3 * This is a library of commonly used functions for managing data for authentication
5 * Copyright (C) 2013 Kevin Yeh <kevin.y@integralemr.com> and OEMR <www.oemr.org>
7 * LICENSE: This program is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU General Public License
9 * as published by the Free Software Foundation; either version 3
10 * of the License, or (at your option) any later version.
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
15 * You should have received a copy of the GNU General Public License
16 * along with this program. If not, see <http://opensource.org/licenses/gpl-license.php>;.
19 * @author Kevin Yeh <kevin.y@integralemr.com>
20 * @link http://www.open-emr.org
23 require_once("$srcdir/authentication/privDB.php");
24 require_once("$srcdir/authentication/password_hashing.php");
25 define("TBL_USERS_SECURE","users_secure");
26 define("TBL_USERS","users");
28 define("COL_PWD","password");
29 define("COL_UNM","username");
30 define("COL_ID","id");
31 define("COL_SALT","salt");
32 define("COL_LU","last_update");
33 define("COL_PWD_H1","password_history1");
34 define("COL_SALT_H1","salt_history1");
36 define("COL_PWD_H2","password_history2");
37 define("COL_SALT_H2","salt_history2");
41 * create a new password entry in the users_secure table
43 * @param type $username
44 * @param type $password Passing by reference so additional copy is not created in memory
46 function initializePassword($username,$userid,&$password)
49 $salt=password_salt();
50 $hash=password_hash($password,$salt);
51 $passwordSQL= "INSERT INTO ".TBL_USERS_SECURE
.
52 " (".implode(",",array(COL_ID
,COL_UNM
,COL_PWD
,COL_SALT
,COL_LU
)).")".
53 " VALUES (?,?,?,?,NOW()) ";
61 privStatement($passwordSQL,$params);
66 * After a user's password has been updated to use the new hashing strategy wipe out the old hash value.
69 * @param type $username
72 function purgeCompatabilityPassword($username,$userid)
74 $purgeSQL = " UPDATE " . TBL_USERS
75 ." SET ". COL_PWD
. "='NoLongerUsed' "
76 ." WHERE ".COL_UNM
. "=? "
77 ." AND ".COL_ID
. "=?";
78 privStatement($purgeSQL,array($username,$userid));