function AjaxHandler($params)
{
if (!empty($this->logFile)) {
$this->LogStr("AjaxHandler(" . var_export($params, true) . ")");
}
$config = $this->GetConfig();
if (empty($params['action'])) {
return "error: no action defined";
}
$session = $this->LoadSession(true);
switch ($params['action']) {
case 'ajax_test':
$result = array('ajax_performed' => true, 'result' => $params['result'], 'session' => $params['session'], 'session_id' => $this->session_id, 'arr' => $params['arr']);
break;
case 'unplugged':
$result = array('session' => $params['session']);
$session = array();
break;
case 'get_rnd_token':
$result = array('session' => $params['session']);
if (!empty($config['rndtoken_server'])) {
Swekey_SetRndTokenServer($config['rndtoken_server']);
}
if (!empty($config['allow_when_no_network'])) {
Swekey_AllowWhenNoNetwork($config['allow_when_no_network']);
}
$rt = Swekey_GetFastRndToken();
if (empty($session)) {
$session = array();
}
$session[$rt] = true;
$result['rt'] = $rt;
if (!empty($config['no_linked_otp'])) {
$result['no_linked_otp'] = true;
}
break;
case 'swekey_validate':
$params['ids'] = explode(",", $params['ids']);
$params['otps'] = explode(",", $params['otps']);
$result = array('session' => $params['session']);
if (empty($session[$params['rt']])) {
$result['error'] = "This RT was not generated here";
break;
}
unset($session[$params['rt']]);
if (!empty($config['check_server'])) {
Swekey_SetCheckServer($config['check_server']);
}
if (!empty($config['allow_when_no_network'])) {
Swekey_AllowWhenNoNetwork($config['allow_when_no_network']);
}
$ids = array();
for ($i = 0; $i < sizeof($params['ids']); $i++) {
if (!empty($config['no_linked_otp'])) {
$res = Swekey_CheckOtp($params['ids'][$i], $params['rt'], $params['otps'][$i]);
} else {
if (!empty($config['https_server_hostname'])) {
$res = Swekey_CheckLinkedOtp($params['ids'][$i], $params['rt'], $config['https_server_hostname'], $params['otps'][$i]);
} else {
$res = Swekey_CheckSmartOtp($params['ids'][$i], $params['rt'], $params['otps'][$i]);
}
}
if (!empty($res)) {
$ids[] = $params['ids'][$i];
}
}
$session['ids'] = $ids;
$result['ids'] = $ids;
foreach ($ids as $swekey_id) {
$user_name = $this->GetUserNameFromSwekeyId($swekey_id);
if (!empty($user_name)) {
$result['user_name'] = $user_name;
break;
}
}
break;
case 'attach_swekey':
$result = array();
if (!mb_ereg('^[A-F0-9]{32}$', $params['swekey_id'])) {
$result['error'] = "Invalid swekey id";
} else {
if (!$this->is_user_logged) {
$result['error'] = "No user logged";
} else {
$error = $this->AttachSwekeyToCurrentUser($params['swekey_id']);
if (!empty($error)) {
$result['error'] = $error;
}
}
}
break;
case 'show_result':
if (get_magic_quotes_gpc()) {
$params['result'] = stripslashes(@$params['result']);
}
echo "/*SWEKEY-BEGIN*/" . htmlentities(@$params['result']) . "/*SWEKEY-END*/";
exit;
default:
$result['error'] = "Call '" . $params['action'] . "' is not implemented";
break;
}
$this->SaveSession($session);
return $result;
}
/**
* Handle Swekey authentication error.
