search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Exceptions/Failures when RSA broken
[openemr.git] / interface / usergroup / usergroup_admin_add.php
blobe14f415b6d39c319ddec0214d1ccbf4365ac769a
1 <?php
2 require_once("../globals.php");
3 require_once("../../library/acl.inc");
4 require_once("$srcdir/sha1.js");
5 require_once("$srcdir/sql.inc");
6 require_once("$srcdir/formdata.inc.php");
7 require_once("$srcdir/options.inc.php");
8 require_once(dirname(__FILE__) . "/../../library/classes/WSProvider.class.php");
9 require_once("$srcdir/erx_javascript.inc.php");
10
11 $alertmsg = '';
12
13 ?>
14 <html>
15 <head>
16
17 <link rel="stylesheet" href="<?php echo $css_header;?>" type="text/css">
18 <link rel="stylesheet" href="<?php echo $css_header;?>" type="text/css">
19 <link rel="stylesheet" type="text/css" href="<?php echo $GLOBALS['webroot'] ?>/library/js/fancybox/jquery.fancybox-1.2.6.css" media="screen" />
20 <script type="text/javascript" src="<?php echo $GLOBALS['webroot'] ?>/library/dialog.js"></script>
21 <script type="text/javascript" src="<?php echo $GLOBALS['webroot'] ?>/library/js/jquery.1.3.2.js"></script>
22 <script type="text/javascript" src="<?php echo $GLOBALS['webroot'] ?>/library/js/common.js"></script>
23 <script type="text/javascript" src="<?php echo $GLOBALS['webroot'] ?>/library/js/fancybox/jquery.fancybox-1.2.6.js"></script>
24 <script type="text/javascript" src="<?php echo $GLOBALS['webroot'] ?>/library/js/crypt/jsbn.js"></script>
25 <script type="text/javascript" src="<?php echo $GLOBALS['webroot'] ?>/library/js/crypt/rsa.js"></script>
26
27 <script src="checkpwd_validation.js" type="text/javascript"></script>
28
29 <script language="JavaScript">
30 function trimAll(sString)
31 {
32 while (sString.substring(0,1) == ' ')
33 {
34 sString = sString.substring(1, sString.length);
35 }
36 while (sString.substring(sString.length-1, sString.length) == ' ')
37 {
38 sString = sString.substring(0,sString.length-1);
39 }
40 return sString;
41 }
42
43 function submitform() {
44 if (document.forms[0].rumple.value.length>0 && document.forms[0].stiltskin.value.length>0 && document.getElementById('fname').value.length >0 && document.getElementById('lname').value.length >0) {
45 top.restoreSession();
46
47 //Checking if secure password is enabled or disabled.
48 //If it is enabled and entered password is a weak password, alert the user to enter strong password.
49 if(document.new_user.secure_pwd.value == 1){
50 var password = trim(document.new_user.stiltskin.value);
51 if(password != "") {
52 var pwdresult = passwordvalidate(password);
53 if(pwdresult == 0){
54 alert("<?php echo xl('The password must be at least eight characters, and should'); echo '\n'; echo xl('contain at least three of the four following items:'); echo '\n'; echo xl('A number'); echo '\n'; echo xl('A lowercase letter'); echo '\n'; echo xl('An uppercase letter'); echo '\n'; echo xl('A special character');echo '('; echo xl('not a letter or number'); echo ').'; echo '\n'; echo xl('For example:'); echo ' healthCare@09'; ?>");
55 return false;
56 }
57 }
58 } //secure_pwd if ends here
59
60 <?php if($GLOBALS['erx_enable']){ ?>
61 alertMsg='';
62 f=document.forms[0];
63 for(i=0;i<f.length;i++){
64 if(f[i].type=='text' && f[i].value)
65 {
66 if(f[i].name == 'rumple')
67 {
68 alertMsg += checkLength(f[i].name,f[i].value,35);
69 alertMsg += checkUsername(f[i].name,f[i].value);
70 }
71 else if(f[i].name == 'fname' || f[i].name == 'mname' || f[i].name == 'lname')
