admin/38451-vm
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
38451-vm/security.php
Flatlogic Bot 042f37a777 Autosave: 20260218-145853
2026-02-18 14:58:53 +00:00

257 lines
14 KiB
PHP
Raw Permalink Blame History

<?php
include __DIR__ . '/includes/header.php';
if (!$user) {
header('Location: /auth/login.php');
exit;
}
$success = '';
$error = '';
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$action = $_POST['action'] ?? '';
if ($action === 'change_login_password') {
$old_pwd = $_POST['old_password'] ?? '';
$new_pwd = $_POST['new_password'] ?? '';
$confirm_pwd = $_POST['confirm_new_password'] ?? '';
$stmt = db()->prepare("SELECT password_hash FROM users WHERE id = ?");
$stmt->execute([$user['id']]);
$current_pwd_hash = $stmt->fetchColumn();
if (!password_verify($old_pwd, $current_pwd_hash)) {
$error = __("old_pwd_incorrect");
} elseif ($new_pwd !== $confirm_pwd) {
$error = __("pwd_mismatch");
} elseif (strlen($new_pwd) < 6) {
$error = __("pwd_too_short");
} else {
$new_hash = password_hash($new_pwd, PASSWORD_DEFAULT);
$stmt = db()->prepare("UPDATE users SET password_hash = ? WHERE id = ?");
$stmt->execute([$new_hash, $user['id']]);
$success = __("pwd_changed_success");
}
} elseif ($action === 'set_trade_password') {
$trade_pwd = $_POST['trade_password'] ?? '';
$confirm_trade_pwd = $_POST['confirm_trade_password'] ?? '';
if ($trade_pwd !== $confirm_trade_pwd) {
$error = __("pwd_mismatch");
} elseif (strlen($trade_pwd) < 6) {
$error = __("pwd_too_short");
} else {
$trade_hash = password_hash($trade_pwd, PASSWORD_DEFAULT);
$stmt = db()->prepare("UPDATE users SET transaction_password = ? WHERE id = ?");
$stmt->execute([$trade_hash, $user['id']]);
$success = __("trade_pwd_updated");
}
}
}
$stmt = db()->prepare("SELECT transaction_password FROM users WHERE id = ?");
$stmt->execute([$user['id']]);
$hasTradePwd = !empty($stmt->fetchColumn());
// Calculate security level
$securityScore = 20; // Base score for having an account
if ($user['email']) $securityScore += 20;
if ($hasTradePwd) $securityScore += 20;
// Placeholders for other security features
$hasPhone = !empty($user['phone'] ?? '');
if ($hasPhone) $securityScore += 20;
$hasGoogle = !empty($user['google_2fa_secret'] ?? '');
if ($hasGoogle) $securityScore += 20;
$securityLevelKey = 'low';
$levelClass = 'bg-danger';
if ($securityScore >= 80) {
$securityLevelKey = 'high';
$levelClass = 'bg-success';
} elseif ($securityScore >= 50) {
$securityLevelKey = 'medium';
$levelClass = 'bg-warning';
}
?>
<div class="container py-4">
<div class="row justify-content-center">
<div class="col-lg-8">
<div class="mb-4">
<a href="/profile.php" class="text-white-50 text-decoration-none d-inline-flex align-items-center gap-2">
<i class="bi bi-arrow-left fs-4"></i>
<span><?= __('back') ?></span>
</a>
</div>
<div class="card bg-surface border-secondary rounded-4 shadow-lg overflow-hidden mb-4">
<div class="card-header border-secondary bg-black bg-opacity-30 p-4">
<h4 class="mb-0 fw-bold d-flex align-items-center gap-3 text-white">
<i class="bi bi-shield-lock-fill text-primary"></i>
<?= __('security') ?>
</h4>
</div>
<div class="card-body p-4 p-md-5">
<?php if ($success): ?>
<div class="alert alert-success border-0 bg-success bg-opacity-10 text-success rounded-4 mb-4">
<i class="bi bi-check-circle-fill me-2"></i><?= $success ?>
</div>
<?php endif; ?>
<?php if ($error): ?>
<div class="alert alert-danger border-0 bg-danger bg-opacity-10 text-danger rounded-4 mb-4">
<i class="bi bi-exclamation-triangle-fill me-2"></i><?= $error ?>
</div>
<?php endif; ?>
<!-- Security Level -->
<div class="mb-5">
<div class="d-flex justify-content-between align-items-center mb-3">
<h6 class="text-white fw-bold mb-0"><?= __('security_level') ?></h6>
<span class="badge <?= $levelClass ?> px-3 py-2 rounded-pill"><?= __($securityLevelKey) ?></span>
</div>
<div class="progress bg-black bg-opacity-50 rounded-pill shadow-sm" style="height: 10px;">
<div class="progress-bar <?= $levelClass ?> progress-bar-striped progress-bar-animated" role="progressbar" style="width: <?= $securityScore ?>%"></div>
</div>
</div>
<!-- Security List -->
<div class="security-list">
<!-- Phone Binding -->
<div class="d-flex align-items-center justify-content-between py-4 border-bottom border-secondary border-opacity-50">
<div class="d-flex align-items-center gap-3">
<div class="icon-box rounded-circle bg-primary bg-opacity-10 d-flex align-items-center justify-content-center" style="width: 48px; height: 48px;">
<i class="bi bi-phone text-primary fs-4"></i>
</div>
<div>
<div class="text-white fw-bold"><?= __('binding_phone') ?></div>
<div class="text-white-50 small"><?= $hasPhone ? htmlspecialchars($user['phone']) : __('not_bound') ?></div>
</div>
</div>
<a href="#" class="btn btn-outline-light btn-sm rounded-pill px-4"><?= __('update') ?></a>
</div>
<!-- Login Password -->
<div class="d-flex align-items-center justify-content-between py-4 border-bottom border-secondary border-opacity-50">
<div class="d-flex align-items-center gap-3">
