg .= "<input type=checkbox id=minicb onclick='md(this)'>";
$pg .= 'mini header</span></td></tr>';
$pg .= '<tr class=dc><td><center>';
$pg .= makeForm('userset');
$pg .= '<table cellpadding=5 cellspacing=0 border=0>';
$pg .= '<tr class=dc><td>';
if ($api === false) {
$pg .= "You don't have an API Key setup yet";
$draw = false;
} else {
addQR();
$pg .= 'Your current API Key is:';
$pg .= '</td></tr><tr class=dc><td>';
$pg .= "<span class=hil>{$api}</span></td></tr>";
$pg .= '<tr class=dc><td><div id=can0><canvas id=can width=1 height=1>';
$pg .= 'A qrcode will show here if your browser supports html5/canvas';
$pg .= "</canvas></div>";
$draw = true;
}
$pg .= '</td></tr><tr class=dc><td>';
$pg .= 'Click to generate a new API key';
$pg .= ": <input type=submit name=Change value='API Key'>";
$pg .= '</td></tr>';
if ($api !== false) {
$pg .= '<tr class=dc><td> </td></tr>';
$pg .= '<tr class=dc><td>You can access the API via:';
$pg .= '</td></tr><tr class=dc><td>';
$pg .= "<span class=hil>/index.php?k=api&username="******"&api={$api}&json=y</span><br>";
$pg .= '</td></tr>';
$pg .= '<tr class=dc><td>You can get your workers via:';
$pg .= '</td></tr><tr class=dc><td>';
$pg .= "<span class=hil>/index.php?k=api&username="******"&api={$api}&json=y&work=y</span><br>";
$pg .= '</td></tr>';
}
$pg .= '</table></form>';
$pg .= '</center></td></tr>';
$pg .= '</table>';
if ($draw !== false) {
$qr = shell_exec("../pool/myqr.sh '{$api}'");
if ($qr !== null and strlen($qr) > 30) {
$pg .= "<script type='text/javascript'>\n";
$pg .= "{$qr}qr(tw,fa,qrx,qry,qrd);</script>\n";
if (strpos($qr, 'var tw=1,fa=0,qrx=') === false) {
error_log("QR error for '{$user}' res='{$qr}'");
}
} else {
if ($qr === null) {
$qr = 'null';
}
error_log("QR failed for '{$user}' res='{$qr}'");
}
}
return $pg;
}
function set_2fa($data, $user, $tfa, $ans, $err, $msg)
{
$draw = false;
$pg = '<h1>Two Factor Authentication Settings</h1>';
if ($err !== null and $err != '') {
$pg .= "<span class=err>{$err}<br><br></span>";
}
if ($msg !== null and $msg != '') {
$pg .= "<span class=notice>{$msg}<br><br></span>";
}
$pg .= '<table cellpadding=20 cellspacing=0 border=1>';
$pg .= '<tr class=dc><td><center>';
$pg .= '<table cellpadding=5 cellspacing=0 border=0>';
$pg .= '<tr class=dc><td>';
switch ($tfa) {
case '':
$pg .= '<tr class=dl><td>';
$pg .= "You don't have Two Factor Authentication (2FA) setup yet<br><br>";
$pg .= 'To use 2FA you need an App on your phone/tablet<br>';
$pg .= app_txt('ones');
$pg .= makeForm('2fa');
$pg .= 'Click here to begin the setup process for 2FA: ';
$pg .= '<input type=submit name=Setup value=Setup>';
$pg .= '</form></td></tr>';
break;
case 'test':
$pg .= '<tr class=dc><td>';
$pg .= '2FA is not yet enabled.<br>';
$pg .= 'Your 2FA key has been created but needs testing.<br><br>';
if (isset($ans['2fa_key'])) {
$key = $ans['2fa_key'];
$sfainfo = $ans['2fa_issuer'] . ': ' . $ans['2fa_auth'] . ' ' . $ans['2fa_hash'] . ' ' . $ans['2fa_time'] . 's';
$who = substr($user, 0, 8);
$sfaurl = 'otpauth://' . $ans['2fa_auth'] . '/' . $ans['2fa_issuer'] . ':' . htmlspecialchars($who) . '?secret=' . $ans['2fa_key'] . '&algorithm=' . $ans['2fa_hash'] . '&issuer=' . $ans['2fa_issuer'];
$draw = true;
addQR();
} else {
$key = 'unavailable';
$sfainfo = 'unavailable';
$sfaurl = 'unavailable';
}
$pg .= "Your <span class=urg>2FA Secret Key</span> is: {$key}<br>";
$pg .= "2FA Settings are {$sfainfo}<br><br>";
$pg .= "To setup 2FA in your App: <a href='{$sfaurl}'>Click here</a><br>";
$pg .= "or scan the qrcode/barcode below with your App:<br><br>";
$pg .= '<div id=can0><canvas id=can width=1 height=1>';
$pg .= 'A qrcode will show here if your browser supports html5/canvas';
$pg .= "</canvas></div><br>";
$pg .= makeForm('2fa');
$pg .= 'Then enter your App 2FA Value: <input name=Value value="" size=10> ';
$pg .= '<input type=submit name=Test value=Test></form></td></tr>';
$pg .= '<tr class=dl><td>';
$pg .= app_txt('2FA apps');
$pg .= '<span class=urg>N.B.</span> if you wish to setup 2FA on more than one device,<br>';
$pg .= 'you should setup all devices before testing one of them.<br>';