72 {
73 alertMsg += checkLength(f[i].name,f[i].value,35);
74 alertMsg += checkUsername(f[i].name,f[i].value);
75 }
76 else if(f[i].name == 'federaltaxid')
77 {
78 alertMsg += checkLength(f[i].name,f[i].value,10);
79 alertMsg += checkFederalEin(f[i].name,f[i].value);
80 }
81 else if(f[i].name == 'state_license_number')
82 {
83 alertMsg += checkLength(f[i].name,f[i].value,10);
84 alertMsg += checkStateLicenseNumber(f[i].name,f[i].value);
85 }
86 else if(f[i].name == 'npi')
87 {
88 alertMsg += checkLength(f[i].name,f[i].value,35);
89 alertMsg += checkTaxNpiDea(f[i].name,f[i].value);
90 }
91 else if(f[i].name == 'federaldrugid')
92 {
93 alertMsg += checkLength(f[i].name,f[i].value,30);
94 alertMsg += checkAlphaNumeric(f[i].name,f[i].value);
95 }
96 }
97 }
98 if(alertMsg)
99 {
100 alert(alertMsg);
101 return false;
102 }
103 <?php } // End erx_enable only include block?>
104
105 // get a public key to encrypt the password info and send
106 $.ajax({
107 url: '<?php echo $webroot; ?>/library/ajax/rsa_request.php',
108 async: false,
109 success: function(public_key)
110 {
111 var key = RSA.getPublicKey(public_key);
112 $("input[name='userPass']").val(RSA.encrypt($("input[name='adminPass']").val(), key));
113 $("input[name='newauthPass']").val(RSA.encrypt($("input[name='stiltskin']").val(), key));
114 $("input[name='pk']").val(public_key);
115 $('input[name="adminPass"]').val('');
116 $('input[name="stiltskin"]').val('');
117 document.forms[0].submit();
118 parent.$.fn.fancybox.close();
119 }
120 });
121
122 } else {
123 if (document.forms[0].rumple.value.length<=0)
124 {
125 document.forms[0].rumple.style.backgroundColor="red";
126 alert("<?php xl('Required field missing: Please enter the User Name','e');?>");
127 document.forms[0].rumple.focus();
128 return false;
129 }
130 if (document.forms[0].stiltskin.value.length<=0)
131 {
132 document.forms[0].stiltskin.style.backgroundColor="red";
133 alert("<?php echo xl('Please enter the password'); ?>");
134 document.forms[0].stiltskin.focus();
135 return false;
136 }
137 if(trimAll(document.getElementById('fname').value) == ""){
138 document.getElementById('fname').style.backgroundColor="red";
139 alert("<?php xl('Required field missing: Please enter the First name','e');?>");
140 document.getElementById('fname').focus();
141 return false;
142 }
143 if(trimAll(document.getElementById('lname').value) == ""){
144 document.getElementById('lname').style.backgroundColor="red";
145 alert("<?php xl('Required field missing: Please enter the Last name','e');?>");
146 document.getElementById('lname').focus();
147 return false;
148 }
149 }
150 }
151 function authorized_clicked() {
152 var f = document.forms[0];
153 f.calendar.disabled = !f.authorized.checked;
154 f.calendar.checked = f.authorized.checked;
155 }
156
157 </script>
158
159 </head>
160 <body class="body_top">
161 <table><tr><td>
162 <span class="title"><?php xl('Add User','e'); ?></span>&nbsp;</td>
163 <td>
164 <a class="css_button" name='form_save' id='form_save' href='#' onclick="return submitform()">
165 <span><?php xl('Save','e');?></span></a>
166 <a class="css_button large_button" id='cancel' href='#'>
167 <span class='css_button_span large_button_span'><?php xl('Cancel','e');?></span>
168 </a>
169 </td></tr></table>
170 <br><br>
171
172 <table border=0>
173
174 <tr><td valign=top>
175 <form name='new_user' method='post' target="_parent" action="usergroup_admin.php"