<div class="icon-box rounded-circle bg-success bg-opacity-10 d-flex align-items-center justify-content-center" style="width: 48px; height: 48px;">
<i class="bi bi-key text-success fs-4"></i>
</div>
<div>
<div class="text-white fw-bold"><?= __('login_password') ?></div>
<div class="text-white-50 small">********</div>
</div>
</div>
<button type="button" class="btn btn-outline-light btn-sm rounded-pill px-4" data-bs-toggle="collapse" data-bs-target="#loginPwdForm"><?= __('update') ?></button>
</div>
<div class="collapse mt-3" id="loginPwdForm">
<div class="p-4 bg-black bg-opacity-20 rounded-4 border border-secondary mb-4">
<form method="POST">
<input type="hidden" name="action" value="change_login_password">
<div class="row g-3">
<div class="col-md-4">
<label class="form-label text-white-50 small fw-bold mb-2"><?= __('old_password') ?></label>
<input type="password" name="old_password" class="form-control bg-dark border-secondary text-white" required>
</div>
<div class="col-md-4">
<label class="form-label text-white-50 small fw-bold mb-2"><?= __('new_password') ?></label>
<input type="password" name="new_password" class="form-control bg-dark border-secondary text-white" required>
</div>
<div class="col-md-4">
<label class="form-label text-white-50 small fw-bold mb-2"><?= __('confirm_new_password') ?></label>
<input type="password" name="confirm_new_password" class="form-control bg-dark border-secondary text-white" required>
</div>
<div class="col-12">
<button type="submit" class="btn btn-primary rounded-pill px-4 mt-2"><?= __('confirm') ?></button>
</div>
</div>
</form>
</div>
</div>
<!-- Google 2FA -->
<div class="d-flex align-items-center justify-content-between py-4 border-bottom border-secondary border-opacity-50">
<div class="d-flex align-items-center gap-3">
<div class="icon-box rounded-circle bg-warning bg-opacity-10 d-flex align-items-center justify-content-center" style="width: 48px; height: 48px;">
<i class="bi bi-shield-lock text-warning fs-4"></i>
</div>
<div>
<div class="text-white fw-bold"><?= __('google_verification') ?></div>
<div class="text-white-50 small"><?= $hasGoogle ? __('bound') : __('not_bound') ?></div>
</div>
</div>
<a href="#" class="btn btn-outline-light btn-sm rounded-pill px-4"><?= __('update') ?></a>
</div>
<!-- Email Binding -->
<div class="d-flex align-items-center justify-content-between py-4">
<div class="d-flex align-items-center gap-3">
<div class="icon-box rounded-circle bg-info bg-opacity-10 d-flex align-items-center justify-content-center" style="width: 48px; height: 48px;">
<i class="bi bi-envelope text-info fs-4"></i>
</div>
<div>
<div class="text-white fw-bold"><?= __('binding_mailbox') ?></div>
<div class="text-white-50 small"><?= htmlspecialchars($user['email']) ?></div>
</div>
</div>
<a href="#" class="btn btn-outline-light btn-sm rounded-pill px-4"><?= __('update') ?></a>
</div>
</div>
<!-- Trade Password (Existing) -->
<div class="mt-5 pt-4 border-top border-secondary border-opacity-50">
<div class="d-flex align-items-center justify-content-between mb-4">
<h5 class="text-white fw-bold mb-0">
<i class="bi bi-safe2 text-warning me-2"></i> <?= __('trade_password') ?>
</h5>
<button type="button" class="btn btn-warning btn-sm rounded-pill px-4 text-dark fw-bold" data-bs-toggle="collapse" data-bs-target="#tradePwdForm">
<?= $hasTradePwd ? __('update') : __('set_password') ?>
</button>
</div>
<div class="collapse" id="tradePwdForm">
<div class="p-4 bg-black bg-opacity-20 rounded-4 border border-secondary">
<form method="POST">
<input type="hidden" name="action" value="set_trade_password">
<div class="row g-3">
<div class="col-md-6">
<label class="form-label text-white-50 small fw-bold mb-2"><?= $hasTradePwd ? __('new_password') : __('set_password') ?></label>
<input type="password" name="trade_password" class="form-control bg-dark border-secondary text-white" required>
</div>
<div class="col-md-6">
<label class="form-label text-white-50 small fw-bold mb-2"><?= __('confirm_new_password') ?></label>
<input type="password" name="confirm_trade_password" class="form-control bg-dark border-secondary text-white" required>
</div>
<div class="col-12 text-end">
<button type="submit" class="btn btn-warning rounded-pill px-5 text-dark fw-bold"><?= __('confirm') ?></button>
</div>
</div>
</form>
</div>
</div>
</div>
<div class="bg-black bg-opacity-20 rounded-4 p-4 mt-5 border border-secondary border-opacity-50">
<h6 class="text-white fw-bold mb-3 d-flex align-items-center gap-2">
<i class="bi bi-info-circle text-info"></i> <?= __('security_tips') ?>
</h6>
<ul class="text-white-50 small mb-0 ps-3">
<li class="mb-2"><?= __('security_step1') ?></li>
<li><?= __('security_step2') ?></li>
</ul>
</div>
</div>
</div>
</div>
</div>
</div>
<style>
.icon-box { transition: all 0.3s ease; }
.security-list > div:hover .icon-box { transform: scale(1.1); }
.btn-outline-light:hover { background: var(--primary); border-color: var(--primary); }
</style>
<?php include __DIR__ . '/includes/footer.php'; ?>
Reference in New Issue View Git Blame Copy Permalink