search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Merge pull request #1761 from sjpadgett/PP2-appointment
[openemr.git] / library / log_validation.php
blob621174ec12cbe0fccdc3072103cbbba28bf877b5
1 <?php
2 /**
3 * library/log_validation.php to validate audit logs tamper resistance.
4 *
5 * Copyright (C) 2016 Visolve <services@visolve.com>
6 *
7 * LICENSE: This program is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU General Public License
9 * as published by the Free Software Foundation; either version 3
10 * of the License, or (at your option) any later version.
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
15 * You should have received a copy of the GNU General Public License
16 * along with this program. If not, see <http://opensource.org/licenses/gpl-license.php>;.
17 *
18 * @package OpenEMR
19 * @author Visolve <services@visolve.com>
20 * @link http://www.open-emr.org
21 */
22
23
24
25
26 require_once("../interface/globals.php");
27 require_once("$srcdir/log.inc");
28
29
30 $valid = true;
31 $errors = array();
32 catch_logs();
33 $sql = sqlStatement("select * from log_validator");
34 while ($row = sqlFetchArray($sql)) {
35 $logEntry = sqlQuery("select * from log where id = ?", array($row['log_id']));
36 if (empty($logEntry)) {
37 $valid = false;
38 array_push($errors, xl("Following audit log entry number is missing") . ": " . $row['log_id']);
39 } else if ($row['log_checksum'] != $logEntry['checksum']) {
40 $valid = false;
41 array_push($errors, xl("Audit log tampering evident at entry number") . " " . $row['log_id']);
42 }
43
44 if (!$valid) {
45 break;
46 }
47 }
48
49 if ($valid) {
50 echo xl("Audit Log Validated Successfully");
51 } else {
52 echo xl("Audit Log Validation Failed") . "(ERROR:: $errors[0])";
53 }
54
55 function catch_logs()
56 {
57 $sql = sqlStatement("select * from log where id not in(select log_id from log_validator) and checksum is NOT null and checksum != ''");
58 while ($row = sqlFetchArray($sql)) {
59 sqlInsert("INSERT into log_validator (log_id,log_checksum) VALUES(?,?)", array($row['id'],$row['checksum']));
60 }
61 }
Mirror of official OpenEMR Sourceforge repository