search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Some requested security fixes.
[openemr.git] / patients / index.php
blobc8c90a2441ed8296e57d2aa0b08344c7605426f1
1 <?php
2 // Copyright (C) 2011 Cassian LUP <cassi.lup@gmail.com>
3 //
4 // This program is free software; you can redistribute it and/or
5 // modify it under the terms of the GNU General Public License
6 // as published by the Free Software Foundation; either version 2
7 // of the License, or (at your option) any later version.
8
9 //setting the session & other config options
10 session_start();
11
12 //don't require standard openemr authorization in globals.php
13 $ignoreAuth = 1;
14
15 //SANITIZE ALL ESCAPES
16 $fake_register_globals=false;
17
18 //STOP FAKE REGISTER GLOBALS
19 $sanitize_all_escapes=true;
20
21 //includes
22 require_once('../interface/globals.php');
23 require_once("$srcdir/sha1.js");
24 //
25
26 //exit if portal is turned off
27 if ( !(isset($GLOBALS['portal_onsite_enable'])) || !($GLOBALS['portal_onsite_enable']) ) {
28 echo htmlspecialchars( xl('Patient Portal is turned off'), ENT_NOQUOTES);
29 exit;
30 }
31
32 // security measure -- will check on next page.
33 $_SESSION['itsme'] = 1;
34 //
35
36 //
37 // Deal with language selection
38 //
39 // collect default language id (skip this if this is a password update)
40 if (!(isset($_SESSION['password_update']))) {
41 $res2 = sqlStatement("select * from lang_languages where lang_description = ?", array($GLOBALS['language_default']) );
42 for ($iter = 0;$row = sqlFetchArray($res2);$iter++) {
43 $result2[$iter] = $row;
44 }
45 if (count($result2) == 1) {
46 $defaultLangID = $result2[0]{"lang_id"};
47 $defaultLangName = $result2[0]{"lang_description"};
48 }
49 else {
50 //default to english if any problems
51 $defaultLangID = 1;
52 $defaultLangName = "English";
53 }
54 // set session variable to default so login information appears in default language
55 $_SESSION['language_choice'] = $defaultLangID;
56 // collect languages if showing language menu
57 if ($GLOBALS['language_menu_login']) {
58 // sorting order of language titles depends on language translation options.
59 $mainLangID = empty($_SESSION['language_choice']) ? '1' : $_SESSION['language_choice'];
60 if ($mainLangID == '1' && !empty($GLOBALS['skip_english_translation'])) {
61 $sql = "SELECT * FROM lang_languages ORDER BY lang_description, lang_id";
62 $res3=SqlStatement($sql);
63 }
64 else {
65 // Use and sort by the translated language name.
66 $sql = "SELECT ll.lang_id, " .
67 "IF(LENGTH(ld.definition),ld.definition,ll.lang_description) AS trans_lang_description, " .
68 "ll.lang_description " .
69 "FROM lang_languages AS ll " .
70 "LEFT JOIN lang_constants AS lc ON lc.constant_name = ll.lang_description " .
71 "LEFT JOIN lang_definitions AS ld ON ld.cons_id = lc.cons_id AND " .
72 "ld.lang_id = ? " .
