search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Add OK and Cancel button for grid editing
[phpmyadmin/arisferyanto.git] / libraries / auth / swekey / swekey.auth.lib.php
blobf7299d1701e06bbbdee7b9ead1047a87ca063798
1 <?php
2 /**
3 * @package Swekey
4 */
5
6 /**
7 * Checks Swekey authentication.
8 */
9 function Swekey_auth_check()
10 {
11 global $cfg;
12 $confFile = $cfg['Server']['auth_swekey_config'];
13
14 if (! isset($_SESSION['SWEKEY'])) {
15 $_SESSION['SWEKEY'] = array();
16 }
17
18 $_SESSION['SWEKEY']['ENABLED'] = (! empty($confFile) && file_exists($confFile));
19
20 // Load the swekey.conf file the first time
21 if ($_SESSION['SWEKEY']['ENABLED'] && empty($_SESSION['SWEKEY']['CONF_LOADED'])) {
22 $_SESSION['SWEKEY']['CONF_LOADED'] = true;
23 $_SESSION['SWEKEY']['VALID_SWEKEYS'] = array();
24 $valid_swekeys = explode("\n", @file_get_contents($confFile));
25 foreach ($valid_swekeys as $line) {
26 if (preg_match("/^[0-9A-F]{32}:.+$/", $line) != false) {
27 $items = explode(":", $line);
28 if (count($items) == 2)
29 $_SESSION['SWEKEY']['VALID_SWEKEYS'][$items[0]] = trim($items[1]);
30 } elseif (preg_match("/^[A-Z_]+=.*$/", $line) != false) {
31 $items = explode("=", $line);
32 $_SESSION['SWEKEY']['CONF_'.trim($items[0])] = trim($items[1]);
33 }
34 }
35
36 // Set default values for settings
37 if (! isset($_SESSION['SWEKEY']['CONF_SERVER_CHECK']))
38 $_SESSION['SWEKEY']['CONF_SERVER_CHECK'] = "";
39 if (! isset($_SESSION['SWEKEY']['CONF_SERVER_RNDTOKEN']))
40 $_SESSION['SWEKEY']['CONF_SERVER_RNDTOKEN'] = "";
41 if (! isset($_SESSION['SWEKEY']['CONF_SERVER_STATUS']))
42 $_SESSION['SWEKEY']['CONF_SERVER_STATUS'] = "";
43 if (! isset($_SESSION['SWEKEY']['CONF_CA_FILE']))
44 $_SESSION['SWEKEY']['CONF_CA_FILE'] = "";
45 if (! isset($_SESSION['SWEKEY']['CONF_ENABLE_TOKEN_CACHE']))
46 $_SESSION['SWEKEY']['CONF_ENABLE_TOKEN_CACHE'] = true;
47 if (! isset($_SESSION['SWEKEY']['CONF_DEBUG']))
48 $_SESSION['SWEKEY']['CONF_DEBUG'] = false;
49 }
50
51 // check if a web key has been authenticated
52 if ($_SESSION['SWEKEY']['ENABLED']) {
53 if (empty($_SESSION['SWEKEY']['AUTHENTICATED_SWEKEY']))
54 return false;
55 }
56
57 return true;
58 }
59
60
61 /**
62 * Handle Swekey authentication error.
