forked from openemr/openemr
-
Notifications
You must be signed in to change notification settings - Fork 0
/
log_validation.php
61 lines (56 loc) · 2.08 KB
/
log_validation.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
<?php
/**
* library/log_validation.php to validate audit logs tamper resistance.
*
* Copyright (C) 2016 Visolve <[email protected]>
*
* LICENSE: This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 3
* of the License, or (at your option) any later version.
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http:https://opensource.org/licenses/gpl-license.php>;.
*
* @package OpenEMR
* @author Visolve <[email protected]>
* @link http:https://www.open-emr.org
*/
$fake_register_globals=false;
$sanitize_all_escapes=true;
require_once("../interface/globals.php");
require_once("$srcdir/log.inc");
require_once("$srcdir/formatting.inc.php");
$valid = true;
$errors = array();
catch_logs();
$sql = sqlStatement("select * from log_validator");
while($row = sqlFetchArray($sql)){
$logEntry = sqlQuery("select * from log where id = ?",array($row['log_id']));
if(empty($logEntry)){
$valid = false;
array_push($errors, xl("Following audit log entry number is missing") . ": " . $row['log_id']);
}
else if($row['log_checksum'] != $logEntry['checksum']){
$valid = false;
array_push($errors, xl("Audit log tampering evident at entry number") . " " . $row['log_id']);
}
if(!$valid) break;
}
if($valid){
echo xl("Audit Log Validated Successfully");
}
else
{
echo xl("Audit Log Validation Failed") . "(ERROR:: $errors[0])";
}
function catch_logs(){
$sql = sqlStatement("select * from log where id not in(select log_id from log_validator) and checksum is NOT null and checksum != ''");
while($row = sqlFetchArray($sql)){
sqlInsert("INSERT into log_validator (log_id,log_checksum) VALUES(?,?)",array($row['id'],$row['checksum']));
}
}
?>