}
function displayLogin($patient_id, $message, $emailFlag)
{
$patientData = sqlQuery("SELECT * FROM `patient_data` WHERE `pid`=?", array($patient_id));
if ($emailFlag) {
$message = "<br><br>" . htmlspecialchars(xl("Email was sent to following address"), ENT_NOQUOTES) . ": " . htmlspecialchars($patientData['email'], ENT_NOQUOTES) . "<br><br>" . $message;
}
echo "<html><body onload='window.print();'>" . $message . "</body></html>";
}
if (isset($_REQUEST['form_save']) && $_REQUEST['form_save'] == 'SUBMIT') {
require_once "{$srcdir}/authentication/rsa.php";
require_once "{$srcdir}/authentication/common_operations.php";
$pubKey = $_REQUEST['pk'];
$rsa = new rsa_key_manager();
$rsa->load_from_db($pubKey);
$clear_pass = $rsa->decrypt($_REQUEST['rsa_pwd']);
$res = sqlStatement("SELECT * FROM patient_access_" . add_escape_custom($portalsite) . "site WHERE pid=?", array($pid));
$query_parameters = array($_REQUEST['uname']);
$salt_clause = "";
if ($portalsite == 'on') {
// For onsite portal create a blowfish based hash and salt.
$new_salt = password_salt();
$salt_clause = ",portal_salt=? ";
array_push($query_parameters, password_hash($clear_pass, $new_salt), $new_salt);
} else {
// For offsite portal still create and SHA1 hashed password
// When offsite portal is updated to handle blowfish, then both portals can use the same execution path.
array_push($query_parameters, SHA1($clear_pass));
}
array_push($query_parameters, $pid);
if (sqlNumRows($res)) {
//STOP FAKE REGISTER GLOBALS
$sanitize_all_escapes = true;
//Settings that will override globals.php
$ignoreAuth = 1;
//
//Authentication (and language setting)
require_once '../interface/globals.php';
require_once "{$srcdir}/authentication/rsa.php";
require_once "{$srcdir}/authentication/common_operations.php";
$password_update = isset($_SESSION['password_update']);
unset($_SESSION['password_update']);
$pubKey = $_REQUEST['login_pk'];
error_log($pubKey);
$rsa = new rsa_key_manager();
$rsa->load_from_db($pubKey);
$plain_code = $rsa->decrypt($_POST['code']);
// set the language
if (!empty($_POST['languageChoice'])) {
$_SESSION['language_choice'] = $_POST['languageChoice'];
} else {
if (empty($_SESSION['language_choice'])) {
// just in case both are empty, then use english
$_SESSION['language_choice'] = 1;
} else {
// keep the current session language token
}
}
$authorizedPortal = false;
//flag
DEFINE("TBL_PAT_ACC_ON", "patient_access_onsite");
DEFINE("COL_PID", "pid");
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://opensource.org/licenses/gpl-license.php>;.
*
* @package OpenEMR
* @author Kevin Yeh <*****@*****.**>
* @link http://www.open-emr.org
*/
//SANITIZE ALL ESCAPES
$sanitize_all_escapes = true;
//STOP FAKE REGISTER GLOBALS
$fake_register_globals = false;
include_once "../globals.php";
require_once "{$srcdir}/authentication/rsa.php";
require_once "{$srcdir}/authentication/password_change.php";
$rsa_manager = new rsa_key_manager();
$rsa_manager->load_from_db($_REQUEST['pk']);
$curPass = $rsa_manager->decrypt($_REQUEST['curPass']);
$newPass = $rsa_manager->decrypt($_REQUEST['newPass']);
$newPass2 = $rsa_manager->decrypt($_REQUEST['newPass2']);
if ($newPass != $newPass2) {
echo xlt("Passwords Don't match!");
exit;
}
$errMsg = '';
$success = update_password($_SESSION['authId'], $_SESSION['authId'], $curPass, $newPass, $errMsg);
if ($success) {
echo xlt("Password change successful");
} else {
// If update_password fails the error message is returned
echo text($errMsg);
}
$doit = false;
}
}
if ($doit == true) {
require_once "{$srcdir}/authentication/rsa.php";
require_once "{$srcdir}/authentication/password_change.php";
$pubKey = $_POST['pk'];
$rsa = new rsa_key_manager();
$rsa->load_from_db($pubKey);
//if password expiration option is enabled, calculate the expiration date of the password
if ($GLOBALS['password_expiration_days'] != 0) {
$exp_days = $GLOBALS['password_expiration_days'];
$exp_date = date('Y-m-d', strtotime("+{$exp_days} days"));
}
$insertUserSQL = "insert into users set " . "username = '******'rumple')) . "', password = '******'NoLongerUsed' . "', fname = '" . trim(formData('fname')) . "', mname = '" . trim(formData('mname')) . "', lname = '" . trim(formData('lname')) . "', federaltaxid = '" . trim(formData('federaltaxid')) . "', state_license_number = '" . trim(formData('state_license_number')) . "', newcrop_user_role = '" . trim(formData('erxrole')) . "', authorized = '" . trim(formData('authorized')) . "', info = '" . trim(formData('info')) . "', federaldrugid = '" . trim(formData('federaldrugid')) . "', upin = '" . trim(formData('upin')) . "', npi = '" . trim(formData('npi')) . "', taxonomy = '" . trim(formData('taxonomy')) . "', facility_id = '" . trim(formData('facility_id')) . "', specialty = '" . trim(formData('specialty')) . "', see_auth = '" . trim(formData('see_auth')) . "', cal_ui = '" . trim(formData('cal_ui')) . "', default_warehouse = '" . trim(formData('default_warehouse')) . "', irnpool = '" . trim(formData('irnpool')) . "', calendar = '" . $calvar . "', pwd_expiration_date = '" . trim("{$exp_date}") . "'";
$clearAdminPass = $rsa->decrypt($_POST['userPass']);
$clearUserPass = $rsa->decrypt($_POST['newauthPass']);
$password_err_msg = "";
$prov_id = "";
$success = update_password($_SESSION['authId'], 0, $clearAdminPass, $clearUserPass, $password_err_msg, true, $insertUserSQL, formData('rumple'), $prov_id);
error_log($password_err_msg);
$alertmsg .= $password_err_msg;
if ($success) {
//set the facility name from the selected facility_id
sqlStatement("UPDATE users, facility SET users.facility = facility.name WHERE facility.id = '" . trim(formData('facility_id')) . "' AND users.username = '******'rumple')) . "'");
sqlStatement("insert into groups set name = '" . trim(formData('groupname')) . "', user = '******'rumple')) . "'");
if (isset($phpgacl_location) && acl_check('admin', 'acl') && trim(formData('rumple'))) {
// Set the access control group of user
set_user_aro($_POST['access_group'], trim(formData('rumple')), trim(formData('fname')), trim(formData('mname')), trim(formData('lname')));
}
$ws = new WSProvider($prov_id);
