QwikClock is an employee time tracking app.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

action.php 2.0KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162
  1. <?php
  2. /**
  3. * Make things happen when buttons are pressed and forms submitted.
  4. */
  5. use LdapTools\LdapManager;
  6. use LdapTools\Object\LdapObjectType;
  7. require_once __DIR__ . "/required.php";
  8. dieifnotloggedin();
  9. require_once __DIR__ . "/lib/login.php";
  10. require_once __DIR__ . "/lib/worst_passwords.php";
  11. function returnToSender($msg, $arg = "") {
  12. global $VARS;
  13. if ($arg == "") {
  14. header("Location: app.php?page=" . urlencode($VARS['source']) . "&msg=" . $msg);
  15. } else {
  16. header("Location: app.php?page=" . urlencode($VARS['source']) . "&msg=$msg&arg=$arg");
  17. }
  18. die();
  19. }
  20. switch ($VARS['action']) {
  21. case "signout":
  22. session_destroy();
  23. header('Location: index.php');
  24. die("Logged out.");
  25. case "chpasswd":
  26. if ($_SESSION['password'] == $VARS['oldpass']) {
  27. if ($VARS['newpass'] == $VARS['conpass']) {
  28. $passrank = checkWorst500List($VARS['newpass']);
  29. if ($passrank !== FALSE) {
  30. returnToSender("password_500", $passrank);
  31. }
  32. if (strlen($VARS['newpass']) < MIN_PASSWORD_LENGTH) {
  33. returnToSender("weak_password");
  34. }
  35. $database->update('accounts', ['password' => encryptPassword($VARS['newpass'])], ['uid' => $_SESSION['uid']]);
  36. $_SESSION['password'] = $VARS['newpass'];
  37. returnToSender("password_updated");
  38. } else {
  39. returnToSender("new_password_mismatch");
  40. }
  41. } else {
  42. returnToSender("old_password_mismatch");
  43. }
  44. break;
  45. case "add2fa":
  46. if (is_empty($VARS['secret'])) {
  47. returnToSender("invalid_parameters");
  48. }
  49. $database->update('accounts', ['authsecret' => $VARS['secret']], ['uid' => $_SESSION['uid']]);
  50. returnToSender("2fa_enabled");
  51. case "rm2fa":
  52. $database->update('accounts', ['authsecret' => ""], ['uid' => $_SESSION['uid']]);
  53. returnToSender("2fa_removed");
  54. break;
  55. }