2 require_once("../globals.php");
3 require_once("../../library/acl.inc");
4 require_once("$srcdir/sha1.js");
5 require_once("$srcdir/sql.inc");
6 require_once("$srcdir/auth.inc");
7 require_once("$srcdir/formdata.inc.php");
8 require_once(dirname(__FILE__
) . "/../../library/classes/WSProvider.class.php");
9 require_once ($GLOBALS['srcdir'] . "/classes/postmaster.php");
15 /* Sending a mail to the admin when the breakglass user is activated only if $GLOBALS['Emergency_Login_email'] is set to 1 */
16 $bg_count=count($access_group);
17 $mail_id = explode(".",$SMTP_HOST);
18 for($i=0;$i<$bg_count;$i++
){
19 if(($_GET['access_group'][$i] == "Emergency Login") && ($_GET['active'] == 'on') && ($_GET['pre_active'] == 0)){
20 if(($_GET['get_admin_id'] == 1) && ($_GET['admin_id'] != "")){
21 $res = sqlStatement("select username from users where id={$_GET["id
"]}");
22 $row = sqlFetchArray($res);
23 $uname=$row['username'];
24 $mail = new MyMailer();
25 $mail->SetLanguage("en",$GLOBALS['fileroot'] . "/library/" );
26 $mail->From
= "admin@".$mail_id[1].".".$mail_id[2];
27 $mail->FromName
= "Administrator OpenEMR";
28 $text_body = "Hello Security Admin,\n\n The Emergency Login user ".$uname.
29 " was activated at ".date('l jS \of F Y h:i:s A')." \n\nThanks,\nAdmin OpenEMR.";
30 $mail->Body
= $text_body;
31 $mail->Subject
= "Emergency Login User Activated";
32 $mail->AddAddress($_GET['admin_id']);
37 /* To refresh and save variables in mail frame */
38 if ($_GET["privatemode"]=="user_admin") {
39 if ($_GET["mode"] == "update") {
40 if ($_GET["username"]) {
41 // $tqvar = addslashes(trim($_GET["username"]));
42 $tqvar = trim(formData('username','G'));
43 $user_data = mysql_fetch_array(sqlStatement("select * from users where id={$_GET["id
"]}"));
44 sqlStatement("update users set username='$tqvar' where id={$_GET["id
"]}");
45 sqlStatement("update groups set user='$tqvar' where user='". $user_data["username"] ."'");
46 //echo "query was: " ."update groups set user='$tqvar' where user='". $user_data["username"] ."'" ;
49 $tqvar = formData('taxid','G');
50 sqlStatement("update users set federaltaxid='$tqvar' where id={$_GET["id
"]}");
52 if ($_GET["state_license_number"]) {
53 $tqvar = formData('state_license_number','G');
54 sqlStatement("update users set state_license_number='$tqvar' where id={$_GET["id
"]}");
56 if ($_GET["drugid"]) {
57 $tqvar = formData('drugid','G');
58 sqlStatement("update users set federaldrugid='$tqvar' where id={$_GET["id
"]}");
61 $tqvar = formData('upin','G');
62 sqlStatement("update users set upin='$tqvar' where id={$_GET["id
"]}");
65 $tqvar = formData('npi','G');
66 sqlStatement("update users set npi='$tqvar' where id={$_GET["id
"]}");
68 if ($_GET["taxonomy"]) {
69 $tqvar = formData('taxonomy','G');
70 sqlStatement("update users set taxonomy = '$tqvar' where id= {$_GET["id
"]}");
73 $tqvar = formData('lname','G');
74 sqlStatement("update users set lname='$tqvar' where id={$_GET["id
"]}");
77 $tqvar = formData('job','G');
78 sqlStatement("update users set specialty='$tqvar' where id={$_GET["id
"]}");
