librenms-librenms/html/pages/preferences.inc.php

<?php

$no_refresh = true;

$pagetitle[] = 'Preferences';

echo '<h2>User Preferences</h2>';
echo '<hr>';

if ($_SESSION['userlevel'] == 11) {
    demo_account();
}
else {
    if ($_POST['action'] == 'changepass') {
        if (authenticate($_SESSION['username'], $_POST['old_pass'])) {
            if ($_POST['new_pass'] == '' || $_POST['new_pass2'] == '') {
                $changepass_message = 'Password must not be blank.';
            }
            else if ($_POST['new_pass'] == $_POST['new_pass2']) {
                changepassword($_SESSION['username'], $_POST['new_pass']);
                $changepass_message = 'Password Changed.';
            }
            else {
                $changepass_message = "Passwords don't match.";
            }
        }
        else {
            $changepass_message = 'Incorrect password';
        }
    }

    include 'includes/update-preferences-password.inc.php';

    
    if (passwordscanchange($_SESSION['username'])) {
        echo '<h3>Change Password</h3>';
        echo '<hr>';
        echo "<div class='well'>";
        echo $changepass_message;
        echo "<form method='post' action='preferences/' class='form-horizontal' role='form'>
  <input type=hidden name='action' value='changepass'>
  <div class='form-group'>
    <label for='old_pass' class='col-sm-2 control-label'>Current Password</label>
    <div class='col-sm-4'>
      <input type=password name=old_pass autocomplete='off' class='form-control input-sm'>
    </div>
    <div class='col-sm-6'>
    </div>
  </div>
  <div class='form-group'>
    <label for='new_pass' class='col-sm-2 control-label'>New Password</label>
    <div class='col-sm-4'>
      <input type=password name=new_pass autocomplete='off' class='form-control input-sm'>
    </div>
    <div class='col-sm-6'>
    </div>
  </div>
  <div class='form-group'>
    <label for='new_pass2' class='col-sm-2 control-label'>New Password</label>
    <div class='col-sm-4'>
      <input type=password name=new_pass2 autocomplete='off' class='form-control input-sm'>
      <br>
  <center><button type='submit' class='btn btn-default'>Submit</button></center>
    </div>
    <div class='col-sm-6'>
    </div>
  </div>

</form>";
        echo '</div>';
    }//end if

    if ($config['twofactor'] === true) {
        if ($_POST['twofactorremove'] == 1) {
            include_once $config['install_dir'].'/html/includes/authentication/twofactor.lib.php';
            if (!isset($_POST['twofactor'])) {
                echo '<div class="well"><form class="form-horizontal" role="form" action="" method="post" name="twofactorform">';
                echo '<input type="hidden" name="twofactorremove" value="1" />';
                echo twofactor_form(false);
                echo '</form></div>';
            }
            else {
                $twofactor = dbFetchRow('SELECT twofactor FROM users WHERE username = ?', array($_SESSION['username']));
                if (empty($twofactor['twofactor'])) {
                    echo '<div class="alert alert-danger">Error: How did you even get here?!</div><script>window.location = "preferences/";</script>';
                }
                else {
                    $twofactor = json_decode($twofactor['twofactor'], true);
                }

