return false;
    }
}
function displayLogin($patient_id, $message, $emailFlag)
{
    $patientData = sqlQuery("SELECT * FROM `patient_data` WHERE `pid`=?", array($patient_id));
    if ($emailFlag) {
        $message = "<br><br>" . htmlspecialchars(xl("Email was sent to following address"), ENT_NOQUOTES) . ": " . htmlspecialchars($patientData['email'], ENT_NOQUOTES) . "<br><br>" . $message;
    }
    echo "<html><body onload='window.print();'>" . $message . "</body></html>";
}
if (isset($_REQUEST['form_save']) && $_REQUEST['form_save'] == 'SUBMIT') {
    require_once "{$srcdir}/authentication/rsa.php";
    require_once "{$srcdir}/authentication/common_operations.php";
    $pubKey = $_REQUEST['pk'];
    $rsa = new rsa_key_manager();
    $rsa->load_from_db($pubKey);
    $clear_pass = $rsa->decrypt($_REQUEST['rsa_pwd']);
    $res = sqlStatement("SELECT * FROM patient_access_" . add_escape_custom($portalsite) . "site WHERE pid=?", array($pid));
    $query_parameters = array($_REQUEST['uname']);
    $salt_clause = "";
    if ($portalsite == 'on') {
        // For onsite portal create a blowfish based hash and salt.
        $new_salt = password_salt();
        $salt_clause = ",portal_salt=? ";
        array_push($query_parameters, password_hash($clear_pass, $new_salt), $new_salt);
    } else {
        // For offsite portal still create and SHA1 hashed password
        // When offsite portal is updated to handle blowfish, then both portals can use the same execution path.
        array_push($query_parameters, SHA1($clear_pass));
    }
Example #2
0
 * GNU General Public License for more details.
 * You should have received a copy of the GNU General Public License
 * along with this program. If not, see <http://opensource.org/licenses/gpl-license.php>;.
 *
 * @package OpenEMR
 * @author  Kevin Yeh <kevin.y@integralemr.com>
 * @link    http://www.open-emr.org
 */
//SANITIZE ALL ESCAPES
$sanitize_all_escapes = true;
//STOP FAKE REGISTER GLOBALS
$fake_register_globals = false;
include_once "../globals.php";
require_once "{$srcdir}/authentication/rsa.php";
require_once "{$srcdir}/authentication/password_change.php";
$rsa_manager = new rsa_key_manager();
$rsa_manager->load_from_db($_REQUEST['pk']);
$curPass = $rsa_manager->decrypt($_REQUEST['curPass']);
$newPass = $rsa_manager->decrypt($_REQUEST['newPass']);
$newPass2 = $rsa_manager->decrypt($_REQUEST['newPass2']);
if ($newPass != $newPass2) {
    echo xlt("Passwords Don't match!");
    exit;
}
$errMsg = '';
$success = update_password($_SESSION['authId'], $_SESSION['authId'], $curPass, $newPass, $errMsg);
if ($success) {
    echo xlt("Password change successful");
} else {
    // If update_password fails the error message is returned
    echo text($errMsg);
Example #3
0
//SANITIZE ALL ESCAPES
$fake_register_globals = false;
//STOP FAKE REGISTER GLOBALS
$sanitize_all_escapes = true;
//Settings that will override globals.php
$ignoreAuth = 1;
//
//Authentication (and language setting)
require_once '../interface/globals.php';
require_once "{$srcdir}/authentication/rsa.php";
require_once "{$srcdir}/authentication/common_operations.php";
$password_update = isset($_SESSION['password_update']);
unset($_SESSION['password_update']);
$pubKey = $_REQUEST['login_pk'];
error_log($pubKey);
$rsa = new rsa_key_manager();
$rsa->load_from_db($pubKey);
$plain_code = $rsa->decrypt($_POST['code']);
// set the language
if (!empty($_POST['languageChoice'])) {
    $_SESSION['language_choice'] = $_POST['languageChoice'];
} else {
    if (empty($_SESSION['language_choice'])) {
        // just in case both are empty, then use english
        $_SESSION['language_choice'] = 1;
    } else {
        // keep the current session language token
    }
}
$authorizedPortal = false;
//flag
Example #4
0
 * </pre>
 * 
 * 
 * Copyright (C) 2013 Kevin Yeh <kevin.y@integralemr.com> and OEMR <www.oemr.org>
 *
 * LICENSE: This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
 * as published by the Free Software Foundation; either version 3
 * of the License, or (at your option) any later version.
