src/Common/Auth/AuthGlobal.php

   1 <?php
   2
   3 /**
   4  * AuthGlobal class.
   5  *
   6  *   Support for authentication of encrypted hash in a global setting
   7  *
   8  * @package   OpenEMR
   9  * @link      https://www.open-emr.org
  10  * @author    Brady Miller <brady.g.miller@gmail.com>
  11  * @copyright Copyright (c) 2019-2020 Brady Miller <brady.g.miller@gmail.com>
  12  * @license   https://github.com/openemr/openemr/blob/master/LICENSE GNU General Public License 3
  13  */
  14
  15 namespace OpenEMR\Common\Auth;
  16
  17 use OpenEMR\Common\Crypto\CryptoGen;
  18
  19 class AuthGlobal
  20 {
  21     /**
  22      * @var string
  23      */
  24     private $globalSetting;
  25
  26     public function __construct($globalSetting)
  27     {
  28         $this->globalSetting = $globalSetting;
  29     }
  30
  31     public function globalVerify(string $pass): bool
  32     {
  33         if (empty($pass) || empty($this->globalSetting) || empty($GLOBALS[$this->globalSetting])) {
  34             return false;
  35         }
  36
  37         // collect and decrypt the global hash
  38         $cryptoGen = new CryptoGen();
  39         $globalHash = $cryptoGen->decryptStandard($GLOBALS[$this->globalSetting]);
  40
  41         if (empty($globalHash)) {
  42             return false;
  43         }
  44
  45         // authenticate
  46         if ((!AuthHash::hashValid($globalHash)) || (!AuthHash::passwordVerify($pass, $globalHash))) {
  47             return false;
  48         }
  49
  50         // success, now rehash if needed
  51         $authHash = new AuthHash();
  52         if ($authHash->passwordNeedsRehash($globalHash)) {
  53             $newHash = $authHash->passwordHash($pass);
  54             $newHash = $cryptoGen->encryptStandard($newHash);
  55             sqlStatement("UPDATE `globals` SET `gl_value` = ? WHERE `gl_name` = ?", [$newHash, $this->globalSetting]);
  56         }
  57
  58         return true;
  59     }
  60 }