81 $tqvar = formData('mname','G');
82 sqlStatement("update users set mname='$tqvar' where id={$_GET["id
"]}");
84 if ($_GET["facility_id"]) {
85 $tqvar = formData('facility_id','G');
86 sqlStatement("update users set facility_id = '$tqvar' where id = {$_GET["id
"]}");
87 //(CHEMED) Update facility name when changing the id
88 sqlStatement("UPDATE users, facility SET users.facility = facility.name WHERE facility.id = '$tqvar' AND users.id = {$_GET["id
"]}");
91 if ($GLOBALS['restrict_user_facility'] && $_GET["schedule_facility"]) {
92 sqlStatement("delete from users_facility
93 where tablename='users'
94 and table_id={$_GET["id
"]}
95 and facility_id not in (" . implode(",", $_GET['schedule_facility']) . ")");
96 foreach($_GET["schedule_facility"] as $tqvar) {
97 sqlStatement("replace into users_facility set
98 facility_id = '$tqvar',
100 table_id = {$_GET["id
"]}");
103 if ($_GET["fname"]) {
104 $tqvar = formData('fname','G');
105 sqlStatement("update users set fname='$tqvar' where id={$_GET["id
"]}");
108 //(CHEMED) Calendar UI preference
109 if ($_GET["cal_ui"]) {
110 $tqvar = formData('cal_ui','G');
111 sqlStatement("update users set cal_ui = '$tqvar' where id = {$_GET["id
"]}");
113 // added by bgm to set this session variable if the current user has edited
114 // their own settings
115 if ($_SESSION['authId'] == $_GET["id"]) {
116 $_SESSION['cal_ui'] = $tqvar;
119 //END (CHEMED) Calendar UI preference
121 if (isset($_GET['default_warehouse'])) {
122 sqlStatement("UPDATE users SET default_warehouse = '" .
123 formData('default_warehouse','G') .
124 "' WHERE id = '" . formData('id','G') . "'");
127 if (isset($_GET['irnpool'])) {
128 sqlStatement("UPDATE users SET irnpool = '" .
129 formData('irnpool','G') .
130 "' WHERE id = '" . formData('id','G') . "'");
132 //VicarePlus: Empty string of SHA1 is validated
133 if ($_GET["newauthPass"] && $_GET["newauthPass"] != "da39a3ee5e6b4b0d3255bfef95601890afd80709") { // account for empty
134 $tqvar = formData('newauthPass','G');
135 // When the user password is updated and the password history option is enabled, update the password history in database. A new password expiration is also calculated
136 if($GLOBALS['password_history'] != 0 ){
137 $updatepwd = UpdatePasswordHistory($_GET["id"], $tqvar);
140 sqlStatement("update users set password='$tqvar' where id={$_GET["id
"]}");
141 if($GLOBALS['password_expiration_days'] != 0){
142 $exp_days=$GLOBALS['password_expiration_days'];
143 $exp_date = date('Y-m-d', strtotime("+$exp_days days"));
144 sqlStatement("update users set pwd_expiration_date='$exp_date' where id=$userid");
149 // for relay health single sign-on
150 if ($_GET["ssi_relayhealth"]) {
151 $tqvar = formData('ssi_relayhealth','G');
152 sqlStatement("update users set ssi_relayhealth = '$tqvar' where id = {$_GET["id
"]}");
155 $tqvar = $_GET["authorized"] ?
1 : 0;
156 $actvar = $_GET["active"] ?
1 : 0;
157 $calvar = $_GET["calendar"] ?
1 : 0;
159 sqlStatement("UPDATE users SET authorized = $tqvar, active = $actvar, " .
160 "calendar = $calvar, see_auth = '" . $_GET['see_auth'] . "' WHERE " .
