$new_salt = password_salt();
$salt_clause = ",portal_salt=? ";
array_push($query_parameters, password_hash($clear_pass, $new_salt), $new_salt);
} else {
// For offsite portal still create and SHA1 hashed password
// When offsite portal is updated to handle blowfish, then both portals can use the same execution path.
array_push($query_parameters, SHA1($clear_pass));
}
array_push($query_parameters, $pid);
if (sqlNumRows($res)) {
sqlStatement("UPDATE patient_access_" . add_escape_custom($portalsite) . "site SET portal_username=?,portal_pwd=?,portal_pwd_status=0 " . $salt_clause . " WHERE pid=?", $query_parameters);
} else {
sqlStatement("INSERT INTO patient_access_" . add_escape_custom($portalsite) . "site SET portal_username=?,portal_pwd=?,portal_pwd_status=0" . $salt_clause . " ,pid=?", $query_parameters);
}
// Create the message
$message = messageCreate($_REQUEST['uname'], $clear_pass, $portalsite);
// Email and display/print the message
if (emailLogin($pid, $message)) {
// email was sent
displayLogin($pid, $message, true);
} else {
// email wasn't sent
displayLogin($pid, $message, false);
}
exit;
}
?>
<html>
<head>
<link rel="stylesheet" href="<?php
{
$patientData = sqlQuery("SELECT * FROM `patient_data` WHERE `pid`=?", array($patient_id));
if ($emailFlag) {
$message = "<br><br>" . htmlspecialchars(xl("Email was sent to following address"), ENT_NOQUOTES) . ": " . htmlspecialchars($patientData['email'], ENT_NOQUOTES) . "<br><br>" . $message;
}
echo "<html><body onload='window.print();'>" . $message . "</body></html>";
}
if (isset($_REQUEST['form_save']) && $_REQUEST['form_save'] == 'SUBMIT') {
$res = sqlStatement("SELECT * FROM patient_access_" . add_escape_custom($portalsite) . "site WHERE pid=?", array($pid));
if (sqlNumRows($res)) {
sqlStatement("UPDATE patient_access_" . add_escape_custom($portalsite) . "site SET portal_username=?,portal_pwd=?,portal_pwd_status=0 WHERE pid=?", array($_REQUEST['uname'], $_REQUEST['authpwd'], $pid));
} else {
sqlStatement("INSERT INTO patient_access_" . add_escape_custom($portalsite) . "site SET portal_username=?,portal_pwd=?,portal_pwd_status=0,pid=?", array($_REQUEST['uname'], $_REQUEST['authpwd'], $pid));
}
// Create the message
$message = messageCreate($_REQUEST['uname'], $_REQUEST['pwd'], $portalsite);
// Email and display/print the message
if (emailLogin($pid, $message)) {
// email was sent
displayLogin($pid, $message, true);
} else {
// email wasn't sent
displayLogin($pid, $message, false);
}
exit;
}
?>
<html>
<head>
<link rel="stylesheet" href="<?php
