7 * Checks Swekey authentication.
9 function Swekey_auth_check()
12 $confFile = $cfg['Server']['auth_swekey_config'];
14 if (! isset($_SESSION['SWEKEY'])) {
15 $_SESSION['SWEKEY'] = array();
18 $_SESSION['SWEKEY']['ENABLED'] = (! empty($confFile) && file_exists($confFile));
20 // Load the swekey.conf file the first time
21 if ($_SESSION['SWEKEY']['ENABLED']
22 && empty($_SESSION['SWEKEY']['CONF_LOADED'])
24 $_SESSION['SWEKEY']['CONF_LOADED'] = true;
25 $_SESSION['SWEKEY']['VALID_SWEKEYS'] = array();
26 $valid_swekeys = explode("\n", @file_get_contents
($confFile));
27 foreach ($valid_swekeys as $line) {
28 if (preg_match("/^[0-9A-F]{32}:.+$/", $line) != false) {
29 $items = explode(":", $line);
30 if (count($items) == 2) {
31 $_SESSION['SWEKEY']['VALID_SWEKEYS'][$items[0]] = trim($items[1]);
33 } elseif (preg_match("/^[A-Z_]+=.*$/", $line) != false) {
34 $items = explode("=", $line);
35 $_SESSION['SWEKEY']['CONF_'.trim($items[0])] = trim($items[1]);
39 // Set default values for settings
40 if (! isset($_SESSION['SWEKEY']['CONF_SERVER_CHECK'])) {
41 $_SESSION['SWEKEY']['CONF_SERVER_CHECK'] = "";
43 if (! isset($_SESSION['SWEKEY']['CONF_SERVER_RNDTOKEN'])) {
44 $_SESSION['SWEKEY']['CONF_SERVER_RNDTOKEN'] = "";
46 if (! isset($_SESSION['SWEKEY']['CONF_SERVER_STATUS'])) {
47 $_SESSION['SWEKEY']['CONF_SERVER_STATUS'] = "";
49 if (! isset($_SESSION['SWEKEY']['CONF_CA_FILE'])) {
50 $_SESSION['SWEKEY']['CONF_CA_FILE'] = "";
52 if (! isset($_SESSION['SWEKEY']['CONF_ENABLE_TOKEN_CACHE'])) {
53 $_SESSION['SWEKEY']['CONF_ENABLE_TOKEN_CACHE'] = true;
55 if (! isset($_SESSION['SWEKEY']['CONF_DEBUG'])) {
56 $_SESSION['SWEKEY']['CONF_DEBUG'] = false;
60 // check if a web key has been authenticated
61 if ($_SESSION['SWEKEY']['ENABLED']) {
62 if (empty($_SESSION['SWEKEY']['AUTHENTICATED_SWEKEY'])) {
72 * Handle Swekey authentication error.
74 function Swekey_auth_error()
76 if (! isset($_SESSION['SWEKEY'])) {
80 if (! $_SESSION['SWEKEY']['ENABLED']) {
84 include_once './libraries/plugins/auth/swekey/authentication.inc.php';
88 function Swekey_GetValidKey()
91 foreach ($_SESSION['SWEKEY']['VALID_SWEKEYS'] as $key => $value) {
95 var connected_keys
= Swekey_ListKeyIds().split(",");
96 for (i in connected_keys
) {
97 if (connected_keys
[i
] != null && connected_keys
[i
].length
== 32) {
98 if (valids
.indexOf(connected_keys
[i
]) >= 0) {
99 return connected_keys
[i
];
105 if (connected_keys
.length
> 0) {
106 if (connected_keys
[0].length
== 32) {
107 return "unknown_key_" + connected_keys
[0];
114 var key
= Swekey_GetValidKey();
116 function timedCheck()
118 if (key
!= Swekey_GetValidKey()) {
119 window
.location
.search
= "?swekey_reset";
121 setTimeout("timedCheck()",1000);
125 setTimeout("timedCheck()",1000);
129 if (! empty($_SESSION['SWEKEY']['AUTHENTICATED_SWEKEY'])) {
133 if (count($_SESSION['SWEKEY']['VALID_SWEKEYS']) == 0) {
134 return sprintf(__('File %s does not contain any key id'), $GLOBALS['cfg']['Server']['auth_swekey_config']);
137 include_once "libraries/plugins/auth/swekey/swekey.php";
139 Swekey_SetCheckServer($_SESSION['SWEKEY']['CONF_SERVER_CHECK']);
140 Swekey_SetRndTokenServer($_SESSION['SWEKEY']['CONF_SERVER_RNDTOKEN']);
141 Swekey_SetStatusServer($_SESSION['SWEKEY']['CONF_SERVER_STATUS']);
142 Swekey_EnableTokenCache($_SESSION['SWEKEY']['CONF_ENABLE_TOKEN_CACHE']);
144 $caFile = $_SESSION['SWEKEY']['CONF_CA_FILE'];
145 if (empty($caFile)) {
147 $pos = strrpos($caFile, '/');
148 if ($pos === false) {
149 $pos = strrpos($caFile, '\\'); // windows
151 $caFile = substr($caFile, 0, $pos +
1).'musbe-ca.crt';
152 // echo "\n<!-- $caFile -->\n";
153 // if (file_exists($caFile))
154 // echo "<!-- exists -->\n";
157 if (file_exists($caFile)) {
158 Swekey_SetCAFile($caFile);
159 } elseif (! empty($caFile) && (substr($_SESSION['SWEKEY']['CONF_SERVER_CHECK'], 0, 8) == "https://")) {