                if (verify_hotp($twofactor['key'], $_POST['twofactor'], $twofactor['counter'])) {
                    if (!dbUpdate(array('twofactor' => ''), 'users', 'username = ?', array($_SESSION['username']))) {
                        echo '<div class="alert alert-danger">Error while disabling TwoFactor.</div>';
                    }
                    else {
                        echo '<div class="alert alert-success">TwoFactor Disabled.</div>';
                    }
                }
                else {
                    session_destroy();
                    echo '<div class="alert alert-danger">Error: Supplied TwoFactor Token is wrong, you\'ve been logged out.</div><script>window.location = "' . $config['base_url'] . '";</script>';
                }
            }//end if
        }
        else {
            $twofactor = dbFetchRow('SELECT twofactor FROM users WHERE username = ?', array($_SESSION['username']));
            echo '<script src="js/jquery.qrcode.min.js"></script>';
            echo '<div class="well"><h3>Two-Factor Authentication</h3>';
            if (!empty($twofactor['twofactor'])) {
                $twofactor         = json_decode($twofactor['twofactor'], true);
                $twofactor['text'] = "<div class='form-group'>
  <label for='twofactorkey' class='col-sm-2 control-label'>Secret Key</label>
  <div class='col-sm-4'>
    <input type='text' name='twofactorkey' autocomplete='off' disabled class='form-control input-sm' value='".$twofactor['key']."' />
  </div>
</div>";
                if ($twofactor['counter'] !== false) {
                    $twofactor['uri']   = 'otpauth://hotp/'.$_SESSION['username'].'?issuer=LibreNMS&counter='.$twofactor['counter'].'&secret='.$twofactor['key'];
                    $twofactor['text'] .= "<div class='form-group'>
  <label for='twofactorcounter' class='col-sm-2 control-label'>Counter</label>
  <div class='col-sm-4'>
    <input type='text' name='twofactorcounter' autocomplete='off' disabled class='form-control input-sm' value='".$twofactor['counter']."' />
  </div>
</div>";
                }
                else {
                    $twofactor['uri'] = 'otpauth://totp/'.$_SESSION['username'].'?issuer=LibreNMS&secret='.$twofactor['key'];
                }

                echo '<div id="twofactorqrcontainer">
<div id="twofactorqr"></div>
<button class="btn btn-default" onclick="$(\'#twofactorkeycontainer\').show(); $(\'#twofactorqrcontainer\').hide();">Manual</button>
</div>';
                echo '<div id="twofactorkeycontainer">
<form id="twofactorkey" class="form-horizontal" role="form">'.$twofactor['text'].'</form>
<button class="btn btn-default" onclick="$(\'#twofactorkeycontainer\').hide(); $(\'#twofactorqrcontainer\').show();">QR</button>
</div>';
                echo '<script>$("#twofactorqr").qrcode({"text": "'.$twofactor['uri'].'"}); $("#twofactorkeycontainer").hide();</script>';
                echo '<br/><form method="post" class="form-horizontal" role="form">
  <input type="hidden" name="twofactorremove" value="1" />
  <button class="btn btn-danger" type="submit">Disable TwoFactor</button>
</form>';
            }
            else {
                if (isset($_POST['gentwofactorkey']) && isset($_POST['twofactortype'])) {
                    include_once $config['install_dir'].'/html/includes/authentication/twofactor.lib.php';
                    $chk = dbFetchRow('SELECT twofactor FROM users WHERE username = ?', array($_SESSION['username']));
                    if (empty($chk['twofactor'])) {
                        $twofactor = array('key' => twofactor_genkey());
                        if ($_POST['twofactortype'] == 'counter') {
                            $twofactor['counter'] = 1;
                        }
                        else {
                            $twofactor['counter'] = false;
                        }

                        if (!dbUpdate(array('twofactor' => json_encode($twofactor)), 'users', 'username = ?', array($_SESSION['username']))) {
                            echo '<div class="alert alert-danger">Error inserting TwoFactor details. Please try again later and contact Administrator if error persists.</div>';
                        }
                        else {
                            echo '<div class="alert alert-success">Added TwoFactor credentials. Please reload page.</div><script>window.location = "preferences/";</script>';
                        }
                    }
                    else {
                        echo '<div class="alert alert-danger">TwoFactor credentials already exists.</div>';
                    }
                }
                else {
                    echo '<form method="post" class="form-horizontal" role="form">
  <input type="hidden" name="gentwofactorkey" value="1" />
  <div class="form-group">
    <label for="twofactortype" class="col-sm-2 control-label">TwoFactor Type</label>
    <div class="col-sm-4">
      <select name="twofactortype">
        <option value=""></option>
        <option value="counter">Counter Based (HOTP)</option>
        <option value="time">Time Based (TOTP)</option>
      </select>
    </div>
  </div>
  <button class="btn btn-default" type="submit">Generate TwoFactor Secret Key</button>
</form>';
                }//end if
            }//end if
            echo '</div>';
        }//end if
    }//end if
}//end if


