function IsValid($credentials)
{
syslog(LOG_INFO, "isvalid");
if (!isset($credentials['username'])) {
return false;
}
// Find this user
$r = $GLOBALS['sql']->queryRow("SELECT * FROM user " . "WHERE username = '******'username']) . "'");
// If the user isn't found, false
if (!$r['id']) {
return false;
}
if (LOGLEVEL < 1 || (LOG_HIPAA || LOG_LOGIN)) {
syslog(LOG_INFO, "FreeMED.Authentication_Basic| verify_auth login attempt {$user} ");
}
$db_pass = $r['userpassword'];
// Check password
if ($credentials['password'] == $r['userpassword']) {
// Set session vars
unset($r['userpassword']);
HTTP_Session2::set('authdata', array("username" => $credentials['username'], "user" => $r['id'], "user_record" => $r));
// Set ipaddr for SESSION_PROTECTION
HTTP_Session2::set('ipaddr', $_SERVER['REMOTE_ADDR']);
// Authorize
if (LOGLEVEL < 1 || LOG_ERRORS || (LOG_HIPAA || LOG_LOGIN)) {
syslog(LOG_INFO, "FreeMED.Authentication_Basic| verify_auth successful login");
}
$log = freemed::log_object();
$log->SystemLog(LOG__SECURITY, 'Authentication', get_class($this), "Successfully logged in");
return true;
} else {
// check password
// Failed password check
HTTP_Session2::set('authdata', null);
HTTP_Session2::set('ipaddr', null);
if (LOGLEVEL < 1 || LOG_ERRORS || (LOG_HIPAA || LOG_LOGIN)) {
syslog(LOG_INFO, "FreeMED.Authentication_Basic| verify_auth failed login");
}
$log = freemed::log_object();
$log->SystemLog(LOG__SECURITY, 'Authentication', get_class($this), "Failed login");
return false;
}
// end check password
}
private function _startSession()
{
// Start the session
TIP::startSession();
$this->_session_started = true;
// Set $_referer
$request = HTTP_Session2::get('request');
$referer = HTTP_Session2::get('referer');
if (is_null($request)) {
// Entry page or new session: the referer is the main page
$this->_referer = null;
} elseif ($this->_request['uri'] == $referer['uri']) {
// Current URI equals to the old referer URI: probably a back action
$this->_referer = null;
} elseif ($this->_request['module'] != $request['module'] || $this->_request['action'] != $request['action']) {
// New action: the referer is the previous request
$this->_referer = $request;
} else {
// Same action: leave the old referer
$this->_referer = $referer;
}
if (!is_array($this->_referer)) {
$this->_referer = array('uri' => TIP::getHome(), 'module' => null, 'action' => null);
$this->_referer['action'] = null;
}
$this->keys['REFERER'] = $this->_referer['uri'];
// Store request and referer
HTTP_Session2::set('referer', $this->_referer);
HTTP_Session2::set('request', $this->_request);
// Profiler initialization in "admin" mode
if ($this->keys['IS_ADMIN']) {
require_once 'Benchmark/Profiler.php';
$GLOBALS['_tip_profiler'] = new Benchmark_Profiler();
$GLOBALS['_tip_profiler']->start();
}
}
/**
* Perform a vote action
*
* Runs the 'vote_template' template to get a confirmation on the vote and
* adds the vote if confirmed.
*
* @param int $id The poll id
* @param int $answer The answer id
* @return bool true on success or false on errors
*/
protected function actionVote($id, $answer)
{
$expiration = @HTTP_Session2::get($this->id . '.expiration');
$voting = @HTTP_Session2::get($this->id . '.voting');
if ($voting && time() < $expiration) {
TIP::notifyError('double');
return false;
}
if (is_null($row =& $this->fromRow($id, false))) {
return false;
}
if (is_null($answer_label = $this->getField('answer' . $answer))) {
TIP::notifyError('wrongparams');
$this->endView();
return false;
}
if (@TIP::getGet('process', 'int') == 1) {
if (!$voting) {
TIP::notifyError('nocookies');
$this->endView();
return false;
}
$old_row = $row;
++$row['votes' . $answer];
$this->_onDataRow($row);
$this->data->updateRow($row, $old_row);
HTTP_Session2::set($this->id . '.voting', false);
HTTP_Session2::set($this->id . '.expiration', strtotime($this->expiration));
$this->appendToPage($this->view_template);
} else {
HTTP_Session2::set($this->id . '.voting', true);
$this->appendToPage($this->vote_template);
}
$this->endView();
return true;
}
private function _validate()
{
if ($this->action == TIP_FORM_ACTION_DELETE || $this->action == TIP_FORM_ACTION_CUSTOM) {
// Special case: GET driven form
$this->_form->freeze();
return TIP::getGet('process', 'int') == 1;
}
// Add element and form rules
isset($this->validator) && $this->_form->addFormRule($this->validator);
foreach (array_keys($this->fields) as $id) {
if ($this->_form->elementExists($id)) {
$this->_addGuessedRules($id);
$this->_addCustomRules($id);
}
}
$stage_id = $this->id . '.stage';
$last_stage = HTTP_Session2::get($stage_id);
if (!$this->_form->isSubmitted() || isset($last_stage) && $last_stage < $this->_stage) {
HTTP_Session2::set($stage_id, $this->_stage);
$valid = false;
} elseif (is_null($last_stage)) {
// No last stage defined
TIP::notifyError('double');
$valid = null;
} else {
// Validation
$this->_form->applyFilter('__ALL__', array('TIP', 'extendedTrim'));
$valid = $this->_form->validate();
}
// Perform uploads (if needed)
if (is_callable(array('HTML_QuickForm_attachment', 'doUploads'))) {
HTML_QuickForm_attachment::doUploads($this->_form);
}
return $valid;
}
function ValidSession()
{
// Associate "SESSION" with proper session variable
$PHP_SELF = $_SERVER['PHP_SELF'];
// Check for authdata array
if (is_array(HTTP_Session2::get('authdata'))) {
// Check to see if ipaddr is set or not...
