search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Interim autoloaded library/classes via composer classmap, take 4. (#422)
[openemr.git] / interface / patient_file / summary / create_portallogin.php
blob9a0691a90f141b3aea62e4854cf6874b120b589e
1 <?php
2 // +-----------------------------------------------------------------------------+
3 // Copyright (C) 2011 Z&H Consultancy Services Private Limited <sam@zhservices.com>
4 //
5 //
6 // This program is free software; you can redistribute it and/or
7 // modify it under the terms of the GNU General Public License
8 // as published by the Free Software Foundation; either version 2
9 // of the License, or (at your option) any later version.
10 //
11 //
12 // This program is distributed in the hope that it will be useful,
13 // but WITHOUT ANY WARRANTY; without even the implied warranty of
14 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 // GNU General Public License for more details.
16 //
17 //
18 // A copy of the GNU General Public License is included along with this program:
19 // openemr/interface/login/GnuGPL.html
20 // For more information write to the Free Software
21 // Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
22 //
23 // Author: Eldho Chacko <eldho@zhservices.com>
24 // Jacob T Paul <jacob@zhservices.com>
25 // Paul Simon <paul@zhservices.com>
26 //
27 // +------------------------------------------------------------------------------+
28
29 //SANITIZE ALL ESCAPES
30 $sanitize_all_escapes=true;
31 //
32
33 //STOP FAKE REGISTER GLOBALS
34 $fake_register_globals=false;
35 //
36 require_once("../../globals.php");
37
38 // Collect portalsite parameter (either off for offsite or on for onsite); only allow off or on
39 $portalsite = isset($_GET['portalsite']) ? $_GET['portalsite'] : $portalsite = "off";
40 if ($portalsite != "off" && $portalsite != "on") $portalsite = "off";
41
42 $row = sqlQuery("SELECT pd.*,pao.portal_username,pao.portal_pwd,pao.portal_pwd_status FROM patient_data AS pd LEFT OUTER JOIN patient_access_" . add_escape_custom($portalsite) . "site AS pao ON pd.pid=pao.pid WHERE pd.pid=?",array($pid));
43
44 function generatePassword($length=6, $strength=1) {
45 $consonants = 'bdghjmnpqrstvzacefiklowxy';
46 $numbers = '0234561789';
47 $specials = '@#$%';
48
49
50 $password = '';
51 $alt = time() % 2;
52 for ($i = 0; $i < $length/3; $i++) {
53 if ($alt == 1) {
54 $password .= $consonants[(rand() % strlen($consonants))].$numbers[(rand() % strlen($numbers))].$specials[(rand() % strlen($specials))];
55 $alt = 0;
56 } else {
57 $password .= $numbers[(rand() % strlen($numbers))].$specials[(rand() % strlen($specials))].$consonants[(rand() % strlen($consonants))];
58 $alt = 1;
59 }
60 }
61 return $password;
62 }
63
64 function validEmail($email){
65 if(preg_match("/^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$/i", $email)) {
66 return true;
67 }
68 return false;
69 }
70
71 function messageCreate($uname,$pass,$site){
72 $message = htmlspecialchars( xl("Patient Portal Web Address"),ENT_NOQUOTES) . ":<br>";
73 if ($site == "on") {
74 $message .= "<a href='" . htmlspecialchars($GLOBALS['portal_onsite_address'],ENT_QUOTES) . "'>" .
75 htmlspecialchars($GLOBALS['portal_onsite_address'],ENT_NOQUOTES) . "</a><br><br>";
76 } // $site == "off"
77 else {
78 $offsite_portal_patient_link = $GLOBALS['portal_offsite_address_patient_link'] ? htmlspecialchars($GLOBALS['portal_offsite_address_patient_link'],ENT_QUOTES) : htmlspecialchars("https://mydocsportal.com",ENT_QUOTES);
79 $message .= "<a href='" . $offsite_portal_patient_link . "'>" .