echo "<h3>Device Permissions</h3>";
echo "<hr>";
echo "<div style='background-color: #e5e5e5; border: solid #e5e5e5 10px;  margin-bottom:10px;'>";
if ($_SESSION['userlevel'] == '10') {
    echo "<strong class='blue'>Global Administrative Access</strong>";
}

if ($_SESSION['userlevel'] == '5') {
    echo "<strong class='green'>Global Viewing Access</strong>";
}

if ($_SESSION['userlevel'] == '1') {
    foreach (dbFetchRows('SELECT * FROM `devices_perms` AS P, `devices` AS D WHERE `user_id` = ? AND P.device_id = D.device_id', array($_SESSION['user_id'])) as $perm) {
    // FIXME generatedevicelink?
        echo "<a href='device/device=".$perm['device_id']."'>".$perm['hostname'].'</a><br />';
        $dev_access = 1;
    }

    if (!$dev_access) {
        echo 'No access!';
    }
}

echo '</div>';
Updates. git-svn-id: http://www.observium.org/svn/observer/trunk@130 61d68cd4-352d-0410-923a-c4978735b2b8 2008-03-09 22:49:53 +00:00			`<?php`
more title sets git-svn-id: http://www.observium.org/svn/observer/trunk@2691 61d68cd4-352d-0410-923a-c4978735b2b8 2011-10-18 14:41:19 +00:00
Fix coding style part 2 2015-07-13 20:10:26 +02:00			`$no_refresh = true;`
Updated some of the main pages to no longer refresh 2015-03-21 21:30:55 +00:00
Fix coding style part 2 2015-07-13 20:10:26 +02:00			`$pagetitle[] = 'Preferences';`
more title sets git-svn-id: http://www.observium.org/svn/observer/trunk@2691 61d68cd4-352d-0410-923a-c4978735b2b8 2011-10-18 14:41:19 +00:00
UI changes to preferences.inc.php Screenshot: http://i.imgur.com/QaobUQv.png 2015-08-29 21:44:29 +05:30			`echo '<h2>User Preferences</h2>';`
			`echo '<hr>';`
Updates. git-svn-id: http://www.observium.org/svn/observer/trunk@130 61d68cd4-352d-0410-923a-c4978735b2b8 2008-03-09 22:49:53 +00:00
Updated to support a demo user 2015-02-16 23:45:28 +00:00			`if ($_SESSION['userlevel'] == 11) {`
			`demo_account();`
fix password change for mysql auth git-svn-id: http://www.observium.org/svn/observer/trunk@1232 61d68cd4-352d-0410-923a-c4978735b2b8 2010-06-21 15:39:43 +00:00			`}`
Fix coding style part 2 2015-07-13 20:10:26 +02:00			`else {`
			`if ($_POST['action'] == 'changepass') {`
			`if (authenticate($_SESSION['username'], $_POST['old_pass'])) {`
			`if ($_POST['new_pass'] == '' \|\| $_POST['new_pass2'] == '') {`
			`$changepass_message = 'Password must not be blank.';`
			`}`
			`else if ($_POST['new_pass'] == $_POST['new_pass2']) {`
			`changepassword($_SESSION['username'], $_POST['new_pass']);`
			`$changepass_message = 'Password Changed.';`
			`}`
			`else {`
			`$changepass_message = "Passwords don't match.";`
			`}`
			`}`
			`else {`
			`$changepass_message = 'Incorrect password';`
			`}`
			`}`
fix password change for mysql auth git-svn-id: http://www.observium.org/svn/observer/trunk@1232 61d68cd4-352d-0410-923a-c4978735b2b8 2010-06-21 15:39:43 +00:00
Fix coding style part 2 2015-07-13 20:10:26 +02:00			`include 'includes/update-preferences-password.inc.php';`
