/** * @param $file * @param $data * @return mixed */ private function saveBase64File($file, $data) { $data = base64_decode($data); if ($this->encrypt) { $data = MatchaUtils::__encrypt($data); } if (!file_put_contents($file, $data)) { $this->error = true; $this->errorMsg = 'Unable to save ' . $file; } return $file; }
/** * @param $key * @param $value * * @return string */ private function ifDataEncrypt($key, $value) { if (is_array($this->encryptedFields) && in_array($key, $this->encryptedFields)) { $value = MatchaUtils::__encrypt($value); } return $value; }
/** * @param stdClass $params * @return int */ public function login(stdClass $params) { error_reporting(E_ALL); //------------------------------------------- // Check that the username do not pass // the maximum limit of the field. // // NOTE: // If this condition is met, the user did not // use the logon form. Possible hack. //------------------------------------------- if (strlen($params->authUser) >= 26) { return array('success' => false, 'type' => 'error', 'message' => 'Possible hack, please use the Logon Screen.'); } //------------------------------------------- // Check that the username do not pass // the maximum limit of the field. // // NOTE: // If this condition is met, the user did not // use the logon form. Possible hack. //------------------------------------------- if (strlen($params->authPass) >= 15) { return array('success' => false, 'type' => 'error', 'message' => 'Possible hack, please use the Logon Screen.'); } //------------------------------------------- // Simple check username //------------------------------------------- if (!$params->authUser) { return array('success' => false, 'type' => 'error', 'message' => 'The username field can not be in blank. Try again.'); } //------------------------------------------- // Simple check password //------------------------------------------- if (!$params->authPass) { return array('success' => false, 'type' => 'error', 'message' => 'The password field can not be in blank. Try again.'); } //------------------------------------------- // remove empty spaces single and double quotes from username and password //------------------------------------------- $params->authUser = trim(str_replace(array('\'', '"'), '', $params->authUser)); $params->authPass = trim(str_replace(array('\'', '"'), '', $params->authPass)); //------------------------------------------- // Username & password match // Only bring authorized and active users. //------------------------------------------- $u = MatchaModel::setSenchaModel('App.model.administration.User'); $user = $u->load(array('username' => $params->authUser, 'authorized' => 1, 'active' => 1), array('id', 'username', 'title', 'fname', 'mname', 'lname', 'email', 'facility_id', 'npi', 'password'))->one(); if ($user === false || $params->authPass != $user['password']) { return array('success' => false, 'type' => 'error', 'message' => 'The username or password you provided is invalid.'); } else { //------------------------------------------- // Change some User related variables and go //------------------------------------------- $_SESSION['user']['name'] = trim($user['title'] . ' ' . $user['lname'] . ', ' . $user['fname'] . ' ' . $user['mname']); $_SESSION['user']['id'] = $user['id']; $_SESSION['user']['email'] = $user['email']; $_SESSION['user']['facility'] = $params->facility == 0 ? $user['facility_id'] : $params->facility; $_SESSION['user']['localization'] = $params->lang; $_SESSION['user']['npi'] = $user['npi']; $_SESSION['user']['site'] = $params->site; $_SESSION['user']['auth'] = true; //------------------------------------------- // Also fetch the current version of the // Application & Database //------------------------------------------- // $sql = "SELECT * FROM version LIMIT 1"; // $db->setSQL($sql); // $version = $db->fetchRecord(); // $_SESSION['ver']['codeName'] = $version['v_tag']; // $_SESSION['ver']['major'] = $version['v_major']; // $_SESSION['ver']['rev'] = $version['v_patch']; // $_SESSION['ver']['minor'] = $version['v_minor']; // $_SESSION['ver']['database'] = $version['v_database']; $_SESSION['site']['localization'] = $params->lang; $_SESSION['site']['checkInMode'] = $params->checkInMode; $_SESSION['timeout'] = time(); $_SESSION['user']['token'] = MatchaUtils::__encrypt('{"uid":' . $user['id'] . ',"sid":' . $this->session->loginSession() . ',"site":"' . $params->site . '"}'); $_SESSION['inactive']['timeout'] = time(); unset($db); return array('success' => true, 'token' => $_SESSION['user']['token'], 'user' => array('id' => $_SESSION['user']['id'], 'name' => $_SESSION['user']['name'], 'npi' => $_SESSION['user']['npi'], 'site' => $_SESSION['user']['site'], 'email' => $_SESSION['user']['email'], 'facility' => $_SESSION['user']['facility'], 'localization' => $params->lang)); } }
