myportal/index.php

   1 <?php
   2 // +-----------------------------------------------------------------------------+
   3 // Copyright (C) 2011 Z&H Consultancy Services Private Limited <sam@zhservices.com>
   4 //
   5 //
   6 // This program is free software; you can redistribute it and/or
   7 // modify it under the terms of the GNU General Public License
   8 // as published by the Free Software Foundation; either version 2
   9 // of the License, or (at your option) any later version.
  10 //
  11 //
  12 // This program is distributed in the hope that it will be useful,
  13 // but WITHOUT ANY WARRANTY; without even the implied warranty of
  14 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  15 // GNU General Public License for more details.
  16 //
  17 //
  18 // A copy of the GNU General Public License is included along with this program:
  19 // openemr/interface/login/GnuGPL.html
  20 // For more information write to the Free Software
  21 // Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
  22 //
  23 // Author:   Eldho Chacko <eldho@zhservices.com>
  24 //           Jacob T Paul <jacob@zhservices.com>
  25 //           Paul Simon   <paul@zhservices.com>
  26 //
  27 // +------------------------------------------------------------------------------+
  28
  29 //SANITIZE ALL ESCAPES
  30 $sanitize_all_escapes=true;
  31 //
  32
  33 //STOP FAKE REGISTER GLOBALS
  34 $fake_register_globals=false;
  35 //
  36 if (!extension_loaded('soap')) {
  37    die("PLEASE ENABLE SOAP EXTENSION");
  38 }
  39 require_once("../interface/globals.php");
  40  $emr_path = $_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'];
  41  $emrpatharr = explode("/myportal",$emr_path);
  42  $emr_path = (!empty($_SERVER['HTTPS'])) ? "https://".$emrpatharr[0] : "http://".$emrpatharr[0];
  43  $row = sqlQuery("SELECT fname,lname FROM users WHERE id=?",array($_SESSION['authId']));
  44  sqlStatement("DELETE FROM audit_details WHERE audit_master_id IN(SELECT id FROM audit_master WHERE type=5 AND created_time<'".date("Y-m-d H:m",(strtotime(date("Y-m-d H:m")-7200))).":00')");
  45  sqlStatement("DELETE FROM audit_master WHERE type=5 AND created_time<'".date("Y-m-d H:m",(strtotime(date("Y-m-d H:m")-7200))).":00'");
  46
  47  function md5_pass($length = 8)
  48  {
  49   $randkey = substr(md5(rand().rand()), 0, $length);
  50   $res = sqlStatement("SELECT * FROM audit_master AS am LEFT OUTER JOIN audit_details AS ad ON ad.audit_master_id=am.id WHERE type=5 AND field_value=?",array($randkey));
  51   if(sqlNumRows($res)){
  52   md5_pass();
  53   }
  54   else{
  55   $grpID = sqlInsert("INSERT INTO audit_master SET type=5");
  56   sqlStatement("INSERT INTO audit_details SET field_value=? , audit_master_id=?",array($randkey,$grpID));
  57   return $randkey;
  58   }
  59  }
  60  for($i=1;$i<=5;$i++){//some times php is continuing without getting the return value from the function md5_pass()
  61    if(!$randkey){
  62      if($i>1)
  63      sleep(1);
  64      $randkey = md5_pass();
  65    }
  66    else{
  67      break;
  68    }
  69  }
  70 ?>
  71 <html>
  72 <head>
  73     <?php include_once($GLOBALS['fileroot']."/library/sha1.js");?>
  74 <script type="text/javascript">
  75  function getshansubmit(){
  76         randkey = "<?php echo $randkey;?>";
  77         pass = SHA1(document.portal.pass.value+"<?php echo gmdate('Y-m-d H');?>"+randkey);
  78         document.portal.pwd.value=pass;
  79         document.portal.randkey.value=randkey;
  80         document.forms[0].submit();
  81  }
  82
  83 </script>
  84 </head>
  85 <title><?php echo htmlspecialchars(xl("Redirection"),ENT_QUOTES);?></title>
  86 <body onload="getshansubmit()">
  87     <form name="portal" method="post" action="<?php echo htmlspecialchars($GLOBALS['portal_offsite_address'],ENT_QUOTES);?>">
  88     <input type="hidden" name="user" value="<?php echo htmlspecialchars($GLOBALS['portal_offsite_username'],ENT_QUOTES);?>">
  89     <input type="hidden" name="emr_path" value="<?php echo htmlspecialchars($emr_path,ENT_QUOTES);?>">
  90     <input type="hidden" name="emr_site" value="<?php echo htmlspecialchars($_SESSION['site_id'],ENT_QUOTES);?>">
  91     <input type="hidden" name="uname" value="<?php echo htmlspecialchars($row['fname']." ".$row['lname'],ENT_QUOTES);?>">
  92     <input type="hidden" name="pass" value="<?php echo htmlspecialchars($GLOBALS['portal_offsite_password'],ENT_QUOTES);?>">
  93         <input type="hidden" name="randkey" value="">
  94         <input type="hidden" name="pwd" value="">
  95     </form>
  96 </body>
  97 </html>