Updates. git-svn-id: http://www.observium.org/svn/observer/trunk@130 61d68cd4-352d-0410-923a-c4978735b2b8 2008-03-09 22:49:53 +00:00
UI changes to preferences.inc.php Screenshot: http://i.imgur.com/QaobUQv.png 2015-08-29 21:44:29 +05:30
Updates. git-svn-id: http://www.observium.org/svn/observer/trunk@130 61d68cd4-352d-0410-923a-c4978735b2b8 2008-03-09 22:49:53 +00:00
Fix coding style part 2 2015-07-13 20:10:26 +02:00			`if (passwordscanchange($_SESSION['username'])) {`
			`echo '<h3>Change Password</h3>';`
UI changes to preferences.inc.php Screenshot: http://i.imgur.com/QaobUQv.png 2015-08-29 21:44:29 +05:30			`echo '<hr>';`
			`echo "<div class='well'>";`
Fix coding style part 2 2015-07-13 20:10:26 +02:00			`echo $changepass_message;`
			`echo "<form method='post' action='preferences/' class='form-horizontal' role='form'>`
Updates bringing forms / tables inline with Bootstrap v3, also adds Global search box 2014-01-13 10:05:19 +00:00			`<input type=hidden name='action' value='changepass'>`
			`<div class='form-group'>`
UI fixes * Removed <hr> and replaced with <br> * "Old Password" changed to "Current Password" 2015-09-22 18:31:14 +05:30			`<label for='old_pass' class='col-sm-2 control-label'>Current Password</label>`
Updates bringing forms / tables inline with Bootstrap v3, also adds Global search box 2014-01-13 10:05:19 +00:00			`<div class='col-sm-4'>`
			`<input type=password name=old_pass autocomplete='off' class='form-control input-sm'>`
			`</div>`
			`<div class='col-sm-6'>`
			`</div>`
			`</div>`
			`<div class='form-group'>`
			`<label for='new_pass' class='col-sm-2 control-label'>New Password</label>`
			`<div class='col-sm-4'>`
			`<input type=password name=new_pass autocomplete='off' class='form-control input-sm'>`
			`</div>`
			`<div class='col-sm-6'>`
			`</div>`
			`</div>`
			`<div class='form-group'>`
Aligned the New Password text properly 2014-06-17 19:56:20 +01:00			`<label for='new_pass2' class='col-sm-2 control-label'>New Password</label>`
Updates bringing forms / tables inline with Bootstrap v3, also adds Global search box 2014-01-13 10:05:19 +00:00			`<div class='col-sm-4'>`
			`<input type=password name=new_pass2 autocomplete='off' class='form-control input-sm'>`
UI fixes * Removed <hr> and replaced with <br> * "Old Password" changed to "Current Password" 2015-09-22 18:31:14 +05:30			`<br>`
UI changes to preferences.inc.php Screenshot: http://i.imgur.com/QaobUQv.png 2015-08-29 21:44:29 +05:30			`<center><button type='submit' class='btn btn-default'>Submit</button></center>`
Updates bringing forms / tables inline with Bootstrap v3, also adds Global search box 2014-01-13 10:05:19 +00:00			`</div>`
			`<div class='col-sm-6'>`
			`</div>`
			`</div>`
UI changes to preferences.inc.php Screenshot: http://i.imgur.com/QaobUQv.png 2015-08-29 21:44:29 +05:30
Fix coding style part 2 2015-07-13 20:10:26 +02:00			`</form>";`
			`echo '</div>';`
			`}//end if`

