search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Onsite Patient Portal:
[openemr.git] / patients / get_patient_info.php
blob28a18a105ab6a9c9aede887c41335f7bf3647b4c
1 <?php
2 // Copyright (C) 2011 Cassian LUP <cassi.lup@gmail.com>
3 //
4 // This program is free software; you can redistribute it and/or
5 // modify it under the terms of the GNU General Public License
6 // as published by the Free Software Foundation; either version 2
7 // of the License, or (at your option) any later version.
8
9 //starting the PHP session (also regenerating the session id to avoid session fixation attacks)
10 session_start();
11 session_regenerate_id(true);
12 //
13
14 //landing page definition -- where to go if something goes wrong
15 $landingpage = "index.php";
16 //
17
18 //checking whether the request comes from index.php
19 if (!isset($_SESSION['itsme'])) {
20 session_destroy();
21 header('Location: '.$landingpage.'?w');
22 exit;
23 }
24 //
25
26 //some validation
27 if (!isset($_POST['uname']) || empty($_POST['uname'])) {
28 session_destroy();
29 header('Location: '.$landingpage.'?w&c');
30 exit;
31 }
32 if (!isset($_POST['code']) || empty($_POST['code'])) {
33 session_destroy();
34 header('Location: '.$landingpage.'?w&c');
35 exit;
36 }
37 //
38
39 //SANITIZE ALL ESCAPES
40 $fake_register_globals=false;
41
42 //STOP FAKE REGISTER GLOBALS
43 $sanitize_all_escapes=true;
44
45 //Settings that will override globals.php
46 $ignoreAuth = 1;
47 //
48
49 //Authentication
50 require_once('../interface/globals.php');
51 $authorizedPortal=false; //flag
52
53 $sql = "SELECT * FROM `patient_access_onsite` WHERE `portal_username` = ? AND `portal_pwd` = ?";
54
55 if ($auth = sqlQuery($sql, array($_POST['uname'],$_POST['code']) )) { // if query gets executed
56 if (empty($auth)) { // no results found
57 session_destroy();
58 header('Location: '.$landingpage.'?w');
59 exit;
60 }
61 } else { // sql error
62 session_destroy();
63 header('Location: '.$landingpage.'?w');
64 exit;
65 }
66
67 $sql = "SELECT * FROM `patient_data` WHERE `pid` = ?";
68
69 if ($userData = sqlQuery($sql, array($auth['pid']) )) { // if query gets executed
70
71 if (empty($userData)) {
72 // no records for this pid, so escape
73 session_destroy();
74 header('Location: '.$landingpage.'?w');
75 exit;
76 }
77
78 if ($userData['allow_patient_portal'] != "YES") {
79 // Patient has not authorized portal, so escape
80 session_destroy();
81 header('Location: '.$landingpage.'?w');
82 exit;
83 }
84
85 if ($auth['pid'] != $userData['pid']) {
86 // Not sure if this is even possible, but should escape if this happens
87 session_destroy();
88 header('Location: '.$landingpage.'?w');
89 exit;
90 }
91
92 if ($auth['portal_pwd_status'] == 0) {
93 if ( isset($_SESSION['password_update']) && !(empty($_POST['code_new'])) && !(empty($_POST['code_new_confirm'])) && ($_POST['code_new'] == $_POST['code_new_confirm']) ) {
94 // Update the password and continue (patient is authorized)
95 sqlStatement("UPDATE `patient_access_onsite` SET `portal_username`=?,`portal_pwd`=?,portal_pwd_status=1 WHERE pid=?", array($_POST['uname'],$_POST['code_new'],$auth['pid']) );
96 $authorizedPortal = true;
97 }
98 else {
99 // Need to enter a new password in the index.php script
100 $_SESSION['password_update'] = 1;
101 header('Location: '.$landingpage);
102 exit;
103 }
104 }
105
106 if ($auth['portal_pwd_status'] == 1) {
107 // continue (patient is authorized)
108 $authorizedPortal = true;
109 }
110
111 if ($authorizedPortal) {
112 // patient is authorized (prepare the session variables)
113 unset($_SESSION['password_update']); // just being safe
114 unset($_SESSION['itsme']); // just being safe
115 $_SESSION['pid'] = $auth['pid'];
116 $_SESSION['patient_portal_onsite'] = 1;
117 }
118 else {
119 session_destroy();
120 header('Location: '.$landingpage.'?w');
121 exit;
122 }
123
124 }
125 else { //problem with query
126 session_destroy();
127 header('Location: '.$landingpage.'?w');
128 exit;
129 }
130 //
131
132 require_once('summary_pat_portal.php');
133
134 ?>
Mirror of official OpenEMR Sourceforge repository