80 $offsite_portal_patient_link . "</a><br><br>";
81 $message .= htmlspecialchars(xl("Provider Id"),ENT_NOQUOTES) . ": " .
82 htmlspecialchars($GLOBALS['portal_offsite_providerid'],ENT_NOQUOTES) . "<br><br>";
83 }
84
85 $message .= htmlspecialchars(xl("User Name"),ENT_NOQUOTES) . ": " .
86 htmlspecialchars($uname,ENT_NOQUOTES) . "<br><br>" .
87 htmlspecialchars(xl("Password"),ENT_NOQUOTES) . ": " .
88 htmlspecialchars($pass,ENT_NOQUOTES) . "<br><br>";
89 return $message;
90 }
91
92 function emailLogin($patient_id,$message){
93 $patientData = sqlQuery("SELECT * FROM `patient_data` WHERE `pid`=?", array($patient_id) );
94 if ( $patientData['hipaa_allowemail'] != "YES" || empty($patientData['email']) || empty($GLOBALS['patient_reminder_sender_email']) ) {
95 return false;
96 }
97 if (!(validEmail($patientData['email']))) {
98 return false;
99 }
100 if (!(validEmail($GLOBALS['patient_reminder_sender_email']))) {
101 return false;
102 }
103
104 $mail = new MyMailer();
105 $pt_name=$patientData['fname'].' '.$patientData['lname'];
106 $pt_email=$patientData['email'];
107 $email_subject=xl('Access Your Patient Portal');
108 $email_sender=$GLOBALS['patient_reminder_sender_email'];
109 $mail->AddReplyTo($email_sender, $email_sender);
110 $mail->SetFrom($email_sender, $email_sender);
111 $mail->AddAddress($pt_email, $pt_name);
112 $mail->Subject = $email_subject;
113 $mail->MsgHTML("<html><body><div class='wrapper'>".$message."</div></body></html>");
114 $mail->IsHTML(true);
115 $mail->AltBody = $message;
116
117 if ($mail->Send()) {
118 return true;
119 } else {
120 $email_status = $mail->ErrorInfo;
121 error_log("EMAIL ERROR: ".$email_status,0);
122 return false;
123 }
124 }
125
126 function displayLogin($patient_id,$message,$emailFlag){
127 $patientData = sqlQuery("SELECT * FROM `patient_data` WHERE `pid`=?", array($patient_id) );
128 if ($emailFlag) {
129 $message = "<br><br>" .
130 htmlspecialchars(xl("Email was sent to following address"),ENT_NOQUOTES) . ": " .
131 htmlspecialchars($patientData['email'],ENT_NOQUOTES) . "<br><br>" .
132 $message;
133 }
134 echo "<html><body onload='top.printLogPrint(window);'>" . $message . "</body></html>";
135 }
136
137 if(isset($_REQUEST['form_save']) && $_REQUEST['form_save']=='SUBMIT'){
138 require_once("$srcdir/authentication/common_operations.php");
139
140 $clear_pass=$_REQUEST['pwd'];
141
142 $res = sqlStatement("SELECT * FROM patient_access_" . add_escape_custom($portalsite) . "site WHERE pid=?",array($pid));
143 $query_parameters=array($_REQUEST['uname']);
144 $salt_clause="";
145 if($portalsite=='on')
146 {
147 // For onsite portal create a blowfish based hash and salt.
148 $new_salt = oemr_password_salt();
149 $salt_clause = ",portal_salt=? ";
150 array_push($query_parameters,oemr_password_hash($clear_pass,$new_salt),$new_salt);
151 }
152 else
153 {
154 // For offsite portal still create and SHA1 hashed password
155 // When offsite portal is updated to handle blowfish, then both portals can use the same execution path.
