search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Upgraded phpmyadmin to 4.0.4 (All Languages) - No modifications yet
[openemr.git] / phpmyadmin / libraries / plugins / auth / swekey / swekey.auth.lib.php
blob2231de469d19e8e29f4946dd12eb14c9fa827541
1 <?php
2 /**
3 * @package Swekey
4 */
5
6 /**
7 * Checks Swekey authentication.
8 */
9 function Swekey_auth_check()
10 {
11 global $cfg;
12 $confFile = $cfg['Server']['auth_swekey_config'];
13
14 if (! isset($_SESSION['SWEKEY'])) {
15 $_SESSION['SWEKEY'] = array();
16 }
17
18 $_SESSION['SWEKEY']['ENABLED'] = (! empty($confFile) && file_exists($confFile));
19
20 // Load the swekey.conf file the first time
21 if ($_SESSION['SWEKEY']['ENABLED']
22 && empty($_SESSION['SWEKEY']['CONF_LOADED'])
23 ) {
24 $_SESSION['SWEKEY']['CONF_LOADED'] = true;
25 $_SESSION['SWEKEY']['VALID_SWEKEYS'] = array();
26 $valid_swekeys = explode("\n", @file_get_contents($confFile));
27 foreach ($valid_swekeys as $line) {
28 if (preg_match("/^[0-9A-F]{32}:.+$/", $line) != false) {
29 $items = explode(":", $line);
30 if (count($items) == 2) {
31 $_SESSION['SWEKEY']['VALID_SWEKEYS'][$items[0]] = trim($items[1]);
32 }
33 } elseif (preg_match("/^[A-Z_]+=.*$/", $line) != false) {
34 $items = explode("=", $line);
35 $_SESSION['SWEKEY']['CONF_'.trim($items[0])] = trim($items[1]);
36 }
37 }
38
39 // Set default values for settings
40 if (! isset($_SESSION['SWEKEY']['CONF_SERVER_CHECK'])) {
41 $_SESSION['SWEKEY']['CONF_SERVER_CHECK'] = "";
42 }
43 if (! isset($_SESSION['SWEKEY']['CONF_SERVER_RNDTOKEN'])) {
44 $_SESSION['SWEKEY']['CONF_SERVER_RNDTOKEN'] = "";
45 }
46 if (! isset($_SESSION['SWEKEY']['CONF_SERVER_STATUS'])) {
47 $_SESSION['SWEKEY']['CONF_SERVER_STATUS'] = "";
48 }
49 if (! isset($_SESSION['SWEKEY']['CONF_CA_FILE'])) {
50 $_SESSION['SWEKEY']['CONF_CA_FILE'] = "";
51 }
52 if (! isset($_SESSION['SWEKEY']['CONF_ENABLE_TOKEN_CACHE'])) {
53 $_SESSION['SWEKEY']['CONF_ENABLE_TOKEN_CACHE'] = true;
54 }
55 if (! isset($_SESSION['SWEKEY']['CONF_DEBUG'])) {
56 $_SESSION['SWEKEY']['CONF_DEBUG'] = false;
57 }
58 }
59
60 // check if a web key has been authenticated
61 if ($_SESSION['SWEKEY']['ENABLED']) {
62 if (empty($_SESSION['SWEKEY']['AUTHENTICATED_SWEKEY'])) {
63 return false;
64 }
65 }
66
67 return true;
68 }
69
70
71 /**
72 * Handle Swekey authentication error.