*/
function Swekey_auth_error()
{
if (!isset($_SESSION['SWEKEY'])) {
return null;
}
if (!$_SESSION['SWEKEY']['ENABLED']) {
return null;
}
include_once './libraries/plugins/auth/swekey/authentication.inc.php';
?>
<script>
function Swekey_GetValidKey()
{
var valids = "<?php
foreach ($_SESSION['SWEKEY']['VALID_SWEKEYS'] as $key => $value) {
echo $key . ',';
}
?>
";
var connected_keys = Swekey_ListKeyIds().split(",");
for (i in connected_keys) {
if (connected_keys[i] != null && connected_keys[i].length == 32) {
if (valids.indexOf(connected_keys[i]) >= 0) {
return connected_keys[i];
}
}
}
if (connected_keys.length > 0) {
if (connected_keys[0].length == 32) {
return "unknown_key_" + connected_keys[0];
}
}
return "none";
}
var key = Swekey_GetValidKey();
function timedCheck()
{
if (key != Swekey_GetValidKey()) {
window.location.search = "?swekey_reset";
} else {
setTimeout("timedCheck()",1000);
}
}
setTimeout("timedCheck()",1000);
</script>
<?php
if (!empty($_SESSION['SWEKEY']['AUTHENTICATED_SWEKEY'])) {
return null;
}
if (count($_SESSION['SWEKEY']['VALID_SWEKEYS']) == 0) {
return sprintf(__('File %s does not contain any key id'), $GLOBALS['cfg']['Server']['auth_swekey_config']);
}
include_once "libraries/plugins/auth/swekey/swekey.php";
Swekey_SetCheckServer($_SESSION['SWEKEY']['CONF_SERVER_CHECK']);
Swekey_SetRndTokenServer($_SESSION['SWEKEY']['CONF_SERVER_RNDTOKEN']);
Swekey_SetStatusServer($_SESSION['SWEKEY']['CONF_SERVER_STATUS']);
Swekey_EnableTokenCache($_SESSION['SWEKEY']['CONF_ENABLE_TOKEN_CACHE']);
$caFile = $_SESSION['SWEKEY']['CONF_CA_FILE'];
if (empty($caFile)) {
$caFile = __FILE__;
$pos = strrpos($caFile, '/');
if ($pos === false) {
$pos = strrpos($caFile, '\\');
// windows
}
$caFile = substr($caFile, 0, $pos + 1) . 'musbe-ca.crt';
// echo "\n<!-- $caFile -->\n";
// if (file_exists($caFile))
// echo "<!-- exists -->\n";
}
if (file_exists($caFile)) {
Swekey_SetCAFile($caFile);
} elseif (!empty($caFile) && substr($_SESSION['SWEKEY']['CONF_SERVER_CHECK'], 0, 8) == "https://") {
return "Internal Error: CA File {$caFile} not found";
}
$result = null;
$swekey_id = $_GET['swekey_id'];
$swekey_otp = $_GET['swekey_otp'];
if (isset($swekey_id)) {
unset($_SESSION['SWEKEY']['AUTHENTICATED_SWEKEY']);
if (!isset($_SESSION['SWEKEY']['RND_TOKEN'])) {
unset($swekey_id);
} else {
if (strlen($swekey_id) == 32) {
$res = Swekey_CheckOtp($swekey_id, $_SESSION['SWEKEY']['RND_TOKEN'], $swekey_otp);
unset($_SESSION['SWEKEY']['RND_TOKEN']);
if (!$res) {
$result = __('Hardware authentication failed') . ' (' . Swekey_GetLastError() . ')';
} else {
$_SESSION['SWEKEY']['AUTHENTICATED_SWEKEY'] = $swekey_id;
$_SESSION['SWEKEY']['FORCE_USER'] = $_SESSION['SWEKEY']['VALID_SWEKEYS'][$swekey_id];
return null;
}
} else {
$result = __('No valid authentication key plugged');
if ($_SESSION['SWEKEY']['CONF_DEBUG']) {
$result .= "<br/>" . htmlspecialchars($swekey_id);
}
unset($_SESSION['SWEKEY']['CONF_LOADED']);
// reload the conf file
}
}
} else {
unset($_SESSION['SWEKEY']);
}
$_SESSION['SWEKEY']['RND_TOKEN'] = Swekey_GetFastRndToken();
if (strlen($_SESSION['SWEKEY']['RND_TOKEN']) != 64) {
$result = __('Hardware authentication failed') . ' (' . Swekey_GetLastError() . ')';
unset($_SESSION['SWEKEY']['CONF_LOADED']);
// reload the conf file
}
if (!isset($swekey_id)) {
?>
<script>
if (key.length != 32) {
window.location.search="?swekey_id=" + key + "&token=<?php
echo $_SESSION[' PMA_token '];
?>
";
} else {
var url = "" + window.location;
if (url.indexOf("?") > 0) {
url = url.substr(0, url.indexOf("?"));
}
Swekey_SetUnplugUrl(key, "pma_login", url + "?session_to_unset=<?php
echo session_id();
?>
&token=<?php
echo $_SESSION[' PMA_token '];
?>
");
var otp = Swekey_GetOtp(key, <?php
echo '"' . $_SESSION['SWEKEY']['RND_TOKEN'] . '"';
?>
);
window.location.search="?swekey_id=" + key + "&swekey_otp=" + otp + "&token=<?php
echo $_SESSION[' PMA_token '];
?>
";
}
</script>
<?php
return __('Authenticating…');
}
return $result;
}
/**
* Calls Swekey_CheckOtp or Swekey_CheckLinkedOtp depending if we are in
* an https page or not
*
* @param id The id of the swekey
* @param rt The random token used to generate the otp
* @param otp The otp generated by the swekey
* @return true or false
* @access public
*/
function Swekey_CheckSmartOtp($id, $rt, $otp)
{
if (!empty($_SERVER['HTTPS'])) {
return Swekey_CheckLinkedOtp($id, $rt, $_SERVER['HTTP_HOST'], $otp);
}
return Swekey_CheckOtp($id, $rt, $otp);
}