interface/patient_file/summary/create_portallogin.php

   1 <?php
   2 // +-----------------------------------------------------------------------------+
   3 // Copyright (C) 2011 Z&H Consultancy Services Private Limited <sam@zhservices.com>
   4 //
   5 //
   6 // This program is free software; you can redistribute it and/or
   7 // modify it under the terms of the GNU General Public License
   8 // as published by the Free Software Foundation; either version 2
   9 // of the License, or (at your option) any later version.
  10 //
  11 //
  12 // This program is distributed in the hope that it will be useful,
  13 // but WITHOUT ANY WARRANTY; without even the implied warranty of
  14 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  15 // GNU General Public License for more details.
  16 //
  17 //
  18 // A copy of the GNU General Public License is included along with this program:
  19 // openemr/interface/login/GnuGPL.html
  20 // For more information write to the Free Software
  21 // Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
  22 //
  23 // Author:   Eldho Chacko <eldho@zhservices.com>
  24 //           Jacob T Paul <jacob@zhservices.com>
  25 //           Paul Simon   <paul@zhservices.com>
  26 //
  27 // +------------------------------------------------------------------------------+
  28
  29 //SANITIZE ALL ESCAPES
  30 $sanitize_all_escapes=true;
  31 //
  32
  33 //STOP FAKE REGISTER GLOBALS
  34 $fake_register_globals=false;
  35 //
  36  require_once("../../globals.php");
  37  require_once("$srcdir/sql.inc");
  38  require_once("$srcdir/formdata.inc.php");
  39  require_once("$srcdir/sha1.js");
  40  require_once("$srcdir/classes/postmaster.php");
  41
  42 // Collect portalsite parameter (either off for offsite or on for onsite); only allow off or on
  43 isset($_GET['portalsite']) ? $portalsite = $_GET['portalsite'] : $portalsite = "off";
  44 if ($portalsite != "off" && $portalsite != "on") $portalsite = "off";
  45
  46  $row = sqlQuery("SELECT pd.*,pao.portal_username,pao.portal_pwd,pao.portal_pwd_status FROM patient_data AS pd LEFT OUTER JOIN patient_access_" . add_escape_custom($portalsite) . "site AS pao ON pd.pid=pao.pid WHERE pd.pid=?",array($pid));
  47
  48 function generatePassword($length=6, $strength=1) {
  49         $consonants = 'bdghjmnpqrstvzacefiklowxy';
  50         $numbers = '0234561789';
  51         $specials = '@#$%';
  52
  53
  54         $password = '';
  55         $alt = time() % 2;
  56         for ($i = 0; $i < $length/3; $i++) {
  57                 if ($alt == 1) {
  58                         $password .= $consonants[(rand() % strlen($consonants))].$numbers[(rand() % strlen($numbers))].$specials[(rand() % strlen($specials))];
  59                         $alt = 0;
  60                 } else {
  61                         $password .= $numbers[(rand() % strlen($numbers))].$specials[(rand() % strlen($specials))].$consonants[(rand() % strlen($consonants))];
  62                         $alt = 1;
  63                 }
  64         }
  65         return $password;
  66 }
  67
  68 function validEmail($email){
  69     if(eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$", $email)) {
  70     return true;
  71     }
  72     return false;
  73 }
  74
  75 function messageCreate($uname,$pass,$site){
  76     $message = htmlspecialchars( xl("Patient Portal Web Address"),ENT_NOQUOTES) . ":<br>";
  77     if ($site == "on") {
  78         $message .= "<a href='" . htmlspecialchars($GLOBALS['portal_onsite_address'],ENT_QUOTES) . "'>" .
  79                     htmlspecialchars($GLOBALS['portal_onsite_address'],ENT_NOQUOTES) . "</a><br><br>";
  80     } // $site == "off"
  81     else {
  82         $offsite_portal_patient_link = $GLOBALS['portal_offsite_address_patient_link'] ?  htmlspecialchars($GLOBALS['portal_offsite_address_patient_link'],ENT_QUOTES) : htmlspecialchars("https://mydocsportal.com",ENT_QUOTES);
  83         $message .= "<a href='" . $offsite_portal_patient_link . "'>" .
  84                     $offsite_portal_patient_link . "</a><br><br>";
  85     }
  86         $message .= htmlspecialchars(xl("User Name"),ENT_NOQUOTES) . ": " .
  87                     htmlspecialchars($uname,ENT_NOQUOTES) . "<br><br>" .
  88                     htmlspecialchars(xl("Password"),ENT_NOQUOTES) . ": " .
