Exemple #1
0
 /**
  * @param $file
  * @param $data
  * @return mixed
  */
 private function saveBase64File($file, $data)
 {
     $data = base64_decode($data);
     if ($this->encrypt) {
         $data = MatchaUtils::__encrypt($data);
     }
     if (!file_put_contents($file, $data)) {
         $this->error = true;
         $this->errorMsg = 'Unable to save ' . $file;
     }
     return $file;
 }
Exemple #2
0
 /**
  * @param $key
  * @param $value
  *
  * @return string
  */
 private function ifDataEncrypt($key, $value)
 {
     if (is_array($this->encryptedFields) && in_array($key, $this->encryptedFields)) {
         $value = MatchaUtils::__encrypt($value);
     }
     return $value;
 }
Exemple #3
0
 /**
  * @param stdClass $params
  * @return int
  */
 public function login(stdClass $params)
 {
     error_reporting(E_ALL);
     //-------------------------------------------
     // Check that the username do not pass
     // the maximum limit of the field.
     //
     // NOTE:
     // If this condition is met, the user did not
     // use the logon form. Possible hack.
     //-------------------------------------------
     if (strlen($params->authUser) >= 26) {
         return array('success' => false, 'type' => 'error', 'message' => 'Possible hack, please use the Logon Screen.');
     }
     //-------------------------------------------
     // Check that the username do not pass
     // the maximum limit of the field.
     //
     // NOTE:
     // If this condition is met, the user did not
     // use the logon form. Possible hack.
     //-------------------------------------------
     if (strlen($params->authPass) >= 15) {
         return array('success' => false, 'type' => 'error', 'message' => 'Possible hack, please use the Logon Screen.');
     }
     //-------------------------------------------
     // Simple check username
     //-------------------------------------------
     if (!$params->authUser) {
         return array('success' => false, 'type' => 'error', 'message' => 'The username field can not be in blank. Try again.');
     }
     //-------------------------------------------
     // Simple check password
     //-------------------------------------------
     if (!$params->authPass) {
         return array('success' => false, 'type' => 'error', 'message' => 'The password field can not be in blank. Try again.');
     }
     //-------------------------------------------
     // remove empty spaces single and double quotes from username and password
     //-------------------------------------------
     $params->authUser = trim(str_replace(array('\'', '"'), '', $params->authUser));
     $params->authPass = trim(str_replace(array('\'', '"'), '', $params->authPass));
     //-------------------------------------------
     // Username & password match
     // Only bring authorized and active users.
     //-------------------------------------------
     $u = MatchaModel::setSenchaModel('App.model.administration.User');
     $user = $u->load(array('username' => $params->authUser, 'authorized' => 1, 'active' => 1), array('id', 'username', 'title', 'fname', 'mname', 'lname', 'email', 'facility_id', 'npi', 'password'))->one();
     if ($user === false || $params->authPass != $user['password']) {
         return array('success' => false, 'type' => 'error', 'message' => 'The username or password you provided is invalid.');
     } else {
         //-------------------------------------------
         // Change some User related variables and go
         //-------------------------------------------
         $_SESSION['user']['name'] = trim($user['title'] . ' ' . $user['lname'] . ', ' . $user['fname'] . ' ' . $user['mname']);
         $_SESSION['user']['id'] = $user['id'];
         $_SESSION['user']['email'] = $user['email'];
         $_SESSION['user']['facility'] = $params->facility == 0 ? $user['facility_id'] : $params->facility;
         $_SESSION['user']['localization'] = $params->lang;
         $_SESSION['user']['npi'] = $user['npi'];
         $_SESSION['user']['site'] = $params->site;
         $_SESSION['user']['auth'] = true;
         //-------------------------------------------
         // Also fetch the current version of the
         // Application & Database
         //-------------------------------------------
         //			$sql = "SELECT * FROM version LIMIT 1";
         //			$db->setSQL($sql);
         //			$version = $db->fetchRecord();
         //			$_SESSION['ver']['codeName'] = $version['v_tag'];
         //			$_SESSION['ver']['major'] = $version['v_major'];
         //			$_SESSION['ver']['rev'] = $version['v_patch'];
         //			$_SESSION['ver']['minor'] = $version['v_minor'];
         //			$_SESSION['ver']['database'] = $version['v_database'];
         $_SESSION['site']['localization'] = $params->lang;
         $_SESSION['site']['checkInMode'] = $params->checkInMode;
         $_SESSION['timeout'] = time();
         $_SESSION['user']['token'] = MatchaUtils::__encrypt('{"uid":' . $user['id'] . ',"sid":' . $this->session->loginSession() . ',"site":"' . $params->site . '"}');
         $_SESSION['inactive']['timeout'] = time();
         unset($db);
         return array('success' => true, 'token' => $_SESSION['user']['token'], 'user' => array('id' => $_SESSION['user']['id'], 'name' => $_SESSION['user']['name'], 'npi' => $_SESSION['user']['npi'], 'site' => $_SESSION['user']['site'], 'email' => $_SESSION['user']['email'], 'facility' => $_SESSION['user']['facility'], 'localization' => $params->lang));
     }
 }
Exemple #4
0
 /**
  * @param stdClass $params
  * @return int
  */
 public function login(stdClass $params)
 {
     error_reporting(E_ALL);
     //-------------------------------------------
     // Check that the username do not pass
     // the maximum limit of the field.
