| blob | 7369815b61302cc8c1a9e14355d7070e7e560086 |
1 <?php
2 /**
3 * Authorization functions.
4 *
5 * LICENSE: This program is free software; you can redistribute it and/or
6 * modify it under the terms of the GNU General Public License
7 * as published by the Free Software Foundation; either version 2
8 * of the License, or (at your option) any later version.
9 * This program is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU General Public License for more details.
13 * You should have received a copy of the GNU General Public License
14 * along with this program. If not, see <http://opensource.org/licenses/gpl-license.php>;.
15 *
16 * @package OpenEMR
17 * @author Rod Roark <rod@sunsetsystems.com>
18 * @author Brady Miller <brady@sparmy.com>
19 * @author Kevin Yeh <kevin.y@integralemr.com>
20 * @author ViCarePlus <visolve_emr@visolve.com>
21 * @author cfapress
22 * @link http://www.open-emr.org
23 */
25 //----------THINGS WE ALWAYS DO
27 require_once("{$GLOBALS['srcdir']}/log.inc");
28 require_once("{$GLOBALS['srcdir']}/sql.inc");
29 // added for the phpGACL group check -- JRM
30 require_once("{$GLOBALS['srcdir']}/acl.inc");
31 require_once("$srcdir/formdata.inc.php");
32 require_once("$srcdir/authentication/login_operations.php");
34 $incoming_site_id = '';
38 if (isset($_GET['auth']) && ($_GET['auth'] == "login") && isset($_POST['authUser']) &&
39 isset($_POST['clearPass']) && isset($_POST['authProvider']))
40 {
41 $clearPass=$_POST['clearPass'];
42 // set the language
43 if (!empty($_POST['languageChoice'])) {
44 $_SESSION['language_choice'] = $_POST['languageChoice'];
45 }
46 else {
47 $_SESSION['language_choice'] = 1;
48 }
50 if(!validate_user_password($_POST['authUser'],$clearPass,$_POST['authProvider']) || !verify_user_gacl_group($_POST['authUser']))
51 {
52 $_SESSION['loginfailure'] = 1;
53 authLoginScreen();
54 }
55 //If password expiration option is enabled call authCheckExpired() to check whether login user password is expired or not
57 if($GLOBALS['password_expiration_days'] != 0){
58 if(authCheckExpired($_POST['authUser']))
59 {
60 authLoginScreen();
61 }
62 }
63 $ip=$_SERVER['REMOTE_ADDR'];
64 $_SESSION['loginfailure'] = null;
65 unset($_SESSION['loginfailure']);
66 //store the very first initial timestamp for timeout errors
67 $_SESSION["last_update"] = time();
68 }
69 else if ( (isset($_GET['auth'])) && ($_GET['auth'] == "logout") )
70 {
71 newEvent("logout", $_SESSION['authUser'], $_SESSION['authProvider'], 1, "success");
72 authCloseSession();
73 authLoginScreen();
74 }
75 else
76 {
77 if (authCheckSession())
78 {
79 if (isset($_SESSION['pid']) && empty($GLOBALS['DAEMON_FLAG']))
80 {
81 require_once("{$GLOBALS['srcdir']}/patient.inc");
82 /**
83 $logpatient = getPatientData($_SESSION['pid'], "lname, fname, mname");
84 newEvent("view", $_SESSION['authUser'], $_SESSION['authProvider'],
85 "{$logpatient['lname']}, {$logpatient['fname']} {$logpatient['mname']} :: encounter " .
86 $_SESSION['encounter']);
87 **/
88 }
89 //LOG EVERYTHING
90 //newEvent("view", $_SESSION['authUser'], $_SESSION['authProvider'], $_SERVER['REQUEST_URI']);
91 }
92 else {
93 newEvent("login",$_POST['authUser'], $_POST['authProvider'], 0, "insufficient data sent");
94 authLoginScreen();
95 }
96 }
98 if (!isset($_SESSION["last_update"])) {
99 authLoginScreen();
100 } else {
101 //if page has not been updated in a given period of time, we call login screen
102 if ((time() - $_SESSION["last_update"]) > $timeout) {
103 newEvent("logout", $_SESSION['authUser'], $_SESSION['authProvider'], 0, "timeout");
104 authCloseSession();
105 authLoginScreen();
106 } else {
107 // Have a mechanism to skip the timeout reset mechanism if a skip_timeout_reset parameter exists. This
108 // can be used by scripts that continually request information from the server; for example the Messages
109 // and Reminders automated intermittent requests that happen in the Messages Center script and in
110 // the left navigation menu script.
111 if (empty($GLOBALS['DAEMON_FLAG']) && empty($_REQUEST['skip_timeout_reset'])) $_SESSION["last_update"] = time();
112 }
113 }
115 //----------THINGS WE DO IF WE STILL LIKE YOU
117 function authCheckSession ()
118 {
119 if (isset($_SESSION['authId'])) {
120 $authDB = sqlQuery("select username, password from users where id = ?",array($_SESSION['authId']));
121 if ($_SESSION['authUser'] == $authDB['username'] )
122 {
123 return true;
124 }
125 else {
126 return false;
127 }
128 }
129 else {
130 return false;
131 }
132 }
134 function authCloseSession ()
135 {
136 // Before destroying the session, save its site_id so that the next
137 // login will default to that same site.