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 * GNU General Public License for more details.
 * You should have received a copy of the GNU General Public License
 * along with this program. If not, see <http://opensource.org/licenses/gpl-license.php>;.
 *
 * @package OpenEMR
 * @author  Kevin Yeh <kevin.y@integralemr.com>
 * @link    http://www.open-emr.org
 */
$ignoreAuth = true;
// A user needs to be able to get an RSA public key for transmission of password to the server before authentication.
//SANITIZE ALL ESCAPES
$sanitize_all_escapes = true;
//STOP FAKE REGISTER GLOBALS
$fake_register_globals = false;
require_once "../../interface/globals.php";
require_once "../authentication/rsa.php";
$key_manager = new rsa_key_manager();
$key_manager->initialize();
echo $key_manager->get_pubKeyJS();
Example #5
0
     $_POST["authorized"] = 0;
 }
 // $_POST["info"] = addslashes($_POST["info"]);
 $calvar = $_POST["calendar"] ? 1 : 0;
 $res = sqlStatement("select distinct username from users where username != ''");
 $doit = true;
 while ($row = mysql_fetch_array($res)) {
     if ($doit == true && $row['username'] == trim(formData('rumple'))) {
         $doit = false;
     }
 }
 if ($doit == true) {
     require_once "{$srcdir}/authentication/rsa.php";
     require_once "{$srcdir}/authentication/password_change.php";
     $pubKey = $_POST['pk'];
     $rsa = new rsa_key_manager();
     $rsa->load_from_db($pubKey);
     //if password expiration option is enabled,  calculate the expiration date of the password
     if ($GLOBALS['password_expiration_days'] != 0) {
         $exp_days = $GLOBALS['password_expiration_days'];
         $exp_date = date('Y-m-d', strtotime("+{$exp_days} days"));
     }
     $insertUserSQL = "insert into users set " . "username = '" . trim(formData('rumple')) . "', password = '" . 'NoLongerUsed' . "', fname = '" . trim(formData('fname')) . "', mname = '" . trim(formData('mname')) . "', lname = '" . trim(formData('lname')) . "', federaltaxid = '" . trim(formData('federaltaxid')) . "', state_license_number = '" . trim(formData('state_license_number')) . "', newcrop_user_role = '" . trim(formData('erxrole')) . "', authorized = '" . trim(formData('authorized')) . "', info = '" . trim(formData('info')) . "', federaldrugid = '" . trim(formData('federaldrugid')) . "', upin = '" . trim(formData('upin')) . "', npi  = '" . trim(formData('npi')) . "', taxonomy = '" . trim(formData('taxonomy')) . "', facility_id = '" . trim(formData('facility_id')) . "', specialty = '" . trim(formData('specialty')) . "', see_auth = '" . trim(formData('see_auth')) . "', cal_ui = '" . trim(formData('cal_ui')) . "', default_warehouse = '" . trim(formData('default_warehouse')) . "', irnpool = '" . trim(formData('irnpool')) . "', calendar = '" . $calvar . "', pwd_expiration_date = '" . trim("{$exp_date}") . "'";
     $clearAdminPass = $rsa->decrypt($_POST['userPass']);
     $clearUserPass = $rsa->decrypt($_POST['newauthPass']);
     $password_err_msg = "";
     $prov_id = "";
     $success = update_password($_SESSION['authId'], 0, $clearAdminPass, $clearUserPass, $password_err_msg, true, $insertUserSQL, formData('rumple'), $prov_id);
     error_log($password_err_msg);
     $alertmsg .= $password_err_msg;
     if ($success) {