     //
     // NOTE:
     // If this condition is met, the user did not
     // use the logon form. Possible hack.
     //-------------------------------------------
     if (strlen($params->authUser) >= 26) {
         return array('success' => false, 'type' => 'error', 'message' => 'Possible hack, please use the Logon Screen.');
     }
     //-------------------------------------------
     // Check that the username do not pass
     // the maximum limit of the field.
     //
     // NOTE:
     // If this condition is met, the user did not
     // use the logon form. Possible hack.
     //-------------------------------------------
     if (strlen($params->authPass) >= 15) {
         return array('success' => false, 'type' => 'error', 'message' => 'Possible hack, please use the Logon Screen.');
     }
     //-------------------------------------------
     // Simple check username
     //-------------------------------------------
     if (!$params->authUser) {
         return array('success' => false, 'type' => 'error', 'message' => 'The username field can not be in blank. Try again.');
     }
     //-------------------------------------------
     // Simple check password
     //-------------------------------------------
     if (!$params->authPass) {
         return array('success' => false, 'type' => 'error', 'message' => 'The password field can not be in blank. Try again.');
     }
     //-------------------------------------------
     // Find the AES key in the selected site
     // And include the rest of the remaining
     // variables to connect to the database.
     //-------------------------------------------
     //		$root = ROOT;
     //		$fileConf = $root . '/sites/' . $params->site . '/conf.php';
     //		if(file_exists($fileConf)){
     //			/** @noinspection PhpIncludeInspection */
     //			include_once($fileConf);
     //			$db = new MatchaHelper();
     //			$err = $db->getError();
     //			if(!is_array($err)){
     //				return array('success' => false, 'type' => 'error', 'message' => 'For some reason, I can\'t connect to the database.');
     //			}
     //			// Do not stop here!, continue with the rest of the code.
     //		} else{
     //			return array('success' => false, 'type' => 'error', 'message' => 'No configuration file found for site <span style="font-weight:bold">' . $params->site . '</span>.<br>Please double check URL or contact support desk.');
     //		}
     //-------------------------------------------
     // remove empty spaces single and double quotes from username and password
     //-------------------------------------------
     $params->authUser = trim(str_replace(array('\'', '"'), '', $params->authUser));
     $params->authPass = trim(str_replace(array('\'', '"'), '', $params->authPass));
     //-------------------------------------------
     // Username & password match
     //-------------------------------------------
     $u = MatchaModel::setSenchaModel('App.model.administration.User');
     $user = $u->load(array('username' => $params->authUser, 'authorized' => 1), array('id', 'username', 'title', 'fname', 'mname', 'lname', 'email', 'facility_id', 'npi', 'password'))->one();
     if ($user === false || $params->authPass != $user['password']) {
         return array('success' => false, 'type' => 'error', 'message' => 'The username or password you provided is invalid.');
     } else {
         //-------------------------------------------
         // Change some User related variables and go
         //-------------------------------------------
         $_SESSION['user']['name'] = trim($user['title'] . ' ' . $user['lname'] . ', ' . $user['fname'] . ' ' . $user['mname']);
         $_SESSION['user']['id'] = $user['id'];
         $_SESSION['user']['email'] = $user['email'];
         //			$_SESSION['user']['facility'] = ($params->facility == 0 ? $user['facility_id'] : $params->facility);
         $_SESSION['user']['localization'] = $params->lang;
         //			$_SESSION['user']['npi'] = $user['npi'] ;
         $_SESSION['user']['site'] = $params->site;
         $_SESSION['user']['auth'] = true;
         //-------------------------------------------
         // Also fetch the current version of the
         // Application & Database
         //-------------------------------------------
         //			$sql = "SELECT * FROM version LIMIT 1";
         //			$db->setSQL($sql);
         //			$version = $db->fetchRecord();
         //			$_SESSION['ver']['codeName'] = $version['v_tag'];
         //			$_SESSION['ver']['major'] = $version['v_major'];
         //			$_SESSION['ver']['rev'] = $version['v_patch'];
         //			$_SESSION['ver']['minor'] = $version['v_minor'];
         //			$_SESSION['ver']['database'] = $version['v_database'];
         $_SESSION['site']['localization'] = $params->lang;
         //			$_SESSION['site']['checkInMode'] = $params->checkInMode;
         $_SESSION['timeout'] = time();
         $_SESSION['user']['token'] = MatchaUtils::__encrypt('{"uid":' . $user['id'] . ',"sid":' . $this->session->loginSession() . ',"site":"' . $params->site . '"}');
         $_SESSION['inactive']['timeout'] = time();
         unset($db);
         return array('success' => true, 'token' => $_SESSION['user']['token'], 'user' => array('id' => $_SESSION['user']['id'], 'name' => $_SESSION['user']['name'], 'email' => $_SESSION['user']['email'], 'localization' => $params->lang));
     }
 }