138 global $incoming_site_id;
139 $incoming_site_id = $_SESSION['site_id'];
140 ob_start();
141 session_unset();
142 session_destroy();
143 unset($_COOKIE[session_name()]);
144 }
146 function authLoginScreen()
147 {
148 // See comment in authCloseSession().
149 global $incoming_site_id;
150 header("Location: {$GLOBALS['login_screen']}?error=1&site=$incoming_site_id");
151 exit;
152 }
154 // Check if the user's password has expired beyond the grace limit.
155 // If so, deactivate the user
156 function authCheckExpired($user)
157 {
158 $result = sqlStatement("select pwd_expiration_date from users where username = ?",array($user));
159 if($row = sqlFetchArray($result))
160 {
161 $pwd_expires = $row['pwd_expiration_date'];
162 }
163 $current_date = date("Y-m-d");
164 if($pwd_expires != "0000-00-00")
165 {
166 $grace_time1 = date("Y-m-d", strtotime($pwd_expires . "+".$GLOBALS['password_grace_time'] ."days"));
167 }
168 if(($grace_time1 != "") && strtotime($current_date) > strtotime($grace_time1))
169 {
170 sqlStatement("update users set active=0 where username = ?",array($user));
171 $_SESSION['loginfailure'] = 1;
172 return true;
173 }
174 return false;
175 }
177 function getUserList ($cols = '*', $limit = 'all', $start = '0')
178 {
179 if ($limit = "all")
180 $rez = sqlStatement("select $cols from users where username != '' order by date DESC");
181 else
182 $rez = sqlStatement("select $cols from users where username != '' order by date DESC limit $limit, $start");
183 for ($iter = 0; $row = sqlFetchArray($rez); $iter++)
184 $tbl[$iter] = $row;
185 return $tbl;
186 }
188 function getProviderList ($cols = '*', $limit= 'all', $start = '0')
189 {
190 if ($limit = "all")
191 $rez = sqlStatement("select $cols from groups order by date DESC");
192 else
193 $rez = sqlStatement("select $cols from groups order by date DESC limit $limit, $start");
194 for ($iter = 0; $row = sqlFetchArray($rez); $iter++)
195 $tbl[$iter] = $row;
196 return $tbl;
197 }
199 function addGroup ($groupname)
200 {
201 return sqlInsert("insert into groups (name) values (?)", array($groupname));
202 }
204 function delGroup ($group_id)
205 {
206 return sqlQuery("delete from groups where id = ? limit 0,1", array($group_id));
207 }
209 /***************************************************************
210 //pennfirm
211 //Function currently user by new post calendar code to determine
212 //if a given user is in a group with another user
213 //and if so to allow editing of that users events
214 //
215 //*************************************************************/
217 function validateGroupStatus ($user_to_be_checked, $group_user) {
218 if (isset($user_to_be_checked) && isset($group_user)) {
219 if ($user_to_be_checked == $group_user) {
221 return true;
222 }
223 elseif ($_SESSION['authorizeduser'] == 1)
224 return true;
226 $query = "SELECT groups.name FROM users,groups WHERE users.username = ? " .
227 "AND users.username = groups.user group by groups.name";
228 $result = sqlStatement($query, array($user_to_be_checked));
230 $usertbcGroups = array();
232 while ($row = sqlFetchArray($result)) {
233 $usertbcGroups[] = $row[0];
234 }
236 $query = "SELECT groups.name FROM users,groups WHERE users.username = ? " .
237 "AND users.username = groups.user group by groups.name";
238 $result = sqlStatement($query, array($group_user));
240 $usergGroups = array();
242 while ($row = sqlFetchArray($result)) {
243 $usergGroups[] = $row[0];
244 }
245 foreach ($usertbcGroups as $group) {
246 if(in_array($group,$usergGroups)) {
247 return true;
248 }
249 }
251 }
253 return false;
254 }
257 // Attempt to update the user's password, password history, and password expiration.
258 // Verify that the new password does not match the last three passwords used.
259 // Return true if successfull, false on failure
260 function UpdatePasswordHistory($userid,$pwd)
261 {
262 $result = sqlStatement("select password, pwd_history1, pwd_history2 from users where id = ?",array($userid));
263 if ($row = sqlFetchArray($result)) {
264 $previous_pwd1=$row['password'];
265 $previous_pwd2=$row['pwd_history1'];
266 $previous_pwd3=$row['pwd_history2'];
267 }
268 if (($pwd != $previous_pwd1) && ($pwd != $previous_pwd2) && ($pwd != $previous_pwd3)) {
269 sqlStatement("update users set pwd_history2=?, pwd_history1=?,password=? where id=?",array($previous_pwd2,$previous_pwd1,$pwd,$userid));
270 if($GLOBALS['password_expiration_days'] != 0){
271 $exp_days=$GLOBALS['password_expiration_days'];
272 $exp_date = date('Y-m-d', strtotime("+$exp_days days"));
273 sqlStatement("update users set pwd_expiration_date=? where id=?",array($exp_date,$userid));
274 }
275 return true;
276 }
277 else {
278 return false;
279 }
280 }
281 ?>