161 "id = {$_GET["id
"]}");
162 //Display message when Emergency Login user was activated
163 $bg_count=count($_GET['access_group']);
164 for($i=0;$i<$bg_count;$i++
){
165 if(($_GET['access_group'][$i] == "Emergency Login") && ($_GET['pre_active'] == 0) && ($actvar == 1)){
169 if(($_GET['access_group'])){
170 for($i=0;$i<$bg_count;$i++
){
171 if(($_GET['access_group'][$i] == "Emergency Login") && ($_GET['user_type']) == "" && ($_GET['check_acl'] == 1) && ($_GET['active']) != ""){
176 if ($_GET["comments"]) {
177 $tqvar = formData('comments','G');
178 sqlStatement("update users set info = '$tqvar' where id = {$_GET["id
"]}");
180 $erxrole = formData('erxrole','G');
181 sqlStatement("update users set newcrop_user_role = '$erxrole' where id = {$_GET["id
"]}");
183 if (isset($phpgacl_location) && acl_check('admin', 'acl')) {
184 // Set the access control group of user
185 $user_data = mysql_fetch_array(sqlStatement("select username from users where id={$_GET["id
"]}"));
186 set_user_aro($_GET['access_group'], $user_data["username"],
187 formData('fname','G'), formData('mname','G'), formData('lname','G'));
190 $ws = new WSProvider($_GET['id']);
195 /* To refresh and save variables in mail frame - Arb*/
196 if (isset($_POST["mode"])) {
197 if ($_POST["mode"] == "new_user") {
198 if ($_POST["authorized"] != "1") {
199 $_POST["authorized"] = 0;
201 // $_POST["info"] = addslashes($_POST["info"]);
203 $calvar = $_POST["calendar"] ?
1 : 0;
205 $res = sqlStatement("select distinct username from users where username != ''");
207 while ($row = mysql_fetch_array($res)) {
208 if ($doit == true && $row['username'] == trim(formData('rumple'))) {
214 //if password expiration option is enabled, calculate the expiration date of the password
215 if($GLOBALS['password_expiration_days'] != 0){
216 $exp_days = $GLOBALS['password_expiration_days'];
217 $exp_date = date('Y-m-d', strtotime("+$exp_days days"));
219 $prov_id = idSqlStatement("insert into users set " .
220 "username = '" . trim(formData('rumple' )) .
221 "', password = '" . trim(formData('newauthPass' )) .
222 "', fname = '" . trim(formData('fname' )) .
223 "', mname = '" . trim(formData('mname' )) .
224 "', lname = '" . trim(formData('lname' )) .
225 "', federaltaxid = '" . trim(formData('federaltaxid' )) .
226 "', state_license_number = '" . trim(formData('state_license_number' )) .
227 "', newcrop_user_role = '" . trim(formData('erxrole' )) .
228 "', authorized = '" . trim(formData('authorized' )) .
229 "', info = '" . trim(formData('info' )) .
230 "', federaldrugid = '" . trim(formData('federaldrugid')) .
231 "', upin = '" . trim(formData('upin' )) .
232 "', npi = '" . trim(formData('npi' )).
233 "', taxonomy = '" . trim(formData('taxonomy' )) .
234 "', facility_id = '" . trim(formData('facility_id' )) .
235 "', specialty = '" . trim(formData('specialty' )) .
236 "', see_auth = '" . trim(formData('see_auth' )) .
237 "', cal_ui = '" . trim(formData('cal_ui' )) .
238 "', default_warehouse = '" . trim(formData('default_warehouse')) .
239 "', irnpool = '" . trim(formData('irnpool' )) .
240 "', calendar = '" . $calvar .
241 "', pwd_expiration_date = '" . trim("$exp_date") .
243 //set the facility name from the selected facility_id
244 sqlStatement("UPDATE users, facility SET users.facility = facility.name WHERE facility.id = '" . trim(formData('facility_id')) . "' AND users.username = '" . trim(formData('rumple')) . "'");
246 sqlStatement("insert into groups set name = '" . trim(formData('groupname')) .
247 "', user = '" . trim(formData('rumple')) . "'");
249 if (isset($phpgacl_location) && acl_check('admin', 'acl') && trim(formData('rumple'))) {
250 // Set the access control group of user
251 set_user_aro($_POST['access_group'], trim(formData('rumple')),
252 trim(formData('fname')), trim(formData('mname')), trim(formData('lname')));
255 $ws = new WSProvider($prov_id);
258 $alertmsg .= xl('User','','',' ') . trim(formData('rumple')) . xl('already exists.','',' ');
260 if($_POST['access_group']){
261 $bg_count=count($_POST['access_group']);
262 for($i=0;$i<$bg_count;$i++
){
263 if($_POST['access_group'][$i] == "Emergency Login"){
269 else if ($_POST["mode"] == "new_group") {
270 $res = sqlStatement("select distinct name, user from groups");
271 for ($iter = 0; $row = sqlFetchArray($res); $iter++
)
272 $result[$iter] = $row;
274 foreach ($result as $iter) {
275 if ($doit == 1 && $iter{"name"} == trim(formData('groupname')) && $iter{"user"} == trim(formData('rumple')))
279 sqlStatement("insert into groups set name = '" . trim(formData('groupname')) .
