This commit is contained in:
@@ -17,6 +17,7 @@ if (!isset($_SESSION["logged_in"]) || $_SESSION["logged_in"] !== true) {
|
||||
<!-- Bootstrap CSS -->
|
||||
<?php
|
||||
include "../assets/components.php";
|
||||
print_csrf_script();
|
||||
?>
|
||||
<script src="https://cdn.rawgit.com/davidshimjs/qrcodejs/gh-pages/qrcode.min.js"></script>
|
||||
<link href="https://fonts.googleapis.com/icon?family=Material+Icons" rel="stylesheet"> <!-- Google Material Icons -->
|
||||
@@ -259,7 +260,8 @@ if (!isset($_SESSION["logged_in"]) || $_SESSION["logged_in"] !== true) {
|
||||
fetch('/api/account/update_user_data.php', {
|
||||
method: 'POST',
|
||||
headers: {
|
||||
'Content-Type': 'application/json'
|
||||
'Content-Type': 'application/json',
|
||||
'X-CSRF-Token': window.csrfToken
|
||||
},
|
||||
body: JSON.stringify(updatedUser)
|
||||
})
|
||||
@@ -306,7 +308,8 @@ if (!isset($_SESSION["logged_in"]) || $_SESSION["logged_in"] !== true) {
|
||||
fetch('/api/account/update_pw.php', {
|
||||
method: 'POST',
|
||||
headers: {
|
||||
'Content-Type': 'application/json'
|
||||
'Content-Type': 'application/json',
|
||||
'X-CSRF-Token': window.csrfToken
|
||||
},
|
||||
body: JSON.stringify(passwordData)
|
||||
})
|
||||
@@ -346,6 +349,7 @@ if (!isset($_SESSION["logged_in"]) || $_SESSION["logged_in"] !== true) {
|
||||
method: 'POST',
|
||||
headers: {
|
||||
'Content-Type': 'application/json',
|
||||
'X-CSRF-Token': window.csrfToken,
|
||||
},
|
||||
body: JSON.stringify({
|
||||
enable_2fa: isEnabled, // Send the new state of 2FA
|
||||
@@ -384,6 +388,7 @@ if (!isset($_SESSION["logged_in"]) || $_SESSION["logged_in"] !== true) {
|
||||
method: 'POST',
|
||||
headers: {
|
||||
'Content-Type': 'application/json',
|
||||
'X-CSRF-Token': window.csrfToken,
|
||||
},
|
||||
body: JSON.stringify({
|
||||
enable_message: isEnabled, // Send the new state of 2FA
|
||||
@@ -476,6 +481,9 @@ function generate2FAQRCode(issuer, accountName, secret) {
|
||||
rep = await window.fetch('/api/account/update_passkey.php?fn=processCreate' + getGetParams(), {
|
||||
//rep = await window.fetch('/test/server.php?fn=processCreate' + getGetParams(), {
|
||||
method : 'POST',
|
||||
headers : {
|
||||
'X-CSRF-Token': window.csrfToken
|
||||
},
|
||||
body : JSON.stringify(authenticatorAttestationResponse),
|
||||
cache : 'no-cache'
|
||||
});
|
||||
@@ -620,7 +628,12 @@ function generate2FAQRCode(issuer, accountName, secret) {
|
||||
}
|
||||
}
|
||||
function delete_all_logmein(){
|
||||
fetch("/api/login/delete_keepmeloggedin.php");
|
||||
fetch("/api/login/delete_keepmeloggedin.php", {
|
||||
method: "POST",
|
||||
headers: {
|
||||
"X-CSRF-Token": window.csrfToken
|
||||
}
|
||||
});
|
||||
}
|
||||
</script>
|
||||
|
||||
|
||||
@@ -1,3 +1,11 @@
|
||||
<?php
|
||||
include "../api/utils/security.php";
|
||||
secure_session_start();
|
||||
if (!isset($_SESSION["logged_in"]) || $_SESSION["logged_in"] !== true || !is_admin_session()) {
|
||||
header("LOCATION:/?send_to=/account/");
|
||||
exit();
|
||||
}
|
||||
?>
|
||||
<!DOCTYPE html>
|
||||
<html lang="en" data-bs-theme="dark">
|
||||
<head>
|
||||
@@ -6,6 +14,7 @@
|
||||
<title>User Management</title>
|
||||
<?php
|
||||
include "../assets/components.php";
|
||||
print_csrf_script();
|
||||
?>
|
||||
</head>
|
||||
<body>
|
||||
@@ -58,7 +67,12 @@
|
||||
if (!confirm('Are you sure you want to delete this user?')) return;
|
||||
|
||||
try {
|
||||
const response = await fetch(`/api/manage/delete_user.php?id=${userId}`, { method: 'DELETE' });
|
||||
const response = await fetch(`/api/manage/delete_user.php?id=${userId}`, {
|
||||
method: 'DELETE',
|
||||
headers: {
|
||||
'X-CSRF-Token': window.csrfToken
|
||||
}
|
||||
});
|
||||
const data = await response.json();
|
||||
|
||||
if (data.success) {
|
||||
|
||||
Reference in New Issue
Block a user