function authenticate($email, $password)
{
$_SESSION['email'] = mysql_real_escape_string(trim($email));
$_SESSION['legacy_password'] = hash_password_legacy($password);
$_SESSION['password'] = hash_password($password);
//Query for retriving user name and password inputed
$result = credentials();
if (!$result) {
error_log('Failed login attempt - username ' . $_SESSION['email']);
error_log(mysql_error());
}
//we scan results, mark if there is one
if ($result && ($row = mysql_fetch_array($result))) {
//save the mid
$_SESSION['mid'] = $row['mid'];
$loginstep = $row['loginstep'];
$requiredActions = $row['actions_required'];
$_SESSION['loginstep'] = $loginstep;
}
}
<?php
session_start();
include_once "../includes/constants.php";
include_once "../includes/general.php";
include_once "../includes/db.php";
db_connect();
if (isset($_POST['user'])) {
$_SESSION['email'] = mysql_real_escape_string(trim($_POST['user']));
}
if (isset($_POST['pass'])) {
$_SESSION['legacy_password'] = md5($_POST['pass']);
$_SESSION['password'] = hash("sha256", $_POST['pass'] . SALT);
}
$result = credentials();
if (!$result) {
$_SESSION['LoginMessage'] = "Invalid email and/or password.";
$_SESSION['LoginType'] = 3;
header('Location: ./m.login.php');
exit;
}
//we scan results, mark if there is one
while ($row = mysql_fetch_array($result)) {
//save the mid
$_SESSION['mid'] = $row['mid'];
$loginstep = $row['loginstep'];
$_SESSION['loginstep'] = $loginstep;
}
if ($_SESSION['loginstep'] == 11) {
$_SESSION['LoginMessage'] = "User disabled.";
$_SESSION['LoginType'] = 3;
//STOP FAKE REGISTER GLOBALS
$fake_register_globals = false;
//
require 'globals.php';
require 'eRx_xml.php';
$userRole = sqlQuery("select * from users where username=?", array($_SESSION['authUser']));
$userRole['newcrop_user_role'] = preg_replace('/erx/', '', $userRole['newcrop_user_role']);
$msg = '';
$doc = new DOMDocument();
$doc->formatOutput = true;
$r = $doc->createElement("NCScript");
$r->setAttribute('xmlns', 'http://secure.newcropaccounts.com/interfaceV7');
$r->setAttribute('xmlns:NCStandard', 'http://secure.newcropaccounts.com/interfaceV7:NCStandard');
$r->setAttribute('xmlns:xsi', 'http://www.w3.org/2001/XMLSchema-instance');
$doc->appendChild($r);
credentials($doc, $r);
user_role($doc, $r);
$page = $_REQUEST['page'];
destination($doc, $r, $page, $pid);
account($doc, $r);
if ($userRole['newcrop_user_role'] != 'manager') {
location($doc, $r);
}
if ($userRole['newcrop_user_role'] == 'doctor' || $page == 'renewal') {
LicensedPrescriber($doc, $r);
}
if ($userRole['newcrop_user_role'] == 'manager' || $userRole['newcrop_user_role'] == 'admin' || $userRole['newcrop_user_role'] == 'nurse') {
Staff($doc, $r);
}
if ($userRole['newcrop_user_role'] == 'supervisingDoctor') {
SupervisingDoctor($doc, $r);