if (!SESSION_PROTECTION) {
return true;
} else {
if (!empty(HTTP_Session2::get('ipaddr'))) {
if (HTTP_Session2::get('ipaddr') == $_SERVER['REMOTE_ADDR']) {
// We're already authorized
return true;
} else {
// IP address has changed, ERROR
HTTP_Session2::set('ipaddr', null);
syslog(LOG_INFO, "Authentication Layer| IP address changed for session");
return false;
}
// end checking ipaddr
} else {
// Force check if no ip address is present. This
// should get around null IPs getting set by
// accident without compromising security.
return false;
}
// end if isset ipaddr
}
// end checking for SESSION_PROTECTION
}
// end checking for authdata in session
// If all else fails, return false
return false;
}
/**
* セッション変数マージ
*
* 既存の値とマージしてセッション保存します。
*
* @param string $key キー
* @param mixed $values 値
*
* @return void
*/
public function merge($key, $values)
{
$this->_start();
$key = $this->_config['prefix'] . $key;
$old = HTTP_Session2::get($key);
if (is_array($old)) {
$values = array_merge_recursive($old, $values);
}
$return = HTTP_Session2::set($key, $values);
$log = array('key' => $key, 'val' => $values, 'result' => $return);
$this->_log->log('Session[Merge]', $log);
}
function patient_push($patient)
{
$patient_history = HTTP_Session2::get('patient_history');
// Import it if it exists
if (isset($patient_history)) {
// Clean out null entries... and rogue arrays
foreach ($patient_history as $k => $v) {
if (!$v) {
unset($patient_history[$k]);
}
if (is_array($v)) {
unset($patient_history[$k]);
}
}
// end foreach
// Check to see if this is the last item on the list...
// ... kick out without adding.
if ($patient_history[count($patient_history)] == $patient) {
// Reimport due to cleaning
HTTP_Session2::set('patient_history', $patient_history);
// And we don't have to add it, exit with true
return true;
}
// end checking if we just saw them...
}
// end checking for existing history
// Add to the list of pages
$patient_history[] = $patient;
// Reimport into SESSION
HTTP_Session2::set('patient_history', $patient_history);
}
function toHtml()
{
// The captcha must desappear in frozen state
if ($this->_flagFrozen) {
return '';
}
switch ($this->_method) {
case 'Numbers_Words':
require_once 'Numbers/Words.php';
isset($this->_value) || ($this->_value = rand(1, 1000));
$html = ucfirst(Numbers_Words::toWords($this->_value, $this->_locale));
$html .= ' ' . parent::toHtml();
break;
default:
$html = '';
}
HTTP_Session2::set('_HTML_QuickForm_captcha', $this->_value);
return $html;
}
public function SessionPopulate()
{
syslog(LOG_INFO, "SessionPopulate called");
if (!$this->LoggedIn()) {
return false;
}
syslog(LOG_INFO, "SessionPopulate called, proceeding");
$u = freemed::user_cache();
// Pull user options
$r = $u->local_record;
$s = unserialize($r['usermanageopt']);
if ($s) {
$r['usermanageopt'] = $s;
}
$authdata = HTTP_Session2::get('authdata');
$authdata['user_record'] = $r;
HTTP_Session2::set('authdata', $authdata);
return true;
}
}
//----- Gettext and language settings
if (isset($_REQUEST['_l'])) {
// Handle template language changes
HTTP_Session2::set('language', $_REQUEST['_l']);
} elseif (HTTP_Session2::get('language')) {
// Pull from cookie (do nothing)
} else {
// Use the default
HTTP_Session2::set('language', DEFAULT_LANGUAGE);
}
$GLOBALS['freemed']['__language'] = HTTP_Session2::get('language');
// Set default facility from parameter if it exists
if (isset($_REQUEST['_f'])) {
// Handle template language changes
HTTP_Session2::set('default_facility', $_REQUEST['_f'] + 0);
}
// Load ACL routines
if (!defined('SKIP_SQL_INIT')) {
include_once dirname(__FILE__) . "/acl.php";
}
}
// ***************************************************************
// Load Gettext routines
include_once dirname(__FILE__) . "/i18n.php";
include_once dirname(__FILE__) . "/API.php";
// API functions
include_once dirname(__FILE__) . "/macros.php";
// macros/contants
//----- Create Log target
openlog("freemed", LOG_PID | LOG_PERROR, LOG_LOCAL0);
