From 6d25b7b1f44ed17efca272f16b2e1804bea58040 Mon Sep 17 00:00:00 2001 From: Maggie Negm Date: Tue, 11 Aug 2020 03:33:03 -0400 Subject: [PATCH 1/3] added multi-site administration --- acl_upgrade.php | 1 + admin.php | 154 +++++++++++++++++++++++ docker/README.md | 2 +- interface/globals.php | 15 ++- sql_upgrade.php => setup/sql_upgrade.php | 17 +-- sql_patch.php | 1 + 6 files changed, 179 insertions(+), 11 deletions(-) create mode 100644 admin.php rename sql_upgrade.php => setup/sql_upgrade.php (90%) diff --git a/acl_upgrade.php b/acl_upgrade.php index cd6d06678..5e04f5646 100644 --- a/acl_upgrade.php +++ b/acl_upgrade.php @@ -107,6 +107,7 @@ */ $ignoreAuth = true; // no login required +$aclUpgradeConfig = true; // to correctly redirect to login page if needed require_once('interface/globals.php'); require_once("$srcdir/acl_upgrade_fx.php"); diff --git a/admin.php b/admin.php new file mode 100644 index 000000000..5ccc3cdb3 --- /dev/null +++ b/admin.php @@ -0,0 +1,154 @@ +;. + * + * + * The purpose of this file is to have one central location to handle + * multiple sites/ and their respective setup and configuration functionalities. + * This file may be run after an upgraded LibreHealth EHR has been installed. + */ + + +require_once("version.php"); +include_once("interface/globals.php"); +require_once("assets/adodb/adodb.inc.php"); +require_once("assets/adodb/drivers/adodb-mysqli.inc.php"); + +$webserver_root = dirname(__FILE__); + +if (stripos(PHP_OS,'WIN') === 0) { + $webserver_root = str_replace("\\","/",$webserver_root); + $OE_SITES_BASE = "$webserver_root/sites"; +} +?> + + + LibreHealth Medical Suite Site Administration + + + +
+

LibreEHR Site Administration

+ + + + + + + + +\n"; + + // Access the site's database. + include "$sitedir/sqlconf.php"; + + if ($config) { + // Establish each sites/ directory database connection here + $dbh->connect("$host:$port", "$login", "$pass"); + if ($dbh === FALSE) + $errmsg = "MySQL connect failed"; + else if (!mysqli_select_db($dbh, $dbase)) + $errmsg = "Access to database failed"; + } + + echo " \n"; + echo " \n"; + + if (!$config) { + echo " \n"; + } + else if ($errmsg) { + echo " \n"; + } + else { + // Get site name for display + $row = mysqli_fetch_array(mysqli_query($dbh, "SELECT gl_value FROM globals WHERE gl_name = 'libreehr_name' LIMIT 1"), MYSQLI_ASSOC); + $libreehr_name = $row ? $row['gl_value'] : ''; + + // Get version indicators from the database. NOTE: these version indicators have not been maintained! This is related to the whole database installation system moving to a file-per-table version scheme that has not been implemented in the LibreHealth.io code repo, which was incomplete when contributors left the project. + $row = mysqli_fetch_array(mysqli_query($dbh, "SHOW TABLES LIKE 'version'"), MYSQLI_ASSOC); + + if (empty($row)) { + $libreehr_version = 'Unknown'; + $database_version = 0; + } + else { + $row = mysqli_fetch_array(mysqli_query($dbh, "SELECT * FROM version LIMIT 1"), MYSQLI_ASSOC); + + $database_patch_txt = ""; + if ( !(empty($row['v_realpatch'])) && $row['v_realpatch'] != 0 ) { + $database_patch_txt = " (" . $row['v_realpatch'] .")"; + } + + $libreehr_version = $row['v_major'] . "." . $row['v_minor'] . "." . $row['v_patch'] . $row['v_tag'] . $database_patch_txt; + $database_version = 0 + $row['v_database']; + $database_acl = 0 + $row['v_acl']; + $database_patch = 0 + $row['v_realpatch']; + } + + // Display relevant columns + echo " \n"; + echo " \n"; + + if ($v_database != $database_version) { + echo "\n"; + } + else if ( ($v_acl > $database_acl) ) { + echo "\n"; + } + else if ( ($v_realpatch != $database_patch) ) { + echo "\n"; + } + else { + echo "\n"; + } + } + + echo " \n"; + + if ($config && $dbh !== FALSE) mysqli_close($dbh); +} +?> +
Site IDDB NameSite NameVersionAction
$sfname$dbaseNeeds setup, click here to run it$errmsg$libreehr_name$libreehr_versionUpgrade DatabaseUpgrade Access ControlsPatch DatabaseLog In
+
+

