This is an automated email from the git hooks/post-receive script. iankarlwallace-guest pushed a commit to branch master in repository openemr.
commit 250611a4b0eae932eae97ec61a65c8f84725a358 Author: Ian Wallace <[email protected]> Date: Mon Sep 8 21:38:04 2014 -0700 Integration of Debian provided phpMyAdmin for use with OpenEMR. Uses an additional session OpenEMRphpMyAdmin to store the PMA credentials. --- debian/openemr.conf | 25 +--- debian/openemr.config.inc.php | 40 +---- debian/patches/phpmyadmin_integration_session_fix | 170 +++++++++++++++++++--- 3 files changed, 160 insertions(+), 75 deletions(-) diff --git a/debian/openemr.conf b/debian/openemr.conf index 8d9a582..ae4d3e9 100644 --- a/debian/openemr.conf +++ b/debian/openemr.conf @@ -1,25 +1,14 @@ # OpenEMR default Apache configuration +# PhpMyAdmin settings have defaults that are picked up by Apache +# from the main phpMyAdmin configuration so we don't need to set +# them here Alias /openemr/phpmyadmin /usr/share/phpmyadmin <Directory /usr/share/phpmyadmin> Options FollowSymLinks DirectoryIndex index.php - <IfModule mod_php5.c> - <IfModule mod_mime.c> - AddType application/x-httpd-php .php - </IfModule> - <FilesMatch ".+\.php$"> - SetHandler application/x-httpd-php - </FilesMatch> - - php_flag magic_quotes_gpc Off - php_flag track_vars On - php_flag register_globals Off - php_admin_flag allow_url_fopen Off - php_value include_path . - php_admin_value upload_tmp_dir /var/lib/openemr/tmp - php_admin_value open_basedir /usr/share/phpmyadmin/:/etc/phpmyadmin/:/var/lib/phpmyadmin/:/usr/share/php/php-gettext/:/usr/share/javascript/:/usr/share/php/tcpdf/ + php_flag display_errors Off </IfModule> </Directory> @@ -46,7 +35,7 @@ Alias /openemr /usr/share/openemr <IfModule mod_php5.c> AddType application/x-httpd-php .php php_flag short_open_tag On - php_flag display_errors Off + php_flag display_errors On php_flag register_globals Off php_flag file_uploads On php_value max_execution_time 60 @@ -54,10 +43,10 @@ Alias /openemr /usr/share/openemr php_value post_max_size 30M php_value memory_limit 128M php_value post_max_size 32M - php_value include_path ".:/usr/share/openemr:/usr/share/php5:/usr/share/php" + php_value include_path .:/usr/share/openemr:/usr/share/php5:/usr/share/php php_admin_value upload_max_filesize 16M php_admin_value upload_tmp_dir /var/lib/openemr/tmp - php_admin_value open_basedir /usr/share/openemr/:/etc/openemr/:/var/lib/openemr/ + php_admin_value open_basedir /usr/share/openemr/:/etc/openemr/:/var/lib/openemr/:/usr/share/php5/:/usr/share/php/ </IfModule> </Directory> diff --git a/debian/openemr.config.inc.php b/debian/openemr.config.inc.php index 3a13543..c6e74ce 100644 --- a/debian/openemr.config.inc.php +++ b/debian/openemr.config.inc.php @@ -1,41 +1,16 @@ <?php // OpenEMR Integartion -// If request is coming from OpenEMR URI declare that it's signle signon -$pattern="/^\/openemr\/phpmyadmin\/*/"; -if ( preg_match("$pattern",$_SERVER['REQUEST_URI']) === 1 ) { - error_log("oer: URI [".$_SERVER['REQUEST_URI']."] matched."); - - $old_session = session_name(); - $old_id = session_id(); - session_write_close(); - error_log("oer: Closed session [".$old_session."-".$old_id."]"); - - foreach($_COOKIE as $key => $value) { - error_log("oer: Cookied detected [".$key."] as [".$value."]"); - if( preg_match("/^phpMyAdmin$/",$key) === 1 ) { - error_log("oer: phpMyAdmin COOKIE detected."); - session_name($key); - session_id($value); - session_start(); - error_log("oer:Switched to session [".$key."-".$value."]"); - error_log("oer:_SESSION is [".print_r($_SESSION,TRUE)."]"); - session_write_close(); - } else { - error_log("oer: Cookie [".$key."] doesn't appear to be a phpMyAdmin session."); - } - } - - session_name($old_session); - session_id($old_id); - session_start(); - error_log("oer: Resumed old session [".