function IsValid($credentials)
{
syslog(LOG_INFO, "isvalid");
if (!isset($credentials['username'])) {
return false;
}
// Find this user
$r = $GLOBALS['sql']->queryRow("SELECT * FROM user " . "WHERE username = '******'username']) . "'");
// If the user isn't found, false
if (!$r['id']) {
return false;
}
if (LOGLEVEL < 1 || (LOG_HIPAA || LOG_LOGIN)) {
syslog(LOG_INFO, "FreeMED.Authentication_Basic| verify_auth login attempt {$user} ");
}
$db_pass = $r['userpassword'];
// Check password
if ($credentials['password'] == $r['userpassword']) {
// Set session vars
unset($r['userpassword']);
HTTP_Session2::set('authdata', array("username" => $credentials['username'], "user" => $r['id'], "user_record" => $r));
// Set ipaddr for SESSION_PROTECTION
HTTP_Session2::set('ipaddr', $_SERVER['REMOTE_ADDR']);
// Authorize
if (LOGLEVEL < 1 || LOG_ERRORS || (LOG_HIPAA || LOG_LOGIN)) {
syslog(LOG_INFO, "FreeMED.Authentication_Basic| verify_auth successful login");
}
$log = freemed::log_object();
$log->SystemLog(LOG__SECURITY, 'Authentication', get_class($this), "Successfully logged in");
return true;
} else {
// check password
// Failed password check
HTTP_Session2::set('authdata', null);
HTTP_Session2::set('ipaddr', null);
if (LOGLEVEL < 1 || LOG_ERRORS || (LOG_HIPAA || LOG_LOGIN)) {
syslog(LOG_INFO, "FreeMED.Authentication_Basic| verify_auth failed login");
}
$log = freemed::log_object();
$log->SystemLog(LOG__SECURITY, 'Authentication', get_class($this), "Failed login");
return false;
}
// end check password
}
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with this program; if not, write to the Free Software
// Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
include_once 'lib/freemed.php';
error_reporting();
set_error_handler("controller_standard_error_handler");
// Start logging
unset($log);
$log = freemed::log_object();
$log->SystemLog(LOG__SECURITY, 'Provider', 'Controller', "Controller called with " . $_SERVER['PATH_INFO']);
// Get provider from URL
unset($layout);
unset($piece);
list($_garbage_, $layout, $piece) = explode('/', $_SERVER['PATH_INFO']);
$layout = ucfirst(strtolower($layout));
Header('Content-Type: text/html; charset=' . $GLOBALS['ISOSET']);
// Sanity checking
if (!preg_match("/^[[:alpha:]]+\$/", $layout)) {
print "Hack attempt, dying ( '{$layout}' given ).";
exit;
}
if (!file_exists(dirname(__FILE__) . "/ui/" . strtolower(${layout}) . "/controller/controller.{$piece}.php")) {
//print "Controller ${layout}::${piece} not present.";
//exit;
function Logout()
{
// Stub method, just to keep track for audit purposes
$log = freemed::log_object();
$log->SystemLog(LOG__SECURITY, 'Authentication', get_class($this), "Logged out");
}
