2 // +-----------------------------------------------------------------------------+
3 // Copyright (C) 2011 Z&H Consultancy Services Private Limited <sam@zhservices.com>
6 // This program is free software; you can redistribute it and/or
7 // modify it under the terms of the GNU General Public License
8 // as published by the Free Software Foundation; either version 2
9 // of the License, or (at your option) any later version.
12 // This program is distributed in the hope that it will be useful,
13 // but WITHOUT ANY WARRANTY; without even the implied warranty of
14 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 // GNU General Public License for more details.
18 // A copy of the GNU General Public License is included along with this program:
19 // openemr/interface/login/GnuGPL.html
20 // For more information write to the Free Software
21 // Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
23 // Author: Eldho Chacko <eldho@zhservices.com>
24 // Jacob T Paul <jacob@zhservices.com>
25 // Paul Simon <paul@zhservices.com>
27 // +------------------------------------------------------------------------------+
29 //SANITIZE ALL ESCAPES
30 $sanitize_all_escapes=true;
33 //STOP FAKE REGISTER GLOBALS
34 $fake_register_globals=false;
36 require_once("../../globals.php");
37 require_once("$srcdir/sql.inc");
38 require_once("$srcdir/classes/postmaster.php");
40 // Collect portalsite parameter (either off for offsite or on for onsite); only allow off or on
41 $portalsite = isset($_GET['portalsite']) ?
$_GET['portalsite'] : $portalsite = "off";
42 if ($portalsite != "off" && $portalsite != "on") $portalsite = "off";
44 $row = sqlQuery("SELECT pd.*,pao.portal_username,pao.portal_pwd,pao.portal_pwd_status FROM patient_data AS pd LEFT OUTER JOIN patient_access_" . add_escape_custom($portalsite) . "site AS pao ON pd.pid=pao.pid WHERE pd.pid=?",array($pid));
46 function generatePassword($length=6, $strength=1) {
47 $consonants = 'bdghjmnpqrstvzacefiklowxy';
48 $numbers = '0234561789';
54 for ($i = 0; $i < $length/3; $i++
) {
56 $password .= $consonants[(rand() %
strlen($consonants))].$numbers[(rand() %
strlen($numbers))].$specials[(rand() %
strlen($specials))];
59 $password .= $numbers[(rand() %
strlen($numbers))].$specials[(rand() %
strlen($specials))].$consonants[(rand() %
strlen($consonants))];
66 function validEmail($email){
67 if(preg_match("/^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$/i", $email)) {
73 function messageCreate($uname,$pass,$site){
74 $message = htmlspecialchars( xl("Patient Portal Web Address"),ENT_NOQUOTES
) . ":<br>";
76 $message .= "<a href='" . htmlspecialchars($GLOBALS['portal_onsite_address'],ENT_QUOTES
) . "'>" .
77 htmlspecialchars($GLOBALS['portal_onsite_address'],ENT_NOQUOTES
) . "</a><br><br>";
80 $offsite_portal_patient_link = $GLOBALS['portal_offsite_address_patient_link'] ?
htmlspecialchars($GLOBALS['portal_offsite_address_patient_link'],ENT_QUOTES
) : htmlspecialchars("https://mydocsportal.com",ENT_QUOTES
);
81 $message .= "<a href='" . $offsite_portal_patient_link . "'>" .
82 $offsite_portal_patient_link . "</a><br><br>";
83 $message .= htmlspecialchars(xl("Provider Id"),ENT_NOQUOTES
) . ": " .
84 htmlspecialchars($GLOBALS['portal_offsite_providerid'],ENT_NOQUOTES
) . "<br><br>";
87 $message .= htmlspecialchars(xl("User Name"),ENT_NOQUOTES
) . ": " .
88 htmlspecialchars($uname,ENT_NOQUOTES
) . "<br><br>" .
89 htmlspecialchars(xl("Password"),ENT_NOQUOTES
) . ": " .
90 htmlspecialchars($pass,ENT_NOQUOTES
) . "<br><br>";
94 function emailLogin($patient_id,$message){
95 $patientData = sqlQuery("SELECT * FROM `patient_data` WHERE `pid`=?", array($patient_id) );
96 if ( $patientData['hipaa_allowemail'] != "YES" ||
empty($patientData['email']) ||
empty($GLOBALS['patient_reminder_sender_email']) ) {
99 if (!(validEmail($patientData['email']))) {
102 if (!(validEmail($GLOBALS['patient_reminder_sender_email']))) {
106 $mail = new MyMailer();
107 $pt_name=$patientData['fname'].' '.$patientData['lname'];
108 $pt_email=$patientData['email'];
109 $email_subject=xl('Access Your Patient Portal');
110 $email_sender=$GLOBALS['patient_reminder_sender_email'];
111 $mail->AddReplyTo($email_sender, $email_sender);
112 $mail->SetFrom($email_sender, $email_sender);
113 $mail->AddAddress($pt_email, $pt_name);
114 $mail->Subject
= $email_subject;
115 $mail->MsgHTML("<html><body><div class='wrapper'>".$message."</div></body></html>");
117 $mail->AltBody
= $message;
122 $email_status = $mail->ErrorInfo
;
123 error_log("EMAIL ERROR: ".$email_status,0);
128 function displayLogin($patient_id,$message,$emailFlag){
129 $patientData = sqlQuery("SELECT * FROM `patient_data` WHERE `pid`=?", array($patient_id) );
131 $message = "<br><br>" .
