} function displayLogin($patient_id, $message, $emailFlag) { $patientData = sqlQuery("SELECT * FROM `patient_data` WHERE `pid`=?", array($patient_id)); if ($emailFlag) { $message = "<br><br>" . htmlspecialchars(xl("Email was sent to following address"), ENT_NOQUOTES) . ": " . htmlspecialchars($patientData['email'], ENT_NOQUOTES) . "<br><br>" . $message; } echo "<html><body onload='window.print();'>" . $message . "</body></html>"; } if (isset($_REQUEST['form_save']) && $_REQUEST['form_save'] == 'SUBMIT') { require_once "{$srcdir}/authentication/rsa.php"; require_once "{$srcdir}/authentication/common_operations.php"; $pubKey = $_REQUEST['pk']; $rsa = new rsa_key_manager(); $rsa->load_from_db($pubKey); $clear_pass = $rsa->decrypt($_REQUEST['rsa_pwd']); $res = sqlStatement("SELECT * FROM patient_access_" . add_escape_custom($portalsite) . "site WHERE pid=?", array($pid)); $query_parameters = array($_REQUEST['uname']); $salt_clause = ""; if ($portalsite == 'on') { // For onsite portal create a blowfish based hash and salt. $new_salt = password_salt(); $salt_clause = ",portal_salt=? "; array_push($query_parameters, password_hash($clear_pass, $new_salt), $new_salt); } else { // For offsite portal still create and SHA1 hashed password // When offsite portal is updated to handle blowfish, then both portals can use the same execution path. array_push($query_parameters, SHA1($clear_pass)); } array_push($query_parameters, $pid); if (sqlNumRows($res)) {
//STOP FAKE REGISTER GLOBALS $sanitize_all_escapes = true; //Settings that will override globals.php $ignoreAuth = 1; // //Authentication (and language setting) require_once '../interface/globals.php'; require_once "{$srcdir}/authentication/rsa.php"; require_once "{$srcdir}/authentication/common_operations.php"; $password_update = isset($_SESSION['password_update']); unset($_SESSION['password_update']); $pubKey = $_REQUEST['login_pk']; error_log($pubKey); $rsa = new rsa_key_manager(); $rsa->load_from_db($pubKey); $plain_code = $rsa->decrypt($_POST['code']); // set the language if (!empty($_POST['languageChoice'])) { $_SESSION['language_choice'] = $_POST['languageChoice']; } else { if (empty($_SESSION['language_choice'])) { // just in case both are empty, then use english $_SESSION['language_choice'] = 1; } else { // keep the current session language token } } $authorizedPortal = false; //flag DEFINE("TBL_PAT_ACC_ON", "patient_access_onsite"); DEFINE("COL_PID", "pid");
* You should have received a copy of the GNU General Public License * along with this program. If not, see <http://opensource.org/licenses/gpl-license.php>;. * * @package OpenEMR * @author Kevin Yeh <*****@*****.**> * @link http://www.open-emr.org */ //SANITIZE ALL ESCAPES $sanitize_all_escapes = true; //STOP FAKE REGISTER GLOBALS $fake_register_globals = false; include_once "../globals.php"; require_once "{$srcdir}/authentication/rsa.php"; require_once "{$srcdir}/authentication/password_change.php"; $rsa_manager = new rsa_key_manager(); $rsa_manager->load_from_db($_REQUEST['pk']); $curPass = $rsa_manager->decrypt($_REQUEST['curPass']); $newPass = $rsa_manager->decrypt($_REQUEST['newPass']); $newPass2 = $rsa_manager->decrypt($_REQUEST['newPass2']); if ($newPass != $newPass2) { echo xlt("Passwords Don't match!"); exit; } $errMsg = ''; $success = update_password($_SESSION['authId'], $_SESSION['authId'], $curPass, $newPass, $errMsg); if ($success) { echo xlt("Password change successful"); } else { // If update_password fails the error message is returned echo text($errMsg); }
$doit = false; } } if ($doit == true) { require_once "{$srcdir}/authentication/rsa.php"; require_once "{$srcdir}/authentication/password_change.php"; $pubKey = $_POST['pk']; $rsa = new rsa_key_manager(); $rsa->load_from_db($pubKey); //if password expiration option is enabled, calculate the expiration date of the password if ($GLOBALS['password_expiration_days'] != 0) { $exp_days = $GLOBALS['password_expiration_days']; $exp_date = date('Y-m-d', strtotime("+{$exp_days} days")); } $insertUserSQL = "insert into users set " . "username = '******'rumple')) . "', password = '******'NoLongerUsed' . "', fname = '" . trim(formData('fname')) . "', mname = '" . trim(formData('mname')) . "', lname = '" . trim(formData('lname')) . "', federaltaxid = '" . trim(formData('federaltaxid')) . "', state_license_number = '" . trim(formData('state_license_number')) . "', newcrop_user_role = '" . trim(formData('erxrole')) . "', authorized = '" . trim(formData('authorized')) . "', info = '" . trim(formData('info')) . "', federaldrugid = '" . trim(formData('federaldrugid')) . "', upin = '" . trim(formData('upin')) . "', npi = '" . trim(formData('npi')) . "', taxonomy = '" . trim(formData('taxonomy')) . "', facility_id = '" . trim(formData('facility_id')) . "', specialty = '" . trim(formData('specialty')) . "', see_auth = '" . trim(formData('see_auth')) . "', cal_ui = '" . trim(formData('cal_ui')) . "', default_warehouse = '" . trim(formData('default_warehouse')) . "', irnpool = '" . trim(formData('irnpool')) . "', calendar = '" . $calvar . "', pwd_expiration_date = '" . trim("{$exp_date}") . "'"; $clearAdminPass = $rsa->decrypt($_POST['userPass']); $clearUserPass = $rsa->decrypt($_POST['newauthPass']); $password_err_msg = ""; $prov_id = ""; $success = update_password($_SESSION['authId'], 0, $clearAdminPass, $clearUserPass, $password_err_msg, true, $insertUserSQL, formData('rumple'), $prov_id); error_log($password_err_msg); $alertmsg .= $password_err_msg; if ($success) { //set the facility name from the selected facility_id sqlStatement("UPDATE users, facility SET users.facility = facility.name WHERE facility.id = '" . trim(formData('facility_id')) . "' AND users.username = '******'rumple')) . "'"); sqlStatement("insert into groups set name = '" . trim(formData('groupname')) . "', user = '******'rumple')) . "'"); if (isset($phpgacl_location) && acl_check('admin', 'acl') && trim(formData('rumple'))) { // Set the access control group of user set_user_aro($_POST['access_group'], trim(formData('rumple')), trim(formData('fname')), trim(formData('mname')), trim(formData('lname'))); } $ws = new WSProvider($prov_id);