Sindbad~EG File Manager
<?php
/**
* Two-Factor Authentication Setup Page - Members Portal
*/
require_once '../config/config.php';
require_once '../classes/MemberAuth.php';
require_once '../classes/TwoFactorAuth.php';
// Check if member is logged in
if (!MemberAuth::isMemberLoggedIn()) {
redirect('../login.php');
}
$currentMember = MemberAuth::getCurrentMember();
if (!$currentMember) {
redirect('../login.php');
}
$memberId = $currentMember['id'];
$twoFA = new TwoFactorAuth('member');
$success = '';
$error = '';
$backupCodes = [];
$qrCodeUrl = '';
$secret = '';
// Handle 2FA enable/disable for individual methods
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
if (isset($_POST['enable_totp'])) {
// Generate secret and QR code for TOTP
$secret = $twoFA->generateSecret();
$_SESSION['temp_2fa_secret'] = $secret;
$_SESSION['temp_2fa_method'] = 'totp';
$username = $currentMember['username'] ?? $currentMember['email'] ?? 'Member';
$qrCodeUrl = $twoFA->getQRCodeImageUrl($secret, $username);
} elseif (isset($_POST['verify_totp'])) {
$code = $_POST['code'] ?? '';
$secret = $_SESSION['temp_2fa_secret'] ?? '';
if ($twoFA->verifyTOTP($secret, $code)) {
$backupCodes = $twoFA->enableMethod($memberId, 'totp', $secret);
unset($_SESSION['temp_2fa_secret']);
unset($_SESSION['temp_2fa_method']);
$success = "TOTP Authenticator method enabled successfully!";
} else {
$error = "Invalid verification code. Please try again.";
$qrCodeUrl = $twoFA->getQRCodeImageUrl($secret, $currentMember['username'] ?? 'Member');
}
} elseif (isset($_POST['enable_email'])) {
$email = $_POST['email'] ?? $currentMember['email'];
$backupCodes = $twoFA->enableMethod($memberId, 'email', null, null, $email);
$success = "Email OTP method enabled successfully!";
} elseif (isset($_POST['enable_sms'])) {
$phone = $_POST['phone'] ?? '';
if (empty($phone)) {
$error = "Please provide a phone number for SMS verification.";
} else {
$backupCodes = $twoFA->enableMethod($memberId, 'sms', null, $phone, null);
$success = "SMS OTP method enabled successfully!";
}
} elseif (isset($_POST['disable_method'])) {
$method = $_POST['method'] ?? '';
if ($twoFA->disableMethod($memberId, $method)) {
$success = ucfirst($method) . " method has been disabled.";
} else {
$error = "Failed to disable " . ucfirst($method) . " method.";
}
} elseif (isset($_POST['disable_all_2fa'])) {
if ($twoFA->disable2FA($memberId)) {
$success = "All Two-Factor Authentication methods have been disabled.";
} else {
$error = "Failed to disable Two-Factor Authentication.";
}
} elseif (isset($_POST['regenerate_backup'])) {
$settings = $twoFA->get2FASettings($memberId);
if ($settings && $settings['is_enabled']) {
$backupCodes = $twoFA->generateBackupCodes();
$hashedCodes = $twoFA->hashBackupCodes($backupCodes);
$table = 'member_2fa_settings';
$db = Database::getInstance()->getConnection();
$stmt = $db->prepare("UPDATE {$table} SET backup_codes = ? WHERE member_id = ?");
$stmt->execute([json_encode($hashedCodes), $memberId]);
$success = "New backup codes generated!";
}
}
}
$settings = $twoFA->get2FASettings($memberId);
// Get settings for theme colors
$stmt = Database::getInstance()->getConnection()->query("SELECT * FROM general_settings ORDER BY id DESC LIMIT 1");
$generalSettings = $stmt->fetch();
$generalSettings = array_merge([
'site_title' => APP_NAME,
'theme_primary_color' => '#3B82F6',
'theme_secondary_color' => '#10B981'
], $generalSettings ?: []);
$pageTitle = "Security Settings - " . APP_NAME;