+
+
+ + diff --git a/docker/README.md b/docker/README.md index d5be9203d..115a304d3 100644 --- a/docker/README.md +++ b/docker/README.md @@ -324,7 +324,7 @@ This is only applicable to production. $ docker/run update ``` -Do not forget to run http://localhost:8000/sql_upgrade.php +Do not forget to run http://localhost:8000/setup/sql_upgrade.php **Replace `localhost:8000` with the port and, IP address or hostname of your server.** diff --git a/interface/globals.php b/interface/globals.php index 69311a56e..398d98927 100755 --- a/interface/globals.php +++ b/interface/globals.php @@ -148,8 +148,19 @@ function undoMagicQuotes($array, $topLevel=true) { header('Location: index.php?site='.$tmp); } else { - // Main LibreHealth EHR use - header('Location: ../login/login.php?site='.$tmp); // Assuming in the interface/main directory + if (isset($sqlUpgradeConfig) && $sqlUpgradeConfig) { + header('Location: ../interface/login/login.php?loginfirst&site='.$tmp); + die(); + } + else if ((isset($aclUpgradeConfig) && $aclUpgradeConfig) || + (isset($sqlPatchConfig) && $sqlPatchConfig)) { + header('Location: interface/login/login.php?loginfirst&site='.$tmp); + die(); + } + else { + // Main LibreHealth EHR use + header('Location: ../login/login.php?site='.$tmp); // Assuming in the interface/main directory + } } exit; } diff --git a/sql_upgrade.php b/setup/sql_upgrade.php similarity index 90% rename from sql_upgrade.php rename to setup/sql_upgrade.php index 89a205d2c..1662ac79e 100644 --- a/sql_upgrade.php +++ b/setup/sql_upgrade.php @@ -15,10 +15,11 @@ ini_set('max_execution_time', '0'); $ignoreAuth = true; // no login required +$sqlUpgradeConfig = true; // to correctly redirect to login page if needed -require_once('interface/globals.php'); -require_once('library/sql.inc'); -require_once('library/sql_upgrade_fx.php'); +require_once('../interface/globals.php'); +require_once('../library/sql.inc'); +require_once('../library/sql_upgrade_fx.php'); // Force logging off @@ -41,8 +42,8 @@ LibreHealth EHR Database Upgrade - - + +
@@ -60,13 +61,13 @@ if ( (!empty($v_realpatch)) && ($v_realpatch != "") && ($v_realpatch > 0) ) { // This release contains a patch file, so process it. - upgradeFromSqlFile('patch.sql'); + upgradeFromSqlFile('../patch.sql'); } flush(); echo "Updating global configuration defaults...
\n"; - require_once("library/globals.inc.php"); + require_once("../library/globals.inc.php"); foreach ($GLOBALS_METADATA as $grpname => $grparr) { foreach ($grparr as $fldid => $fldarr) { list($fldname, $fldtype, $flddef, $flddesc) = $fldarr; @@ -81,7 +82,7 @@ } echo "Updating Access Controls...
\n"; - require("acl_upgrade.php"); + require("../acl_upgrade.php"); echo "
\n"; echo "Updating version indicators...
\n"; diff --git a/sql_patch.php b/sql_patch.php index c47521c79..2608fdd36 100644 --- a/sql_patch.php +++ b/sql_patch.php @@ -13,6 +13,7 @@ // Disable PHP timeout. This will not work in safe mode. ini_set('max_execution_time', '0'); +$sqlPatchConfig = true; // to correctly redirect to login page if needed $ignoreAuth = true; // no login required From ec4f8a70b2439169bcf06caa4deb6a72a5f27565 Mon Sep 17 00:00:00 2001 From: Maggie Negm Date: Tue, 11 Aug 2020 03:51:45 -0400 Subject: [PATCH 2/3] prevent unauth info disclosure in gacl/setup.php --- gacl/setup.php | 2 ++ 1 file changed, 2 insertions(+) diff --git a/gacl/setup.php b/gacl/setup.php index cde2b50f3..b8a7aa0a5 100755 --- a/gacl/setup.php +++ b/gacl/setup.php @@ -5,6 +5,8 @@ require_once(dirname(__FILE__).'/admin/gacl_admin.inc.php'); require_once(ADODB_DIR .'/adodb-xmlschema.inc.php'); +// check if user is authenticated before displaying setup info +require_once('../interface/globals.php'); $db_table_prefix = $gacl->_db_table_prefix; $db_type = $gacl->_db_type; From f0e165fa7bd86e4c0663a37af95515579b128128 Mon Sep 17 00:00:00 2001 From: Maggie Negm Date: Wed, 12 Aug 2020 14:08:45 -0400 Subject: [PATCH 3/3] added user auth to config files --- acl_upgrade.php | 1 - setup/sql_upgrade.php | 1 - sql_patch.php | 3 +-- 3 files changed, 1 insertion(+), 4 deletions(-) diff --git a/acl_upgrade.php b/acl_upgrade.php index 5e04f5646..9b9e1cb3f 100644 --- a/acl_upgrade.php +++ b/acl_upgrade.php @@ -106,7 +106,6 @@ * @link http://librehealth.io */ -$ignoreAuth = true; // no login required $aclUpgradeConfig = true; // to correctly redirect to login page if needed require_once('interface/globals.php'); diff --git a/setup/sql_upgrade.php b/setup/sql_upgrade.php index 1662ac79e..e5e7c1db7 100644 --- a/setup/sql_upgrade.php +++ b/setup/sql_upgrade.php @@ -14,7 +14,6 @@ // Disable PHP timeout. This will not work in safe mode. ini_set('max_execution_time', '0'); -$ignoreAuth = true; // no login required $sqlUpgradeConfig = true; // to correctly redirect to login page if needed require_once('../interface/globals.php'); diff --git a/sql_patch.php b/sql_patch.php index 2608fdd36..7846659df 100644 --- a/sql_patch.php +++ b/sql_patch.php @@ -13,9 +13,8 @@ // Disable PHP timeout. This will not work in safe mode. ini_set('max_execution_time', '0'); -$sqlPatchConfig = true; // to correctly redirect to login page if needed -$ignoreAuth = true; // no login required +$sqlPatchConfig = true; // to correctly redirect to login page if needed require_once('interface/globals.php'); require_once('library/sql.inc');