function authenticate($email, $password) { $_SESSION['email'] = mysql_real_escape_string(trim($email)); $_SESSION['legacy_password'] = hash_password_legacy($password); $_SESSION['password'] = hash_password($password); //Query for retriving user name and password inputed $result = credentials(); if (!$result) { error_log('Failed login attempt - username ' . $_SESSION['email']); error_log(mysql_error()); } //we scan results, mark if there is one if ($result && ($row = mysql_fetch_array($result))) { //save the mid $_SESSION['mid'] = $row['mid']; $loginstep = $row['loginstep']; $requiredActions = $row['actions_required']; $_SESSION['loginstep'] = $loginstep; } }
<?php session_start(); include_once "../includes/constants.php"; include_once "../includes/general.php"; include_once "../includes/db.php"; db_connect(); if (isset($_POST['user'])) { $_SESSION['email'] = mysql_real_escape_string(trim($_POST['user'])); } if (isset($_POST['pass'])) { $_SESSION['legacy_password'] = md5($_POST['pass']); $_SESSION['password'] = hash("sha256", $_POST['pass'] . SALT); } $result = credentials(); if (!$result) { $_SESSION['LoginMessage'] = "Invalid email and/or password."; $_SESSION['LoginType'] = 3; header('Location: ./m.login.php'); exit; } //we scan results, mark if there is one while ($row = mysql_fetch_array($result)) { //save the mid $_SESSION['mid'] = $row['mid']; $loginstep = $row['loginstep']; $_SESSION['loginstep'] = $loginstep; } if ($_SESSION['loginstep'] == 11) { $_SESSION['LoginMessage'] = "User disabled."; $_SESSION['LoginType'] = 3;
//STOP FAKE REGISTER GLOBALS $fake_register_globals = false; // require 'globals.php'; require 'eRx_xml.php'; $userRole = sqlQuery("select * from users where username=?", array($_SESSION['authUser'])); $userRole['newcrop_user_role'] = preg_replace('/erx/', '', $userRole['newcrop_user_role']); $msg = ''; $doc = new DOMDocument(); $doc->formatOutput = true; $r = $doc->createElement("NCScript"); $r->setAttribute('xmlns', 'http://secure.newcropaccounts.com/interfaceV7'); $r->setAttribute('xmlns:NCStandard', 'http://secure.newcropaccounts.com/interfaceV7:NCStandard'); $r->setAttribute('xmlns:xsi', 'http://www.w3.org/2001/XMLSchema-instance'); $doc->appendChild($r); credentials($doc, $r); user_role($doc, $r); $page = $_REQUEST['page']; destination($doc, $r, $page, $pid); account($doc, $r); if ($userRole['newcrop_user_role'] != 'manager') { location($doc, $r); } if ($userRole['newcrop_user_role'] == 'doctor' || $page == 'renewal') { LicensedPrescriber($doc, $r); } if ($userRole['newcrop_user_role'] == 'manager' || $userRole['newcrop_user_role'] == 'admin' || $userRole['newcrop_user_role'] == 'nurse') { Staff($doc, $r); } if ($userRole['newcrop_user_role'] == 'supervisingDoctor') { SupervisingDoctor($doc, $r);