Esempio n. 1
0
 public function valid($credentials)
 {
     $timminus = date("Y-m-d H:m", strtotime(date("Y-m-d H:m")) - 7200) . ":00";
     sqlStatement("DELETE FROM audit_details WHERE audit_master_id IN(SELECT id FROM audit_master WHERE type=5 AND created_time<=?)", array($timminus));
     sqlStatement("DELETE FROM audit_master WHERE type=5 AND created_time<=?", array($timminus));
     global $pid;
     $ok = 0;
     $okE = 0;
     $okN = 0;
     $okO = 0;
     $okP = 0;
     $tim = strtotime(gmdate("Y-m-d H:m"));
     $res = sqlStatement("SELECT * FROM audit_details WHERE field_value=?", array($credentials[3]));
     if (sqlNumRows($res)) {
         if ($GLOBALS['validated_offsite_portal'] != true) {
             return false;
         }
     } else {
         $grpID = sqlInsert("INSERT INTO audit_master SET type=5");
         sqlStatement("INSERT INTO audit_details SET field_value=? , audit_master_id=? ", array($credentials[3], $grpID));
     }
     if (sha1($GLOBALS['portal_offsite_password'] . date("Y-m-d H", $tim) . $credentials[3]) == $credentials[2]) {
         $ok = 1;
     } elseif (sha1($GLOBALS['portal_offsite_password'] . date("Y-m-d H", $tim - 3600) . $credentials[3]) == $credentials[2]) {
         $ok = 1;
     } elseif (sha1($GLOBALS['portal_offsite_password'] . date("Y-m-d H", $tim + 3600) . $credentials[3]) == $credentials[2]) {
         $ok = 1;
     }
     if ($credentials[1] == $GLOBALS['portal_offsite_username'] && $ok == 1 && $GLOBALS['portal_offsite_enable'] == 1 || $GLOBALS['validated_offsite_portal'] == true) {
         $prow = sqlQuery("SELECT * FROM patient_access_offsite WHERE portal_username=?", array($credentials[6]));
         if ($credentials[4] == 'existingpatient') {
             if (UserService::validcredential($credentials) === 2) {
                 $okE = 2;
             } elseif (UserService::validcredential($credentials) == true) {
                 $okE = 1;
             } else {
                 return false;
             }
         } elseif ($credentials[4] == 'oemruser') {
             if ($credentials[9]) {
                 $prow = sqlQuery("SELECT pid FROM audit_master WHERE id=?", array($credentials[9]));
             }
             $okO = 1;
         } elseif ($credentials[4] == 'newpatient') {
             if (UserService::validcredential($credentials) === 2) {
                 $okN = 3;
             } elseif (UserService::validcredential($credentials)) {
                 $okN = 2;
             } else {
                 $okN = 1;
                 $prow = sqlQuery("SELECT IFNULL(MAX(pid)+1,1) AS pid FROM patient_data");
             }
         }
         if ($okE == 1 || $okN == 2 || $okN == 1 || $okO == 1) {
             $pid = $prow['pid'];
             $GLOBALS['pid'] = $prow['pid'];
         } elseif ($okE == 2 || $okN == 3) {
             $arow = sqlQuery("\n\t\t\t\tSELECT \n\t\t\t\t\tad.audit_master_id \n\t\t\t\tFROM\n\t\t\t\t\taudit_details ad \n\t\t\t\t\tJOIN audit_details ad2 \n\t\t\t\t\t\tON ad2.audit_master_id = ad.audit_master_id \n\t\t\t\t\t\tAND ad2.table_name = 'patient_access_offsite' \n\t\t\t\t\t\tAND ad2.field_name = 'portal_pwd' \n\t\t\t\tWHERE ad.table_name = 'patient_access_offsite' \n\t\t\t\t\tAND ad.field_name = 'portal_username' \n\t\t\t\t\tAND ad.field_value = ?\n\t\t\t", array($credentials[6]));
             $auditmasterid = $arow['audit_master_id'];
             $GLOBALS['auditmasterid'] = $arow['audit_master_id'];
             $pid = 0;
             $GLOBALS['pid'] = 0;
         }
         $_GET['site'] = $credentials[0];
         if ($okE) {
             if ($okE == 1) {
                 $portal = sqlQuery("SELECT allow_patient_portal FROM patient_data WHERE pid=?", array($pid));
             } elseif ($okE == 2) {
                 $portal = sqlQuery("\n\t\t\t\t\tSELECT \n\t\t\t\t\t\tIF(COUNT(*),'yes','no') AS allow_patient_portal\n\t\t\t\t\tFROM\n\t\t\t\t\t\taudit_master am \n\t\t\t\t\t\tJOIN audit_details ad \n\t\t\t\t\t\t\tON ad.audit_master_id = am.id \n\t\t\t\t\t\t\tAND ad.table_name = 'patient_access_offsite' \n\t\t\t\t\t\t\tAND ad.field_name = 'portal_username' \n\t\t\t\t\tWHERE am.approval_status = 1 \n\t\t\t\t\t\tAND ad.field_value = ?\n\t\t\t\t", array($credentials[6]));
