display message when search returns zero rows
[phpmyadmin/dkf.git] / libraries / auth / swekey / swekey.auth.lib.php
blobbb4e2c5de3f889d1bbee1a05548d2e3a8ca6f94d
1 <?php
2 /**
3 * @package Swekey
4 */
6 /**
7 * Checks Swekey authentication.
8 */
9 function Swekey_auth_check()
11 global $cfg;
12 $confFile = $cfg['Server']['auth_swekey_config'];
14 if (! isset($_SESSION['SWEKEY'])) {
15 $_SESSION['SWEKEY'] = array();
18 $_SESSION['SWEKEY']['ENABLED'] = (! empty($confFile) && file_exists($confFile));
20 // Load the swekey.conf file the first time
21 if ($_SESSION['SWEKEY']['ENABLED'] && empty($_SESSION['SWEKEY']['CONF_LOADED'])) {
22 $_SESSION['SWEKEY']['CONF_LOADED'] = true;
23 $_SESSION['SWEKEY']['VALID_SWEKEYS'] = array();
24 $valid_swekeys = explode("\n", @file_get_contents($confFile));
25 foreach ($valid_swekeys as $line) {
26 if (preg_match("/^[0-9A-F]{32}:.+$/", $line) != false)
28 $items = explode(":", $line);
29 if (count($items) == 2)
30 $_SESSION['SWEKEY']['VALID_SWEKEYS'][$items[0]] = trim($items[1]);
32 else if (preg_match("/^[A-Z_]+=.*$/", $line) != false) {
33 $items = explode("=", $line);
34 $_SESSION['SWEKEY']['CONF_'.trim($items[0])] = trim($items[1]);
38 // Set default values for settings
39 if (! isset($_SESSION['SWEKEY']['CONF_SERVER_CHECK']))
40 $_SESSION['SWEKEY']['CONF_SERVER_CHECK'] = "";
41 if (! isset($_SESSION['SWEKEY']['CONF_SERVER_RNDTOKEN']))
42 $_SESSION['SWEKEY']['CONF_SERVER_RNDTOKEN'] = "";
43 if (! isset($_SESSION['SWEKEY']['CONF_SERVER_STATUS']))
44 $_SESSION['SWEKEY']['CONF_SERVER_STATUS'] = "";
45 if (! isset($_SESSION['SWEKEY']['CONF_CA_FILE']))
46 $_SESSION['SWEKEY']['CONF_CA_FILE'] = "";
47 if (! isset($_SESSION['SWEKEY']['CONF_ENABLE_TOKEN_CACHE']))
48 $_SESSION['SWEKEY']['CONF_ENABLE_TOKEN_CACHE'] = true;
49 if (! isset($_SESSION['SWEKEY']['CONF_DEBUG']))
50 $_SESSION['SWEKEY']['CONF_DEBUG'] = false;
53 // check if a web key has been authenticated
54 if ($_SESSION['SWEKEY']['ENABLED']) {
55 if (empty($_SESSION['SWEKEY']['AUTHENTICATED_SWEKEY']))
56 return false;
59 return true;
63 /**
64 * Handle Swekey authentication error.
66 function Swekey_auth_error()
68 if (! isset($_SESSION['SWEKEY']))
69 return null;
71 if (! $_SESSION['SWEKEY']['ENABLED'])
72 return null;
74 require_once './libraries/auth/swekey/authentication.inc.php';
77 <script>
78 function Swekey_GetValidKey()
80 var valids = "<?php
81 foreach ($_SESSION['SWEKEY']['VALID_SWEKEYS'] as $key => $value)
82 echo $key.',';
83 ?>";
84 var connected_keys = Swekey_ListKeyIds().split(",");
85 for (i in connected_keys)
86 if (connected_keys[i] != null && connected_keys[i].length == 32)
87 if (valids.indexOf(connected_keys[i]) >= 0)
88 return connected_keys[i];
91 if (connected_keys.length > 0)
92 if (connected_keys[0].length == 32)
93 return "unknown_key_" + connected_keys[0];
95 return "none";
98 var key = Swekey_GetValidKey();
100 function timedCheck()
102 if (key != Swekey_GetValidKey())
104 window.location.search = "?swekey_reset";
106 else
107 setTimeout("timedCheck()",1000);
110 setTimeout("timedCheck()",1000);
111 </script>
112 <?php
114 if (! empty($_SESSION['SWEKEY']['AUTHENTICATED_SWEKEY']))
115 return null;
117 if (count($_SESSION['SWEKEY']['VALID_SWEKEYS']) == 0)
118 return sprintf(__('File %s does not contain any key id'), $GLOBALS['cfg']['Server']['auth_swekey_config']);
120 require_once "./libraries/auth/swekey/swekey.php";
122 Swekey_SetCheckServer($_SESSION['SWEKEY']['CONF_SERVER_CHECK']);
123 Swekey_SetRndTokenServer($_SESSION['SWEKEY']['CONF_SERVER_RNDTOKEN']);
124 Swekey_SetStatusServer($_SESSION['SWEKEY']['CONF_SERVER_STATUS']);
125 Swekey_EnableTokenCache($_SESSION['SWEKEY']['CONF_ENABLE_TOKEN_CACHE']);
127 $caFile = $_SESSION['SWEKEY']['CONF_CA_FILE'];
128 if (empty($caFile))
130 $caFile = __FILE__;
131 $pos = strrpos($caFile, '/');
132 if ($pos === false)
133 $pos = strrpos($caFile, '\\'); // windows
134 $caFile = substr($caFile, 0, $pos + 1).'musbe-ca.crt';
135 // echo "\n<!-- $caFile -->\n";
136 // if (file_exists($caFile))
137 // echo "<!-- exists -->\n";
140 if (file_exists($caFile))
