VeltronNET/Misdew
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
Misdew/settings/security.php
Justin d163e1ced8
 Add files via upload
2022-07-20 09:44:40 -04:00

260 lines
8.3 KiB
PHP
Raw Blame History

<?php
$this_page = "settings";
require_once("../inc/conx.php");
if($logged_in == false) {
header("location: /");
exit();
}
?>
<div id="settings_upd">
no changes detected
</div>
<div class="settings_cont">
<table style="width: 100%; padding: 8px; padding-bottom: 0px;">
<tr>
<td>
<span id="change_pass" class="settings_title">
Change Password
</span>
</td>
</tr>
<tr>
<td>
<span class="settings_desc">
You can change your password here.
</span>
</td>
</tr>
<tr>
<td>
<input autocomplete="off" type="password" id="curr_passwd" name="curr_passwd" class="settings_input" placeholder="Current Password"> <br>
<input autocomplete="off" type="password" id="new_passwd" name="new_passwd" class="settings_input" placeholder="New Password"> <br>
<input autocomplete="off" type="password" id="conf_passwd" name="conf_passwd" class="settings_input" placeholder="Confirm Password">
</td>
</tr>
<tr>
<td onclick="changePass();">
<center><div class="change_pass_btn">change</div></center>
</td>
</tr>
</table>
<!-- <table style="width: 100%; padding: 8px; padding-bottom: 0px;">
<tr>
<td>
<span id="change_pass" class="settings_title">
Change Email - coming soon
</span>
</td>
</tr>
<tr>
<td>
<span class="settings_desc">
You can change your linked email address here. You will have to click the verification link sent to both email addresses in order to confirm and update it.
</span>
</td>
</tr>
<tr>
<td>
<input autocomplete="off" type="text" id="curr_email" name="curr_email" class="settings_input" placeholder="Current Email"> <br>
<input autocomplete="off" type="text" id="new_email" name="new_email" class="settings_input" placeholder="New Email"> <br>
<input autocomplete="off" type="text" id="conf_passwd" name="conf_email" class="settings_input" placeholder="Confirm Email">
</td>
</tr>
<tr>
<td onclick="alert('coming soon')">
<center><div class="change_pass_btn">Change</div></center>
</td>
</tr>
</table>-->
<table style="width: 100%; padding: 8px; padding-top: 0px;">
<tr>
<td>
<span class="settings_title" id="destroy_sess">
Destroy Sessions
</span>
</td>
</tr>
<tr>
<td>
<span class="settings_desc">
This will require you to login again on any device you may currently be signed in to. Including this one.
</span>
</td>
</tr>
<tr>
<td onclick="destroySess();">
<center><div class="destroy_btn">destroy</div></center>
</td>
</tr>
</table>
<table style="width: 100%; padding: 8px; padding-top: 0px;">
<tr>
<td>
<span class="settings_title" id="destroy_sess">
<sup style="font-size: 12px;">1</sup> Two-Factor Authentication: App
</span>
</td>
</tr>
<tr>
<td>
<span class="settings_desc">
<span style="font-weight: bold; font-size: 12px;">
This method is highly recommended.<br>
You can only use one authentication method: app or email. Enabling one disables the other.
</span><br>
Toggle two-factor authentication via an app of your choice for your Misdew account here. This will require you to enter a 6-digit code generated by your device. Currently, a code will not be required to login if you forgot your password and are logged in that way.
</span>
</td>
</tr>
<tr>
<td onclick="window.open('totp');">
<center><div class="change_pass_btn">manage</div></center>
</td>
</tr>
</table>
<table style="width: 100%; padding: 8px; padding-top: 0px;">
<tr>
<td>
<span class="settings_title" id="destroy_sess">
<sup style="font-size: 12px;">2</sup> Two-Factor Authentication: Email
</span>
</td>
</tr>
<tr>
<td>
<span class="settings_desc">
<span style="font-weight: bold; font-size: 12px;">
Only use this option if you cannot use an app authenticator.<br>
You can only use one authentication method: email or app. Enabling one disables the other.
