7 * @link http://www.open-emr.org
8 * @author Jerry Padgett <sjpadgett@gmail.com>
9 * @author Brady Miller <brady.g.miller@gmail.com>
10 * @copyright Copyright (c) 2019-2021 Jerry Padgett <sjpadgett@gmail.com>
11 * @copyright Copyright (c) 2019 Brady Miller <brady.g.miller@gmail.com>
12 * @license https://github.com/openemr/openemr/blob/master/LICENSE GNU General Public License 3
15 $ignoreAuth_onsite_portal = $ignoreAuth = false;
16 // Will start the (patient) portal OpenEMR session/cookie.
17 require_once(dirname(__FILE__
) . "/../../src/Common/Session/SessionUtil.php");
18 OpenEMR\Common\Session\SessionUtil
::portalSessionStart();
20 $landingpage = "./../index.php?site=" . urlencode($_SESSION['site_id'] ??
'');
21 // kick out if patient not authenticated
22 if (isset($_SESSION['pid']) && isset($_SESSION['patient_portal_onsite_two'])) {
23 $ignoreAuth_onsite_portal = true;
25 OpenEMR\Common\Session\SessionUtil
::portalSessionCookieDestroy();
26 header('Location: ' . $landingpage . '&w');
29 require_once(dirname(__FILE__
) . '/../../interface/globals.php');
30 require_once(dirname(__FILE__
) . "/../lib/appsql.class.php");
32 use OpenEMR\Common\Auth\AuthHash
;
33 use OpenEMR\Common\Csrf\CsrfUtils
;
34 use OpenEMR\Core\Header
;
36 $logit = new ApplicationTable();
37 //exit if portal is turned off
38 if (!(isset($GLOBALS['portal_onsite_two_enable'])) ||
!($GLOBALS['portal_onsite_two_enable'])) {
39 echo xlt('Patient Portal is turned off');
43 if (!CsrfUtils
::verifyCsrfToken($_POST["csrf_token_form"], "portal_index_reset")) {
44 CsrfUtils
::csrfNotVerified();
47 $_SESSION['credentials_update'] = 1;
49 DEFINE("TBL_PAT_ACC_ON", "patient_access_onsite");
50 DEFINE("COL_ID", "id");
51 DEFINE("COL_PID", "pid");
52 DEFINE("COL_POR_PWD", "portal_pwd");
53 DEFINE("COL_POR_USER", "portal_username");
54 DEFINE("COL_POR_LOGINUSER", "portal_login_username");
55 DEFINE("COL_POR_PWD_STAT", "portal_pwd_status");
57 $sql = "SELECT " . implode(",", array(COL_ID
, COL_PID
, COL_POR_PWD
, COL_POR_USER
, COL_POR_LOGINUSER
, COL_POR_PWD_STAT
)) .
58 " FROM " . TBL_PAT_ACC_ON
. " WHERE pid = ?";
59 $auth = privQuery($sql, array($_SESSION['pid']));
60 $password = trim($_POST['pass_current'] ??
'');
61 $password_new = trim($_POST['pass_new'] ??
'');
62 $valid = ((!empty(trim($_POST['uname'] ??
''))) &&
63 (!empty(trim($_POST['login_uname'] ??
''))) &&
64 (!empty($password)) &&
65 (!empty($password_new)) &&
66 (trim($_POST['uname']) == $auth[COL_POR_USER
]) &&
67 (AuthHash
::passwordVerify($password, $auth[COL_POR_PWD
])));
68 if (isset($_POST['submit'])) {
70 $errmsg = xlt("Invalid Current Credentials Error.") . xlt("Unknown.");
71 $logit->portalLog('Credential update attempt', '', ($_POST['uname'] . ':unknown'), '', '0');
74 $new_hash = (new AuthHash('auth'))->passwordHash($password_new);
75 if (empty($new_hash)) {
76 // Something is seriously wrong
77 error_log('OpenEMR Error : OpenEMR is not working because unable to create a hash.');
78 die("OpenEMR Error : OpenEMR is not working because unable to create a hash.");
80 $sqlUpdatePwd = " UPDATE " . TBL_PAT_ACC_ON
. " SET " . COL_POR_PWD
. "=?, " . COL_POR_LOGINUSER
. "=?" . " WHERE " . COL_ID
. "=?";
81 privStatement($sqlUpdatePwd, array(
83 $_POST['login_uname'],
92 <title
><?php
echo xlt('Change Portal Credentials'); ?