$old_session."-".$old_id."]"); - +// If OpenEMRphMyAdmin cookie we provide the basic configuration +// All crednetials are handled by interface/main/left_nav.php +if ( isset($_COOKIE['OpenEMRphpMyAdmin']) ) { $i=$i++; // Single signon server configuration for using phpMyAdmin inside of OpenEMR + // We use a bridge session defined in globals.php for path /openemr/phpmyadmin that has + // the required information in it for login $cfg['Servers'][$i]['extension'] = 'mysqli'; $cfg['Servers'][$i]['auth_type'] = 'signon'; - $cfg['Servers'][$i]['SignonSession'] = 'OpenEMR'; + $cfg['Servers'][$i]['SignonSession'] = 'OpenEMRphpMyAdmin'; $cfg['Servers'][$i]['SignonURL'] = '/openemr'; $cfg['Servers'][$i]['only_db'] = 'openemr'; $cfg['ServerDefault'] = $i; @@ -44,9 +19,8 @@ if ( preg_match("$pattern",$_SERVER['REQUEST_URI']) === 1 ) { $cfg['ShowPhpInfo'] = TRUE; $cfg['Confirm'] = TRUE; $cfg['Error_Handler']['display'] = TRUE; - error_log("oer: Default settings for server [".$i."] provided."); } else { - error_log("oer: Skipping openemr integration as URI doesn't match."); + error_log("oer: "); } ?> diff --git a/debian/patches/phpmyadmin_integration_session_fix b/debian/patches/phpmyadmin_integration_session_fix index 068c706..849c4e3 100644 --- a/debian/patches/phpmyadmin_integration_session_fix +++ b/debian/patches/phpmyadmin_integration_session_fix @@ -1,42 +1,164 @@ --- a/interface/main/left_nav.php +++ b/interface/main/left_nav.php -@@ -1113,7 +1113,18 @@ if ($GLOBALS['athletic_team']) { +@@ -301,6 +301,22 @@ function genFindBlock() { + <?php + } // End function genFindBlock() + ++// Set PMA_single_signon variables, default is to set all the null - turns off access to PMA ++function session_set_PMA_single_signon_credentials($user = null, $password = null, $host = null, $port = null) { ++ // The OER to PMA bridge session should be referenced in Session OpenEMR oer_pma_id, if it's not there skip ++ if ( isset($_SESSION['oer_pma_id']) ) { ++ $oer_pma_id = $_SESSION['oer_pma_id']; ++ session_reopen_no_headers("OpenEMRphpMyAdmin",$oer_pma_id); ++ $_SESSION['PMA_single_signon_user'] = $user; ++ $_SESSION['PMA_single_signon_password'] = $password; ++ $_SESSION['PMA_single_signon_host'] = $host; ++ $_SESSION['PMA_single_signon_port'] = $port; ++ } else { ++ error_log("oer+phpmyadmin: ERROR NO PMA session found SKIPPING set_PMA_signle_signon_credentials."); ++ } ++} ++ ++ + ?> + <html> + <head> +@@ -1113,7 +1129,13 @@ if ($GLOBALS['athletic_team']) { <?php if (acl_check('admin', 'forms' )) genMiscLink('RTop','adm','0',xl('Forms'),'forms_admin/forms_admin.php'); ?> <?php if (acl_check('admin', 'calendar') && !$GLOBALS['disable_calendar']) genMiscLink('RTop','adm','0',xl('Calendar'),'main/calendar/index.php?module=PostCalendar&type=admin&func=modifyconfig'); ?> <?php if (acl_check('admin', 'users' )) genMiscLink('RTop','adm','0',xl('Logs'),'logview/logview.php'); ?> - <?php if ( (!$GLOBALS['disable_phpmyadmin_link']) && (acl_check('admin', 'database')) ) genMiscLink('RTop','adm','0',xl('Database'),'../phpmyadmin/index.php'); ?> + <?php if ( (!$GLOBALS['disable_phpmyadmin_link']) && (acl_check('admin', 'database')) ) { -+ genMiscLink('RTop','adm','0',xl('Database'),'../phpmyadmin/index.php'); -+ $_SESSION['PMA_single_signon_user'] = $sqlconf['login']; -+ $_SESSION['PMA_single_signon_password'] = $sqlconf['pass']; -+ $_SESSION['PMA_single_signon_host'] = $sqlconf['host']; -+ $_SESSION['PMA_single_signon_port'] = $sqlconf['port']; -+ } else { -+ $_SESSION['PMA_single_signon_user'] = 'FALSE'; -+ $_SESSION['PMA_single_signon_password'] = 'FALSE'; -+ $_SESSION['PMA_single_signon_host'] = 'FALSE'; -+ $_SESSION['PMA_single_signon_port'] = 'FALSE'; -+ } ?> ++ genMiscLink('RTop','adm','0',xl('Database'),'../phpmyadmin/index.php'); ++ session_set_PMA_single_signon_credentials($sqlconf['login'], $sqlconf['pass'], $sqlconf['host'], $sqlconf['port']); ++ } else { ++ session_set_PMA_single_signon_credentials(); ++ } ++ ?