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title><?php echo $pageTitle; ?></title>
<script src="https://cdn.tailwindcss.com"></script>
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0/css/all.min.css">
<style>
:root {
--primary-color: <?php echo $generalSettings['theme_primary_color']; ?>;
--secondary-color: <?php echo $generalSettings['theme_secondary_color']; ?>;
}
.bg-primary { background-color: var(--primary-color); }
.bg-secondary { background-color: var(--secondary-color); }
.text-primary { color: var(--primary-color); }
.border-primary { border-color: var(--primary-color); }
.gradient-bg { background: linear-gradient(135deg, #1E40AF 0%, #9333EA 50%, #F97316 100%); }
</style>
</head>
<body class="bg-gray-50">
<!-- Member Portal Header -->
<header class="bg-white shadow-lg sticky top-0 z-50">
<div class="container mx-auto px-4">
<div class="flex items-center justify-between h-16">
<div class="flex items-center space-x-3">
<div class="w-10 h-10 rounded-xl flex items-center justify-center gradient-bg">
<i class="fas fa-church text-white"></i>
</div>
<div>
<h1 class="text-lg font-bold text-gray-800"><?php echo htmlspecialchars($generalSettings['site_title']); ?></h1>
<p class="text-xs text-gray-500">Member Portal</p>
</div>
</div>
<nav class="hidden md:flex items-center space-x-6">
<a href="dashboard.php" class="text-gray-700 hover:text-blue-600 transition">
<i class="fas fa-home mr-1"></i>Dashboard
</a>
<a href="profile.php" class="text-gray-700 hover:text-blue-600 transition">
<i class="fas fa-user mr-1"></i>Profile
</a>
<a href="account-settings.php" class="text-gray-700 hover:text-blue-600 transition">
<i class="fas fa-cog mr-1"></i>Settings
</a>
</nav>
<div class="flex items-center space-x-3">
<span class="text-sm text-gray-600 hidden md:block">Welcome, <?php echo htmlspecialchars($currentMember['full_name'] ?? 'Member'); ?></span>
<a href="../logout.php?member=1" class="text-gray-600 hover:text-red-600 transition">
<i class="fas fa-sign-out-alt mr-1"></i>Logout
</a>
</div>
</div>
</div>
</header>
<div class="min-h-screen bg-gradient-to-br from-blue-50 via-purple-50 to-pink-50 py-8">
<div class="container mx-auto px-4 max-w-4xl">
<!-- Header -->
<div class="mb-8">
<div class="flex items-center mb-4">
<a href="account-settings.php" class="mr-4 text-gray-600 hover:text-gray-800">
<i class="fas fa-arrow-left text-xl"></i>
</a>
<div>
<h1 class="text-3xl font-bold text-gray-800">
<i class="fas fa-shield-alt mr-3"></i>Security Settings
</h1>
<p class="text-gray-600 mt-2">Protect your account with two-factor authentication</p>
</div>
</div>
</div>
<?php if ($success): ?>
<div class="bg-green-50 border border-green-200 text-green-800 px-4 py-3 rounded-lg mb-6">
<i class="fas fa-check-circle mr-2"></i><?php echo htmlspecialchars($success); ?>
</div>
<?php endif; ?>
<?php if ($error): ?>
<div class="bg-red-50 border border-red-200 text-red-800 px-4 py-3 rounded-lg mb-6">
<i class="fas fa-exclamation-circle mr-2"></i><?php echo htmlspecialchars($error); ?>
</div>
<?php endif; ?>
<!-- Overall Status -->
<div class="bg-white rounded-xl shadow-lg p-6 mb-6">
<h2 class="text-xl font-bold text-gray-800 mb-4">
<i class="fas fa-info-circle mr-2"></i>Overall Status
</h2>
<?php if ($settings && $settings['is_enabled']): ?>
<?php
$enabledMethods = $twoFA->getEnabledMethods($memberId);
$methodCount = count($enabledMethods);
?>
<div class="flex items-center justify-between p-4 bg-green-50 border border-green-200 rounded-lg">
<div class="flex items-center">
