From 4bd3dad3deea8de3aab10f9ef8d1aa318857e64f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E2=80=9CVeLiTi=E2=80=9D?= <“info@veliti.nl”>
Date: Tue, 16 Apr 2024 14:54:31 +0200
Subject: [PATCH] CIM67 - Update Block users

---
 api/v1/authorization.php |  4 +++-
 login.php                |  2 +-
 user.php                 | 10 +++++++++-
 users.php                |  4 ++--
 4 files changed, 15 insertions(+), 5 deletions(-)

diff --git a/api/v1/authorization.php b/api/v1/authorization.php
index bb5fb69..f7ee295 100644
--- a/api/v1/authorization.php
+++ b/api/v1/authorization.php
@@ -71,7 +71,9 @@ if ($stmt->rowCount() == 1) {
                 $messages = generate_payload($user);
                 //Send results
                 print_r($messages); 
-                } else {
+                
+            } 
+            else {
                     //Update Login count with failed attempt
                     $login_attempt = $user_data['login_count'] + 1;
                     $stmt_login = $pdo->prepare($sql_login);
diff --git a/login.php b/login.php
index 0a55f31..f837983 100644
--- a/login.php
+++ b/login.php
@@ -50,7 +50,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
       if ($responses === 'NOK'){
           $retry++;
           $password_err = 'Not authorized, please retry';
-        } elseif ($responses == 1){
+        } elseif ($responses == '1'){
           $password_err = 'Too many login attempts. User blocked, please contact your administrator';
         } else {
         // Start a new session
diff --git a/user.php b/user.php
index 9678a57..3c38ffa 100644
--- a/user.php
+++ b/user.php
@@ -265,6 +265,14 @@ $view .= '
        </div>
 </div>';
 
+
+//SUPERUSERS AND ADMINS CAN RESET BLOCKED USERS
+if ($_SESSION['permission'] == 3 || $_SESSION['permission'] == 4){
+    $login_count = '<input id="name" type="text" name="login_count" placeholder="'.$User_pw_login_count.'" value="'.$user['login_count'].'">';
+} else {
+    $login_count = '<input id="name" type="text" name="" placeholder="'.$User_pw_login_count.'" value="'.$user['login_count'].'" readonly>';
+}
+
 $view .= '<div class="content-block tab-content">
         <div class="form responsive-width-100">
             <label for="">'.$general_created.'</label>
@@ -272,7 +280,7 @@ $view .= '<div class="content-block tab-content">
             <label for="">'.$User_lastlogin.'</label>
             <input id="name" type="text" name="" placeholder="'.$User_lastlogin.'" value="'.$user['lastlogin'].'" readonly>
             <label for="">'.$User_pw_login_count.'</label>
-            <input id="name" type="text" name="" placeholder="'.$User_pw_login_count.'" value="'.$user['login_count'].'" readonly>
+            '.$login_count.'
         </div>
     </div>';
 
diff --git a/users.php b/users.php
index 7b3a1cb..e191556 100644
--- a/users.php
+++ b/users.php
@@ -135,8 +135,8 @@ $view .= '
                 $permission_user = 'permission'.$response->view;
                 $view .= ' 
                     <tr>
-                    <td class="responsive-hidden">'.(($response->login_count > 4)? '<span class="status disabled">'.$User_block:'').'</td>
-                    <td class="responsive-hidden">'.(($response->userkey &&  $response->userkey !='')? '<span class="status enabled">'.$enabled:'<span class="status">'.$disabled).'</td>
+                    <td class="responsive-hidden"></td>
+                    <td class="responsive-hidden">'.(($response->login_count > 4)? '<span class="status disabled">'.$User_block:(($response->userkey &&  $response->userkey !='')? '<span class="status enabled">'.$enabled:'<span class="status">'.$disabled)).'</td>
                     <td class="responsive-hidden">'.(($response->service &&  $response->service !='')? '<span class="status enabled">'.$enabled:'<span class="status">'.$disabled).'</td>
                     <td>'.$response->username.'</td>
                     <td>'.$response->partnerhierarchy.'</td>