63 */
64 function Swekey_auth_error()
65 {
66 if (! isset($_SESSION['SWEKEY']))
67 return null;
68
69 if (! $_SESSION['SWEKEY']['ENABLED'])
70 return null;
71
72 include_once './libraries/auth/swekey/authentication.inc.php';
73
74 ?>
75 <script>
76 function Swekey_GetValidKey()
77 {
78 var valids = "<?php
79 foreach ($_SESSION['SWEKEY']['VALID_SWEKEYS'] as $key => $value)
80 echo $key.',';
81 ?>";
82 var connected_keys = Swekey_ListKeyIds().split(",");
83 for (i in connected_keys)
84 if (connected_keys[i] != null && connected_keys[i].length == 32)
85 if (valids.indexOf(connected_keys[i]) >= 0)
86 return connected_keys[i];
87
88
89 if (connected_keys.length > 0)
90 if (connected_keys[0].length == 32)
91 return "unknown_key_" + connected_keys[0];
92
93 return "none";
94 }
95
96 var key = Swekey_GetValidKey();
97
98 function timedCheck()
99 {
100 if (key != Swekey_GetValidKey())
101 {
102 window.location.search = "?swekey_reset";
103 }
104 else
105 setTimeout("timedCheck()",1000);
106 }
107
108 setTimeout("timedCheck()",1000);
109 </script>
110 <?php
111
112 if (! empty($_SESSION['SWEKEY']['AUTHENTICATED_SWEKEY']))
113 return null;
114
115 if (count($_SESSION['SWEKEY']['VALID_SWEKEYS']) == 0)
116 return sprintf(__('File %s does not contain any key id'), $GLOBALS['cfg']['Server']['auth_swekey_config']);
117
118 include_once "./libraries/auth/swekey/swekey.php";
119
120 Swekey_SetCheckServer($_SESSION['SWEKEY']['CONF_SERVER_CHECK']);
121 Swekey_SetRndTokenServer($_SESSION['SWEKEY']['CONF_SERVER_RNDTOKEN']);
122 Swekey_SetStatusServer($_SESSION['SWEKEY']['CONF_SERVER_STATUS']);
123 Swekey_EnableTokenCache($_SESSION['SWEKEY']['CONF_ENABLE_TOKEN_CACHE']);
124
125 $caFile = $_SESSION['SWEKEY']['CONF_CA_FILE'];
126 if (empty($caFile)) {
127 $caFile = __FILE__;
128 $pos = strrpos($caFile, '/');
129 if ($pos === false)
130 $pos = strrpos($caFile, '\\'); // windows
131 $caFile = substr($caFile, 0, $pos + 1).'musbe-ca.crt';
132 // echo "\n<!-- $caFile -->\n";
133 // if (file_exists($caFile))
134 // echo "<!-- exists -->\n";
135 }
136
137 if (file_exists($caFile)) {
138 Swekey_SetCAFile($caFile);
139 } elseif (! empty($caFile) && (substr($_SESSION['SWEKEY']['CONF_SERVER_CHECK'], 0, 8) == "https://")) {
140 return "Internal Error: CA File $caFile not found";
141 }
142
143 $result = null;
144 $swekey_id = $_GET['swekey_id'];
145 $swekey_otp = $_GET['swekey_otp'];
146
147 if (isset($swekey_id)) {
148 unset($_SESSION['SWEKEY']['AUTHENTICATED_SWEKEY']);
149 if (! isset($_SESSION['SWEKEY']['RND_TOKEN'])) {
150 unset($swekey_id);
151 } else {
152 if (strlen($swekey_id) == 32) {
153 $res = Swekey_CheckOtp($swekey_id, $_SESSION['SWEKEY']['RND_TOKEN'], $swekey_otp);
154 unset($_SESSION['SWEKEY']['RND_TOKEN']);
155 if (! $res) {
156 $result = __('Hardware authentication failed') . ' (' . Swekey_GetLastError() . ')';
157 } else {
158 $_SESSION['SWEKEY']['AUTHENTICATED_SWEKEY'] = $swekey_id;
159 $_SESSION['SWEKEY']['FORCE_USER'] = $_SESSION['SWEKEY']['VALID_SWEKEYS'][$swekey_id];
160 return null;
161 }
162 } else {
163 $result = __('No valid authentication key plugged');
164 if ($_SESSION['SWEKEY']['CONF_DEBUG'])
165 {
166 $result .= "<br>" . htmlspecialchars($swekey_id);
167 }
168 unset($_SESSION['SWEKEY']['CONF_LOADED']); // reload the conf file
169 }
170 }
171 } else {
172 unset($_SESSION['SWEKEY']);