			`if ($config['twofactor'] === true) {`
			`if ($_POST['twofactorremove'] == 1) {`
			`include_once $config['install_dir'].'/html/includes/authentication/twofactor.lib.php';`
			`if (!isset($_POST['twofactor'])) {`
			`echo '<div class="well"><form class="form-horizontal" role="form" action="" method="post" name="twofactorform">';`
			`echo '<input type="hidden" name="twofactorremove" value="1" />';`
			`echo twofactor_form(false);`
			`echo '</form></div>';`
			`}`
			`else {`
			`$twofactor = dbFetchRow('SELECT twofactor FROM users WHERE username = ?', array($_SESSION['username']));`
			`if (empty($twofactor['twofactor'])) {`
changes needed to run under web server subdirectory 2015-08-11 14:54:05 -07:00			`echo '<div class="alert alert-danger">Error: How did you even get here?!</div><script>window.location = "preferences/";</script>';`
Fix coding style part 2 2015-07-13 20:10:26 +02:00			`}`
			`else {`
			`$twofactor = json_decode($twofactor['twofactor'], true);`
			`}`

			`if (verify_hotp($twofactor['key'], $_POST['twofactor'], $twofactor['counter'])) {`
			`if (!dbUpdate(array('twofactor' => ''), 'users', 'username = ?', array($_SESSION['username']))) {`
			`echo '<div class="alert alert-danger">Error while disabling TwoFactor.</div>';`
			`}`
			`else {`
			`echo '<div class="alert alert-success">TwoFactor Disabled.</div>';`
			`}`
			`}`
			`else {`
			`session_destroy();`
changes needed to run under web server subdirectory 2015-08-11 14:54:05 -07:00			`echo '<div class="alert alert-danger">Error: Supplied TwoFactor Token is wrong, you\'ve been logged out.</div><script>window.location = "' . $config['base_url'] . '";</script>';`
Fix coding style part 2 2015-07-13 20:10:26 +02:00			`}`
			`}//end if`
Added TwoFactor Authentication (RFC4226) Tested against Google-Authenticator app on Android 4.4.4 Made `verify_hotp` more efficient. Added autofocus on twofactor input Added GUI Unlock and Remove for TwoFactor credentials in /edituser/ Allow additional tries after elapsed time from last try exceeds configured parameter `$config['twofactor_lock']`. If `$config['twofactor_lock']` is not defined or is set to `0`, administrators have to unlock accounts that exceed 3 failures via GUI. Added Documentation Moved TwoFactor form to logon.inc.php Disabled autocomplete on twofactor input field Updated Docs to include link to Google-Authenticator's install-guides Moved authentication logic from authenticate.inc.php to twofactor.lib.php typo in docblock for `twofactor_auth()` Fixed scrutinizer bugs To please scrutinizer 2014-12-24 21:22:02 +00:00			`}`
Fix coding style part 2 2015-07-13 20:10:26 +02:00			`else {`
			`$twofactor = dbFetchRow('SELECT twofactor FROM users WHERE username = ?', array($_SESSION['username']));`
changes needed to run under web server subdirectory 2015-08-11 14:54:05 -07:00			`echo '<script src="js/jquery.qrcode.min.js"></script>';`
Fix coding style part 2 2015-07-13 20:10:26 +02:00			`echo '<div class="well"><h3>Two-Factor Authentication</h3>';`
			`if (!empty($twofactor['twofactor'])) {`
			`$twofactor = json_decode($twofactor['twofactor'], true);`
			`$twofactor['text'] = "<div class='form-group'>`
Added TwoFactor Authentication (RFC4226) Tested against Google-Authenticator app on Android 4.4.4 Made `verify_hotp` more efficient. Added autofocus on twofactor input Added GUI Unlock and Remove for TwoFactor credentials in /edituser/ Allow additional tries after elapsed time from last try exceeds configured parameter `$config['twofactor_lock']`. If `$config['twofactor_lock']` is not defined or is set to `0`, administrators have to unlock accounts that exceed 3 failures via GUI. Added Documentation Moved TwoFactor form to logon.inc.php Disabled autocomplete on twofactor input field Updated Docs to include link to Google-Authenticator's install-guides Moved authentication logic from authenticate.inc.php to twofactor.lib.php typo in docblock for `twofactor_auth()` Fixed scrutinizer bugs To please scrutinizer 2014-12-24 21:22:02 +00:00			`<label for='twofactorkey' class='col-sm-2 control-label'>Secret Key</label>`
			`<div class='col-sm-4'>`
			`<input type='text' name='twofactorkey' autocomplete='off' disabled class='form-control input-sm' value='".$twofactor['key']."' />`
			`</div>`
			`</div>";`
Fix coding style part 2 2015-07-13 20:10:26 +02:00			`if ($twofactor['counter'] !== false) {`
			`$twofactor['uri'] = 'otpauth://hotp/'.$_SESSION['username'].'?issuer=LibreNMS&counter='.$twofactor['counter'].'&secret='.$twofactor['key'];`
			`$twofactor['text'] .= "<div class='form-group'>`
Added TwoFactor Authentication (RFC4226) Tested against Google-Authenticator app on Android 4.4.4 Made `verify_hotp` more efficient. Added autofocus on twofactor input Added GUI Unlock and Remove for TwoFactor credentials in /edituser/ Allow additional tries after elapsed time from last try exceeds configured parameter `$config['twofactor_lock']`. If `$config['twofactor_lock']` is not defined or is set to `0`, administrators have to unlock accounts that exceed 3 failures via GUI. Added Documentation Moved TwoFactor form to logon.inc.php Disabled autocomplete on twofactor input field Updated Docs to include link to Google-Authenticator's install-guides Moved authentication logic from authenticate.inc.php to twofactor.lib.php typo in docblock for `twofactor_auth()` Fixed scrutinizer bugs To please scrutinizer 2014-12-24 21:22:02 +00:00			`<label for='twofactorcounter' class='col-sm-2 control-label'>Counter</label>`
			`<div class='col-sm-4'>`
			`<input type='text' name='twofactorcounter' autocomplete='off' disabled class='form-control input-sm' value='".$twofactor['counter']."' />`
			`</div>`
			`</div>";`
Fix coding style part 2 2015-07-13 20:10:26 +02:00			`}`
			`else {`
			`$twofactor['uri'] = 'otpauth://totp/'.$_SESSION['username'].'?issuer=LibreNMS&secret='.$twofactor['key'];`
			`}`

