} } function displayLogin($patient_id, $message, $emailFlag) { $patientData = sqlQuery("SELECT * FROM `patient_data` WHERE `pid`=?", array($patient_id)); if ($emailFlag) { $message = "<br><br>" . htmlspecialchars(xl("Email was sent to following address"), ENT_NOQUOTES) . ": " . htmlspecialchars($patientData['email'], ENT_NOQUOTES) . "<br><br>" . $message; } echo "<html><body onload='window.print();'>" . $message . "</body></html>"; } if (isset($_REQUEST['form_save']) && $_REQUEST['form_save'] == 'SUBMIT') { require_once "{$srcdir}/authentication/rsa.php"; require_once "{$srcdir}/authentication/common_operations.php"; $pubKey = $_REQUEST['pk']; $rsa = new rsa_key_manager(); $rsa->load_from_db($pubKey); $clear_pass = $rsa->decrypt($_REQUEST['rsa_pwd']); $res = sqlStatement("SELECT * FROM patient_access_" . add_escape_custom($portalsite) . "site WHERE pid=?", array($pid)); $query_parameters = array($_REQUEST['uname']); $salt_clause = ""; if ($portalsite == 'on') { // For onsite portal create a blowfish based hash and salt. $new_salt = password_salt(); $salt_clause = ",portal_salt=? "; array_push($query_parameters, password_hash($clear_pass, $new_salt), $new_salt); } else { // For offsite portal still create and SHA1 hashed password // When offsite portal is updated to handle blowfish, then both portals can use the same execution path. array_push($query_parameters, SHA1($clear_pass)); } array_push($query_parameters, $pid);
* You should have received a copy of the GNU General Public License * along with this program. If not, see <http://opensource.org/licenses/gpl-license.php>;. * * @package OpenEMR * @author Kevin Yeh <*****@*****.**> * @link http://www.open-emr.org */ //SANITIZE ALL ESCAPES $sanitize_all_escapes = true; //STOP FAKE REGISTER GLOBALS $fake_register_globals = false; include_once "../globals.php"; require_once "{$srcdir}/authentication/rsa.php"; require_once "{$srcdir}/authentication/password_change.php"; $rsa_manager = new rsa_key_manager(); $rsa_manager->load_from_db($_REQUEST['pk']); $curPass = $rsa_manager->decrypt($_REQUEST['curPass']); $newPass = $rsa_manager->decrypt($_REQUEST['newPass']); $newPass2 = $rsa_manager->decrypt($_REQUEST['newPass2']); if ($newPass != $newPass2) { echo xlt("Passwords Don't match!"); exit; } $errMsg = ''; $success = update_password($_SESSION['authId'], $_SESSION['authId'], $curPass, $newPass, $errMsg); if ($success) { echo xlt("Password change successful"); } else { // If update_password fails the error message is returned echo text($errMsg); }