[med-svn] [openemr] 02/04: Continued effort to integrate OpenEMR with Debian packaged phpMyAdmin using signon. Appears to have session cookied issues with duplicate sessions after logout in parent application.
Ian Wallace
iankarlwallace-guest at moszumanska.debian.org
Tue Sep 9 04:40:38 UTC 2014
This is an automated email from the git hooks/post-receive script.
iankarlwallace-guest pushed a commit to branch master
in repository openemr.
commit 46f8b043f7866feb5aa29002227746cbb0f9337e
Author: Ian Wallace <iankarlwallace at gmail.com>
Date: Tue Sep 2 20:07:36 2014 -0700
Continued effort to integrate OpenEMR with Debian packaged phpMyAdmin using signon. Appears to have session cookied issues with duplicate sessions after logout in parent application.
---
debian/openemr.config.inc.php | 83 +++++++++++------------
debian/patches/globals_ignore_auth_error_line_110 | 11 +++
debian/patches/phpmyadmin_integration_session_fix | 42 ++++++++++++
debian/patches/series | 2 +
4 files changed, 96 insertions(+), 42 deletions(-)
diff --git a/debian/openemr.config.inc.php b/debian/openemr.config.inc.php
index a28d239..3a13543 100644
--- a/debian/openemr.config.inc.php
+++ b/debian/openemr.config.inc.php
@@ -1,53 +1,52 @@
<?php
-/*
-* OpenEMR Embedded phyMyAdmin
-*/
+// OpenEMR Integartion
-// Access control is dealt with by the ACL check
-$ignoreAuth = true;
-require_once("/usr/share/openemr/interface/globals.php");
-
-# If request is coming from OpenEMR URI then perform checks and reconfigure server
-$pattern="/^\".$web_root."\/phpmyadmin\/*/";
+// If request is coming from OpenEMR URI declare that it's signle signon
+$pattern="/^\/openemr\/phpmyadmin\/*/";
if ( preg_match("$pattern",$_SERVER['REQUEST_URI']) === 1 ) {
- error_log("oer: URI [".$_SERVER['REQUEST_URI']."] matched [".$pattern."], reconfigure phpmyadmin.");
-
- error_log("oer: Check GLOBALS is set and not disabled.");
- if ( (!isset($GLOBALS['disable_phpmyadmin_link'])) || $GLOBALS['disable_phpmyadmin_link'] == TRUE ) {
- error_log("oer: GLOBALS[disable_phpmyadmin_link] is not set or disabled. Denie access.");
- echo "<html><head><title>phpMyAdmin Disabled</title></head><body><h2>phpMyAdmin Access has been disabled in OpenEMR</h2></body></html>";
- exit(1);
- }
-
- error_log("oer: Checking ACL access allowed.");
- require_once("/usr/share/openemr/library/acl.inc");
- if ( acl_check('admin','database') != 1 ) {
- echo "<html><head><title>Access Failed</title></head><body><h2>You are not allowed to access phpmyadmin.</h2></body></html>";
- exit(1);
+ error_log("oer: URI [".$_SERVER['REQUEST_URI']."] matched.");
+
+ $old_session = session_name();
+ $old_id = session_id();
+ session_write_close();
+ error_log("oer: Closed session [".$old_session."-".$old_id."]");
+
+ foreach($_COOKIE as $key => $value) {
+ error_log("oer: Cookied detected [".$key."] as [".$value."]");
+ if( preg_match("/^phpMyAdmin$/",$key) === 1 ) {
+ error_log("oer: phpMyAdmin COOKIE detected.");
+ session_name($key);
+ session_id($value);
+ session_start();
+ error_log("oer:Switched to session [".$key."-".$value."]");