/** * @param stdClass $params * @return int */ public function login(stdClass $params) { error_reporting(E_ALL); //------------------------------------------- // Check that the username do not pass // the maximum limit of the field. // // NOTE: // If this condition is met, the user did not // use the logon form. Possible hack. //------------------------------------------- if (strlen($params->authUser) >= 26) { return array('success' => false, 'type' => 'error', 'message' => 'Possible hack, please use the Logon Screen.'); } //------------------------------------------- // Check that the username do not pass // the maximum limit of the field. // // NOTE: // If this condition is met, the user did not // use the logon form. Possible hack. //------------------------------------------- if (strlen($params->authPass) >= 15) { return array('success' => false, 'type' => 'error', 'message' => 'Possible hack, please use the Logon Screen.'); } //------------------------------------------- // Simple check username //------------------------------------------- if (!$params->authUser) { return array('success' => false, 'type' => 'error', 'message' => 'The username field can not be in blank. Try again.'); } //------------------------------------------- // Simple check password //------------------------------------------- if (!$params->authPass) { return array('success' => false, 'type' => 'error', 'message' => 'The password field can not be in blank. Try again.'); } //------------------------------------------- // Find the AES key in the selected site // And include the rest of the remaining // variables to connect to the database. //------------------------------------------- // $root = ROOT; // $fileConf = $root . '/sites/' . $params->site . '/conf.php'; // if(file_exists($fileConf)){ // /** @noinspection PhpIncludeInspection */ // include_once($fileConf); // $db = new MatchaHelper(); // $err = $db->getError(); // if(!is_array($err)){ // return array('success' => false, 'type' => 'error', 'message' => 'For some reason, I can\'t connect to the database.'); // } // // Do not stop here!, continue with the rest of the code. // } else{ // return array('success' => false, 'type' => 'error', 'message' => 'No configuration file found for site <span style="font-weight:bold">' . $params->site . '</span>.<br>Please double check URL or contact support desk.'); // } //------------------------------------------- // remove empty spaces single and double quotes from username and password //------------------------------------------- $params->authUser = trim(str_replace(array('\'', '"'), '', $params->authUser)); $params->authPass = trim(str_replace(array('\'', '"'), '', $params->authPass)); //------------------------------------------- // Username & password match //------------------------------------------- $u = MatchaModel::setSenchaModel('App.model.administration.User'); $user = $u->load(array('username' => $params->authUser, 'authorized' => 1), array('id', 'username', 'title', 'fname', 'mname', 'lname', 'email', 'facility_id', 'npi', 'password'))->one(); if ($user === false || $params->authPass != $user['password']) { return array('success' => false, 'type' => 'error', 'message' => 'The username or password you provided is invalid.'); } else { //------------------------------------------- // Change some User related variables and go //------------------------------------------- $_SESSION['user']['name'] = trim($user['title'] . ' ' . $user['lname'] . ', ' . $user['fname'] . ' ' . $user['mname']); $_SESSION['user']['id'] = $user['id']; $_SESSION['user']['email'] = $user['email']; // $_SESSION['user']['facility'] = ($params->facility == 0 ? $user['facility_id'] : $params->facility); $_SESSION['user']['localization'] = $params->lang; // $_SESSION['user']['npi'] = $user['npi'] ; $_SESSION['user']['site'] = $params->site; $_SESSION['user']['auth'] = true; //------------------------------------------- // Also fetch the current version of the // Application & Database //------------------------------------------- // $sql = "SELECT * FROM version LIMIT 1"; // $db->setSQL($sql); // $version = $db->fetchRecord(); // $_SESSION['ver']['codeName'] = $version['v_tag']; // $_SESSION['ver']['major'] = $version['v_major']; // $_SESSION['ver']['rev'] = $version['v_patch']; // $_SESSION['ver']['minor'] = $version['v_minor']; // $_SESSION['ver']['database'] = $version['v_database']; $_SESSION['site']['localization'] = $params->lang; // $_SESSION['site']['checkInMode'] = $params->checkInMode; $_SESSION['timeout'] = time(); $_SESSION['user']['token'] = MatchaUtils::__encrypt('{"uid":' . $user['id'] . ',"sid":' . $this->session->loginSession() . ',"site":"' . $params->site . '"}'); $_SESSION['inactive']['timeout'] = time(); unset($db); return array('success' => true, 'token' => $_SESSION['user']['token'], 'user' => array('id' => $_SESSION['user']['id'], 'name' => $_SESSION['user']['name'], 'email' => $_SESSION['user']['email'], 'localization' => $params->lang)); } }