73 */
74 function Swekey_auth_error()
75 {
76 if (! isset($_SESSION['SWEKEY'])) {
77 return null;
78 }
79
80 if (! $_SESSION['SWEKEY']['ENABLED']) {
81 return null;
82 }
83
84 include_once './libraries/plugins/auth/swekey/authentication.inc.php';
85
86 ?>
87 <script>
88 function Swekey_GetValidKey()
89 {
90 var valids = "<?php
91 foreach ($_SESSION['SWEKEY']['VALID_SWEKEYS'] as $key => $value) {
92 echo $key.',';
93 }
94 ?>";
95 var connected_keys = Swekey_ListKeyIds().split(",");
96 for (i in connected_keys) {
97 if (connected_keys[i] != null && connected_keys[i].length == 32) {
98 if (valids.indexOf(connected_keys[i]) >= 0) {
99 return connected_keys[i];
100 }
101 }
102 }
103
104
105 if (connected_keys.length > 0) {
106 if (connected_keys[0].length == 32) {
107 return "unknown_key_" + connected_keys[0];
108 }
109 }
110
111 return "none";
112 }
113
114 var key = Swekey_GetValidKey();
115
116 function timedCheck()
117 {
118 if (key != Swekey_GetValidKey()) {
119 window.location.search = "?swekey_reset";
120 } else {
121 setTimeout("timedCheck()",1000);
122 }
123 }
124
125 setTimeout("timedCheck()",1000);
126 </script>
127 <?php
128
129 if (! empty($_SESSION['SWEKEY']['AUTHENTICATED_SWEKEY'])) {
130 return null;
131 }
132
133 if (count($_SESSION['SWEKEY']['VALID_SWEKEYS']) == 0) {
134 return sprintf(__('File %s does not contain any key id'), $GLOBALS['cfg']['Server']['auth_swekey_config']);
135 }
136
137 include_once "libraries/plugins/auth/swekey/swekey.php";
138
139 Swekey_SetCheckServer($_SESSION['SWEKEY']['CONF_SERVER_CHECK']);
140 Swekey_SetRndTokenServer($_SESSION['SWEKEY']['CONF_SERVER_RNDTOKEN']);
141 Swekey_SetStatusServer($_SESSION['SWEKEY']['CONF_SERVER_STATUS']);
142 Swekey_EnableTokenCache($_SESSION['SWEKEY']['CONF_ENABLE_TOKEN_CACHE']);
143
144 $caFile = $_SESSION['SWEKEY']['CONF_CA_FILE'];
145 if (empty($caFile)) {
146 $caFile = __FILE__;
147 $pos = strrpos($caFile, '/');
148 if ($pos === false) {
149 $pos = strrpos($caFile, '\\'); // windows
150 }
151 $caFile = substr($caFile, 0, $pos + 1).'musbe-ca.crt';
152 // echo "\n<!-- $caFile -->\n";
153 // if (file_exists($caFile))
154 // echo "<!-- exists -->\n";
155 }
156
157 if (file_exists($caFile)) {
158 Swekey_SetCAFile($caFile);
159 } elseif (! empty($caFile) && (substr($_SESSION['SWEKEY']['CONF_SERVER_CHECK'], 0, 8) == "https://")) {
160 return "Internal Error: CA File $caFile not found";
161 }
162
163 $result = null;
164 $swekey_id = $_GET['swekey_id'];
165 $swekey_otp = $_GET['swekey_otp'];
166
167 if (isset($swekey_id)) {
168 unset($_SESSION['SWEKEY']['AUTHENTICATED_SWEKEY']);
169 if (! isset($_SESSION['SWEKEY']['RND_TOKEN'])) {
170 unset($swekey_id);
171 } else {
172 if (strlen($swekey_id) == 32) {
173 $res = Swekey_CheckOtp($swekey_id, $_SESSION['SWEKEY']['RND_TOKEN'], $swekey_otp);
174 unset($_SESSION['SWEKEY']['RND_TOKEN']);
175 if (! $res) {
176 $result = __('Hardware authentication failed') . ' (' . Swekey_GetLastError() . ')';
177 } else {
178 $_SESSION['SWEKEY']['AUTHENTICATED_SWEKEY'] = $swekey_id;
179 $_SESSION['SWEKEY']['FORCE_USER'] = $_SESSION['SWEKEY']['VALID_SWEKEYS'][$swekey_id];
180 return null;
181 }
182 } else {
183 $result = __('No valid authentication key plugged');
184 if ($_SESSION['SWEKEY']['CONF_DEBUG']) {
185 $result .= "<br/>" . htmlspecialchars($swekey_id);
186 }
187 unset($_SESSION['SWEKEY']['CONF_LOADED']); // reload the conf file