			`echo '<div id="twofactorqrcontainer">`
Added TwoFactor Authentication (RFC4226) Tested against Google-Authenticator app on Android 4.4.4 Made `verify_hotp` more efficient. Added autofocus on twofactor input Added GUI Unlock and Remove for TwoFactor credentials in /edituser/ Allow additional tries after elapsed time from last try exceeds configured parameter `$config['twofactor_lock']`. If `$config['twofactor_lock']` is not defined or is set to `0`, administrators have to unlock accounts that exceed 3 failures via GUI. Added Documentation Moved TwoFactor form to logon.inc.php Disabled autocomplete on twofactor input field Updated Docs to include link to Google-Authenticator's install-guides Moved authentication logic from authenticate.inc.php to twofactor.lib.php typo in docblock for `twofactor_auth()` Fixed scrutinizer bugs To please scrutinizer 2014-12-24 21:22:02 +00:00			`<div id="twofactorqr"></div>`
			`<button class="btn btn-default" onclick="$(\'#twofactorkeycontainer\').show(); $(\'#twofactorqrcontainer\').hide();">Manual</button>`
			`</div>';`
Fix coding style part 2 2015-07-13 20:10:26 +02:00			`echo '<div id="twofactorkeycontainer">`
Added TwoFactor Authentication (RFC4226) Tested against Google-Authenticator app on Android 4.4.4 Made `verify_hotp` more efficient. Added autofocus on twofactor input Added GUI Unlock and Remove for TwoFactor credentials in /edituser/ Allow additional tries after elapsed time from last try exceeds configured parameter `$config['twofactor_lock']`. If `$config['twofactor_lock']` is not defined or is set to `0`, administrators have to unlock accounts that exceed 3 failures via GUI. Added Documentation Moved TwoFactor form to logon.inc.php Disabled autocomplete on twofactor input field Updated Docs to include link to Google-Authenticator's install-guides Moved authentication logic from authenticate.inc.php to twofactor.lib.php typo in docblock for `twofactor_auth()` Fixed scrutinizer bugs To please scrutinizer 2014-12-24 21:22:02 +00:00			`<form id="twofactorkey" class="form-horizontal" role="form">'.$twofactor['text'].'</form>`
			`<button class="btn btn-default" onclick="$(\'#twofactorkeycontainer\').hide(); $(\'#twofactorqrcontainer\').show();">QR</button>`
			`</div>';`
Fix coding style part 2 2015-07-13 20:10:26 +02:00			`echo '<script>$("#twofactorqr").qrcode({"text": "'.$twofactor['uri'].'"}); $("#twofactorkeycontainer").hide();</script>';`
			`echo '<br/><form method="post" class="form-horizontal" role="form">`
Added TwoFactor Authentication (RFC4226) Tested against Google-Authenticator app on Android 4.4.4 Made `verify_hotp` more efficient. Added autofocus on twofactor input Added GUI Unlock and Remove for TwoFactor credentials in /edituser/ Allow additional tries after elapsed time from last try exceeds configured parameter `$config['twofactor_lock']`. If `$config['twofactor_lock']` is not defined or is set to `0`, administrators have to unlock accounts that exceed 3 failures via GUI. Added Documentation Moved TwoFactor form to logon.inc.php Disabled autocomplete on twofactor input field Updated Docs to include link to Google-Authenticator's install-guides Moved authentication logic from authenticate.inc.php to twofactor.lib.php typo in docblock for `twofactor_auth()` Fixed scrutinizer bugs To please scrutinizer 2014-12-24 21:22:02 +00:00			`<input type="hidden" name="twofactorremove" value="1" />`
			`<button class="btn btn-danger" type="submit">Disable TwoFactor</button>`
			`</form>';`
Fix coding style part 2 2015-07-13 20:10:26 +02:00			`}`
			`else {`
			`if (isset($_POST['gentwofactorkey']) && isset($_POST['twofactortype'])) {`
			`include_once $config['install_dir'].'/html/includes/authentication/twofactor.lib.php';`
			`$chk = dbFetchRow('SELECT twofactor FROM users WHERE username = ?', array($_SESSION['username']));`
			`if (empty($chk['twofactor'])) {`
			`$twofactor = array('key' => twofactor_genkey());`
			`if ($_POST['twofactortype'] == 'counter') {`
			`$twofactor['counter'] = 1;`
			`}`
			`else {`
			`$twofactor['counter'] = false;`
			`}`

