Fix for the Open in New Window in Patient/Client->Patients search gui, take 2.
[openemr.git] / library / authentication / login_operations.php
blob918b2723091ed714e46d239cab30660fa630f70c
1 <?php
2 /**
3 * This is a library of commonly used functions for managing data for authentication
4 *
5 * Copyright (C) 2013 Kevin Yeh <kevin.y@integralemr.com> and OEMR <www.oemr.org>
7 * LICENSE: This program is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU General Public License
9 * as published by the Free Software Foundation; either version 3
10 * of the License, or (at your option) any later version.
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
15 * You should have received a copy of the GNU General Public License
16 * along with this program. If not, see <http://opensource.org/licenses/gpl-license.php>;.
18 * @package OpenEMR
19 * @author Kevin Yeh <kevin.y@integralemr.com>
20 * @link http://www.open-emr.org
23 require_once("$srcdir/authentication/common_operations.php");
27 /**
29 * @param type $username
30 * @param type $password password is passed by reference so that it can be "cleared out"
31 * as soon as we are done with it.
32 * @param type $provider
34 function validate_user_password($username,&$password,$provider)
36 $ip=$_SERVER['REMOTE_ADDR'];
38 $valid=false;
39 $getUserSecureSQL= " SELECT " . implode(",",array(COL_ID,COL_PWD,COL_SALT))
40 ." FROM ".TBL_USERS_SECURE
41 ." WHERE BINARY ".COL_UNM."=?";
42 // Use binary keyword to require case sensitive username match
43 $userSecure=privQuery($getUserSecureSQL,array($username));
44 if(is_array($userSecure))
46 $phash=password_hash($password,$userSecure[COL_SALT]);
47 if($phash!=$userSecure[COL_PWD])
50 return false;
52 $valid=true;
54 else
56 if((!isset($GLOBALS['password_compatibility'])||$GLOBALS['password_compatibility'])) // use old password scheme if allowed.
58 $getUserSQL="select id, password from users where username = ?";
59 $userInfo = privQuery($getUserSQL,array($username));
60 $dbPasswordLen=strlen($userInfo['password']);
61 if($dbPasswordLen==32)
63 $phash=md5($password);
64 $valid=$phash==$userInfo['password'];
66 else if($dbPasswordLen==40)
68 $phash=sha1($password);
69 $valid=$phash==$userInfo['password'];
71 if($valid)
73 initializePassword($username,$userInfo['id'],$password);
74 purgeCompatabilityPassword($username,$userInfo['id']);
75 $_SESSION['relogin'] = 1;
77 else
79 return false;
84 $getUserSQL="select id, authorized, see_auth".
85 ", cal_ui, active ".
86 " from users where BINARY username = ?";
87 $userInfo = privQuery($getUserSQL,array($username));
89 if ($userInfo['active'] != 1) {
90 newEvent( 'login', $username, $provider, 0, "failure: $ip. user not active or not found in users table");
91 $password='';
92 return false;
94 // Done with the cleartext password at this point!
95 $password='';
96 if($valid)
98 if ($authGroup = privQuery("select * from groups where user=? and name=?",array($username,$provider)))
100 $_SESSION['authUser'] = $username;
101 $_SESSION['authGroup'] = $authGroup['name'];
102 $_SESSION['authUserID'] = $userInfo['id'];
103 $_SESSION['authProvider'] = $provider;
104 $_SESSION['authId'] = $userInfo{'id'};
105 $_SESSION['cal_ui'] = $userInfo['cal_ui'];
106 $_SESSION['userauthorized'] = $userInfo['authorized'];
107 // Some users may be able to authorize without being providers:
108 if ($userInfo['see_auth'] > '2') $_SESSION['userauthorized'] = '1';
109 newEvent( 'login', $username, $provider, 1, "success: $ip");
110 $valid=true;
111 } else {
112 newEvent( 'login', $username, $provider, 0, "failure: $ip. user not in group: $provider");
113 $valid=false;
119 return $valid;
122 function verify_user_gacl_group($user)
124 global $phpgacl_location;
125 if (isset ($phpgacl_location)) {
126 if (acl_get_group_titles($user) == 0) {
127 newEvent( 'login', $user, $provider, 0, "failure: $ip. user not in any phpGACL groups. (bad username?)");
128 return false;
131 return true;