<i class="fas fa-check-circle text-green-600 text-2xl mr-3"></i>
<div>
<p class="font-semibold text-green-800">2FA is Active</p>
<p class="text-sm text-green-600"><?php echo $methodCount; ?> method<?php echo $methodCount > 1 ? 's' : ''; ?> enabled</p>
</div>
</div>
<form method="POST" class="inline" onsubmit="return confirm('Disable ALL 2FA methods?');">
<button type="submit" name="disable_all_2fa" class="px-4 py-2 bg-red-500 text-white rounded-lg hover:bg-red-600 transition-colors">
<i class="fas fa-times-circle mr-2"></i>Disable All
</button>
</form>
</div>
<?php else: ?>
<div class="flex items-center p-4 bg-yellow-50 border border-yellow-200 rounded-lg">
<i class="fas fa-exclamation-triangle text-yellow-600 text-2xl mr-3"></i>
<div>
<p class="font-semibold text-yellow-800">No 2FA Methods Enabled</p>
<p class="text-sm text-yellow-600">Enable at least one method below to secure your account</p>
</div>
</div>
<?php endif; ?>
</div>
<!-- Method Management Cards -->
<div class="bg-white rounded-xl shadow-lg p-6 mb-6">
<h2 class="text-xl font-bold text-gray-800 mb-4">
<i class="fas fa-shield-alt mr-2"></i>Authentication Methods
</h2>
<p class="text-sm text-gray-600 mb-6">Enable multiple methods for maximum security and flexibility</p>
<div class="grid md:grid-cols-3 gap-6">
<!-- TOTP Method Card -->
<div class="border-2 <?php echo !empty($settings['totp_enabled']) ? 'border-green-400 bg-green-50' : 'border-gray-200'; ?> rounded-lg p-5">
<div class="text-center mb-4">
<i class="fas fa-mobile-alt text-4xl text-blue-600 mb-2"></i>
<h3 class="font-bold text-gray-800">Authenticator App</h3>
<p class="text-xs text-gray-500 mt-1">Google Authenticator, Authy</p>
</div>
<?php if (!empty($settings['totp_enabled'])): ?>
<div class="bg-green-100 text-green-800 px-3 py-2 rounded-lg text-center text-sm font-semibold mb-3">
✓ Enabled
</div>
<form method="POST" onsubmit="return confirm('Disable TOTP method?');">
<input type="hidden" name="method" value="totp">
<button type="submit" name="disable_method" class="w-full px-4 py-2 bg-red-500 text-white rounded-lg hover:bg-red-600 text-sm">
<i class="fas fa-times mr-1"></i>Disable
</button>
</form>
<?php else: ?>
<div class="bg-gray-100 text-gray-600 px-3 py-2 rounded-lg text-center text-sm mb-3">
Not Enabled
</div>
<form method="POST">
<button type="submit" name="enable_totp" class="w-full px-4 py-2 bg-gradient-to-r from-blue-600 to-purple-600 text-white rounded-lg hover:shadow-lg text-sm">
<i class="fas fa-plus mr-1"></i>Enable
</button>
</form>
<?php endif; ?>
</div>
<!-- Email OTP Method Card -->
<div class="border-2 <?php echo !empty($settings['email_enabled']) ? 'border-green-400 bg-green-50' : 'border-gray-200'; ?> rounded-lg p-5">
<div class="text-center mb-4">
<i class="fas fa-envelope text-4xl text-purple-600 mb-2"></i>
<h3 class="font-bold text-gray-800">Email OTP</h3>
<p class="text-xs text-gray-500 mt-1">Codes sent to your email</p>
</div>
<?php if (!empty($settings['email_enabled'])): ?>
<div class="bg-green-100 text-green-800 px-3 py-2 rounded-lg text-center text-sm font-semibold mb-3">
✓ Enabled
</div>
<form method="POST" onsubmit="return confirm('Disable Email OTP method?');">
<input type="hidden" name="method" value="email">
<button type="submit" name="disable_method" class="w-full px-4 py-2 bg-red-500 text-white rounded-lg hover:bg-red-600 text-sm">
<i class="fas fa-times mr-1"></i>Disable
</button>
</form>
<?php else: ?>
<div class="bg-gray-100 text-gray-600 px-3 py-2 rounded-lg text-center text-sm mb-3">