73 "ORDER BY IF(LENGTH(ld.definition),ld.definition,ll.lang_description), ll.lang_id";
74 $res3=SqlStatement($sql, array($mainLangID) );
75 }
76 for ($iter = 0;$row = sqlFetchArray($res3);$iter++) {
77 $result3[$iter] = $row;
78 }
79 if (count($result3) == 1) {
80 //default to english if only return one language
81 $hiddenLanguageField = "<input type='hidden' name='languageChoice' value='1' />\n";
82 }
83 }
84 else {
85 $hiddenLanguageField = "<input type='hidden' name='languageChoice' value='".htmlspecialchars($defaultLangID,ENT_QUOTES)."' />\n";
86 }
87 }
88
89 ?>
90
91 <html>
92 <head>
93 <title><?php echo htmlspecialchars( xl('Patient Portal Login'), ENT_NOQUOTES); ?></title>
94
95 <script type="text/javascript" src="../library/js/jquery-1.5.js"></script>
96 <script type="text/javascript" src="../library/js/jquery.gritter.min.js"></script>
97
98 <link rel="stylesheet" type="text/css" href="css/jquery.gritter.css" />
99 <link rel="stylesheet" type="text/css" href="css/base.css" />
100
101 <script type="text/javascript">
102 function process() {
103
104 if (!(validate())) {
105 alert ('<?php echo addslashes( xl('Field(s) are missing!') ); ?>');
106 return false;
107 }
108 document.getElementById('code').value = SHA1(document.getElementById('pass').value);
109 document.getElementById('pass').value='';
110 }
111 function validate() {
112 var pass=true;
113 if (document.getElementById('uname').value == "") {
114 document.getElementById('uname').style.border = "1px solid red";
115 pass=false;
116 }
117 if (document.getElementById('pass').value == "") {
118 document.getElementById('pass').style.border = "1px solid red";
119 pass=false;
120 }
121 return pass;
122 }
123 function process_new_pass() {
124
125 if (!(validate_new_pass())) {
126 alert ('<?php echo addslashes( xl('Field(s) are missing!') ); ?>');
127 return false;
128 }
129 if (document.getElementById('pass_new').value != document.getElementById('pass_new_confirm').value) {
130 alert ('<?php echo addslashes( xl('The new password fields are not the same.') ); ?>');
131 return false;
132 }
133 if (document.getElementById('pass').value == document.getElementById('pass_new').value) {
134 alert ('<?php echo addslashes( xl('The new password can not be the same as the current password.') ); ?>');
135 return false;
136 }
137 document.getElementById('code').value = SHA1(document.getElementById('pass').value);
138 document.getElementById('pass').value='';
139 document.getElementById('code_new').value = SHA1(document.getElementById('pass_new').value);
140 document.getElementById('pass_new').value='';
141 document.getElementById('code_new_confirm').value = SHA1(document.getElementById('pass_new_confirm').value);
142 document.getElementById('pass_new_confirm').value='';
143 }
144 function validate_new_pass() {
145 var pass=true;
146 if (document.getElementById('uname').value == "") {
147 document.getElementById('uname').style.border = "1px solid red";
148 pass=false;
149 }
150 if (document.getElementById('pass').value == "") {
151 document.getElementById('pass').style.border = "1px solid red";
152 pass=false;
153 }
154 if (document.getElementById('pass_new').value == "") {
155 document.getElementById('pass_new').style.border = "1px solid red";
156 pass=false;
157 }
158 if (document.getElementById('pass_new_confirm').value == "") {
159 document.getElementById('pass_new_confirm').style.border = "1px solid red";
160 pass=false;
161 }
162 return pass;
163 }
164 </script>
165 <style type="text/css">
166 body {
167 font-family: sans-serif;
168 background-color: #638fd0;
169
170 background: -webkit-radial-gradient(circle, white, #638fd0);
171 background: -moz-radial-gradient(circle, white, #638fd0);
172 }
173
174 </style>
175
176
177 </head>
178 <body>
179 <br><br>
180 <center>
181
182 <?php if (isset($_SESSION['password_update'])) { ?>
183 <div id="wrapper" class="centerwrapper">
184 <h2 class="title"><?php echo htmlspecialchars( xl('Please Enter a New Password'), ENT_NOQUOTES); ?></h2>
185 <form action="get_patient_info.php" method="POST" onsubmit="return process_new_pass()" >
186 <table>
187 <tr>
188 <td class="algnRight"><?php echo htmlspecialchars( xl('User Name'), ENT_NOQUOTES); ?></td>
189 <td><input name="uname" id="uname" type="text" /></td>
190 </tr>
191 <tr>
192 <td class="algnRight"><?php echo htmlspecialchars( xl('Current Password'), ENT_NOQUOTES);?></>