             }
             if (strtolower($portal['allow_patient_portal']) != 'yes') {
                 return false;
             }
         }
         $GLOBALS['validated_offsite_portal'] = true;
         if ($okO) {
             return 'oemruser';
         } elseif ($okE == 1) {
             return 'existingpatient';
         } elseif ($okE == 2) {
             return 'newpatienttoapprove';
         } elseif ($okN == 1 || $okN == 2) {
             return 'newpatient';
         } elseif ($okN == 3) {
             return 'newpatienttoapprove';
         }
         return false;
     } else {
         return false;
     }
 }
Esempio n. 2
0
 public function valid($credentials)
 {
     $timminus = date("Y-m-d H:m", strtotime(date("Y-m-d H:m")) - 7200) . ":00";
     sqlStatement("DELETE FROM audit_details WHERE audit_master_id IN(SELECT id FROM audit_master WHERE type=5 AND created_time<=?)", array($timminus));
     sqlStatement("DELETE FROM audit_master WHERE type=5 AND created_time<=?", array($timminus));
     global $pid;
     $ok = 0;
     $okE = 0;
     $okN = 0;
     $okO = 0;
     $okP = 0;
     $tim = strtotime(gmdate("Y-m-d H:m"));
     $res = sqlStatement("SELECT * FROM audit_details WHERE field_value=?", array($credentials[3]));
     if (sqlNumRows($res)) {
         if ($GLOBALS['validated_offsite_portal'] != true) {
             return false;
         }
     } else {
         $grpID = sqlInsert("INSERT INTO audit_master SET type=5");
         sqlStatement("INSERT INTO audit_details SET field_value=? , audit_master_id=? ", array($credentials[3], $grpID));
     }
     if (sha1($GLOBALS['portal_offsite_password'] . date("Y-m-d H", $tim) . $credentials[3]) == $credentials[2]) {
         $ok = 1;
     } elseif (sha1($GLOBALS['portal_offsite_password'] . date("Y-m-d H", $tim - 3600) . $credentials[3]) == $credentials[2]) {
         $ok = 1;
     } elseif (sha1($GLOBALS['portal_offsite_password'] . date("Y-m-d H", $tim + 3600) . $credentials[3]) == $credentials[2]) {
         $ok = 1;
     }
     if ($credentials[1] == $GLOBALS['portal_offsite_username'] && $ok == 1 && $GLOBALS['portal_offsite_enable'] == 1 || $GLOBALS['validated_offsite_portal'] == true) {
         $prow = sqlQuery("SELECT * FROM patient_access_offsite WHERE portal_username=?", array($credentials[6]));
         if ($credentials[4] == 'existingpatient') {
             if (UserService::validcredential($credentials)) {
                 $okE = 1;
             } else {
                 return false;
             }
         } elseif ($credentials[4] == 'oemruser') {
             if ($credentials[9]) {
                 $prow = sqlQuery("SELECT pid FROM audit_master WHERE id=?", array($credentials[9]));
             }
             $okO = 1;
         } elseif ($credentials[4] == 'newpatient') {
             if (UserService::validcredential($credentials)) {
                 $okN = 2;
             } else {
                 $okN = 1;
                 $prow = sqlQuery("SELECT MAX(pid)+1 AS pid FROM patient_data");
             }
         }
         if ($okE == 1 || $okN == 2 || $okN == 1 || $okO == 1) {
             $pid = $prow['pid'];
             $GLOBALS['pid'] = $prow['pid'];
         }
         $_GET['site'] = $credentials[0];
         if ($okE == 1) {
             $portal = sqlQuery("SELECT allow_patient_portal FROM patient_data WHERE pid=?", array($pid));
             if (strtolower($portal['allow_patient_portal']) != 'yes') {
                 return false;
             }
         }
         $GLOBALS['validated_offsite_portal'] = true;
         if ($okO) {
             return 'oemruser';
         } elseif ($okE) {
             return 'existingpatient';
         } elseif ($okN) {
             return 'newpatient';
         }
         return false;
     } else {
         return false;
     }
 }