Not Enabled
</div>
<form method="POST">
<input type="email" name="email" value="<?php echo htmlspecialchars($currentMember['email'] ?? ''); ?>"
class="w-full px-3 py-2 border rounded-lg text-sm mb-2" placeholder="Email" required>
<button type="submit" name="enable_email" class="w-full px-4 py-2 bg-gradient-to-r from-purple-600 to-pink-600 text-white rounded-lg hover:shadow-lg text-sm">
<i class="fas fa-plus mr-1"></i>Enable
</button>
</form>
<?php endif; ?>
</div>
<!-- SMS OTP Method Card -->
<div class="border-2 <?php echo !empty($settings['sms_enabled']) ? 'border-green-400 bg-green-50' : 'border-gray-200'; ?> rounded-lg p-5">
<div class="text-center mb-4">
<i class="fas fa-sms text-4xl text-green-600 mb-2"></i>
<h3 class="font-bold text-gray-800">SMS OTP</h3>
<p class="text-xs text-gray-500 mt-1">Codes sent via text</p>
</div>
<?php if (!empty($settings['sms_enabled'])): ?>
<div class="bg-green-100 text-green-800 px-3 py-2 rounded-lg text-center text-sm font-semibold mb-3">
✓ Enabled
</div>
<form method="POST" onsubmit="return confirm('Disable SMS OTP method?');">
<input type="hidden" name="method" value="sms">
<button type="submit" name="disable_method" class="w-full px-4 py-2 bg-red-500 text-white rounded-lg hover:bg-red-600 text-sm">
<i class="fas fa-times mr-1"></i>Disable
</button>
</form>
<?php else: ?>
<div class="bg-gray-100 text-gray-600 px-3 py-2 rounded-lg text-center text-sm mb-3">
Not Enabled
</div>
<form method="POST">
<input type="tel" name="phone" class="w-full px-3 py-2 border rounded-lg text-sm mb-2"
placeholder="+1234567890" required>
<button type="submit" name="enable_sms" class="w-full px-4 py-2 bg-gradient-to-r from-green-600 to-teal-600 text-white rounded-lg hover:shadow-lg text-sm">
<i class="fas fa-plus mr-1"></i>Enable
</button>
</form>
<?php endif; ?>
</div>
</div>
</div>
<!-- TOTP QR Code Modal (shown when enabling TOTP) -->
<?php if ($qrCodeUrl && isset($_SESSION['temp_2fa_method']) && $_SESSION['temp_2fa_method'] === 'totp'): ?>
<div class="bg-white rounded-xl shadow-lg p-8 mb-6">
<h2 class="text-xl font-bold text-gray-800 mb-4 text-center">
<i class="fas fa-qrcode mr-2"></i>Scan QR Code
</h2>
<div class="text-center p-6 bg-gray-50 rounded-lg">
<img src="<?php echo htmlspecialchars($qrCodeUrl); ?>" alt="QR Code" class="mx-auto mb-4" />
<p class="text-sm text-gray-600 mb-2">Scan this with your authenticator app</p>
<p class="text-xs text-gray-500 mb-4">Or enter this code manually:</p>
<code class="bg-white px-4 py-2 rounded border text-base font-mono"><?php echo htmlspecialchars($secret); ?></code>
<form method="POST" class="mt-6">
<label class="block text-sm font-medium text-gray-700 mb-2">Enter 6-digit code from your app:</label>
<input type="text" name="code" maxlength="6" pattern="[0-9]{6}" required
class="w-64 mx-auto px-4 py-2 border border-gray-300 rounded-lg text-center text-2xl tracking-widest"
placeholder="000000" autofocus>
<div class="mt-4">
<button type="submit" name="verify_totp" class="px-8 py-3 bg-gradient-to-r from-blue-600 to-purple-600 text-white rounded-lg hover:shadow-lg">
<i class="fas fa-check mr-2"></i>Verify & Enable
</button>
</div>
</form>
</div>
</div>
<?php endif; ?>
<?php if (!empty($backupCodes)): ?>
<!-- Backup Codes Display -->
<div class="bg-yellow-50 border-2 border-yellow-400 rounded-xl shadow-lg p-6 mb-6">
<h2 class="text-xl font-bold text-yellow-800 mb-4">
<i class="fas fa-exclamation-triangle mr-2"></i>Save Your Backup Codes!
