function IsValid($credentials) { syslog(LOG_INFO, "isvalid"); if (!isset($credentials['username'])) { return false; } // Find this user $r = $GLOBALS['sql']->queryRow("SELECT * FROM user " . "WHERE username = '******'username']) . "'"); // If the user isn't found, false if (!$r['id']) { return false; } if (LOGLEVEL < 1 || (LOG_HIPAA || LOG_LOGIN)) { syslog(LOG_INFO, "FreeMED.Authentication_Basic| verify_auth login attempt {$user} "); } $db_pass = $r['userpassword']; // Check password if ($credentials['password'] == $r['userpassword']) { // Set session vars unset($r['userpassword']); HTTP_Session2::set('authdata', array("username" => $credentials['username'], "user" => $r['id'], "user_record" => $r)); // Set ipaddr for SESSION_PROTECTION HTTP_Session2::set('ipaddr', $_SERVER['REMOTE_ADDR']); // Authorize if (LOGLEVEL < 1 || LOG_ERRORS || (LOG_HIPAA || LOG_LOGIN)) { syslog(LOG_INFO, "FreeMED.Authentication_Basic| verify_auth successful login"); } $log = freemed::log_object(); $log->SystemLog(LOG__SECURITY, 'Authentication', get_class($this), "Successfully logged in"); return true; } else { // check password // Failed password check HTTP_Session2::set('authdata', null); HTTP_Session2::set('ipaddr', null); if (LOGLEVEL < 1 || LOG_ERRORS || (LOG_HIPAA || LOG_LOGIN)) { syslog(LOG_INFO, "FreeMED.Authentication_Basic| verify_auth failed login"); } $log = freemed::log_object(); $log->SystemLog(LOG__SECURITY, 'Authentication', get_class($this), "Failed login"); return false; } // end check password }
// (at your option) any later version. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the // GNU General Public License for more details. // // You should have received a copy of the GNU General Public License // along with this program; if not, write to the Free Software // Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. include_once 'lib/freemed.php'; error_reporting(); set_error_handler("controller_standard_error_handler"); // Start logging unset($log); $log = freemed::log_object(); $log->SystemLog(LOG__SECURITY, 'Provider', 'Controller', "Controller called with " . $_SERVER['PATH_INFO']); // Get provider from URL unset($layout); unset($piece); list($_garbage_, $layout, $piece) = explode('/', $_SERVER['PATH_INFO']); $layout = ucfirst(strtolower($layout)); Header('Content-Type: text/html; charset=' . $GLOBALS['ISOSET']); // Sanity checking if (!preg_match("/^[[:alpha:]]+\$/", $layout)) { print "Hack attempt, dying ( '{$layout}' given )."; exit; } if (!file_exists(dirname(__FILE__) . "/ui/" . strtolower(${layout}) . "/controller/controller.{$piece}.php")) { //print "Controller ${layout}::${piece} not present."; //exit;
function Logout() { // Stub method, just to keep track for audit purposes $log = freemed::log_object(); $log->SystemLog(LOG__SECURITY, 'Authentication', get_class($this), "Logged out"); }