header("Content-Type:text/xml");
$ignoreAuth = true;
require_once 'classes.php';
$xml_array = array();
$username = $_REQUEST['username'];
$password = $_REQUEST['password'];
$emr = isset($_REQUEST['emr']) && !empty($_REQUEST['emr']) ? strtolower($_REQUEST['emr']) : "openemr";
$getdashboardinfo = isset($_REQUEST['getdashboardinfo']) ? $_REQUEST['getdashboardinfo'] : true;
$device_token = isset($_REQUEST['device_token']) ? $_REQUEST['device_token'] : '';
$date = isset($_REQUEST['date']) ? $_REQUEST['date'] : '';
if ($date == "") {
$date = date('Y-m-d');
}
if (getVersion()) {
require_once "{$srcdir}/authentication/login_operations.php";
if (validate_user_password($username, $password, 'Default')) {
$strQuery = "SELECT * FROM users WHERE username='******'";
$result = sqlQuery($strQuery);
}
} else {
$strQuery = "SELECT * FROM users WHERE username='******' AND password='******'";
$result = sqlQuery($strQuery);
}
if ($result) {
$userId = $result['id'];
$token = getToken($userId, $emr, $password, $device_token);
$provider_id = $result['id'];
$xml_array['status'] = 0;
$xml_array['reason'] = 'User fetched.';
$xml_array['token'] = $token;
$xml_array['id'] = $result['id'];
function change_user_details($user_name, $user_email, $user_password)
{
$user_id = $_SESSION['user_id'];
if (validate_user_name($user_name) != true) {
return '<span class="error_span">Name must be <u>letters only</u> and be <u>2 to 12 letters long</u>. If your name is longer, use a short version of your name</span>';
}
if (validate_user_email($user_email) != true) {
return '<span class="error_span">Email must be a valid email address and be no more than 50 characters long</span>';
} elseif (validate_user_password($user_password) != true && !empty($user_password)) {
return '<span class="error_span">Password must be at least 4 characters</span>';
} elseif (user_name_exists($user_name, $conn) == true && $user_name != $_SESSION['user_name']) {
return '<span class="error_span">Name is already in use. If you have the same name as someone else, use another spelling that identifies you</span>';
} elseif (user_email_exists($user_email) == true && $user_email != $_SESSION['user_email']) {
return '<span class="error_span">Email is already registered</span>';
} else {
if (empty($user_password)) {
mysqli_query($conn, "UPDATE " . global_mysql_users_table . " SET user_name='{$user_name}', user_email='{$user_email}' WHERE user_id='{$user_id}'") or die('<span class="error_span"><u>MySQL error:</u> ' . htmlspecialchars(mysqli_error($conn)) . '</span>');
} else {
$user_password = encrypt_password($user_password);
mysqli_query($conn, "UPDATE " . global_mysql_users_table . " SET user_name='{$user_name}', user_email='{$user_email}', user_password='******' WHERE user_id='{$user_id}'") or die('<span class="error_span"><u>MySQL error:</u> ' . htmlspecialchars(mysqli_error($conn)) . '</span>');
}
mysqli_query($conn, "UPDATE " . global_mysql_reservations_table . " SET reservation_user_name='{$user_name}', reservation_user_email='{$user_email}' WHERE reservation_user_id='{$user_id}'") or die('<span class="error_span"><u>MySQL error:</u> ' . htmlspecialchars(mysqli_error($conn)) . '</span>');
$_SESSION['user_name'] = $user_name;
$_SESSION['user_email'] = $user_email;
$user_password = strip_salt($user_password);
setcookie(global_cookie_prefix . '_user_email', $user_email, time() + 3600 * 24 * intval(global_remember_login_days));
setcookie(global_cookie_prefix . '_user_password', $user_password, time() + 3600 * 24 * intval(global_remember_login_days));
return 1;
}
}
function change_user_details($user_name, $user_email, $user_password)
{
$user_id = $_SESSION['user_id'];
if (validate_user_name($user_name) != true) {
// return('<span class="error_span">Name must be <u>letters only</u> and be <u>2 to 12 letters long</u>. If your name is longer, use a short version of your name</span>');
return '<span class="error_span">El "Número de Alumno"solo admite <u>números</u>. Entre 3 y 6 dígitos</span>';
}
if (validate_user_email($user_email) != true) {
return '<span class="error_span">El Email debe ser válido y no tener más de 50 caracteres.</span>';
} elseif (validate_user_password($user_password) != true && !empty($user_password)) {
return '<span class="error_span">El Password debe tener un mínimo de 4 caracteres</span>';
} elseif (user_name_exists($user_name) == true && $user_name != $_SESSION['user_name']) {
return '<span class="error_span">Ese número de alumno ya fue utilizado</span>';
} elseif (user_email_exists($user_email) == true && $user_email != $_SESSION['user_email']) {
return '<span class="error_span">Email ya registrado</span>';
} else {
if (empty($user_password)) {
mysql_query("UPDATE " . global_mysql_users_table . " SET user_name='{$user_name}', user_email='{$user_email}' WHERE user_id='{$user_id}'") or die('<span class="error_span"><u>MySQL error:</u> ' . htmlspecialchars(mysql_error()) . '</span>');
} else {
$user_password = encrypt_password($user_password);
mysql_query("UPDATE " . global_mysql_users_table . " SET user_name='{$user_name}', user_email='{$user_email}', user_password='******' WHERE user_id='{$user_id}'") or die('<span class="error_span"><u>MySQL error:</u> ' . htmlspecialchars(mysql_error()) . '</span>');
}
mysql_query("UPDATE " . global_mysql_reservations_table . " SET reservation_user_name='{$user_name}', reservation_user_email='{$user_email}' WHERE reservation_user_id='{$user_id}'") or die('<span class="error_span"><u>MySQL error:</u> ' . htmlspecialchars(mysql_error()) . '</span>');
$_SESSION['user_name'] = $user_name;
$_SESSION['user_email'] = $user_email;
$user_password = strip_salt($user_password);
setcookie(global_cookie_prefix . '_user_email', $user_email, time() + 3600 * 24 * intval(global_remember_login_days));
setcookie(global_cookie_prefix . '_user_password', $user_password, time() + 3600 * 24 * intval(global_remember_login_days));
return 1;
}
}