library/authentication/common_operations.php

   1 <?php
   2 /**
   3  * This is a library of commonly used functions for managing data for authentication
   4  *
   5  * Copyright (C) 2013 Kevin Yeh <kevin.y@integralemr.com> and OEMR <www.oemr.org>
   6  *
   7  * LICENSE: This program is free software; you can redistribute it and/or
   8  * modify it under the terms of the GNU General Public License
   9  * as published by the Free Software Foundation; either version 3
  10  * of the License, or (at your option) any later version.
  11  * This program is distributed in the hope that it will be useful,
  12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  14  * GNU General Public License for more details.
  15  * You should have received a copy of the GNU General Public License
  16  * along with this program. If not, see <http://opensource.org/licenses/gpl-license.php>;.
  17  *
  18  * @package OpenEMR
  19  * @author  Kevin Yeh <kevin.y@integralemr.com>
  20  * @link    http://www.open-emr.org
  21  */
  22
  23 require_once("$srcdir/authentication/privDB.php");
  24 require_once("$srcdir/authentication/password_hashing.php");
  25 define("TBL_USERS_SECURE","users_secure");
  26 define("TBL_USERS","users");
  27
  28 define("COL_PWD","password");
  29 define("COL_UNM","username");
  30 define("COL_ID","id");
  31 define("COL_SALT","salt");
  32 define("COL_LU","last_update");
  33 define("COL_PWD_H1","password_history1");
  34 define("COL_SALT_H1","salt_history1");
  35
  36 define("COL_PWD_H2","password_history2");
  37 define("COL_SALT_H2","salt_history2");
  38
  39
  40 /**
  41  * create a new password entry in the users_secure table
  42  *
  43  * @param type $username
  44  * @param type $password  Passing by reference so additional copy is not created in memory
  45  */
  46 function initializePassword($username,$userid,&$password)
  47 {
  48
  49     $salt=password_salt();
  50     $hash=password_hash($password,$salt);
  51     $passwordSQL= "INSERT INTO ".TBL_USERS_SECURE.
  52                   " (".implode(",",array(COL_ID,COL_UNM,COL_PWD,COL_SALT,COL_LU)).")".
  53                   " VALUES (?,?,?,?,NOW()) ";
  54
  55     $params=array(
  56                     $userid,
  57                     $username,
  58                     $hash,
  59                     $salt
  60     );
  61     privStatement($passwordSQL,$params);
  62 }
  63
  64
  65 /**
  66  * After a user's password has been updated to use the new hashing strategy wipe out the old hash value.
  67  *
  68  *
  69  * @param type $username
  70  * @param type $userid
  71  */
  72 function purgeCompatabilityPassword($username,$userid)
  73 {
  74     $purgeSQL = " UPDATE " . TBL_USERS
  75                 ." SET ". COL_PWD . "='NoLongerUsed' "
  76                 ." WHERE ".COL_UNM. "=? "
  77                 ." AND ".COL_ID. "=?";
  78     privStatement($purgeSQL,array($username,$userid));
  79 }
  80 ?>