$new_salt = password_salt(); $salt_clause = ",portal_salt=? "; array_push($query_parameters, password_hash($clear_pass, $new_salt), $new_salt); } else { // For offsite portal still create and SHA1 hashed password // When offsite portal is updated to handle blowfish, then both portals can use the same execution path. array_push($query_parameters, SHA1($clear_pass)); } array_push($query_parameters, $pid); if (sqlNumRows($res)) { sqlStatement("UPDATE patient_access_" . add_escape_custom($portalsite) . "site SET portal_username=?,portal_pwd=?,portal_pwd_status=0 " . $salt_clause . " WHERE pid=?", $query_parameters); } else { sqlStatement("INSERT INTO patient_access_" . add_escape_custom($portalsite) . "site SET portal_username=?,portal_pwd=?,portal_pwd_status=0" . $salt_clause . " ,pid=?", $query_parameters); } // Create the message $message = messageCreate($_REQUEST['uname'], $clear_pass, $portalsite); // Email and display/print the message if (emailLogin($pid, $message)) { // email was sent displayLogin($pid, $message, true); } else { // email wasn't sent displayLogin($pid, $message, false); } exit; } ?> <html> <head> <link rel="stylesheet" href="<?php
{ $patientData = sqlQuery("SELECT * FROM `patient_data` WHERE `pid`=?", array($patient_id)); if ($emailFlag) { $message = "<br><br>" . htmlspecialchars(xl("Email was sent to following address"), ENT_NOQUOTES) . ": " . htmlspecialchars($patientData['email'], ENT_NOQUOTES) . "<br><br>" . $message; } echo "<html><body onload='window.print();'>" . $message . "</body></html>"; } if (isset($_REQUEST['form_save']) && $_REQUEST['form_save'] == 'SUBMIT') { $res = sqlStatement("SELECT * FROM patient_access_" . add_escape_custom($portalsite) . "site WHERE pid=?", array($pid)); if (sqlNumRows($res)) { sqlStatement("UPDATE patient_access_" . add_escape_custom($portalsite) . "site SET portal_username=?,portal_pwd=?,portal_pwd_status=0 WHERE pid=?", array($_REQUEST['uname'], $_REQUEST['authpwd'], $pid)); } else { sqlStatement("INSERT INTO patient_access_" . add_escape_custom($portalsite) . "site SET portal_username=?,portal_pwd=?,portal_pwd_status=0,pid=?", array($_REQUEST['uname'], $_REQUEST['authpwd'], $pid)); } // Create the message $message = messageCreate($_REQUEST['uname'], $_REQUEST['pwd'], $portalsite); // Email and display/print the message if (emailLogin($pid, $message)) { // email was sent displayLogin($pid, $message, true); } else { // email wasn't sent displayLogin($pid, $message, false); } exit; } ?> <html> <head> <link rel="stylesheet" href="<?php