7 * Checks Swekey authentication.
9 function Swekey_auth_check()
12 $confFile = $cfg['Server']['auth_swekey_config'];
14 if (! isset($_SESSION['SWEKEY'])) {
15 $_SESSION['SWEKEY'] = array();
18 $_SESSION['SWEKEY']['ENABLED'] = (! empty($confFile) && file_exists($confFile));
20 // Load the swekey.conf file the first time
21 if ($_SESSION['SWEKEY']['ENABLED'] && empty($_SESSION['SWEKEY']['CONF_LOADED'])) {
22 $_SESSION['SWEKEY']['CONF_LOADED'] = true;
23 $_SESSION['SWEKEY']['VALID_SWEKEYS'] = array();
24 $valid_swekeys = explode("\n", @file_get_contents
($confFile));
25 foreach ($valid_swekeys as $line) {
26 if (preg_match("/^[0-9A-F]{32}:.+$/", $line) != false)
28 $items = explode(":", $line);
29 if (count($items) == 2)
30 $_SESSION['SWEKEY']['VALID_SWEKEYS'][$items[0]] = trim($items[1]);
32 else if (preg_match("/^[A-Z_]+=.*$/", $line) != false) {
33 $items = explode("=", $line);
34 $_SESSION['SWEKEY']['CONF_'.trim($items[0])] = trim($items[1]);
38 // Set default values for settings
39 if (! isset($_SESSION['SWEKEY']['CONF_SERVER_CHECK']))
40 $_SESSION['SWEKEY']['CONF_SERVER_CHECK'] = "";
41 if (! isset($_SESSION['SWEKEY']['CONF_SERVER_RNDTOKEN']))
42 $_SESSION['SWEKEY']['CONF_SERVER_RNDTOKEN'] = "";
43 if (! isset($_SESSION['SWEKEY']['CONF_SERVER_STATUS']))
44 $_SESSION['SWEKEY']['CONF_SERVER_STATUS'] = "";
45 if (! isset($_SESSION['SWEKEY']['CONF_CA_FILE']))
46 $_SESSION['SWEKEY']['CONF_CA_FILE'] = "";
47 if (! isset($_SESSION['SWEKEY']['CONF_ENABLE_TOKEN_CACHE']))
48 $_SESSION['SWEKEY']['CONF_ENABLE_TOKEN_CACHE'] = true;
49 if (! isset($_SESSION['SWEKEY']['CONF_DEBUG']))
50 $_SESSION['SWEKEY']['CONF_DEBUG'] = false;
53 // check if a web key has been authenticated
54 if ($_SESSION['SWEKEY']['ENABLED']) {
55 if (empty($_SESSION['SWEKEY']['AUTHENTICATED_SWEKEY']))
64 * Handle Swekey authentication error.
66 function Swekey_auth_error()
68 if (! isset($_SESSION['SWEKEY']))
71 if (! $_SESSION['SWEKEY']['ENABLED'])
74 require_once './libraries/auth/swekey/authentication.inc.php';
78 function Swekey_GetValidKey()
81 foreach ($_SESSION['SWEKEY']['VALID_SWEKEYS'] as $key => $value)
84 var connected_keys
= Swekey_ListKeyIds().split(",");
85 for (i in connected_keys
)
86 if (connected_keys
[i
] != null && connected_keys
[i
].length
== 32)
87 if (valids
.indexOf(connected_keys
[i
]) >= 0)
88 return connected_keys
[i
];
91 if (connected_keys
.length
> 0)
92 if (connected_keys
[0].length
== 32)
93 return "unknown_key_" + connected_keys
[0];
98 var key
= Swekey_GetValidKey();
100 function timedCheck()
102 if (key
!= Swekey_GetValidKey())
104 window
.location
.search
= "?swekey_reset";
107 setTimeout("timedCheck()",1000);
110 setTimeout("timedCheck()",1000);
114 if (! empty($_SESSION['SWEKEY']['AUTHENTICATED_SWEKEY']))
117 if (count($_SESSION['SWEKEY']['VALID_SWEKEYS']) == 0)
118 return sprintf(__('File %s does not contain any key id'), $GLOBALS['cfg']['Server']['auth_swekey_config']);
120 require_once "./libraries/auth/swekey/swekey.php";
122 Swekey_SetCheckServer($_SESSION['SWEKEY']['CONF_SERVER_CHECK']);
123 Swekey_SetRndTokenServer($_SESSION['SWEKEY']['CONF_SERVER_RNDTOKEN']);
124 Swekey_SetStatusServer($_SESSION['SWEKEY']['CONF_SERVER_STATUS']);
125 Swekey_EnableTokenCache($_SESSION['SWEKEY']['CONF_ENABLE_TOKEN_CACHE']);
127 $caFile = $_SESSION['SWEKEY']['CONF_CA_FILE'];
131 $pos = strrpos($caFile, '/');
133 $pos = strrpos($caFile, '\\'); // windows
134 $caFile = substr($caFile, 0, $pos +
1).'musbe-ca.crt';
135 // echo "\n<!-- $caFile -->\n";
136 // if (file_exists($caFile))
137 // echo "<!-- exists -->\n";
140 if (file_exists($caFile))
141 Swekey_SetCAFile($caFile);
142 else if (! empty($caFile) && (substr($_SESSION['SWEKEY']['CONF_SERVER_CHECK'], 0, 8) == "https://"))