$pg .= 'If you have an old <span class=urg>2FA Secret Key</span> in your device for this web site,<br>';
$pg .= 'delete it before scanning in the new <span class=urg>2FA Secret Key</span>.<br><br>';
$pg .= '<span class=urg>WARNING:</span> if you lose your 2FA device you will need to know<br>';
$pg .= 'the <span class=urg>2FA Secret Key</span> to manually setup a new device,<br>';
$pg .= 'so your should copy it and store it somewhere securely.<br>';
$pg .= 'For security reasons, the site will not show you an active <span class=urg>2FA Secret Key</span>.<br>';
$pg .= '</td></tr>';
$pg .= '<tr class=dl><td>';
$pg .= makeForm('2fa');
$pg .= '<br>If you wish to cancel setting up 2FA, click here: ';
$pg .= '<input type=submit name=Cancel value=Cancel></form></td></tr>';
break;
case 'ok':
$pg .= '<tr class=dc><td>';
$pg .= '2FA is enabled on your account.<br><br>';
$pg .= 'If you wish to replace your Secret Key with a new one:<br><br>';
$pg .= makeForm('2fa');
$pg .= 'Current 2FA Value: <input name=Value value="" size=10> ';
$pg .= '<input type=submit name=New value=New><span class=st1>*</span>';
$pg .= '</form><br><br>';
$pg .= '<span class=st1>*</span>WARNING: replacing the Secret Key will disable 2FA<br>';
$pg .= 'until you successfully test the new key,<br>';
$pg .= 'thus getting a new key is effectively the same as disabling 2FA.<br><br>';
$pg .= '</td></tr>';
$pg .= '<tr class=dc><td>';
$pg .= makeForm('2fa');
$pg .= 'If you wish to remove 2FA from your account,<br>';
$pg .= 'enter your App 2FA Value: <input name=Value value="" size=10><br>';
$pg .= 'then click remove: <input type=submit name=Remove value=Remove>';
$pg .= '</form></td></tr>';
break;
}
$pg .= '</table>';
$pg .= '</center></td></tr>';
$pg .= '<tr class=dl><td>';
$pg .= '2FA means that you need 2 codes to login to your account.<br>';
$pg .= 'You will also need the 2FA code to modify any important settings in your account.<br>';
$pg .= 'The 1st code is your current password.<br>';
$pg .= 'The 2nd code is a number that your 2FA device will generate each time.<br>';
$pg .= 'Your 2FA device would be, for example, your phone or tablet.<br><br>';
$pg .= 'Each time you need a 2FA code, you use your device to generate a number<br>';
$pg .= 'that you type into the "<span class=st1>*</span>2nd Authentication:" field on any page that has it.<br><br>';
$pg .= '<b>IMPORTANT:</b> the TOTP algorithm uses the time on your device,<br>';
$pg .= "so it is important that your device's clock is accurate within a few seconds.<br><br>";
$pg .= app_time();
$pg .= '<b>IMPORTANT:</b> you enter the value from your App at the time you submit data.<br>';
$pg .= "The value is valid only once for a maximum of 30 seconds.<br>";
$pg .= "In both the Apps it has a 'dial' that shows the 30 seconds running out.<br>";
$pg .= "If you are close to running out, you can wait for the 30 seconds to run out<br>";
$pg .= "and then enter the new value it will come up with.<br>";
$pg .= "The pool checks your value using the time at the pool when you submit the data,<br>";
$pg .= "it doesn't matter when you loaded the web page,<br>";
$pg .= "it only matters when you clicked on the web page button to send the data to the pool.<br><br>";
$pg .= '<span class=urg>WARNING:</span> once you have successfully tested and enabled 2FA,<br>';
$pg .= 'you will be unable to access or even reset your account without 2FA.<br>';
$pg .= 'There is no option to recover your 2FA from the web site,<br>';
$pg .= 'and you must know your 2FA code in order to be able to disable 2FA.<br><br>';
$pg .= '<span class=urg>WARNING:</span> it is important to <b>not</b> store your login password in your 2FA device.<br>';
$pg .= 'These 2 together will give full access to your account.';
$pg .= '</td></tr>';
$pg .= '</table>';
if ($draw !== false) {
$qr = shell_exec("../pool/myqr.sh '{$sfaurl}'");
if ($qr !== null and strlen($qr) > 30) {
$pg .= "<script type='text/javascript'>\n";
$pg .= "{$qr}qr(tw,fa,qrx,qry,qrd);</script>\n";
if (strpos($qr, 'var tw=1,fa=0,qrx=') === false) {
error_log("QR error for '{$user}' res='{$qr}'");
}
} else {
if ($qr === null) {
$qr = 'null';
}
error_log("QR failed for '{$user}' res='{$qr}'");
}
}
return $pg;
}
