return false; } } function displayLogin($patient_id, $message, $emailFlag) { $patientData = sqlQuery("SELECT * FROM `patient_data` WHERE `pid`=?", array($patient_id)); if ($emailFlag) { $message = "<br><br>" . htmlspecialchars(xl("Email was sent to following address"), ENT_NOQUOTES) . ": " . htmlspecialchars($patientData['email'], ENT_NOQUOTES) . "<br><br>" . $message; } echo "<html><body onload='window.print();'>" . $message . "</body></html>"; } if (isset($_REQUEST['form_save']) && $_REQUEST['form_save'] == 'SUBMIT') { require_once "{$srcdir}/authentication/rsa.php"; require_once "{$srcdir}/authentication/common_operations.php"; $pubKey = $_REQUEST['pk']; $rsa = new rsa_key_manager(); $rsa->load_from_db($pubKey); $clear_pass = $rsa->decrypt($_REQUEST['rsa_pwd']); $res = sqlStatement("SELECT * FROM patient_access_" . add_escape_custom($portalsite) . "site WHERE pid=?", array($pid)); $query_parameters = array($_REQUEST['uname']); $salt_clause = ""; if ($portalsite == 'on') { // For onsite portal create a blowfish based hash and salt. $new_salt = password_salt(); $salt_clause = ",portal_salt=? "; array_push($query_parameters, password_hash($clear_pass, $new_salt), $new_salt); } else { // For offsite portal still create and SHA1 hashed password // When offsite portal is updated to handle blowfish, then both portals can use the same execution path. array_push($query_parameters, SHA1($clear_pass)); }
* GNU General Public License for more details. * You should have received a copy of the GNU General Public License * along with this program. If not, see <http://opensource.org/licenses/gpl-license.php>;. * * @package OpenEMR * @author Kevin Yeh <*****@*****.**> * @link http://www.open-emr.org */ //SANITIZE ALL ESCAPES $sanitize_all_escapes = true; //STOP FAKE REGISTER GLOBALS $fake_register_globals = false; include_once "../globals.php"; require_once "{$srcdir}/authentication/rsa.php"; require_once "{$srcdir}/authentication/password_change.php"; $rsa_manager = new rsa_key_manager(); $rsa_manager->load_from_db($_REQUEST['pk']); $curPass = $rsa_manager->decrypt($_REQUEST['curPass']); $newPass = $rsa_manager->decrypt($_REQUEST['newPass']); $newPass2 = $rsa_manager->decrypt($_REQUEST['newPass2']); if ($newPass != $newPass2) { echo xlt("Passwords Don't match!"); exit; } $errMsg = ''; $success = update_password($_SESSION['authId'], $_SESSION['authId'], $curPass, $newPass, $errMsg); if ($success) { echo xlt("Password change successful"); } else { // If update_password fails the error message is returned echo text($errMsg);
//SANITIZE ALL ESCAPES $fake_register_globals = false; //STOP FAKE REGISTER GLOBALS $sanitize_all_escapes = true; //Settings that will override globals.php $ignoreAuth = 1; // //Authentication (and language setting) require_once '../interface/globals.php'; require_once "{$srcdir}/authentication/rsa.php"; require_once "{$srcdir}/authentication/common_operations.php"; $password_update = isset($_SESSION['password_update']); unset($_SESSION['password_update']); $pubKey = $_REQUEST['login_pk']; error_log($pubKey); $rsa = new rsa_key_manager(); $rsa->load_from_db($pubKey); $plain_code = $rsa->decrypt($_POST['code']); // set the language if (!empty($_POST['languageChoice'])) { $_SESSION['language_choice'] = $_POST['languageChoice']; } else { if (empty($_SESSION['language_choice'])) { // just in case both are empty, then use english $_SESSION['language_choice'] = 1; } else { // keep the current session language token } } $authorizedPortal = false; //flag
* </pre> * * * Copyright (C) 2013 Kevin Yeh <*****@*****.**> and OEMR <www.oemr.org> * * LICENSE: This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License * as published by the Free Software Foundation; either version 3 * of the License, or (at your option) any later version. * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * You should have received a copy of the GNU General Public License * along with this program. If not, see <http://opensource.org/licenses/gpl-license.php>;. * * @package OpenEMR * @author Kevin Yeh <*****@*****.**> * @link http://www.open-emr.org */ $ignoreAuth = true; // A user needs to be able to get an RSA public key for transmission of password to the server before authentication. //SANITIZE ALL ESCAPES $sanitize_all_escapes = true; //STOP FAKE REGISTER GLOBALS $fake_register_globals = false; require_once "../../interface/globals.php"; require_once "../authentication/rsa.php"; $key_manager = new rsa_key_manager(); $key_manager->initialize(); echo $key_manager->get_pubKeyJS();
$_POST["authorized"] = 0; } // $_POST["info"] = addslashes($_POST["info"]); $calvar = $_POST["calendar"] ? 1 : 0; $res = sqlStatement("select distinct username from users where username != ''"); $doit = true; while ($row = mysql_fetch_array($res)) { if ($doit == true && $row['username'] == trim(formData('rumple'))) { $doit = false; } } if ($doit == true) { require_once "{$srcdir}/authentication/rsa.php"; require_once "{$srcdir}/authentication/password_change.php"; $pubKey = $_POST['pk']; $rsa = new rsa_key_manager(); $rsa->load_from_db($pubKey); //if password expiration option is enabled, calculate the expiration date of the password if ($GLOBALS['password_expiration_days'] != 0) { $exp_days = $GLOBALS['password_expiration_days']; $exp_date = date('Y-m-d', strtotime("+{$exp_days} days")); } $insertUserSQL = "insert into users set " . "username = '******'rumple')) . "', password = '******'NoLongerUsed' . "', fname = '" . trim(formData('fname')) . "', mname = '" . trim(formData('mname')) . "', lname = '" . trim(formData('lname')) . "', federaltaxid = '" . trim(formData('federaltaxid')) . "', state_license_number = '" . trim(formData('state_license_number')) . "', newcrop_user_role = '" . trim(formData('erxrole')) . "', authorized = '" . trim(formData('authorized')) . "', info = '" . trim(formData('info')) . "', federaldrugid = '" . trim(formData('federaldrugid')) . "', upin = '" . trim(formData('upin')) . "', npi = '" . trim(formData('npi')) . "', taxonomy = '" . trim(formData('taxonomy')) . "', facility_id = '" . trim(formData('facility_id')) . "', specialty = '" . trim(formData('specialty')) . "', see_auth = '" . trim(formData('see_auth')) . "', cal_ui = '" . trim(formData('cal_ui')) . "', default_warehouse = '" . trim(formData('default_warehouse')) . "', irnpool = '" . trim(formData('irnpool')) . "', calendar = '" . $calvar . "', pwd_expiration_date = '" . trim("{$exp_date}") . "'"; $clearAdminPass = $rsa->decrypt($_POST['userPass']); $clearUserPass = $rsa->decrypt($_POST['newauthPass']); $password_err_msg = ""; $prov_id = ""; $success = update_password($_SESSION['authId'], 0, $clearAdminPass, $clearUserPass, $password_err_msg, true, $insertUserSQL, formData('rumple'), $prov_id); error_log($password_err_msg); $alertmsg .= $password_err_msg; if ($success) {