			`if (!dbUpdate(array('twofactor' => json_encode($twofactor)), 'users', 'username = ?', array($_SESSION['username']))) {`
			`echo '<div class="alert alert-danger">Error inserting TwoFactor details. Please try again later and contact Administrator if error persists.</div>';`
			`}`
			`else {`
changes needed to run under web server subdirectory 2015-08-11 14:54:05 -07:00			`echo '<div class="alert alert-success">Added TwoFactor credentials. Please reload page.</div><script>window.location = "preferences/";</script>';`
Fix coding style part 2 2015-07-13 20:10:26 +02:00			`}`
			`}`
			`else {`
			`echo '<div class="alert alert-danger">TwoFactor credentials already exists.</div>';`
			`}`
			`}`
			`else {`
			`echo '<form method="post" class="form-horizontal" role="form">`
Added TwoFactor Authentication (RFC4226) Tested against Google-Authenticator app on Android 4.4.4 Made `verify_hotp` more efficient. Added autofocus on twofactor input Added GUI Unlock and Remove for TwoFactor credentials in /edituser/ Allow additional tries after elapsed time from last try exceeds configured parameter `$config['twofactor_lock']`. If `$config['twofactor_lock']` is not defined or is set to `0`, administrators have to unlock accounts that exceed 3 failures via GUI. Added Documentation Moved TwoFactor form to logon.inc.php Disabled autocomplete on twofactor input field Updated Docs to include link to Google-Authenticator's install-guides Moved authentication logic from authenticate.inc.php to twofactor.lib.php typo in docblock for `twofactor_auth()` Fixed scrutinizer bugs To please scrutinizer 2014-12-24 21:22:02 +00:00			`<input type="hidden" name="gentwofactorkey" value="1" />`
			`<div class="form-group">`
			`<label for="twofactortype" class="col-sm-2 control-label">TwoFactor Type</label>`
			`<div class="col-sm-4">`
			`<select name="twofactortype">`
			`<option value=""></option>`
			`<option value="counter">Counter Based (HOTP)</option>`
			`<option value="time">Time Based (TOTP)</option>`
			`</select>`
			`</div>`
			`</div>`
			`<button class="btn btn-default" type="submit">Generate TwoFactor Secret Key</button>`
			`</form>';`
Fix coding style part 2 2015-07-13 20:10:26 +02:00			`}//end if`
			`}//end if`
			`echo '</div>';`
			`}//end if`
			`}//end if`
			`}//end if`