  89                     htmlspecialchars($pass,ENT_NOQUOTES) . "<br><br>";
  90     return $message;
  91 }
  92
  93 function emailLogin($patient_id,$message){
  94     $patientData = sqlQuery("SELECT * FROM `patient_data` WHERE `pid`=?", array($patient_id) );
  95     if ( $patientData['hipaa_allowemail'] != "YES" || empty($patientData['email']) || empty($GLOBALS['patient_reminder_sender_email']) ) {
  96         return false;
  97     }
  98     if (!(validEmail($patientData['email']))) {
  99         return false;
 100     }
 101     if (!(validEmail($GLOBALS['patient_reminder_sender_email']))) {
 102         return false;
 103     }
 104
 105     $mail = new MyMailer();
 106     $pt_name=$patientData['fname'].' '.$patientData['lname'];
 107     $pt_email=$patientData['email'];
 108     $email_subject=xl('Access Your Patient Portal');
 109     $email_sender=$GLOBALS['patient_reminder_sender_email'];
 110     $mail->AddReplyTo($email_sender, $email_sender);
 111     $mail->SetFrom($email_sender, $email_sender);
 112     $mail->AddAddress($pt_email, $pt_name);
 113     $mail->Subject = $email_subject;
 114     $mail->MsgHTML("<html><body><div class='wrapper'>".$message."</div></body></html>");
 115     $mail->IsHTML(true);
 116     $mail->AltBody = $message;
 117
 118     if ($mail->Send()) {
 119         return true;
 120     } else {
 121         $email_status = $mail->ErrorInfo;
 122         error_log("EMAIL ERROR: ".$email_status,0);
 123         return false;
 124     }
 125 }
 126
 127 function displayLogin($patient_id,$message,$emailFlag){
 128     $patientData = sqlQuery("SELECT * FROM `patient_data` WHERE `pid`=?", array($patient_id) );
 129     if ($emailFlag) {
 130         $message = "<br><br>" .
 131                    htmlspecialchars(xl("Email was sent to following address"),ENT_NOQUOTES) . ": " .
 132                    htmlspecialchars($patientData['email'],ENT_NOQUOTES) . "<br><br>" .
 133                    $message;
 134     }
 135     echo "<html><body onload='window.print();'>" . $message . "</body></html>";
 136 }
 137
 138 if(isset($_REQUEST['form_save']) && $_REQUEST['form_save']=='SUBMIT'){
 139     $res = sqlStatement("SELECT * FROM patient_access_" . add_escape_custom($portalsite) . "site WHERE pid=?",array($pid));
 140     if(sqlNumRows($res)){
 141     sqlStatement("UPDATE patient_access_" . add_escape_custom($portalsite) . "site SET portal_username=?,portal_pwd=?,portal_pwd_status=0 WHERE pid=?",array($_REQUEST['uname'],$_REQUEST['authpwd'],$pid));
 142     }
 143     else{
 144     sqlStatement("INSERT INTO patient_access_" . add_escape_custom($portalsite) . "site SET portal_username=?,portal_pwd=?,portal_pwd_status=0,pid=?",array($_REQUEST['uname'],$_REQUEST['authpwd'],$pid));
 145     }
 146
 147     // Create the message
 148     $message = messageCreate($_REQUEST['uname'],$_REQUEST['pwd'],$portalsite);
 149     // Email and display/print the message
 150     if ( emailLogin($pid,$message) ) {
 151         // email was sent
 152         displayLogin($pid,$message,true);
 153     }
 154     else {
 155         // email wasn't sent
 156         displayLogin($pid,$message,false);
 157     }
 158     exit;
 159 } ?>
 160
 161 <html>
 162 <head>
 163 <link rel="stylesheet" href="<?php echo $css_header;?>" type="text/css">
 164 <script type="text/javascript">
 165 function convertPass(){
 166     document.getElementById('authpwd').value=SHA1(document.getElementById('pwd').value);
 167     document.getElementById('form_save').value='SUBMIT';
 168     top.restoreSession();
 169     document.forms[0].submit();
 170 }
 171 </script>
 172 </head>
 173 <body class="body_top">
 174     <form name="portallogin" action="" method="POST">
 175     <table align="center" style="margin-top:10px">
 176         <tr class="text">
 177             <th colspan="5" align="center"><?php echo htmlspecialchars(xl("Generate Username And Password For")." ".$row['fname'],ENT_QUOTES);?></th>
 178         </tr>
 179         <tr class="text">
 180             <td><?php echo htmlspecialchars(xl('User Name').':',ENT_QUOTES);?></td>
 181             <td><input type="text" name="uname" value="<?php if($row['portal_username']) echo htmlspecialchars($row['portal_username'],ENT_QUOTES); else echo htmlspecialchars($row['fname'].$row['id'],ENT_QUOTES);?>" size="10" readonly></td>
 182         </tr>
 183         <tr class="text">
 184             <td><?php echo htmlspecialchars(xl('Password').':',ENT_QUOTES);?></td>
 185             <?php
 186             $pwd = generatePassword();
 187             ?>
 188             <input type="hidden" name="authpwd" id="authpwd">
 189             <td><input type="text" name="pwd" id="pwd" value="<?php echo htmlspecialchars($pwd,ENT_QUOTES);?>" size="10" readonly></td>
 190             <td><a href="#" class="css_button" onclick="top.restoreSession(); javascript:document.location.reload()"><span><?php echo htmlspecialchars(xl('Change'),ENT_QUOTES);?></span></a></td>
 191         </tr>
 192         <tr class="text">
 193             <td><input type="hidden" name="form_save" id="form_save"></td>
 194             <td colspan="5" align="center">
 195                 <a href="#" class="css_button" onclick="return convertPass()"><span><?php echo htmlspecialchars(xl('Save'),ENT_QUOTES);?></span></a>
 196                 <input type="hidden" name="form_cancel" id="form_cancel">
 197                 <a href="#" class="css_button" onclick="top.restoreSession(); parent.$.fn.fancybox.close();"><span><?php echo htmlspecialchars(xl('Cancel'),ENT_QUOTES);?></span></a>
 198             </td>
 199         </tr>
 200     </table>
 201     </form>
 202 </body>