280 "', user = '" . trim(formData('rumple')) . "'");
282 $alertmsg .= "User " . trim(formData('rumple')) .
283 " is already a member of group " . trim(formData('groupname')) . ". ";
288 if (isset($_GET["mode"])) {
290 /*******************************************************************
291 // This is the code to delete a user. Note that the link which invokes
292 // this is commented out. Somebody must have figured it was too dangerous.
294 if ($_GET["mode"] == "delete") {
295 $res = sqlStatement("select distinct username, id from users where id = '" .
297 for ($iter = 0; $row = sqlFetchArray($res); $iter++)
298 $result[$iter] = $row;
300 // TBD: Before deleting the user, we should check all tables that
301 // reference users to make sure this user is not referenced!
303 foreach($result as $iter) {
304 sqlStatement("delete from groups where user = '" . $iter{"username"} . "'");
306 sqlStatement("delete from users where id = '" . $_GET["id"] . "'");
308 *******************************************************************/
310 if ($_GET["mode"] == "delete_group") {
311 $res = sqlStatement("select distinct user from groups where id = '" .
313 for ($iter = 0; $row = sqlFetchArray($res); $iter++
)
314 $result[$iter] = $row;
315 foreach($result as $iter)
317 $res = sqlStatement("select name, user from groups where user = '$un' " .
318 "and id != '" . $_GET["id"] . "'");
320 // Remove the user only if they are also in some other group. I.e. every
321 // user must be a member of at least one group.
322 if (sqlFetchArray($res) != FALSE) {
323 sqlStatement("delete from groups where id = '" . $_GET["id"] . "'");
325 $alertmsg .= "You must add this user to some other group before " .
326 "removing them from this group. ";
331 $form_inactive = empty($_REQUEST['form_inactive']) ?
false : true;
337 <link rel
="stylesheet" href
="<?php echo $css_header;?>" type
="text/css">
338 <link rel
="stylesheet" href
="<?php echo $css_header;?>" type
="text/css">
339 <link rel
="stylesheet" type
="text/css" href
="<?php echo $GLOBALS['webroot'] ?>/library/js/fancybox/jquery.fancybox-1.2.6.css" media
="screen" />
340 <script type
="text/javascript" src
="<?php echo $GLOBALS['webroot'] ?>/library/dialog.js"></script
>
341 <script type
="text/javascript" src
="<?php echo $GLOBALS['webroot'] ?>/library/js/jquery.1.3.2.js"></script
>
342 <script type
="text/javascript" src
="<?php echo $GLOBALS['webroot'] ?>/library/js/common.js"></script
>
343 <script type
="text/javascript" src
="<?php echo $GLOBALS['webroot'] ?>/library/js/fancybox/jquery.fancybox-1.2.6.js"></script
>
344 <script type
="text/javascript" src
="<?php echo $GLOBALS['webroot'] ?>/library/js/jquery-ui.js"></script
>
345 <script type
="text/javascript" src
="<?php echo $GLOBALS['webroot'] ?>/library/js/jquery.easydrag.handler.beta2.js"></script
>
346 <script type
="text/javascript">
348 $
(document
).ready(function(){
356 $
(".iframe_medium").fancybox( {
357 'overlayOpacity' : 0.0,
358 'showCloseButton' : true,
364 // add drag and drop functionality to fancybox
365 $
("#fancy_outer").easydrag();
370 <script language
="JavaScript">
372 function authorized_clicked() {
373 var f
= document
.forms
[0];
374 f
.calendar
.disabled
= !f
.authorized
.checked
;
375 f
.calendar
.checked
= f
.authorized
.checked
;
381 <body
class="body_top">
387 <td
><b
><?php
xl('User / Groups','e'); ?