143 return "Internal Error: CA File $caFile not found";
146 parse_str($_SERVER['QUERY_STRING']);
147 if (isset($swekey_id)) {
148 unset($_SESSION['SWEKEY']['AUTHENTICATED_SWEKEY']);
149 if (! isset($_SESSION['SWEKEY']['RND_TOKEN'])) {
153 if (strlen($swekey_id) == 32) {
154 $res = Swekey_CheckOtp($swekey_id, $_SESSION['SWEKEY']['RND_TOKEN'], $swekey_otp);
155 unset($_SESSION['SWEKEY']['RND_TOKEN']);
157 $result = __('Hardware authentication failed') . ' (' . Swekey_GetLastError() . ')';
160 $_SESSION['SWEKEY']['AUTHENTICATED_SWEKEY'] = $swekey_id;
161 $_SESSION['SWEKEY']['FORCE_USER'] = $_SESSION['SWEKEY']['VALID_SWEKEYS'][$swekey_id];
166 $result = __('No valid authentication key plugged');
167 if ($_SESSION['SWEKEY']['CONF_DEBUG'])
169 $result .= "<br>".$swekey_id;
171 unset($_SESSION['SWEKEY']['CONF_LOADED']); // reload the conf file
176 unset($_SESSION['SWEKEY']);
178 $_SESSION['SWEKEY']['RND_TOKEN'] = Swekey_GetFastRndToken();
179 if (strlen($_SESSION['SWEKEY']['RND_TOKEN']) != 64) {
180 $result = __('Hardware authentication failed') . ' (' . Swekey_GetLastError() . ')';
181 unset($_SESSION['SWEKEY']['CONF_LOADED']); // reload the conf file
184 if (! isset($swekey_id)) {
187 if (key
.length
!= 32)
189 window
.location
.search
="?swekey_id=" + key
;
193 var url
= "" + window
.location
;
194 if (url
.indexOf("?") > 0)
195 url
= url
.substr(0, url
.indexOf("?"));
196 Swekey_SetUnplugUrl(key
, "pma_login", url +
"?session_to_unset=<?php echo session_id();?>");
197 var otp
= Swekey_GetOtp(key
, <?php
echo '"'.$_SESSION['SWEKEY']['RND_TOKEN'].'"';?
>);
198 window
.location
.search
="?swekey_id=" + key +
"&swekey_otp=" + otp
;
202 return __('Authenticating...');
210 * Perform login using Swekey.
212 function Swekey_login($input_name, $input_go)
214 $swekeyErr = Swekey_auth_error();
215 if ($swekeyErr != null) {
216 PMA_Message
::error($swekeyErr)->display();
217 if ($GLOBALS['error_handler']->hasDisplayErrors()) {
219 $GLOBALS['error_handler']->dispErrors();
224 if (isset($_SESSION['SWEKEY']) && $_SESSION['SWEKEY']['ENABLED']) {
225 echo '<script type="text/javascript">';
226 if (empty($_SESSION['SWEKEY']['FORCE_USER']))
227 echo 'var user = null;';
229 echo 'var user = "'.$_SESSION['SWEKEY']['FORCE_USER'].'";';
232 function open_swekey_site()
234 window
.open("<?php echo PMA_linkURL('http://phpmyadmin.net/auth_key'); ?>");
237 var input_username
= document
.getElementById("<?php echo $input_name; ?>");
238 var input_go
= document
.getElementById("<?php echo $input_go; ?>");
239 var swekey_status
= document
.createElement('img');
240 swekey_status
.setAttribute('onClick', 'open_swekey_site()');
241 swekey_status
.setAttribute('style', 'width:8px; height:16px; border:0px; vspace:0px; hspace:0px; frameborder:no');
244 swekey_status
.setAttribute('src', 'http://artwork.swekey.com/unplugged-8x16.png');
245 //swekey_status.setAttribute('title', 'No swekey plugged');
246 input_go
.disabled
= true;
250 swekey_status
.setAttribute('src', 'http://artwork.swekey.com/plugged-8x16.png');
251 //swekey_status.setAttribute('title', 'swekey plugged');
252 input_username
.value
= user
;
254 input_username
.readOnly
= true;
256 if (input_username
.nextSibling
== null)
257 input_username
.parentNode
.appendChild(swekey_status
);
259 input_username
.parentNode
.insertBefore(swekey_status
, input_username
.nextSibling
);
266 if (strstr($_SERVER['QUERY_STRING'],'session_to_unset') != false)
268 parse_str($_SERVER['QUERY_STRING']);
269 session_write_close();
270 session_id($session_to_unset);
273 session_write_close();
278 if (isset($_GET['swekey_reset']))
280 unset($_SESSION['SWEKEY']);