176 onsubmit='return top.restoreSession()'>
177 <input type='hidden' name='mode' value='new_user'>
178 <input type='hidden' name='secure_pwd' value="<?php echo $GLOBALS['secure_password']; ?>">
179
180 <INPUT TYPE="HIDDEN" NAME="userPass" VALUE="">
181 <INPUT TYPE="HIDDEN" NAME="newauthPass" VALUE="">
182 <INPUT TYPE="HIDDEN" NAME="pk" VALUE="">
183 <span class="bold">&nbsp;</span>
184 </td><td>
185 <table border=0 cellpadding=0 cellspacing=0 style="width:600px;">
186 <tr>
187 <td style="width:150px;"><span class="text"><?php xl('Username','e'); ?>: </span></td><td style="width:220px;"><input type=entry name=rumple style="width:120px;"> <span class="mandatory">&nbsp;*</span></td>
188 <td style="width:150px;"><span class="text"><?php xl('Password','e'); ?>: </span></td><td style="width:250px;"><input type="entry" style="width:120px;" name=stiltskin><span class="mandatory">&nbsp;*</span></td>
189 </tr>
190 <tr>
191 <td style="width:150px;"></td><td style="width:220px;"></span></td>
192 <TD style="width:200px;"><span class=text><?php xl('Your Password','e'); ?>: </span></TD>
193 <TD class='text' style="width:280px;"><input type='password' name=adminPass style="width:120px;" value="" autocomplete='off'><font class="mandatory">*</font></TD>
194
195 </tr>
196 <tr>
197 <td><span class="text"<?php if ($GLOBALS['disable_non_default_groups']) echo " style='display:none'"; ?>><?php xl('Groupname','e'); ?>: </span></td>
198 <td>
199 <select name=groupname<?php if ($GLOBALS['disable_non_default_groups']) echo " style='display:none'"; ?>>
200 <?php
201 $res = sqlStatement("select distinct name from groups");
202 $result2 = array();
203 for ($iter = 0;$row = sqlFetchArray($res);$iter++)
204 $result2[$iter] = $row;
205 foreach ($result2 as $iter) {
206 print "<option value='".$iter{"name"}."'>" . $iter{"name"} . "</option>\n";
207 }
208 ?>
209 </select></td>
210 <td><span class="text"><?php xl('Provider','e'); ?>: </span></td><td>
211 <input type='checkbox' name='authorized' value='1' onclick='authorized_clicked()' />
212 &nbsp;&nbsp;<span class='text'><?php xl('Calendar','e'); ?>:
213 <input type='checkbox' name='calendar' disabled />
214 </td>
215 </tr>
216 <tr>
217 <td><span class="text"><?php xl('First Name','e'); ?>: </span></td><td><input type=entry name='fname' id='fname' style="width:120px;"><span class="mandatory">&nbsp;*</span></td>
218 <td><span class="text"><?php xl('Middle Name','e'); ?>: </span></td><td><input type=entry name='mname' style="width:120px;"></td>
219 </tr>
220 <tr>
221 <td><span class="text"><?php xl('Last Name','e'); ?>: </span></td><td><input type=entry name='lname' id='lname' style="width:120px;"><span class="mandatory">&nbsp;*</span></td>
222 <td><span class="text"><?php xl('Default Facility','e'); ?>: </span></td><td><select style="width:120px;" name=facility_id>
223 <?php
224 $fres = sqlStatement("select * from facility where service_location != 0 order by name");
225 if ($fres) {
226 for ($iter = 0;$frow = sqlFetchArray($fres);$iter++)
227 $result[$iter] = $frow;
228 foreach($result as $iter) {
229 ?>
230 <option value="<?php echo $iter{'id'};?>"><?php echo $iter{'name'};?></option>
231 <?php
232 }
233 }
234 ?>
235 </select></td>
236 </tr>
237 <tr>
238 <td><span class="text"><?php xl('Federal Tax ID','e'); ?>: </span></td><td><input type=entry name='federaltaxid' style="width:120px;"></td>
239 <td><span class="text"><?php xl('Federal Drug ID','e'); ?>: </span></td><td><input type=entry name='federaldrugid' style="width:120px;"></td>
