public function valid($credentials) { $timminus = date("Y-m-d H:m", strtotime(date("Y-m-d H:m")) - 7200) . ":00"; sqlStatement("DELETE FROM audit_details WHERE audit_master_id IN(SELECT id FROM audit_master WHERE type=5 AND created_time<=?)", array($timminus)); sqlStatement("DELETE FROM audit_master WHERE type=5 AND created_time<=?", array($timminus)); global $pid; $ok = 0; $okE = 0; $okN = 0; $okO = 0; $okP = 0; $tim = strtotime(gmdate("Y-m-d H:m")); $res = sqlStatement("SELECT * FROM audit_details WHERE field_value=?", array($credentials[3])); if (sqlNumRows($res)) { if ($GLOBALS['validated_offsite_portal'] != true) { return false; } } else { $grpID = sqlInsert("INSERT INTO audit_master SET type=5"); sqlStatement("INSERT INTO audit_details SET field_value=? , audit_master_id=? ", array($credentials[3], $grpID)); } if (sha1($GLOBALS['portal_offsite_password'] . date("Y-m-d H", $tim) . $credentials[3]) == $credentials[2]) { $ok = 1; } elseif (sha1($GLOBALS['portal_offsite_password'] . date("Y-m-d H", $tim - 3600) . $credentials[3]) == $credentials[2]) { $ok = 1; } elseif (sha1($GLOBALS['portal_offsite_password'] . date("Y-m-d H", $tim + 3600) . $credentials[3]) == $credentials[2]) { $ok = 1; } if ($credentials[1] == $GLOBALS['portal_offsite_username'] && $ok == 1 && $GLOBALS['portal_offsite_enable'] == 1 || $GLOBALS['validated_offsite_portal'] == true) { $prow = sqlQuery("SELECT * FROM patient_access_offsite WHERE portal_username=?", array($credentials[6])); if ($credentials[4] == 'existingpatient') { if (UserService::validcredential($credentials) === 2) { $okE = 2; } elseif (UserService::validcredential($credentials) == true) { $okE = 1; } else { return false; } } elseif ($credentials[4] == 'oemruser') { if ($credentials[9]) { $prow = sqlQuery("SELECT pid FROM audit_master WHERE id=?", array($credentials[9])); } $okO = 1; } elseif ($credentials[4] == 'newpatient') { if (UserService::validcredential($credentials) === 2) { $okN = 3; } elseif (UserService::validcredential($credentials)) { $okN = 2; } else { $okN = 1; $prow = sqlQuery("SELECT IFNULL(MAX(pid)+1,1) AS pid FROM patient_data"); } } if ($okE == 1 || $okN == 2 || $okN == 1 || $okO == 1) { $pid = $prow['pid']; $GLOBALS['pid'] = $prow['pid']; } elseif ($okE == 2 || $okN == 3) { $arow = sqlQuery("\n\t\t\t\tSELECT \n\t\t\t\t\tad.audit_master_id \n\t\t\t\tFROM\n\t\t\t\t\taudit_details ad \n\t\t\t\t\tJOIN audit_details ad2 \n\t\t\t\t\t\tON ad2.audit_master_id = ad.audit_master_id \n\t\t\t\t\t\tAND ad2.table_name = 'patient_access_offsite' \n\t\t\t\t\t\tAND ad2.field_name = 'portal_pwd' \n\t\t\t\tWHERE ad.table_name = 'patient_access_offsite' \n\t\t\t\t\tAND ad.field_name = 'portal_username' \n\t\t\t\t\tAND ad.field_value = ?\n\t\t\t", array($credentials[6])); $auditmasterid = $arow['audit_master_id']; $GLOBALS['auditmasterid'] = $arow['audit_master_id']; $pid = 0; $GLOBALS['pid'] = 0; } $_GET['site'] = $credentials[0]; if ($okE) { if ($okE == 1) { $portal = sqlQuery("SELECT allow_patient_portal FROM patient_data WHERE pid=?", array($pid)); } elseif ($okE == 2) { $portal = sqlQuery("\n\t\t\t\t\tSELECT \n\t\t\t\t\t\tIF(COUNT(*),'yes','no') AS allow_patient_portal\n\t\t\t\t\tFROM\n\t\t\t\t\t\taudit_master am \n\t\t\t\t\t\tJOIN audit_details ad \n\t\t\t\t\t\t\tON ad.audit_master_id = am.id \n\t\t\t\t\t\t\tAND ad.table_name = 'patient_access_offsite' \n\t\t\t\t\t\t\tAND ad.field_name = 'portal_username' \n\t\t\t\t\tWHERE am.approval_status = 1 \n\t\t\t\t\t\tAND ad.field_value = ?