> <?php if (acl_check('admin', 'super' )) genMiscLink('RTop','adm','0',xl('Files'),'super/manage_site_files.php'); ?> <?php if (acl_check('admin', 'super' )) genMiscLink('RTop','adm','0',xl('Backup'),'main/backup.php'); ?> <?php if (acl_check('admin', 'users' )) genMiscLink('RTop','adm','0',xl('Certificates'),'usergroup/ssl_certificates_admin.php'); ?> -@@ -1284,7 +1295,18 @@ if (!empty($reg)) { +@@ -1284,7 +1306,13 @@ if (!empty($reg)) { if (acl_check('admin', 'users' )) genMiscLink('RTop','adm','0',xl('eRx Logs'),'logview/erx_logview.php'); } ?> - <?php if ( (!$GLOBALS['disable_phpmyadmin_link']) && (acl_check('admin', 'database')) ) genMiscLink('RTop','adm','0',xl('Database'),'../phpmyadmin/index.php'); ?> + <?php if ( (!$GLOBALS['disable_phpmyadmin_link']) && (acl_check('admin', 'database')) ) { -+ genMiscLink('RTop','adm','0',xl('Database'),'../phpmyadmin/index.php'); -+ $_SESSION['PMA_single_signon_user'] = $sqlconf['login']; -+ $_SESSION['PMA_single_signon_password'] = $sqlconf['pass']; -+ $_SESSION['PMA_single_signon_host'] = $sqlconf['host']; -+ $_SESSION['PMA_single_signon_port'] = $sqlconf['port']; -+ } else { -+ $_SESSION['PMA_single_signon_user'] = 'FALSE'; -+ $_SESSION['PMA_single_signon_password'] = 'FALSE'; -+ $_SESSION['PMA_single_signon_host'] = 'FALSE'; -+ $_SESSION['PMA_single_signon_port'] = 'FALSE'; -+ } ?> ++ genMiscLink('RTop','adm','0',xl('Database'),'../phpmyadmin/index.php'); ++ session_set_PMA_single_signon_credentials($sqlconf['login'], $sqlconf['pass'], $sqlconf['host'], $sqlconf['port']); ++ } else { ++ session_set_PMA_single_signon_credentials(); ++ } ++ ?> <?php if (acl_check('admin', 'users' )) genMiscLink('RTop','adm','0',xl('Certificates'),'usergroup/ssl_certificates_admin.php'); ?> <?php if (acl_check('admin', 'super' )) genMiscLink('RTop','adm','0',xl('External Data Loads'),'../interface/code_systems/dataloads_ajax.php'); ?> <?php if (acl_check('admin', 'super' )) genMiscLink('RTop','adm','0',xl('Merge Patients'),'patient_file/merge_patients.php'); ?> +--- a/interface/globals.php ++++ b/interface/globals.php +@@ -88,17 +88,97 @@ if (preg_match("/^[^\/]/",$web_root)) { + // only if you have some reason to. + $GLOBALS['OE_SITES_BASE'] = "$webserver_root/sites"; + +-// The session name names a cookie stored in the browser. +-// If you modify session_name, then need to place the identical name in +-// the phpmyadmin file here: openemr/phpmyadmin/libraries/session.inc.php +-// at line 71. This was required after embedded new phpmyadmin version on +-// 05-12-2009 by Brady. Hopefully will figure out a more appropriate fix. +-// Now that restore_session() is implemented in javaScript, session IDs are +-// effectively saved in the top level browser window and there is no longer +-// any need to change the session name for different OpenEMR instances. +-session_name("OpenEMR"); ++/** ++* Session mgmt helper functions ++* ++* These function(s) started from the need to manage ++* multiple sessions/cookies for integration with phpmyadmin. ++* PHP will generate a header each time session_write_close() ++* is called, which can cause problems if called from any ++* place *other* than the top level dir. The browser starts ++* to accumulate multiple cookies with the same name and ++* sometimes different id's. ++* ++* 09/06/2014 - Ian Wallace - [email protected] ++* Taken from information found on StackOverlow for questions: ++* http://stackoverflow.com/questions/12315225/reopening-a-session-in-php ++* http://stackoverflow.com/questions/10046570/php-save-session-when-using-session-write-close ++*/ + ++// Save the parameters that we might overwrite