/**
* Handle Swekey authentication error.
*/
function Swekey_auth_error()
{
if (!isset($_SESSION['SWEKEY'])) {
return null;
}
if (!$_SESSION['SWEKEY']['ENABLED']) {
return null;
}
include_once './libraries/plugins/auth/swekey/authentication.inc.php';
?>
<script>
function Swekey_GetValidKey()
{
var valids = "<?php
foreach ($_SESSION['SWEKEY']['VALID_SWEKEYS'] as $key => $value) {
echo $key . ',';
}
?>
";
var connected_keys = Swekey_ListKeyIds().split(",");
for (i in connected_keys) {
if (connected_keys[i] != null && connected_keys[i].length == 32) {
if (valids.indexOf(connected_keys[i]) >= 0) {
return connected_keys[i];
}
}
}
if (connected_keys.length > 0) {
if (connected_keys[0].length == 32) {
return "unknown_key_" + connected_keys[0];
}
}
return "none";
}
var key = Swekey_GetValidKey();
function timedCheck()
{
if (key != Swekey_GetValidKey()) {
window.location.search = "?swekey_reset";
} else {
setTimeout("timedCheck()",1000);
}
}
setTimeout("timedCheck()",1000);
</script>
<?php
if (!empty($_SESSION['SWEKEY']['AUTHENTICATED_SWEKEY'])) {
return null;
}
if (count($_SESSION['SWEKEY']['VALID_SWEKEYS']) == 0) {
return sprintf(__('File %s does not contain any key id'), $GLOBALS['cfg']['Server']['auth_swekey_config']);
}
include_once "libraries/plugins/auth/swekey/swekey.php";
Swekey_SetCheckServer($_SESSION['SWEKEY']['CONF_SERVER_CHECK']);
Swekey_SetRndTokenServer($_SESSION['SWEKEY']['CONF_SERVER_RNDTOKEN']);
Swekey_SetStatusServer($_SESSION['SWEKEY']['CONF_SERVER_STATUS']);
Swekey_EnableTokenCache($_SESSION['SWEKEY']['CONF_ENABLE_TOKEN_CACHE']);
$caFile = $_SESSION['SWEKEY']['CONF_CA_FILE'];
if (empty($caFile)) {
$caFile = __FILE__;
$pos = strrpos($caFile, '/');
if ($pos === false) {
$pos = strrpos($caFile, '\\');
// windows
}
$caFile = substr($caFile, 0, $pos + 1) . 'musbe-ca.crt';
// echo "\n<!-- $caFile -->\n";
// if (file_exists($caFile))
// echo "<!-- exists -->\n";
}
if (file_exists($caFile)) {
Swekey_SetCAFile($caFile);
} elseif (!empty($caFile) && substr($_SESSION['SWEKEY']['CONF_SERVER_CHECK'], 0, 8) == "https://") {
return "Internal Error: CA File {$caFile} not found";
}
$result = null;
$swekey_id = $_GET['swekey_id'];
$swekey_otp = $_GET['swekey_otp'];
if (isset($swekey_id)) {
unset($_SESSION['SWEKEY']['AUTHENTICATED_SWEKEY']);
if (!isset($_SESSION['SWEKEY']['RND_TOKEN'])) {
unset($swekey_id);
} else {
if (strlen($swekey_id) == 32) {
$res = Swekey_CheckOtp($swekey_id, $_SESSION['SWEKEY']['RND_TOKEN'], $swekey_otp);
unset($_SESSION['SWEKEY']['RND_TOKEN']);
if (!$res) {
$result = __('Hardware authentication failed') . ' (' . Swekey_GetLastError() . ')';
} else {
$_SESSION['SWEKEY']['AUTHENTICATED_SWEKEY'] = $swekey_id;
$_SESSION['SWEKEY']['FORCE_USER'] = $_SESSION['SWEKEY']['VALID_SWEKEYS'][$swekey_id];
return null;
}
} else {
$result = __('No valid authentication key plugged');
if ($_SESSION['SWEKEY']['CONF_DEBUG']) {
$result .= "<br/>" . htmlspecialchars($swekey_id);
}
unset($_SESSION['SWEKEY']['CONF_LOADED']);
// reload the conf file
}
}
} else {
unset($_SESSION['SWEKEY']);
}
$_SESSION['SWEKEY']['RND_TOKEN'] = Swekey_GetFastRndToken();
if (strlen($_SESSION['SWEKEY']['RND_TOKEN']) != 64) {
$result = __('Hardware authentication failed') . ' (' . Swekey_GetLastError() . ')';
unset($_SESSION['SWEKEY']['CONF_LOADED']);
// reload the conf file
}
if (!isset($swekey_id)) {
?>
<script>
if (key.length != 32) {
window.location.search="?swekey_id=" + key + "&token=<?php
echo $_SESSION[' PMA_token '];
?>
";
} else {
var url = "" + window.location;
if (url.indexOf("?") > 0) {
url = url.substr(0, url.indexOf("?"));
}
Swekey_SetUnplugUrl(key, "pma_login", url + "?session_to_unset=<?php
echo session_id();
?>
&token=<?php
echo $_SESSION[' PMA_token '];
?>
");
var otp = Swekey_GetOtp(key, <?php
echo '"' . $_SESSION['SWEKEY']['RND_TOKEN'] . '"';
?>
);
window.location.search="?swekey_id=" + key + "&swekey_otp=" + otp + "&token=<?php
echo $_SESSION[' PMA_token '];
?>
";
}
</script>
<?php
return __('Authenticating…');
}
return $result;
}
public function IsSwekeyAuthenticated($swekey_id)
{
$config = $this->GetConfig();
// delete the cookie
@setcookie('swekey_dont_verify_' . $swekey_id, "0", time() - 60000);
$session = $this->LoadSession();
$ids = array();
if (!empty($session)) {
if (!empty($session['ids'])) {
$ids = $session['ids'];
}
}
if (is_array($ids) && in_array($swekey_id, $ids, true)) {
if (!empty($config['allow_disabled'])) {
@setcookie('swekey_disabled_id', 'none', 0, '/');
}
return true;
}
if (!empty($config['allow_disabled'])) {
if (!empty($config['status_server'])) {
Swekey_SetStatusServer($config['status_server']);
}
$status = Swekey_GetStatus($swekey_id);
if ($status == SWEKEY_STATUS_INACTIVE || $status == SWEKEY_STATUS_LOST || $status == SWEKEY_STATUS_STOLEN) {
@setcookie('swekey_disabled_id', $swekey_id, 0, '/');
return true;
}
}
return false;
}