UI changes to preferences.inc.php Screenshot: http://i.imgur.com/QaobUQv.png 2015-08-29 21:44:29 +05:30			`echo "<h3>Device Permissions</h3>";`
			`echo "<hr>";`
			`echo "<div style='background-color: #e5e5e5; border: solid #e5e5e5 10px; margin-bottom:10px;'>";`
Fix coding style part 2 2015-07-13 20:10:26 +02:00			`if ($_SESSION['userlevel'] == '10') {`
			`echo "<strong class='blue'>Global Administrative Access</strong>";`
Added TwoFactor Authentication (RFC4226) Tested against Google-Authenticator app on Android 4.4.4 Made `verify_hotp` more efficient. Added autofocus on twofactor input Added GUI Unlock and Remove for TwoFactor credentials in /edituser/ Allow additional tries after elapsed time from last try exceeds configured parameter `$config['twofactor_lock']`. If `$config['twofactor_lock']` is not defined or is set to `0`, administrators have to unlock accounts that exceed 3 failures via GUI. Added Documentation Moved TwoFactor form to logon.inc.php Disabled autocomplete on twofactor input field Updated Docs to include link to Google-Authenticator's install-guides Moved authentication logic from authenticate.inc.php to twofactor.lib.php typo in docblock for `twofactor_auth()` Fixed scrutinizer bugs To please scrutinizer 2014-12-24 21:22:02 +00:00			`}`

Fix coding style part 2 2015-07-13 20:10:26 +02:00			`if ($_SESSION['userlevel'] == '5') {`
			`echo "<strong class='green'>Global Viewing Access</strong>";`
Updated to support a demo user 2015-02-16 23:45:28 +00:00			`}`

Fix coding style part 2 2015-07-13 20:10:26 +02:00			`if ($_SESSION['userlevel'] == '1') {`
			foreach (dbFetchRows('SELECT * FROM `devices_perms` AS P, `devices` AS D WHERE `user_id` = ? AND P.device_id = D.device_id', array($_SESSION['user_id'])) as $perm) {
			`// FIXME generatedevicelink?`
			`echo "<a href='device/device=".$perm['device_id']."'>".$perm['hostname'].'</a><br />';`
			`$dev_access = 1;`
			`}`
Updates. git-svn-id: http://www.observium.org/svn/observer/trunk@130 61d68cd4-352d-0410-923a-c4978735b2b8 2008-03-09 22:49:53 +00:00
Fix coding style part 2 2015-07-13 20:10:26 +02:00			`if (!$dev_access) {`
			`echo 'No access!';`
			`}`
restructure/reindent/htmlfix html pages, remove dead code git-svn-id: http://www.observium.org/svn/observer/trunk@1897 61d68cd4-352d-0410-923a-c4978735b2b8 2011-03-17 00:09:20 +00:00			`}`
Updates. git-svn-id: http://www.observium.org/svn/observer/trunk@130 61d68cd4-352d-0410-923a-c4978735b2b8 2008-03-09 22:49:53 +00:00
Fix coding style part 2 2015-07-13 20:10:26 +02:00			`echo '</div>';`