160 return "Internal Error: CA File $caFile not found";
164 $swekey_id = $_GET['swekey_id'];
165 $swekey_otp = $_GET['swekey_otp'];
167 if (isset($swekey_id)) {
168 unset($_SESSION['SWEKEY']['AUTHENTICATED_SWEKEY']);
169 if (! isset($_SESSION['SWEKEY']['RND_TOKEN'])) {
172 if (strlen($swekey_id) == 32) {
173 $res = Swekey_CheckOtp($swekey_id, $_SESSION['SWEKEY']['RND_TOKEN'], $swekey_otp);
174 unset($_SESSION['SWEKEY']['RND_TOKEN']);
176 $result = __('Hardware authentication failed') . ' (' . Swekey_GetLastError() . ')';
178 $_SESSION['SWEKEY']['AUTHENTICATED_SWEKEY'] = $swekey_id;
179 $_SESSION['SWEKEY']['FORCE_USER'] = $_SESSION['SWEKEY']['VALID_SWEKEYS'][$swekey_id];
183 $result = __('No valid authentication key plugged');
184 if ($_SESSION['SWEKEY']['CONF_DEBUG']) {
185 $result .= "<br/>" . htmlspecialchars($swekey_id);
187 unset($_SESSION['SWEKEY']['CONF_LOADED']); // reload the conf file
191 unset($_SESSION['SWEKEY']);
194 $_SESSION['SWEKEY']['RND_TOKEN'] = Swekey_GetFastRndToken();
195 if (strlen($_SESSION['SWEKEY']['RND_TOKEN']) != 64) {
196 $result = __('Hardware authentication failed') . ' (' . Swekey_GetLastError() . ')';
197 unset($_SESSION['SWEKEY']['CONF_LOADED']); // reload the conf file
200 if (! isset($swekey_id)) {
203 if (key
.length
!= 32) {
204 window
.location
.search
="?swekey_id=" + key +
"&token=<?php echo $_SESSION[' PMA_token ']; ?>";
206 var url
= "" + window
.location
;
207 if (url
.indexOf("?") > 0) {
208 url
= url
.substr(0, url
.indexOf("?"));
210 Swekey_SetUnplugUrl(key
, "pma_login", url +
"?session_to_unset=<?php echo session_id();?>&token=<?php echo $_SESSION[' PMA_token ']; ?>");
211 var otp
= Swekey_GetOtp(key
, <?php
echo '"'.$_SESSION['SWEKEY']['RND_TOKEN'].'"';?
>);
212 window
.location
.search
="?swekey_id=" + key +
"&swekey_otp=" + otp +
"&token=<?php echo $_SESSION[' PMA_token ']; ?>";
216 return __('Authenticating…');
224 * Perform login using Swekey.
226 function Swekey_login($input_name, $input_go)
228 $swekeyErr = Swekey_auth_error();
229 if ($swekeyErr != null) {
230 PMA_Message
::error($swekeyErr)->display();
231 if ($GLOBALS['error_handler']->hasDisplayErrors()) {
233 $GLOBALS['error_handler']->dispErrors();
238 if (isset($_SESSION['SWEKEY']) && $_SESSION['SWEKEY']['ENABLED']) {
239 echo '<script type="text/javascript">';
240 if (empty($_SESSION['SWEKEY']['FORCE_USER'])) {
241 echo 'var user = null;';
243 echo 'var user = "'.$_SESSION['SWEKEY']['FORCE_USER'].'";';
247 function open_swekey_site()
249 window
.open("<?php echo PMA_linkURL('http://phpmyadmin.net/auth_key'); ?>");
252 var input_username
= document
.getElementById("<?php echo $input_name; ?>");
253 var input_go
= document
.getElementById("<?php echo $input_go; ?>");
254 var swekey_status
= document
.createElement('img');
255 swekey_status
.setAttribute('onclick', 'open_swekey_site()');
256 swekey_status
.setAttribute('style', 'width:8px; height:16px; border:0px; vspace:0px; hspace:0px; frameborder:no');
258 swekey_status
.setAttribute('src', 'http://artwork.swekey.com/unplugged-8x16.png');
259 //swekey_status.setAttribute('title', 'No swekey plugged');
260 input_go
.disabled
= true;
262 swekey_status
.setAttribute('src', 'http://artwork.swekey.com/plugged-8x16.png');
263 //swekey_status.setAttribute('title', 'swekey plugged');
264 input_username
.value
= user
;
266 input_username
.readOnly
= true;
268 if (input_username
.nextSibling
== null) {
269 input_username
.parentNode
.appendChild(swekey_status
);
271 input_username
.parentNode
.insertBefore(swekey_status
, input_username
.nextSibling
);
279 if (!empty($_GET['session_to_unset'])) {
280 session_write_close();
281 session_id($_GET['session_to_unset']);
284 session_write_close();
289 if (isset($_GET['swekey_reset'])) {
290 unset($_SESSION['SWEKEY']);