240 </tr>
241 <tr>
242 <td><span class="text"><?php xl('UPIN','e'); ?>: </span></td><td><input type="entry" name="upin" style="width:120px;"></td>
243 <td class='text'><?php xl('See Authorizations','e'); ?>: </td>
244 <td><select name="see_auth" style="width:120px;">
245 <?php
246 foreach (array(1 => xl('None'), 2 => xl('Only Mine'), 3 => xl('All')) as $key => $value)
247 {
248 echo " <option value='$key'";
249 echo ">$value</option>\n";
250 }
251 ?>
252 </select></td>
253
254 <tr>
255 <td><span class="text"><?php xl('NPI','e'); ?>: </span></td><td><input type="entry" name="npi" style="width:120px;"></td>
256 <td><span class="text"><?php xl('Job Description','e'); ?>: </span></td><td><input type="entry" name="specialty" style="width:120px;"></td>
257 </tr>
258
259 <!-- (CHEMED) Calendar UI preference -->
260 <tr>
261 <td><span class="text"><?php xl('Taxonomy','e'); ?>: </span></td>
262 <td><input type="entry" name="taxonomy" style="width:120px;" value="207Q00000X"></td>
263 <td><span class="text"><?php xl('Calendar UI','e'); ?>: </span></td><td><select name="cal_ui" style="width:120px;">
264 <?php
265 foreach (array(3 => xl('Outlook'), 1 => xl('Original'), 2 => xl('Fancy')) as $key => $value)
266 {
267 echo " <option value='$key'>$value</option>\n";
268 }
269 ?>
270 </select></td>
271 </tr>
272 <!-- END (CHEMED) Calendar UI preference -->
273
274 <tr>
275 <td><span class="text"><?php xl('State License Number','e'); ?>: </span></td>
276 <td><input type="text" name="state_license_number" style="width:120px;"></td>
277 <td class='text'><?php xl('NewCrop eRX Role','e'); ?>:</td>
278 <td>
279 <?php echo generate_select_list("erxrole", "newcrop_erx_role", '','','--Select Role--','','','',array('style'=>'width:120px')); ?>
280 </td>
281 </tr>
282
283 <?php if ($GLOBALS['inhouse_pharmacy']) { ?>
284 <tr>
285 <td class="text"><?php xl('Default Warehouse','e'); ?>: </td>
286 <td class='text'>
287 <?php
288 echo generate_select_list('default_warehouse', 'warehouse',
289 '', '');
290 ?>
291 </td>
292 <td class="text"><?php xl('Invoice Refno Pool','e'); ?>: </td>
293 <td class='text'>
294 <?php
295 echo generate_select_list('irnpool', 'irnpool', '',
296 xl('Invoice reference number pool, if used'));
297 ?>
298 </td>
299 </tr>
300 <?php } ?>
301
302 <?php
303 // List the access control groups if phpgacl installed
304 if (isset($phpgacl_location) && acl_check('admin', 'acl')) {
305 ?>
306 <tr>
307 <td class='text'><?php xl('Access Control','e'); ?>:</td>
308 <td><select name="access_group[]" multiple style="width:120px;">
309 <?php
310 $list_acl_groups = acl_get_group_title_list();
311 $default_acl_group = 'Administrators';
312 foreach ($list_acl_groups as $value) {
313 if ($default_acl_group == $value) {
314 // Modified 6-2009 by BM - Translate group name if applicable
315 echo " <option value='$value' selected>" . xl_gacl_group($value) . "</option>\n";
316 }
317 else {
318 // Modified 6-2009 by BM - Translate group name if applicable
319 echo " <option value='$value'>" . xl_gacl_group($value) . "</option>\n";
320 }
321 }
322 ?>
323 </select></td>
324 <td><span class="text"><?php xl('Additional Info','e'); ?>: </span></td>
325 <td><textarea name=info style="width:120px;" cols=27 rows=4 wrap=auto></textarea></td>
326
327 </tr>
328 <tr height="25"><td colspan="4">&nbsp;</td></tr>
329 <?php
330 }
331 ?>
332
333 </table>
334
335 <br>
336 <input type="hidden" name="newauthPass">