></b
></td
>
388 <td
><a href
="usergroup_admin_add.php" class="iframe_medium css_button"><span
><?php
xl('Add User','e'); ?
></span
></a
>
390 <td
><a href
="facility_user.php" class="css_button"><span
><?php
xl('View Facility Specific User Information','e'); ?
></span
></a
>
395 <div style
="width:650px;">
398 <form name
='userlist' method
='post' action
='usergroup_admin.php' onsubmit
='return top.restoreSession()'>
399 <input type
='checkbox' name
='form_inactive' value
='1' onclick
='submit()' <?php
if ($form_inactive) echo 'checked '; ?
>/>
400 <span
class='text' style
= "margin-left:-3px"> <?php
xl('Include inactive users','e'); ?
> </span
>
403 if($set_active_msg == 1){
404 echo "<font class='alert'>".xl('Emergency Login ACL is chosen. The user is still in active state, please de-activate the user and activate the same when required during emergency situations. Visit Administration->Users for activation or de-activation.')."</font><br>";
406 if ($show_message == 1){
407 echo "<font class='alert'>".xl('The following Emergency Login User is activated:')." "."<b>".$_GET['fname']."</b>"."</font><br>";
408 echo "<font class='alert'>".xl('Emergency Login activation email will be circulated only if following settings in the interface/globals.php file are configured:')." \$GLOBALS['Emergency_Login_email'], \$GLOBALS['Emergency_Login_email_id']</font>";
412 <table cellpadding
="1" cellspacing
="0" class="showborder">
413 <tbody
><tr height
="22" class="showborder_head">
414 <th width
="180px"><b
><?php
xl('Username','e'); ?
></b
></th
>
415 <th width
="270px"><b
><?php
xl('Real Name','e'); ?
></b
></th
>
416 <th width
="320px"><b
><span
class="bold"><?php
xl('Additional Info','e'); ?
></span
></b
></th
>
417 <th
><b
><?php
xl('Authorized','e'); ?
>?
</b
></th
>
420 $query = "SELECT * FROM users WHERE username != '' ";
421 if (!$form_inactive) $query .= "AND active = '1' ";
422 $query .= "ORDER BY username";
423 $res = sqlStatement($query);
424 for ($iter = 0;$row = sqlFetchArray($res);$iter++
)
425 $result4[$iter] = $row;
426 foreach ($result4 as $iter) {
427 if ($iter{"authorized"}) {
428 $iter{"authorized"} = xl('yes');
430 $iter{"authorized"} = "";
432 print "<tr height=20 class='text' style='border-bottom: 1px dashed;'>
433 <td class='text'><b><a href='user_admin.php?id=" . $iter{"id"} .
434 "' class='iframe_medium' onclick='top.restoreSession()'><span>" . $iter{"username"} . "</span></a></b>" ." </td>
435 <td><span class='text'>" .$iter{"fname"} . ' ' . $iter{"lname"}."</span> </td>
436 <td><span class='text'>" .$iter{"info"} . "</span> </td>
437 <td align='left'><span class='text'>" .$iter{"authorized"} . "</span> </td>";
438 print "<td><!--<a href='usergroup_admin.php?mode=delete&id=" . $iter{"id"} .
439 "' class='link_submit'>[Delete]</a>--></td>";
445 if (empty($GLOBALS['disable_non_default_groups'])) {
446 $res = sqlStatement("select * from groups order by name");
447 for ($iter = 0;$row = sqlFetchArray($res);$iter++
)
448 $result5[$iter] = $row;
450 foreach ($result5 as $iter) {
451 $grouplist{$iter{"name"}} .= $iter{"user"} .
452 "(<a class='link_submit' href='usergroup_admin.php?mode=delete_group&id=" .
453 $iter{"id"} . "' onclick='top.restoreSession()'>Remove</a>), ";
456 foreach ($grouplist as $groupname => $list) {
457 print "<span class='bold'>" . $groupname . "</span><br>\n<span class='text'>" .
458 substr($list,0,strlen($list)-2) . "</span><br>\n";
467 <script language
="JavaScript">
469 if ($alertmsg = trim($alertmsg)) {
470 echo "alert('$alertmsg');\n";