156 array_push($query_parameters,SHA1($clear_pass));
157 }
158 array_push($query_parameters,$pid);
159 if(sqlNumRows($res)){
160 sqlStatement("UPDATE patient_access_" . add_escape_custom($portalsite) . "site SET portal_username=?,portal_pwd=?,portal_pwd_status=0 " . $salt_clause . " WHERE pid=?",$query_parameters);
161 }
162 else{
163 sqlStatement("INSERT INTO patient_access_" . add_escape_custom($portalsite) . "site SET portal_username=?,portal_pwd=?,portal_pwd_status=0" . $salt_clause . " ,pid=?",$query_parameters);
164 }
165
166 // Create the message
167 $message = messageCreate($_REQUEST['uname'],$clear_pass,$portalsite);
168 // Email and display/print the message
169 if ( emailLogin($pid,$message) ) {
170 // email was sent
171 displayLogin($pid,$message,true);
172 }
173 else {
174 // email wasn't sent
175 displayLogin($pid,$message,false);
176 }
177 exit;
178 } ?>
179
180 <html>
181 <head>
182 <link rel="stylesheet" href="<?php echo $css_header;?>" type="text/css">
183
184 <script type="text/javascript" src="<?php echo $GLOBALS['assets_static_relative']; ?>/jquery-min-1-6-4/index.js"></script>
185 <script type="text/javascript">
186 function transmit(){
187
188 // get a public key to encrypt the password info and send
189 document.getElementById('form_save').value='SUBMIT';
190 document.forms[0].submit();
191 }
192 </script>
193 </head>
194 <body class="body_top">
195 <form name="portallogin" action="" method="POST">
196 <table align="center" style="margin-top:10px">
197 <tr class="text">
198 <th colspan="5" align="center"><?php echo htmlspecialchars(xl("Generate Username And Password For")." ".$row['fname'],ENT_QUOTES);?></th>
199 </tr>
200 <?php
201 if($portalsite == 'off'){
202 ?>
203 <tr class="text">
204 <td><?php echo htmlspecialchars(xl('Provider Id').':',ENT_QUOTES);?></td>
205 <td><span><?php echo htmlspecialchars($GLOBALS['portal_offsite_providerid'],ENT_QUOTES);?></span></td>
206 </tr>
207 <?php
208 }
209 ?>
210 <tr class="text">
211 <td><?php echo htmlspecialchars(xl('User Name').':',ENT_QUOTES);?></td>
212 <td><input type="text" name="uname" value="<?php if($row['portal_username']) echo htmlspecialchars($row['portal_username'],ENT_QUOTES); else echo htmlspecialchars($row['fname'].$row['id'],ENT_QUOTES);?>" size="10" readonly></td>
213 </tr>
214 <tr class="text">
215 <td><?php echo htmlspecialchars(xl('Password').':',ENT_QUOTES);?></td>
216 <?php
217 $pwd = generatePassword();
218 ?>
219 <td><input type="text" name="pwd" id="pwd" value="<?php echo htmlspecialchars($pwd,ENT_QUOTES);?>" size="10"/>
220 </td>
221 <td><a href="#" class="css_button" onclick="top.restoreSession(); javascript:document.location.reload()"><span><?php echo htmlspecialchars(xl('Change'),ENT_QUOTES);?></span></a></td>
222 </tr>
223 <tr class="text">
224 <td><input type="hidden" name="form_save" id="form_save"></td>
225 <td colspan="5" align="center">
226 <a href="#" class="css_button" onclick="return transmit()"><span><?php echo htmlspecialchars(xl('Save'),ENT_QUOTES);?></span></a>
227 <input type="hidden" name="form_cancel" id="form_cancel">
228 <a href="#" class="css_button" onclick="top.restoreSession(); parent.$.fn.fancybox.close();"><span><?php echo htmlspecialchars(xl('Cancel'),ENT_QUOTES);?></span></a>
229 </td>
230 </tr>
231 </table>
232 </form>
233 </body>
Mirror of official OpenEMR Sourceforge repository