193 <td>
194 <input name="pass" id="pass" type="password" />
195 <input type="hidden" id="code" name="code" type="hidden" />
196 </td>
197 </tr>
198 <tr>
199 <td class="algnRight"><?php echo htmlspecialchars( xl('New Password'), ENT_NOQUOTES);?></>
200 <td>
201 <input name="pass_new" id="pass_new" type="password" />
202 <input type="hidden" id="code_new" name="code_new" type="hidden" />
203 </td>
204 </tr>
205 <tr>
206 <td class="algnRight"><?php echo htmlspecialchars( xl('Confirm New Password'), ENT_NOQUOTES);?></>
207 <td>
208 <input name="pass_new_confirm" id="pass_new_confirm" type="password" />
209 <input type="hidden" id="code_new_confirm" name="code_new_confirm" type="hidden" />
210 </td>
211 </tr>
212 <tr>
213 <td colspan=2><br><center><input type="submit" value="<?php echo htmlspecialchars( xl('Log In'), ENT_QUOTES);?>" /></center></td>
214 </tr>
215 </table>
216 </form>
217
218 <div class="copyright"><?php echo htmlspecialchars( xl('Powered by'), ENT_NOQUOTES);?> OpenEMR</div>
219 </div>
220 <?php } else { ?>
221 <div id="wrapper" class="centerwrapper">
222 <h2 class="title"><?php echo htmlspecialchars( xl('Patient Portal Login'), ENT_NOQUOTES); ?></h2>
223 <form action="get_patient_info.php" method="POST" onsubmit="return process()" >
224 <table>
225 <tr>
226 <td class="algnRight"><?php echo htmlspecialchars( xl('User Name'), ENT_NOQUOTES); ?></td>
227 <td><input name="uname" id="uname" type="text" /></td>
228 </tr>
229 <tr>
230 <td class="algnRight"><?php echo htmlspecialchars( xl('Password'), ENT_NOQUOTES);?></>
231 <td>
232 <input name="pass" id="pass" type="password" />
233 <input type="hidden" id="code" name="code" type="hidden" />
234 </td>
235 </tr>
236
237 <?php if ($GLOBALS['language_menu_login']) { ?>
238 <?php if (count($result3) != 1) { ?>
239 <tr>
240 <td><span class="text"><?php echo htmlspecialchars( xl('Language'), ENT_NOQUOTES); ?></span></td>
241 <td>
242 <select name=languageChoice size="1">
243 <?php
244 echo "<option selected='selected' value='".htmlspecialchars($defaultLangID,ENT_QUOTES)."'>" . htmlspecialchars( xl('Default') . " - " . xl($defaultLangName), ENT_NOQUOTES) . "</option>\n";
245 foreach ($result3 as $iter) {
246 if ($GLOBALS['language_menu_showall']) {
247 if ( !$GLOBALS['allow_debug_language'] && $iter[lang_description] == 'dummy') continue; // skip the dummy language
248 echo "<option value='".htmlspecialchars($iter[lang_id],ENT_QUOTES)."'>".htmlspecialchars($iter[trans_lang_description],ENT_NOQUOTES)."</option>\n";
249 }
250 else {
251 if (in_array($iter[lang_description], $GLOBALS['language_menu_show'])) {
252 if ( !$GLOBALS['allow_debug_language'] && $iter[lang_description] == 'dummy') continue; // skip the dummy language
253 echo "<option value='".htmlspecialchars($iter[lang_id],ENT_QUOTES)."'>".htmlspecialchars($iter[trans_lang_description],ENT_NOQUOTES)."</option>\n";
254 }
255 }
256 }
257 ?>
258 </select>
259 </td>
260 </tr>
261 <?php }} ?>
262
263 <tr>
264 <td colspan=2><br><center><input type="submit" value="<?php echo htmlspecialchars( xl('Log In'), ENT_QUOTES);?>" /></center></td>
265 </tr>
266 </table>
267 <?php if (!(empty($hiddenLanguageField))) echo $hiddenLanguageField; ?>
268 </form>
269
270 <div class="copyright"><?php echo htmlspecialchars( xl('Powered by'), ENT_NOQUOTES);?> OpenEMR</div>
271 </div>
272 <?php } ?>
273
274 </center>
275
276 <script type="text/javascript">
277 $(document).ready(function() {
278
279 <?php // if something went wrong
280 if (isset($_GET['w'])) { ?>
281 var unique_id = $.gritter.add({
282 title: '<span class="red"><?php echo htmlspecialchars( xl('Oops!'), ENT_QUOTES);?></span>',
283 text: '<?php echo htmlspecialchars( xl('Something went wrong. Please try again.', ENT_QUOTES)); ?>',
284 sticky: false,
285 time: '5000',
286 class_name: 'my-nonsticky-class'
287 });
288 <?php } ?>
289
290 <?php // if successfully logged out
291 if (isset($_GET['logout'])) { ?>
292 var unique_id = $.gritter.add({
293 title: '<span class="green"><?php echo htmlspecialchars( xl('Success'), ENT_QUOTES);?></span>',
294 text: '<?php echo htmlspecialchars( xl('You have been successfully logged out.'), ENT_QUOTES);?>',
295 sticky: false,
296 time: '5000',
297 class_name: 'my-nonsticky-class'
298 });
299 <?php } ?>
300 return false;
301
302 });
303 </script>
304
305 </body>
306 </html>
Mirror of official OpenEMR Sourceforge repository