2 //----------THINGS WE ALWAYS DO
4 require_once("{$GLOBALS['srcdir']}/log.inc");
5 require_once("{$GLOBALS['srcdir']}/sql.inc");
7 if ($_GET['auth'] == "login" && isset($_POST['authUser']) && isset($_POST['authPass']) && isset($_POST['authProvider']))
9 if (!authNewSession($_POST['authUser'], $_POST['authPass'], $_POST['authProvider']))
11 newEvent("login",$_POST['authUser'], $_POST['authProvider'], "failure");
14 newEvent("login", $_POST['authUser'], $_POST['authProvider'], "success");
15 $_SESSION["last_update"] = time(); //store the very first initial timestamp for timeout errors
17 else if ($_GET['auth'] == "logout")
19 newEvent("logout", $_SESSION['authUser'], $_SESSION['authProvider'], "success");
25 if (authCheckSession())
27 if (isset($_SESSION['pid']) && !$GLOBALS['DAEMON_FLAG'])
29 require_once("{$GLOBALS['srcdir']}/patient.inc");
30 $logpatient = getPatientData($_SESSION['pid'], "lname, fname, mname");
31 newEvent("view", $_SESSION['authUser'], $_SESSION['authProvider'], "{$logpatient['lname']}, {$logpatient['fname']} {$logpatient['mname']} :: encounter ".$_SESSION['encounter']);
34 //newEvent("view", $_SESSION['authUser'], $_SESSION['authProvider'], $_SERVER['REQUEST_URI']);
37 newEvent("login",$_POST['authUser'], $_POST['authProvider'], "insufficient data sent");
42 if (!isset($_SESSION["last_update"])) {
45 //if page has not been updated in a given period of time, we call login screen
46 if ((time() - $_SESSION["last_update"]) > $timeout) {
47 newEvent("logout", $_SESSION['authUser'], $_SESSION['authProvider'], "timeout");
51 if (!$GLOBALS['DAEMON_FLAG']) $_SESSION["last_update"] = time();
55 //----------THINGS WE DO IF WE STILL LIKE YOU
57 function authNewSession ($user, $pass, $provider)
59 //session_name("OpenEMR");
60 //session_id("81279258720".str_replace(".", "", $_SERVER['REMOTE_ADDR']));
64 //echo "user is: $user pass is: $pass provider is: $provider<br />";
65 $authDB = sqlQuery("select id, password, authorized from users where username = '$user'");
66 //echo "<br>auth pass: ".$authDB['password'];
67 if ($authDB['password'] == $pass)
69 //here, we check to see if the user is in fact a member of the correct group:
70 if ($authGroup = sqlQuery("select * from groups where user='$user' and name='$provider'")) {
71 $_SESSION['authUser'] = $user;
72 $_SESSION['authGroup'] = $authGroup['name'];
73 $_SESSION['authUserID'] = $authDB['id'];
74 $_SESSION['authPass'] = $pass;
75 $_SESSION['authProvider'] = $provider;
76 $_SESSION['authId'] = $authDB{'id'};
77 $_SESSION['userauthorized'] = $authDB['authorized'];
87 function authCheckSession ()
89 if (isset($_SESSION['authId'])) {
90 $authDB = sqlQuery("select username, password from users where id = '".$_SESSION['authId']."'");
91 if ($_SESSION['authUser'] == $authDB['username'] && $_SESSION['authPass'] == $authDB['password']) {
103 function authCloseSession ()
107 // $_SESSION = array();
109 //setcookie(session_name(),"","","/");
110 //the following does the same as the above line:
111 //if(isset($_COOKIE[session_name()])) {
113 // session_destroy();
114 unset($_COOKIE[session_name()]);
118 function authLoginScreen()
120 //header("Location: https://{$_SERVER['HTTP_HOST']}{$GLOBALS['login_screen']}");
121 header("Location: {$GLOBALS['login_screen']}");
125 function addUser ($username, $password_md5, $info, $authorized = 'yes')
127 return sqlInsert("insert into users (username, password, info, authorized) values ('$username', '$password_md5', '$info', '$authorized')");
130 function delUser ($id)
132 return sqlQuery("delete from users where id = '$id' limit 0,1");
135 function changePasword ($id, $new_md5)
137 return sqlQuery("update users set password = '$new_md5' where id = '$id'");
140 function getUserList ($cols = '*', $limit = 'all', $start = '0')
143 $rez = sqlStatement("select $cols from users where username != '' order by date DESC");
145 $rez = sqlStatement("select $cols from users where username != '' order by date DESC limit $limit, $start");
146 for ($iter = 0; $row = sqlFetchArray($rez); $iter++)
151 function getProviderList ($cols = '*', $limit= 'all', $start = '0')
154 $rez = sqlStatement("select $cols from groups order by date DESC");
156 $rez = sqlStatement("select $cols from groups order by date DESC limit $limit, $start");
157 for ($iter = 0; $row = sqlFetchArray($rez); $iter++)
162 function addGroup ($groupname)
164 return sqlInsert("insert into groups (name) values ('$groupname')");
167 function delGroup ($group_id)
169 return sqlQuery("delete from groups where id = '$group_id' limit 0,1");
172 /***************************************************************
174 //Function currently user by new post calendar code to determine
175 //if a given user is in a group with another user
176 //and if so to allow editing of that users events
178 //*************************************************************/
180 function validateGroupStatus ($user_to_be_checked, $group_user) {
181 if (isset($user_to_be_checked) && isset($group_user)) {
182 if ($user_to_be_checked == $group_user) {
186 elseif ($_SESSION['authorizeduser'] == 1)
189 $query = "SELECT groups.name FROM users,groups WHERE users.username = \"" . mysql_real_escape_string($user_to_be_checked) . "\" " .
190 "AND users.username = groups.user group by groups.name";
191 $result = sqlStatement($query);
193 $usertbcGroups = array();
195 while ($row = mysql_fetch_array($result)) {
196 $usertbcGroups[] = $row[0];
199 $query = "SELECT groups.name FROM users,groups WHERE users.username = \"" . mysql_real_escape_string($group_user) . "\" " .
200 "AND users.username = groups.user group by groups.name";
201 $result = sqlStatement($query);
203 $usergGroups = array();
205 while ($row = mysql_fetch_array($result)) {
206 $usergGroups[] = $row[0];
208 foreach ($usertbcGroups as $group) {
209 if(in_array($group,$usergGroups)) {