173 }
174
175 $_SESSION['SWEKEY']['RND_TOKEN'] = Swekey_GetFastRndToken();
176 if (strlen($_SESSION['SWEKEY']['RND_TOKEN']) != 64) {
177 $result = __('Hardware authentication failed') . ' (' . Swekey_GetLastError() . ')';
178 unset($_SESSION['SWEKEY']['CONF_LOADED']); // reload the conf file
179 }
180
181 if (! isset($swekey_id)) {
182 ?>
183 <script>
184 if (key.length != 32) {
185 window.location.search="?swekey_id=" + key + "&token=<?php echo $_SESSION[' PMA_token ']; ?>";
186 } else {
187 var url = "" + window.location;
188 if (url.indexOf("?") > 0)
189 url = url.substr(0, url.indexOf("?"));
190 Swekey_SetUnplugUrl(key, "pma_login", url + "?session_to_unset=<?php echo session_id();?>&token=<?php echo $_SESSION[' PMA_token ']; ?>");
191 var otp = Swekey_GetOtp(key, <?php echo '"'.$_SESSION['SWEKEY']['RND_TOKEN'].'"';?>);
192 window.location.search="?swekey_id=" + key + "&swekey_otp=" + otp + "&token=<?php echo $_SESSION[' PMA_token ']; ?>";
193 }
194 </script>
195 <?php
196 return __('Authenticating...');
197 }
198
199 return $result;
200 }
201
202
203 /**
204 * Perform login using Swekey.
205 */
206 function Swekey_login($input_name, $input_go)
207 {
208 $swekeyErr = Swekey_auth_error();
209 if ($swekeyErr != null) {
210 PMA_Message::error($swekeyErr)->display();
211 if ($GLOBALS['error_handler']->hasDisplayErrors()) {
212 echo '<div>';
213 $GLOBALS['error_handler']->dispErrors();
214 echo '</div>';
215 }
216 }
217
218 if (isset($_SESSION['SWEKEY']) && $_SESSION['SWEKEY']['ENABLED']) {
219 echo '<script type="text/javascript">';
220 if (empty($_SESSION['SWEKEY']['FORCE_USER'])) {
221 echo 'var user = null;';
222 } else {
223 echo 'var user = "'.$_SESSION['SWEKEY']['FORCE_USER'].'";';
224 }
225
226 ?>
227 function open_swekey_site()
228 {
229 window.open("<?php echo PMA_linkURL('http://phpmyadmin.net/auth_key'); ?>");
230 }
231
232 var input_username = document.getElementById("<?php echo $input_name; ?>");
233 var input_go = document.getElementById("<?php echo $input_go; ?>");
234 var swekey_status = document.createElement('img');
235 swekey_status.setAttribute('onClick', 'open_swekey_site()');
236 swekey_status.setAttribute('style', 'width:8px; height:16px; border:0px; vspace:0px; hspace:0px; frameborder:no');
237 if (user == null)
238 {
239 swekey_status.setAttribute('src', 'http://artwork.swekey.com/unplugged-8x16.png');
240 //swekey_status.setAttribute('title', 'No swekey plugged');
241 input_go.disabled = true;
242 }
243 else
244 {
245 swekey_status.setAttribute('src', 'http://artwork.swekey.com/plugged-8x16.png');
246 //swekey_status.setAttribute('title', 'swekey plugged');
247 input_username.value = user;
248 }
249 input_username.readOnly = true;
250
251 if (input_username.nextSibling == null)
252 input_username.parentNode.appendChild(swekey_status);
253 else
254 input_username.parentNode.insertBefore(swekey_status, input_username.nextSibling);
255
256 <?php
257 echo '</script>';
258 }
259 }
260
261 if (!empty($_GET['session_to_unset'])) {
262 session_write_close();
263 session_id($_GET['session_to_unset']);
264 session_start();
265 $_SESSION = array();
266 session_write_close();
267 session_destroy();
268 exit;
269 }
270
271 if (isset($_GET['swekey_reset'])) {
272 unset($_SESSION['SWEKEY']);
273 }
274
275 ?>
Browse-mode Improvements ++