</span><br>
Toggle two-factor authentication via email for your Misdew account here. This will require you to enter a code sent to your linked email after successfully logging in. Currently, a code will not be required to login if you forgot your password and are logged in that way. 2FA requires a few extra steps to actually login since linked emails are encrypted; but it is more secure than only using a password to login.
</span>
</td>
</tr>
</table>
<table>
<tr>
<td>
<input onchange="toggle2FA('on');" name="toggle2FA" value="on" type="radio"<?php if($u_2fa == 'enabled') { echo " checked"; } ?>> enabled
</td>
</tr>
<tr>
<td>
<input onchange="toggle2FA('off');" name="toggle2FA" value="off" type="radio"<?php if($u_2fa == 'disabled') { echo " checked"; } ?>> disabled
</td>
</tr>
</table><br>
<table style="width: 100%; padding: 8px; padding-top: 0px;">
<tr>
<td>
<span class="settings_title" id="destroy_sess">
Blocking
</span>
</td>
</tr>
<tr>
<td>
<span class="settings_desc">
Accounts that you have previously blocked are listed below. You can unblock them here.
</span>
</td>
</tr>
<tr>
<td>
<?php
$blks_s = mysqli_query($conx, "SELECT id,blocked_uid FROM blocking WHERE uid='$u_uid' ORDER BY tstamp DESC");
while($blks_r = mysqli_fetch_assoc($blks_s)) {
$blks_id = $blks_r['id'];
$blks_uid = $blks_r['blocked_uid'];
$blka_s = mysqli_query($conx, "SELECT username FROM accounts WHERE uid='$blks_uid'");
while($blka_r = mysqli_fetch_assoc($blka_s)) {
$blka_username = $blka_r['username'];
}
echo "<span style=\"font-weight: bold;\">$blka_username</span> &nbsp; <span onclick=\"unblock('$blks_id')\" style=\"font-size: 12px;\">[ unblock ]</span> <br>";
}
?>
</td>
</tr>
</table>
</div>
<script>
function toggle2FA(toggle2FA) {
if(confirm('Are you sure? If you cancel, the selected option will change but it will not actually save.')) {
var mdkey = "<?php echo $u_token; ?>";
document.getElementById('settings_upd').innerHTML = 'saving changes...';
$.ajax({
url: '2fa_update.php',
type: 'POST',
data: { toggle2FA: toggle2FA, mdkey: mdkey },
success: function(data){
if(data == '') {
document.getElementById('settings_upd').innerHTML = 'changes saved';
}
},
error: function(data) {
document.getElementById('settings_upd').innerHTML = 'save failed';
}
});
}
}
function unblock(i) {
if(confirm('Unblock?')) {
$.ajax({
url: 'unblock.php',
type: 'POST',
data: { i: i },
success: function(data){
if(data == '') {
toSecurity();
}
},
error: function(data) {
alert('error');
}
});
}
}
function changePass() {
if(confirm('Are you sure?')) {
var current = document.getElementById('curr_passwd').value;
var new_pass = document.getElementById('new_passwd').value;
var conf_pass = document.getElementById('conf_passwd').value;
var token = "<?php echo $u_token; ?>";
$.ajax({
url: 'change_password.php',
type: 'POST',
data: { token: token, current: current, new_pass: new_pass, conf_pass: conf_pass },
success: function(data){
if(data == '') {
var current = document.getElementById('curr_passwd').value = '';
var new_pass = document.getElementById('new_passwd').value = '';
var conf_pass = document.getElementById('conf_passwd').value = '';
alert('Your password has been changed.');
}
},
error: function(data) {
alert('error');
}
});
}
}
function destroySess() {
if(confirm('Are you sure?')) {
var token = "<?php echo $u_token; ?>";
$.ajax({
url: 'destroy_sessions.php',
type: 'POST',
data: { token: token },
success: function(data){
if(data == '') {
window.location.replace("/");
}
},
error: function(data) {
alert('error');
}
});
}
}
</script>
Reference in a new issue View git blame Copy permalink