This is an automated email from the git hooks/post-receive script. iankarlwallace-guest pushed a commit to branch master in repository openemr.
commit 46f8b043f7866feb5aa29002227746cbb0f9337e Author: Ian Wallace <[email protected]> Date: Tue Sep 2 20:07:36 2014 -0700 Continued effort to integrate OpenEMR with Debian packaged phpMyAdmin using signon. Appears to have session cookied issues with duplicate sessions after logout in parent application. --- debian/openemr.config.inc.php | 83 +++++++++++------------ debian/patches/globals_ignore_auth_error_line_110 | 11 +++ debian/patches/phpmyadmin_integration_session_fix | 42 ++++++++++++ debian/patches/series | 2 + 4 files changed, 96 insertions(+), 42 deletions(-) diff --git a/debian/openemr.config.inc.php b/debian/openemr.config.inc.php index a28d239..3a13543 100644 --- a/debian/openemr.config.inc.php +++ b/debian/openemr.config.inc.php @@ -1,53 +1,52 @@ <?php -/* -* OpenEMR Embedded phyMyAdmin -*/ +// OpenEMR Integartion -// Access control is dealt with by the ACL check -$ignoreAuth = true; -require_once("/usr/share/openemr/interface/globals.php"); - -# If request is coming from OpenEMR URI then perform checks and reconfigure server -$pattern="/^\".$web_root."\/phpmyadmin\/*/"; +// If request is coming from OpenEMR URI declare that it's signle signon +$pattern="/^\/openemr\/phpmyadmin\/*/"; if ( preg_match("$pattern",$_SERVER['REQUEST_URI']) === 1 ) { - error_log("oer: URI [".$_SERVER['REQUEST_URI']."] matched [".$pattern."], reconfigure phpmyadmin."); - - error_log("oer: Check GLOBALS is set and not disabled."); - if ( (!isset($GLOBALS['disable_phpmyadmin_link'])) || $GLOBALS['disable_phpmyadmin_link'] == TRUE ) { - error_log("oer: GLOBALS[disable_phpmyadmin_link] is not set or disabled. Denie access."); - echo "<html><head><title>phpMyAdmin Disabled</title></head><body><h2>phpMyAdmin Access has been disabled in OpenEMR</h2></body></html>"; - exit(1); - } - - error_log("oer: Checking ACL access allowed."); - require_once("/usr/share/openemr/library/acl.inc"); - if ( acl_check('admin','database') != 1 ) { - echo "<html><head><title>Access Failed</title></head><body><h2>You are not allowed to access phpmyadmin.</h2></body></html>"; - exit(1); + error_log("oer: URI [".$_SERVER['REQUEST_URI']."] matched."); + + $old_session = session_name(); + $old_id = session_id(); + session_write_close(); + error_log("oer: Closed session [".$old_session."-".$old_id."]"); + + foreach($_COOKIE as $key => $value) { + error_log("oer: Cookied detected [".$key."] as [".$value."]"); + if( preg_match("/^phpMyAdmin$/",$key) === 1 ) { + error_log("oer: phpMyAdmin COOKIE detected."); + session_name($key); + session_id($value); + session_start(); + error_log("oer:Switched to session [".$key."-".$value."]"); + error_log("oer:_SESSION is [".print_r($_SESSION,TRUE)."]"); + session_write_close(); + } else { + error_log("oer: Cookie [".$key."] doesn't appear to be a phpMyAdmin session."); + } } - ob_start; - var_dump($sqlconf); - $result = ob_get_clean(); - error_log("oer: sqlconf contains [".$result."]"); - - /* Server (config:openemr) [1] */ - $i=1; - /* For standard OpenEMR database access */ - $cfg['Servers'][$i]['auth_type'] = 'config'; - $cfg['Servers'][$i]['host'] = $sqlconf['host']; - $cfg['Servers'][$i]['port'] = $sqlconf['port']; - $cfg['Servers'][$i]['user'] = $sqlconf['login']; - $cfg['Servers'][$i]['password'] = $sqlconf['pass']; - $cfg['Servers'][$i]['only_db'] = $sqlconf['dbase']; - /* Other mods for OpenEMR */ + session_name($old_session); + session_id($old_id); + session_start(); + error_log("oer: Resumed old session [".$old_session."-".$old_id."]"); + + $i=$i++; + // Single signon server configuration for using phpMyAdmin inside of OpenEMR + $cfg['Servers'][$i]['extension'] = 'mysqli'; + $cfg['Servers'][$i]['auth_type'] = 'signon'; + $cfg['Servers'][$i]['SignonSession'] = 'OpenEMR'; + $cfg['Servers'][$i]['SignonURL'] = '/openemr'; + $cfg['Servers'][$i]['only_db'] = 'openemr'; + $cfg['ServerDefault'] = $i; $cfg['AllowThirdPartyFraming'] = TRUE; - $cfg['ShowCreateDb'] = false; + $cfg['ShowCreateDb'] = FALSE; $cfg['ShowPhpInfo'] = TRUE; - - + $cfg['Confirm'] = TRUE; + $cfg['Error_Handler']['display'] = TRUE; + error_log("oer: Default settings for server [".$i."] provided."); } else { - error_log("oer: Bypassing configuration. URI [".$_SERVER['REQUEST_URI']."] doesn't match [".$pattern."]"); + error_log("oer: Skipping openemr integration as URI doesn't match."); } ?