</h2>
<p class="text-yellow-700 mb-4">These codes can be used to access your account if you lose your device. Each code can only be used once.</p>
<div class="grid md:grid-cols-2 gap-2 bg-white p-4 rounded-lg mb-4">
<?php foreach ($backupCodes as $code): ?>
<code class="block p-2 bg-gray-100 rounded text-center font-mono font-bold"><?php echo $code; ?></code>
<?php endforeach; ?>
</div>
<button onclick="printBackupCodes()" class="px-4 py-2 bg-yellow-600 text-white rounded-lg hover:bg-yellow-700 mr-2 transition-colors">
<i class="fas fa-print mr-2"></i>Print Codes
</button>
<button onclick="copyBackupCodes()" class="px-4 py-2 bg-yellow-600 text-white rounded-lg hover:bg-yellow-700 transition-colors">
<i class="fas fa-copy mr-2"></i>Copy to Clipboard
</button>
</div>
<?php endif; ?>
<?php if ($settings && $settings['is_enabled']): ?>
<!-- Manage 2FA -->
<div class="bg-white rounded-xl shadow-lg p-6">
<h2 class="text-xl font-bold text-gray-800 mb-4">
<i class="fas fa-cog mr-2"></i>Manage 2FA
</h2>
<form method="POST" class="inline-block">
<button type="submit" name="regenerate_backup" class="px-4 py-2 bg-blue-600 text-white rounded-lg hover:bg-blue-700 transition-colors">
<i class="fas fa-sync-alt mr-2"></i>Regenerate Backup Codes
</button>
</form>
</div>
<?php endif; ?>
</div>
</div>
<script>
function selectMethod(method) {
// Hide all setup forms
document.getElementById('totp_setup').classList.add('hidden');
document.getElementById('email_setup').classList.add('hidden');
document.getElementById('sms_setup').classList.add('hidden');
// Remove all border highlights
document.querySelectorAll('[onclick^="selectMethod"]').forEach(el => {
el.classList.remove('border-blue-500', 'bg-blue-50');
el.classList.add('border-gray-200');
});
// Show selected form and highlight
document.getElementById(method + '_setup').classList.remove('hidden');
event.currentTarget.classList.remove('border-gray-200');
event.currentTarget.classList.add('border-blue-500', 'bg-blue-50');
// Check radio button
document.getElementById('method_' + method).checked = true;
}
function printBackupCodes() {
window.print();
}
function copyBackupCodes() {
const codes = <?php echo json_encode($backupCodes ?? []); ?>;
const text = codes.join('\n');
navigator.clipboard.writeText(text).then(() => {
alert('Backup codes copied to clipboard!');
});
}
</script>
<!-- Footer -->
<footer class="bg-gray-800 text-white py-6 mt-12">
<div class="container mx-auto px-4 text-center">
<p class="text-sm text-gray-400">
© <?php echo date('Y'); ?> <?php echo htmlspecialchars($generalSettings['site_title']); ?>. All rights reserved.
</p>
</div>
</footer>
<?php
// Include Chat Hub Widget
if (file_exists(__DIR__ . '/../includes/chat-hub-widget.php')) {
include '../includes/chat-hub-widget.php';
}
?>
</body>
</html>
Sindbad File Manager Version 1.0, Coded By Sindbad EG ~ The Terrorists