337 </form>
338 </td>
339
340 </tr>
341
342 <tr<?php if ($GLOBALS['disable_non_default_groups']) echo " style='display:none'"; ?>>
343
344 <td valign=top>
345 <form name='new_group' method='post' action="usergroup_admin.php"
346 onsubmit='return top.restoreSession()'>
347 <br>
348 <input type=hidden name=mode value=new_group>
349 <span class="bold"><?php xl('New Group','e'); ?>:</span>
350 </td><td>
351 <span class="text"><?php xl('Groupname','e'); ?>: </span><input type=entry name=groupname size=10>
352 &nbsp;&nbsp;&nbsp;
353 <span class="text"><?php xl('Initial User','e'); ?>: </span>
354 <select name=rumple>
355 <?php
356 $res = sqlStatement("select distinct username from users where username != ''");
357 for ($iter = 0;$row = sqlFetchArray($res);$iter++)
358 $result[$iter] = $row;
359 foreach ($result as $iter) {
360 print "<option value='".$iter{"username"}."'>" . $iter{"username"} . "</option>\n";
361 }
362 ?>
363 </select>
364 &nbsp;&nbsp;&nbsp;
365 <input type="submit" value=<?php xl('Save','e'); ?>>
366 </form>
367 </td>
368
369 </tr>
370
371 <tr <?php if ($GLOBALS['disable_non_default_groups']) echo " style='display:none'"; ?>>
372
373 <td valign=top>
374 <form name='new_group' method='post' action="usergroup_admin.php"
375 onsubmit='return top.restoreSession()'>
376 <input type=hidden name=mode value=new_group>
377 <span class="bold"><?php xl('Add User To Group','e'); ?>:</span>
378 </td><td>
379 <span class="text">
380 <?php xl('User','e'); ?>
381 : </span>
382 <select name=rumple>
383 <?php
384 $res = sqlStatement("select distinct username from users where username != ''");
385 for ($iter = 0;$row = sqlFetchArray($res);$iter++)
386 $result3[$iter] = $row;
387 foreach ($result3 as $iter) {
388 print "<option value='".$iter{"username"}."'>" . $iter{"username"} . "</option>\n";
389 }
390 ?>
391 </select>
392 &nbsp;&nbsp;&nbsp;
393 <span class="text"><?php xl('Groupname','e'); ?>: </span>
394 <select name=groupname>
395 <?php
396 $res = sqlStatement("select distinct name from groups");
397 $result2 = array();
398 for ($iter = 0;$row = sqlFetchArray($res);$iter++)
399 $result2[$iter] = $row;
400 foreach ($result2 as $iter) {
401 print "<option value='".$iter{"name"}."'>" . $iter{"name"} . "</option>\n";
402 }
403 ?>
404 </select>
405 &nbsp;&nbsp;&nbsp;
406 <input type="submit" value=<?php xl('Add User To Group','e'); ?>>
407 </form>
408 </td>
409 </tr>
410
411 </table>
412
413 <?php
414 if (empty($GLOBALS['disable_non_default_groups'])) {
415 $res = sqlStatement("select * from groups order by name");
416 for ($iter = 0;$row = sqlFetchArray($res);$iter++)
417 $result5[$iter] = $row;
418
419 foreach ($result5 as $iter) {
420 $grouplist{$iter{"name"}} .= $iter{"user"} .
421 "(<a class='link_submit' href='usergroup_admin.php?mode=delete_group&id=" .
422 $iter{"id"} . "' onclick='top.restoreSession()'>Remove</a>), ";
423 }
424
425 foreach ($grouplist as $groupname => $list) {
426 print "<span class='bold'>" . $groupname . "</span><br>\n<span class='text'>" .
427 substr($list,0,strlen($list)-2) . "</span><br>\n";
428 }
429 }
430 ?>
431
432 <script language="JavaScript">
433 <?php
434 if ($alertmsg = trim($alertmsg)) {
435 echo "alert('$alertmsg');\n";
436 }
437 ?>
438 $(document).ready(function(){
439 $("#cancel").click(function() {
440 parent.$.fn.fancybox.close();
441 });
442
443 });
444 </script>
445 <table>
446
447 </table>
448
449 </body>
450 </html>
Mirror of official OpenEMR Sourceforge repository