> diff --git a/debian/patches/globals_ignore_auth_error_line_110 b/debian/patches/globals_ignore_auth_error_line_110 new file mode 100644 index 0000000..1eca527 --- /dev/null +++ b/debian/patches/globals_ignore_auth_error_line_110 @@ -0,0 +1,11 @@ +--- a/interface/globals.php ++++ b/interface/globals.php +@@ -107,7 +107,7 @@ if (empty($_SESSION['site_id']) || !empt + $tmp = $_GET['site']; + } + else { +- if (!$ignoreAuth) die("Site ID is missing from session data!"); ++ if (!isset($ignoreAuth) || !$ignoreAuth) die("Site ID is missing from session data!"); + $tmp = $_SERVER['HTTP_HOST']; + if (!is_dir($GLOBALS['OE_SITES_BASE'] . "/$tmp")) $tmp = "default"; + } diff --git a/debian/patches/phpmyadmin_integration_session_fix b/debian/patches/phpmyadmin_integration_session_fix new file mode 100644 index 0000000..068c706 --- /dev/null +++ b/debian/patches/phpmyadmin_integration_session_fix @@ -0,0 +1,42 @@ +--- a/interface/main/left_nav.php ++++ b/interface/main/left_nav.php +@@ -1113,7 +1113,18 @@ if ($GLOBALS['athletic_team']) { + <?php if (acl_check('admin', 'forms' )) genMiscLink('RTop','adm','0',xl('Forms'),'forms_admin/forms_admin.php'); ?> + <?php if (acl_check('admin', 'calendar') && !$GLOBALS['disable_calendar']) genMiscLink('RTop','adm','0',xl('Calendar'),'main/calendar/index.php?module=PostCalendar&type=admin&func=modifyconfig'); ?> + <?php if (acl_check('admin', 'users' )) genMiscLink('RTop','adm','0',xl('Logs'),'logview/logview.php'); ?> +- <?php if ( (!$GLOBALS['disable_phpmyadmin_link']) && (acl_check('admin', 'database')) ) genMiscLink('RTop','adm','0',xl('Database'),'../phpmyadmin/index.php'); ?> ++ <?php if ( (!$GLOBALS['disable_phpmyadmin_link']) && (acl_check('admin', 'database')) ) { ++ genMiscLink('RTop','adm','0',xl('Database'),'../phpmyadmin/index.php'); ++ $_SESSION['PMA_single_signon_user'] = $sqlconf['login']; ++ $_SESSION['PMA_single_signon_password'] = $sqlconf['pass']; ++ $_SESSION['PMA_single_signon_host'] = $sqlconf['host']; ++ $_SESSION['PMA_single_signon_port'] = $sqlconf['port']; ++ } else { ++ $_SESSION['PMA_single_signon_user'] = 'FALSE'; ++ $_SESSION['PMA_single_signon_password'] = 'FALSE'; ++ $_SESSION['PMA_single_signon_host'] = 'FALSE'; ++ $_SESSION['PMA_single_signon_port'] = 'FALSE'; ++ } ?> + <?php if (acl_check('admin', 'super' )) genMiscLink('RTop','adm','0',xl('Files'),'super/manage_site_files.php'); ?> + <?php if (acl_check('admin', 'super' )) genMiscLink('RTop','adm','0',xl('Backup'),'main/backup.php'); ?> + <?php if (acl_check('admin', 'users' )) genMiscLink('RTop','adm','0',xl('Certificates'),'usergroup/ssl_certificates_admin.php'); ?> +@@ -1284,7 +1295,18 @@ if (!empty($reg)) { + if (acl_check('admin', 'users' )) genMiscLink('RTop','adm','0',xl('eRx Logs'),'logview/erx_logview.php'); + } + ?> +- <?php if ( (!$GLOBALS['disable_phpmyadmin_link']) && (acl_check('admin', 'database')) ) genMiscLink('RTop','adm','0',xl('Database'),'../phpmyadmin/index.php'); ?> ++ <?php if ( (!$GLOBALS['disable_phpmyadmin_link']) && (acl_check('admin', 'database')) ) { ++ genMiscLink('RTop','adm','0',xl('Database'),'../phpmyadmin/index.php'); ++ $_SESSION['PMA_single_signon_user'] = $sqlconf['login']; ++ $_SESSION['PMA_single_signon_password'] = $sqlconf['pass']; ++ $_SESSION['PMA_single_signon_host'] = $sqlconf['host']; ++ $_SESSION['PMA_single_signon_port'] = $sqlconf['port']; ++ } else { ++ $_SESSION['PMA_single_signon_user'] = 'FALSE'; ++ $_SESSION['PMA_single_signon_password'] = 'FALSE'; ++ $_SESSION['PMA_single_signon_host'] = 'FALSE'; ++ $_SESSION['PMA_single_signon_port'] = 'FALSE'; ++ } ?> + <?php if (acl_check('admin', 'users' )) genMiscLink('RTop','adm','0',xl('Certificates'),'usergroup/ssl_certificates_admin.php'); ?> + <?php if (acl_check('admin', 'super' )) genMiscLink('RTop','adm','0',xl('External Data Loads'),'../interface/code_systems/dataloads_ajax.php'); ?> + <?php if (acl_check('admin', 'super' )) genMiscLink('RTop','adm','0',xl('Merge Patients'),'patient_file/merge_patients.php'); ?> diff --git a/debian/patches/series b/debian/patches/series index 35a0107..2b623d4 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -1,3 +1,5 @@ +phpmyadmin_integration_session_fix +globals_ignore_auth_error_line_110 login_lang_description_undeclared_constant startup_developer_appliance_fails_syntax_check correct_webroot_dirs_globals_conf -- Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/debian-med/openemr.git _______________________________________________ debian-med-commit mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/debian-med-commit