+ error_log("oer:_SESSION is [".print_r($_SESSION,TRUE)."]");
+ session_write_close();
+ } else {
+ error_log("oer: Cookie [".$key."] doesn't appear to be a phpMyAdmin session.");
+ }
}
- ob_start;
- var_dump($sqlconf);
- $result = ob_get_clean();
- error_log("oer: sqlconf contains [".$result."]");
-
- /* Server (config:openemr) [1] */
- $i=1;
- /* For standard OpenEMR database access */
- $cfg['Servers'][$i]['auth_type'] = 'config';
- $cfg['Servers'][$i]['host'] = $sqlconf['host'];
- $cfg['Servers'][$i]['port'] = $sqlconf['port'];
- $cfg['Servers'][$i]['user'] = $sqlconf['login'];
- $cfg['Servers'][$i]['password'] = $sqlconf['pass'];
- $cfg['Servers'][$i]['only_db'] = $sqlconf['dbase'];
- /* Other mods for OpenEMR */
+ session_name($old_session);
+ session_id($old_id);
+ session_start();
+ error_log("oer: Resumed old session [".$old_session."-".$old_id."]");
+
+ $i=$i++;
+ // Single signon server configuration for using phpMyAdmin inside of OpenEMR
+ $cfg['Servers'][$i]['extension'] = 'mysqli';
+ $cfg['Servers'][$i]['auth_type'] = 'signon';
+ $cfg['Servers'][$i]['SignonSession'] = 'OpenEMR';
+ $cfg['Servers'][$i]['SignonURL'] = '/openemr';
+ $cfg['Servers'][$i]['only_db'] = 'openemr';
+ $cfg['ServerDefault'] = $i;
$cfg['AllowThirdPartyFraming'] = TRUE;
- $cfg['ShowCreateDb'] = false;
+ $cfg['ShowCreateDb'] = FALSE;
$cfg['ShowPhpInfo'] = TRUE;
-
-
+ $cfg['Confirm'] = TRUE;
+ $cfg['Error_Handler']['display'] = TRUE;
+ error_log("oer: Default settings for server [".$i."] provided.");
} else {
- error_log("oer: Bypassing configuration. URI [".$_SERVER['REQUEST_URI']."] doesn't match [".$pattern."]");
+ error_log("oer: Skipping openemr integration as URI doesn't match.");
}
?>
diff --git a/debian/patches/globals_ignore_auth_error_line_110 b/debian/patches/globals_ignore_auth_error_line_110
new file mode 100644
index 0000000..1eca527
--- /dev/null
+++ b/debian/patches/globals_ignore_auth_error_line_110
@@ -0,0 +1,11 @@
+--- a/interface/globals.php
++++ b/interface/globals.php
+@@ -107,7 +107,7 @@ if (empty($_SESSION['site_id']) || !empt
+ $tmp = $_GET['site'];
+ }
+ else {
+- if (!$ignoreAuth) die("Site ID is missing from session data!");
++ if (!isset($ignoreAuth) || !$ignoreAuth) die("Site ID is missing from session data!");
+ $tmp = $_SERVER['HTTP_HOST'];
+ if (!is_dir($GLOBALS['OE_SITES_BASE'] . "/$tmp")) $tmp = "default";
+ }
diff --git a/debian/patches/phpmyadmin_integration_session_fix b/debian/patches/phpmyadmin_integration_session_fix
new file mode 100644
index 0000000..068c706
--- /dev/null
+++ b/debian/patches/phpmyadmin_integration_session_fix
@@ -0,0 +1,42 @@
+--- a/interface/main/left_nav.php
++++ b/interface/main/left_nav.php
+@@ -1113,7 +1113,18 @@ if ($GLOBALS['athletic_team']) {
+ <?php if (acl_check('admin', 'forms' )) genMiscLink('RTop','adm','0',xl('Forms'),'forms_admin/forms_admin.php'); ?>
+ <?php if (acl_check('admin', 'calendar') && !$GLOBALS['disable_calendar']) genMiscLink('RTop','adm','0',xl('Calendar'),'main/calendar/index.php?module=PostCalendar&type=admin&func=modifyconfig'); ?>