></title
>
94 Header
::setupHeader(['no_main-theme', 'portal-theme', 'opener']);
95 if (!empty($_POST['submit'])) {
96 unset($_POST['submit']);
97 echo "<script>dlgclose();</script>\n";
101 function checkUserName() {
102 let vacct
= document
.getElementById('uname').value
;
103 let vsuname
= document
.getElementById('login_uname').value
;
105 'action': 'userIsUnique',
107 'loginUname': vsuname
111 url
: './account.php',
113 }).done(function (rtn
) {
117 alert(<?php
echo xlj('Log In Name is unavailable. Try again!'); ?
>);
122 function process_new_pass() {
123 if (document
.getElementById('login_uname').value
!= document
.getElementById('confirm_uname').value
) {
124 alert(<?php
echo xlj('The Username fields are not the same.'); ?
>);
127 if (document
.getElementById('pass_new').value
!= document
.getElementById('pass_new_confirm').value
) {
128 alert(<?php
echo xlj('The new password fields are not the same.'); ?
>);
131 if (document
.getElementById('pass_current').value
== document
.getElementById('pass_new_confirm').value
) {
132 if (!confirm(<?php
echo xlj('The new password is the same as the current password. Click Okay to accept anyway.'); ?
>)) {
140 .table
> tbody
> tr
> td
{
146 <div
class="container-fluid">
147 <form action
="" method
="POST" onsubmit
="return process_new_pass()">
148 <div
class="alert alert-info">
149 <p
><?php
echo xlt('Use this form to change your login Password, Username or Both.'); ?
></p
>
150 <p
><?php
echo xlt('For example, to change your current Password, enter and use your current Username and enter new Password. You must still confirm Password and Username regardless.'); ?
></p
>
152 <input style
="display:none" type
="text" name
="dummyuname" />
153 <input style
="display:none" type
="password" name
="dummypassword" />
154 <input type
="hidden" name
="csrf_token_form" value
="<?php echo attr(CsrfUtils::collectCsrfToken("portal_index_reset
")); ?>" />
155 <table
class="table table-sm" style
="border-bottom:0px;width:100%">
157 <td width
="35%"><strong
><?php
echo xlt('Portal Account ID for reference'); ?
><strong
></td
>
158 <td
><input
class="form-control" name
="uname" id
="uname" type
="text" readonly
159 value
="<?php echo attr($auth['portal_username']); ?>" /></td
>
162 <td
><strong
><?php
echo xlt('Change or Keep Existing Username'); ?
><strong
></td
>
163 <td
><input
class="form-control" name
="login_uname" id
="login_uname" type
="text" required onblur
="checkUserName()"
164 title
="<?php echo xla('Change or keep current. Enter a minimum of 8 characters. Recommended to include symbols and numbers but not required.'); ?>" pattern
=".{8,}"
165 value
="<?php echo attr($auth['portal_login_username']); ?>" />
170 <td
><strong
><?php
echo xlt('Confirm Above Username'); ?
><strong
></td
>
171 <td
><input
class="form-control" name
="confirm_uname" id
="confirm_uname" type
="text" required
172 title
="<?php echo xla('You must confirm this Username.'); ?>"
173 autocomplete
="none" pattern
=".{8,80}" value
="" />
178 <td
><strong
><?php
echo xlt('Current Password to Authorize Changes'); ?
><strong
></td
>
180 <input
class="form-control" name
="pass_current" id
="pass_current" type
="password" required
181 placeholder
="<?php echo xla('Enter your current password used to login.'); ?>"
182 title
="<?php echo xla('Enter your existing current password used to login.'); ?>"
183 pattern
="(?=.*\d)(?=.*[a-z])(?=.*[A-Z]).{8,}" />
187 <td
><strong
><?php
echo xlt('Change or Keep Existing Password'); ?
><strong
></td
>
189 <input
class="form-control" name
="pass_new" id
="pass_new" type
="password" required
190 placeholder
="<?php echo xla('Minimum length is 8 with upper,lowercase,numbers mix'); ?>"
191 title
="<?php echo xla('You must enter a new or reenter current password to keep it. Even for Username change.'); ?>"
192 pattern
="(?=.*\d)(?=.*[a-z])(?=.*[A-Z]).{8,}" />
196 <td
><strong
><?php
echo xlt('Confirm Password'); ?
><strong
></td
>
198 <input
class="form-control" name
="pass_new_confirm" id
="pass_new_confirm" type
="password"
199 pattern
="(?=.*\d)(?=.*[a-z])(?=.*[A-Z]).{8,}" autocomplete
="none" />
203 <td colspan
="2"><br
/><input
class="btn btn-primary float-right" type
="submit" name
="submit" value
="<?php echo xla('Save'); ?>" /></td
>
206 <div
><strong
><?php
echo '* ' . xlt("All credential fields are case sensitive!") ?
></strong
></div
>
208 </div
><!-- container
-->