\n\t\t\t\t", array($credentials[6])); } if (strtolower($portal['allow_patient_portal']) != 'yes') { return false; } } $GLOBALS['validated_offsite_portal'] = true; if ($okO) { return 'oemruser'; } elseif ($okE == 1) { return 'existingpatient'; } elseif ($okE == 2) { return 'newpatienttoapprove'; } elseif ($okN == 1 || $okN == 2) { return 'newpatient'; } elseif ($okN == 3) { return 'newpatienttoapprove'; } return false; } else { return false; } }
public function valid($credentials) { $timminus = date("Y-m-d H:m", strtotime(date("Y-m-d H:m")) - 7200) . ":00"; sqlStatement("DELETE FROM audit_details WHERE audit_master_id IN(SELECT id FROM audit_master WHERE type=5 AND created_time<=?)", array($timminus)); sqlStatement("DELETE FROM audit_master WHERE type=5 AND created_time<=?", array($timminus)); global $pid; $ok = 0; $okE = 0; $okN = 0; $okO = 0; $okP = 0; $tim = strtotime(gmdate("Y-m-d H:m")); $res = sqlStatement("SELECT * FROM audit_details WHERE field_value=?", array($credentials[3])); if (sqlNumRows($res)) { if ($GLOBALS['validated_offsite_portal'] != true) { return false; } } else { $grpID = sqlInsert("INSERT INTO audit_master SET type=5"); sqlStatement("INSERT INTO audit_details SET field_value=? , audit_master_id=? ", array($credentials[3], $grpID)); } if (sha1($GLOBALS['portal_offsite_password'] . date("Y-m-d H", $tim) . $credentials[3]) == $credentials[2]) { $ok = 1; } elseif (sha1($GLOBALS['portal_offsite_password'] . date("Y-m-d H", $tim - 3600) . $credentials[3]) == $credentials[2]) { $ok = 1; } elseif (sha1($GLOBALS['portal_offsite_password'] . date("Y-m-d H", $tim + 3600) . $credentials[3]) == $credentials[2]) { $ok = 1; } if ($credentials[1] == $GLOBALS['portal_offsite_username'] && $ok == 1 && $GLOBALS['portal_offsite_enable'] == 1 || $GLOBALS['validated_offsite_portal'] == true) { $prow = sqlQuery("SELECT * FROM patient_access_offsite WHERE portal_username=?", array($credentials[6])); if ($credentials[4] == 'existingpatient') { if (UserService::validcredential($credentials)) { $okE = 1; } else { return false; } } elseif ($credentials[4] == 'oemruser') { if ($credentials[9]) { $prow = sqlQuery("SELECT pid FROM audit_master WHERE id=?", array($credentials[9])); } $okO = 1; } elseif ($credentials[4] == 'newpatient') { if (UserService::validcredential($credentials)) { $okN = 2; } else { $okN = 1; $prow = sqlQuery("SELECT MAX(pid)+1 AS pid FROM patient_data"); } } if ($okE == 1 || $okN == 2 || $okN == 1 || $okO == 1) { $pid = $prow['pid']; $GLOBALS['pid'] = $prow['pid']; } $_GET['site'] = $credentials[0]; if ($okE == 1) { $portal = sqlQuery("SELECT allow_patient_portal FROM patient_data WHERE pid=?", array($pid)); if (strtolower($portal['allow_patient_portal']) != 'yes') { return false; } } $GLOBALS['validated_offsite_portal'] = true; if ($okO) { return 'oemruser'; } elseif ($okE) { return 'existingpatient'; } elseif ($okN) { return 'newpatient'; } return false; } else { return false; } }