+ <?php if (acl_check('admin', 'users' )) genMiscLink('RTop','adm','0',xl('Logs'),'logview/logview.php'); ?>
+- <?php if ( (!$GLOBALS['disable_phpmyadmin_link']) && (acl_check('admin', 'database')) ) genMiscLink('RTop','adm','0',xl('Database'),'../phpmyadmin/index.php'); ?>
++ <?php if ( (!$GLOBALS['disable_phpmyadmin_link']) && (acl_check('admin', 'database')) ) {
++ genMiscLink('RTop','adm','0',xl('Database'),'../phpmyadmin/index.php');
++ $_SESSION['PMA_single_signon_user'] = $sqlconf['login'];
++ $_SESSION['PMA_single_signon_password'] = $sqlconf['pass'];
++ $_SESSION['PMA_single_signon_host'] = $sqlconf['host'];
++ $_SESSION['PMA_single_signon_port'] = $sqlconf['port'];
++ } else {
++ $_SESSION['PMA_single_signon_user'] = 'FALSE';
++ $_SESSION['PMA_single_signon_password'] = 'FALSE';
++ $_SESSION['PMA_single_signon_host'] = 'FALSE';
++ $_SESSION['PMA_single_signon_port'] = 'FALSE';
++ } ?>
+ <?php if (acl_check('admin', 'super' )) genMiscLink('RTop','adm','0',xl('Files'),'super/manage_site_files.php'); ?>
+ <?php if (acl_check('admin', 'super' )) genMiscLink('RTop','adm','0',xl('Backup'),'main/backup.php'); ?>
+ <?php if (acl_check('admin', 'users' )) genMiscLink('RTop','adm','0',xl('Certificates'),'usergroup/ssl_certificates_admin.php'); ?>
+@@ -1284,7 +1295,18 @@ if (!empty($reg)) {
+ if (acl_check('admin', 'users' )) genMiscLink('RTop','adm','0',xl('eRx Logs'),'logview/erx_logview.php');
+ }
+ ?>
+- <?php if ( (!$GLOBALS['disable_phpmyadmin_link']) && (acl_check('admin', 'database')) ) genMiscLink('RTop','adm','0',xl('Database'),'../phpmyadmin/index.php'); ?>
++ <?php if ( (!$GLOBALS['disable_phpmyadmin_link']) && (acl_check('admin', 'database')) ) {
++ genMiscLink('RTop','adm','0',xl('Database'),'../phpmyadmin/index.php');
++ $_SESSION['PMA_single_signon_user'] = $sqlconf['login'];
++ $_SESSION['PMA_single_signon_password'] = $sqlconf['pass'];
++ $_SESSION['PMA_single_signon_host'] = $sqlconf['host'];
++ $_SESSION['PMA_single_signon_port'] = $sqlconf['port'];
++ } else {
++ $_SESSION['PMA_single_signon_user'] = 'FALSE';
++ $_SESSION['PMA_single_signon_password'] = 'FALSE';
++ $_SESSION['PMA_single_signon_host'] = 'FALSE';
++ $_SESSION['PMA_single_signon_port'] = 'FALSE';
++ } ?>
+ <?php if (acl_check('admin', 'users' )) genMiscLink('RTop','adm','0',xl('Certificates'),'usergroup/ssl_certificates_admin.php'); ?>
+ <?php if (acl_check('admin', 'super' )) genMiscLink('RTop','adm','0',xl('External Data Loads'),'../interface/code_systems/dataloads_ajax.php'); ?>
+ <?php if (acl_check('admin', 'super' )) genMiscLink('RTop','adm','0',xl('Merge Patients'),'patient_file/merge_patients.php'); ?>
diff --git a/debian/patches/series b/debian/patches/series
index 35a0107..2b623d4 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,3 +1,5 @@
+phpmyadmin_integration_session_fix
+globals_ignore_auth_error_line_110
login_lang_description_undeclared_constant
startup_developer_appliance_fails_syntax_check
correct_webroot_dirs_globals_conf
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/debian-med/openemr.git
More information about the debian-med-commit
mailing list