132 htmlspecialchars(xl("Email was sent to following address"),ENT_NOQUOTES
) . ": " .
133 htmlspecialchars($patientData['email'],ENT_NOQUOTES
) . "<br><br>" .
136 echo "<html><body onload='top.printLogPrint(window);'>" . $message . "</body></html>";
139 if(isset($_REQUEST['form_save']) && $_REQUEST['form_save']=='SUBMIT'){
140 require_once("$srcdir/authentication/common_operations.php");
142 $clear_pass=$_REQUEST['pwd'];
144 $res = sqlStatement("SELECT * FROM patient_access_" . add_escape_custom($portalsite) . "site WHERE pid=?",array($pid));
145 $query_parameters=array($_REQUEST['uname']);
147 if($portalsite=='on')
149 // For onsite portal create a blowfish based hash and salt.
150 $new_salt = oemr_password_salt();
151 $salt_clause = ",portal_salt=? ";
152 array_push($query_parameters,oemr_password_hash($clear_pass,$new_salt),$new_salt);
156 // For offsite portal still create and SHA1 hashed password
157 // When offsite portal is updated to handle blowfish, then both portals can use the same execution path.
158 array_push($query_parameters,SHA1($clear_pass));
160 array_push($query_parameters,$pid);
161 if(sqlNumRows($res)){
162 sqlStatement("UPDATE patient_access_" . add_escape_custom($portalsite) . "site SET portal_username=?,portal_pwd=?,portal_pwd_status=0 " . $salt_clause . " WHERE pid=?",$query_parameters);
165 sqlStatement("INSERT INTO patient_access_" . add_escape_custom($portalsite) . "site SET portal_username=?,portal_pwd=?,portal_pwd_status=0" . $salt_clause . " ,pid=?",$query_parameters);
168 // Create the message
169 $message = messageCreate($_REQUEST['uname'],$clear_pass,$portalsite);
170 // Email and display/print the message
171 if ( emailLogin($pid,$message) ) {
173 displayLogin($pid,$message,true);
177 displayLogin($pid,$message,false);
184 <link rel
="stylesheet" href
="<?php echo $css_header;?>" type
="text/css">
186 <script type
="text/javascript" src
="<?php echo $GLOBALS['assets_static_relative']; ?>/jquery-min-1-6-4/index.js"></script
>
187 <script type
="text/javascript">
190 // get a public key to encrypt the password info and send
191 document
.getElementById('form_save').value
='SUBMIT';
192 document
.forms
[0].submit();
196 <body
class="body_top">
197 <form name
="portallogin" action
="" method
="POST">
198 <table align
="center" style
="margin-top:10px">
200 <th colspan
="5" align
="center"><?php
echo htmlspecialchars(xl("Generate Username And Password For")." ".$row['fname'],ENT_QUOTES
);?
></th
>
203 if($portalsite == 'off'){
206 <td
><?php
echo htmlspecialchars(xl('Provider Id').':',ENT_QUOTES
);?
></td
>
207 <td
><span
><?php
echo htmlspecialchars($GLOBALS['portal_offsite_providerid'],ENT_QUOTES
);?
></span
></td
>
213 <td
><?php
echo htmlspecialchars(xl('User Name').':',ENT_QUOTES
);?
></td
>
214 <td
><input type
="text" name
="uname" value
="<?php if($row['portal_username']) echo htmlspecialchars($row['portal_username'],ENT_QUOTES); else echo htmlspecialchars($row['fname'].$row['id'],ENT_QUOTES);?>" size
="10" readonly
></td
>
217 <td
><?php
echo htmlspecialchars(xl('Password').':',ENT_QUOTES
);?
></td
>
219 $pwd = generatePassword();
221 <td
><input type
="text" name
="pwd" id
="pwd" value
="<?php echo htmlspecialchars($pwd,ENT_QUOTES);?>" size
="10"/>
223 <td
><a href
="#" class="css_button" onclick
="top.restoreSession(); javascript:document.location.reload()"><span
><?php
echo htmlspecialchars(xl('Change'),ENT_QUOTES
);?
></span
></a
></td
>
226 <td
><input type
="hidden" name
="form_save" id
="form_save"></td
>
227 <td colspan
="5" align
="center">
228 <a href
="#" class="css_button" onclick
="return transmit()"><span
><?php
echo htmlspecialchars(xl('Save'),ENT_QUOTES
);?
></span
></a
>
229 <input type
="hidden" name
="form_cancel" id
="form_cancel">
230 <a href
="#" class="css_button" onclick
="top.restoreSession(); parent.$.fn.fancybox.close();"><span
><?php
echo htmlspecialchars(xl('Cancel'),ENT_QUOTES
);?
></span
></a
>