188 }
189 }
190 } else {
191 unset($_SESSION['SWEKEY']);
192 }
193
194 $_SESSION['SWEKEY']['RND_TOKEN'] = Swekey_GetFastRndToken();
195 if (strlen($_SESSION['SWEKEY']['RND_TOKEN']) != 64) {
196 $result = __('Hardware authentication failed') . ' (' . Swekey_GetLastError() . ')';
197 unset($_SESSION['SWEKEY']['CONF_LOADED']); // reload the conf file
198 }
199
200 if (! isset($swekey_id)) {
201 ?>
202 <script>
203 if (key.length != 32) {
204 window.location.search="?swekey_id=" + key + "&token=<?php echo $_SESSION[' PMA_token ']; ?>";
205 } else {
206 var url = "" + window.location;
207 if (url.indexOf("?") > 0) {
208 url = url.substr(0, url.indexOf("?"));
209 }
210 Swekey_SetUnplugUrl(key, "pma_login", url + "?session_to_unset=<?php echo session_id();?>&token=<?php echo $_SESSION[' PMA_token ']; ?>");
211 var otp = Swekey_GetOtp(key, <?php echo '"'.$_SESSION['SWEKEY']['RND_TOKEN'].'"';?>);
212 window.location.search="?swekey_id=" + key + "&swekey_otp=" + otp + "&token=<?php echo $_SESSION[' PMA_token ']; ?>";
213 }
214 </script>
215 <?php
216 return __('Authenticating…');
217 }
218
219 return $result;
220 }
221
222
223 /**
224 * Perform login using Swekey.
225 */
226 function Swekey_login($input_name, $input_go)
227 {
228 $swekeyErr = Swekey_auth_error();
229 if ($swekeyErr != null) {
230 PMA_Message::error($swekeyErr)->display();
231 if ($GLOBALS['error_handler']->hasDisplayErrors()) {
232 echo '<div>';
233 $GLOBALS['error_handler']->dispErrors();
234 echo '</div>';
235 }
236 }
237
238 if (isset($_SESSION['SWEKEY']) && $_SESSION['SWEKEY']['ENABLED']) {
239 echo '<script type="text/javascript">';
240 if (empty($_SESSION['SWEKEY']['FORCE_USER'])) {
241 echo 'var user = null;';
242 } else {
243 echo 'var user = "'.$_SESSION['SWEKEY']['FORCE_USER'].'";';
244 }
245
246 ?>
247 function open_swekey_site()
248 {
249 window.open("<?php echo PMA_linkURL('http://phpmyadmin.net/auth_key'); ?>");
250 }
251
252 var input_username = document.getElementById("<?php echo $input_name; ?>");
253 var input_go = document.getElementById("<?php echo $input_go; ?>");
254 var swekey_status = document.createElement('img');
255 swekey_status.setAttribute('onclick', 'open_swekey_site()');
256 swekey_status.setAttribute('style', 'width:8px; height:16px; border:0px; vspace:0px; hspace:0px; frameborder:no');
257 if (user == null) {
258 swekey_status.setAttribute('src', 'http://artwork.swekey.com/unplugged-8x16.png');
259 //swekey_status.setAttribute('title', 'No swekey plugged');
260 input_go.disabled = true;
261 } else {
262 swekey_status.setAttribute('src', 'http://artwork.swekey.com/plugged-8x16.png');
263 //swekey_status.setAttribute('title', 'swekey plugged');
264 input_username.value = user;
265 }
266 input_username.readOnly = true;
267
268 if (input_username.nextSibling == null) {
269 input_username.parentNode.appendChild(swekey_status);
270 } else {
271 input_username.parentNode.insertBefore(swekey_status, input_username.nextSibling);
272 }
273
274 <?php
275 echo '</script>';
276 }
277 }
278
279 if (!empty($_GET['session_to_unset'])) {
280 session_write_close();
281 session_id($_GET['session_to_unset']);
282 session_start();
283 $_SESSION = array();
284 session_write_close();
285 session_destroy();
286 exit;
287 }
288
289 if (isset($_GET['swekey_reset'])) {
290 unset($_SESSION['SWEKEY']);
291 }
292
293 ?>
Mirror of official OpenEMR Sourceforge repository