later. ++$GLOBALS['oer_pma.use_only_cookies'] = ini_get('session.use_only_cookies'); ++$GLOBALS['oer_pma.use_cookies'] = ini_get('session.use_cookies'); ++$GLOBALS['oer_pma.use_trans_sid'] = ini_get('session.use_trans_sid'); ++$GLOBALS['oer_pma.cache_limiter'] = ini_get('session.cache_limiter'); ++ ++// Reopen session suppressing the headers that are normally sent ++function session_reopen_no_headers( $sess_name = "OpenEMR", $sess_id = null ) { ++ session_write_close(); ++ ini_set('session.use_only_cookies', false); ++ ini_set('session.use_cookies', false); ++ ini_set('session.use_trans_sid', false); ++ ini_set('session.cache_limiter', null); ++ if (isset($sess_id) && $sess_id !== null) { ++ session_id($sess_id); ++ } ++ session_name($sess_name); ++ session_start(); ++} ++ ++// Reopen session with whatever ini values were set ++function session_reopen( $sess_name = "OpenEMR", $sess_id = null ){ ++ session_write_close(); ++ ini_set('session.use_only_cookies', $GLOBALS['oer_pma.use_only_cookies']); ++ ini_set('session.use_cookies', $GLOBALS['oer_pma.use_cookies']); ++ ini_set('session.use_trans_sid', $GLOBALS['oer_pma.use_trans_sid']); ++ ini_set('session.cache_limiter', $GLOBALS['oer_pma.cache_limiter']); ++ if (isset($sess_id) && $sess_id !== null) { ++ session_id($sess_id); ++ } ++ session_name($sess_name); ++ session_start(); ++} ++ ++// The session name names a cookie stored in the browser for the OpenEMR session. ++// With prior versions there needed to be synchrony between OpenEMR sessions and ++// phpMyAdmin sessions or they would not work together. That is no longer needed ++// with the use of signon authentication with phpMyAdmin. Unfortunately there ++// is a second bug where the named session that holds the PMA credentials will be ++// duplicated but at a different cookie path (the real OpenEMR session is always ++// path = / but with the way that phpMyAdmin looks for the credentials it creates ++// a second cookie at path = /openemr/phpmyadmin/. This essentially will HIDE ++// the true session the second time the user tries to access phpMyAdmin. The ++// first access works OK. To work around this a bridge session is being used ++// accessed via OpenEMRphpMyAdmin that only has the PMA credentials and is set to ++// path = /openemr/phpmyadmin/ so that it can not be erroneously hidden by the ++// PMA signon auth code. The true solution is to submit a patch upstream for ++// phpmyadmin. ++ ++// Start the session and make sure the OER to PMA id is updated or created ++session_set_cookie_params(0,'/',ini_get('session.cookie_domain'),FALSE,FALSE); ++session_name('OpenEMR'); ++session_start(); ++$oer_id = session_id(); ++$oer_pma_id = ( isset($_SESSION['oer_pma_id']) ? $_SESSION['oer_pma_id'] : sha1(mt_rand()) ); ++$_SESSION['oer_pma_id'] = $oer_pma_id; ++session_write_close(); ++ ++// Make sure the OER to PMA bridge session is created correctly and contains a reference to the parent session ++// Correct it if it's incorrect, it will be incorrect the second time a user attempts to use phpMyAdmin ++session_set_cookie_params(0,"/openemr/phpmyadmin/",ini_get('session.cookie_domain'),FALSE,TRUE); ++session_name("OpenEMRphpMyAdmin"); ++session_id($oer_pma_id); ++session_start(); ++if ( !isset($_SESSION['oer_id']) || ($_SESSION['oer_id'] != $oer_id) ) { ++ $_SESSION['oer_id'] = $oer_id; ++} ++session_write_close(); ++ ++session_set_cookie_params(0,'/',ini_get('session.cookie_domain'),FALSE,FALSE); ++session_name('OpenEMR'); ++session_id($oer_id); + session_start(); ++error_log("oer+phpmyadmin: OER Session[".$oer_id."] phpMyAdmin Session[".$oer_pma_id."]"); + + // Set the site ID if required. This must be done before any database + // access is attempted. -- Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/debian-med/openemr.git _______________________________________________ debian-med-commit mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/debian-med-commit