141 Swekey_SetCAFile($caFile);
142 else if (! empty($caFile) && (substr($_SESSION['SWEKEY']['CONF_SERVER_CHECK'], 0, 8) == "https://"))
143 return "Internal Error: CA File $caFile not found";
145 $result = null;
146 parse_str($_SERVER['QUERY_STRING']);
147 if (isset($swekey_id)) {
148 unset($_SESSION['SWEKEY']['AUTHENTICATED_SWEKEY']);
149 if (! isset($_SESSION['SWEKEY']['RND_TOKEN'])) {
150 unset($swekey_id);
152 else {
153 if (strlen($swekey_id) == 32) {
154 $res = Swekey_CheckOtp($swekey_id, $_SESSION['SWEKEY']['RND_TOKEN'], $swekey_otp);
155 unset($_SESSION['SWEKEY']['RND_TOKEN']);
156 if (! $res) {
157 $result = __('Hardware authentication failed') . ' (' . Swekey_GetLastError() . ')';
159 else {
160 $_SESSION['SWEKEY']['AUTHENTICATED_SWEKEY'] = $swekey_id;
161 $_SESSION['SWEKEY']['FORCE_USER'] = $_SESSION['SWEKEY']['VALID_SWEKEYS'][$swekey_id];
162 return null;
165 else {
166 $result = __('No valid authentication key plugged');
167 if ($_SESSION['SWEKEY']['CONF_DEBUG'])
169 $result .= "<br>".$swekey_id;
171 unset($_SESSION['SWEKEY']['CONF_LOADED']); // reload the conf file
175 else
176 unset($_SESSION['SWEKEY']);
178 $_SESSION['SWEKEY']['RND_TOKEN'] = Swekey_GetFastRndToken();
179 if (strlen($_SESSION['SWEKEY']['RND_TOKEN']) != 64) {
180 $result = __('Hardware authentication failed') . ' (' . Swekey_GetLastError() . ')';
181 unset($_SESSION['SWEKEY']['CONF_LOADED']); // reload the conf file
184 if (! isset($swekey_id)) {
186 <script>
187 if (key.length != 32)
189 window.location.search="?swekey_id=" + key;
191 else
193 var url = "" + window.location;
194 if (url.indexOf("?") > 0)
195 url = url.substr(0, url.indexOf("?"));
196 Swekey_SetUnplugUrl(key, "pma_login", url + "?session_to_unset=<?php echo session_id();?>");
197 var otp = Swekey_GetOtp(key, <?php echo '"'.$_SESSION['SWEKEY']['RND_TOKEN'].'"';?>);
198 window.location.search="?swekey_id=" + key + "&swekey_otp=" + otp;
200 </script>
201 <?php
202 return __('Authenticating...');
205 return $result;
210 * Perform login using Swekey.
212 function Swekey_login($input_name, $input_go)
214 $swekeyErr = Swekey_auth_error();
215 if ($swekeyErr != null) {
216 PMA_Message::error($swekeyErr)->display();
217 if ($GLOBALS['error_handler']->hasDisplayErrors()) {
218 echo '<div>';
219 $GLOBALS['error_handler']->dispErrors();
220 echo '</div>';
224 if (isset($_SESSION['SWEKEY']) && $_SESSION['SWEKEY']['ENABLED']) {
225 echo '<script type="text/javascript">';
226 if (empty($_SESSION['SWEKEY']['FORCE_USER']))
227 echo 'var user = null;';
228 else
229 echo 'var user = "'.$_SESSION['SWEKEY']['FORCE_USER'].'";';
232 function open_swekey_site()
234 window.open("http://phpmyadmin.net/auth_key");
237 var input_username = document.getElementById("<?php echo $input_name; ?>");
238 var input_go = document.getElementById("<?php echo $input_go; ?>");
239 var swekey_status = document.createElement('img');
240 swekey_status.setAttribute('onClick', 'open_swekey_site()');
241 swekey_status.setAttribute('style', 'width:8px; height:16px; border:0px; vspace:0px; hspace:0px; frameborder:no');
242 if (user == null)
244 swekey_status.setAttribute('src', 'http://artwork.swekey.com/unplugged-8x16.png');
245 //swekey_status.setAttribute('title', 'No swekey plugged');
246 input_go.disabled = true;
248 else
250 swekey_status.setAttribute('src', 'http://artwork.swekey.com/plugged-8x16.png');
251 //swekey_status.setAttribute('title', 'swekey plugged');
252 input_username.value = user;
254 input_username.readOnly = true;
256 if (input_username.nextSibling == null)
257 input_username.parentNode.appendChild(swekey_status);
258 else
259 input_username.parentNode.insertBefore(swekey_status, input_username.nextSibling);
261 <?php
262 echo '</script>';
266 if (strstr($_SERVER['QUERY_STRING'],'session_to_unset') != false)
268 parse_str($_SERVER['QUERY_STRING']);
269 session_write_close();
270 session_id($session_to_unset);
271 session_start();
272 $_SESSION = array();
273 session_write_close();
274 session_destroy();
275 exit;
278 if (isset($_GET['swekey_reset']))
280 unset($_SESSION['SWEKEY']);