3 * Multi-Factor Authentication Management
6 * @link http://www.open-emr.org
7 * @author Rod Roark <rod@sunsetsystems.com>
8 * @copyright Copyright (c) 2018 Rod Roark <rod@sunsetsystems.com>
9 * @license https://github.com/openemr/openemr/blob/master/LICENSE CNU General Public License 3
12 require_once('../globals.php');
14 use OpenEMR\Core\Header
;
16 function writeRow($method, $name)
18 echo " <tr><td> ";
20 echo " </td><td> ";
22 echo " </td><td>";
23 echo "<input type='button' onclick='delclick(\"" . attr(addslashes($method)) . "\", \"" .
24 attr(addslashes($name)) . "\")' value='" . xla('Delete') . "' />";
28 $userid = $_SESSION['authId'];
31 if (!empty($_POST['form_delete_method'])) {
32 if (!verifyCsrfToken($_POST["csrf_token_form"])) {
35 // Delete the indicated MFA instance.
37 "DELETE FROM login_mfa_registrations WHERE user_id = ? AND method = ? AND name = ?",
38 array($userid, $_POST['form_delete_method'], $_POST['form_delete_name'])
40 $message = xl('Delete successful.');
45 <?php Header
::setupHeader(); ?
>
46 <title
><?php
echo xlt('Manage Multi Factor Authentication'); ?
></title
>
49 function delclick(mfamethod
, mfaname
) {
50 var f
= document
.forms
[0];
51 f
.form_delete_method
.value
= mfamethod
;
52 f
.form_delete_name
.value
= mfaname
;
57 function addclick(sel
) {
60 if (sel
.value
== 'U2F') {
61 window
.location
.href
= 'mfa_u2f.php?action=reg1';
64 alert('<?php echo xls('Not yet implemented
.'); ?>');
67 sel
.selectedIndex
= 0;
72 <body
class="body_top">
73 <form method
='post' action
='mfa_registrations.php' onsubmit
='return top.restoreSession()'>
74 <input type
="hidden" name
="csrf_token_form" value
="<?php echo attr(collectCsrfToken()); ?>" />
76 <div
class="container">
78 <div
class="col-xs-12">
79 <div
class="page-header">
80 <h3
><?php
echo xlt('Manage Multi Factor Authentication'); ?
></h3
>
85 <div
class="col-xs-12">
86 <div id
="display_msg"><?php
echo text($message); ?
></div
>
90 <div
class="col-xs-12">
93 <th align
='left'> 
;<?php
echo xlt('Method'); ?
> 
;</th
>
94 <th align
='left'> 
;<?php
echo xlt('Key Name'); ?
> 
;</th
>
95 <th align
='left'> 
;<?php
echo xlt('Action'); ?
> 
;</th
>
98 $res = sqlStatement("SELECT name, method FROM login_mfa_registrations WHERE " .
99 "user_id = ? ORDER BY method, name", array($userid));
100 while ($row = sqlFetchArray($res)) {
101 writeRow($row['method'], $row['name']);
108 <div
class="col-xs-12">
110 <select name
='form_add' onchange
='addclick(this)'>
111 <option value
=''><?php
echo xlt('Add New...'); ?
></option
>
112 <option value
='U2F' ><?php
echo xlt('U2F USB Device'); ?
></option
>
113 <option value
='TOTP' disabled
><?php
echo xlt('TOTP Key'); ?
></option
>
115 <input type
='hidden' name
='form_delete_method' value
='' />
116 <input type
='hidden' name
='form_delete_name' value
='' />