search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Fixes #5506 (#5507)
[openemr.git] / portal / account / index_reset.php
blobdc2950500ed48572c74b89b061c7fb5f40287b0f
1 <?php
2
3 /**
4 * Credential Changes
5 *
6 * @package OpenEMR
7 * @link http://www.open-emr.org
8 * @author Jerry Padgett <sjpadgett@gmail.com>
9 * @author Brady Miller <brady.g.miller@gmail.com>
10 * @copyright Copyright (c) 2019-2021 Jerry Padgett <sjpadgett@gmail.com>
11 * @copyright Copyright (c) 2019 Brady Miller <brady.g.miller@gmail.com>
12 * @license https://github.com/openemr/openemr/blob/master/LICENSE GNU General Public License 3
13 */
14
15 $ignoreAuth_onsite_portal = $ignoreAuth = false;
16 // Will start the (patient) portal OpenEMR session/cookie.
17 require_once(dirname(__FILE__) . "/../../src/Common/Session/SessionUtil.php");
18 OpenEMR\Common\Session\SessionUtil::portalSessionStart();
19
20 $landingpage = "./../index.php?site=" . urlencode($_SESSION['site_id']);
21 // kick out if patient not authenticated
22 if (isset($_SESSION['pid']) && isset($_SESSION['patient_portal_onsite_two'])) {
23 $ignoreAuth_onsite_portal = true;
24 } else {
25 OpenEMR\Common\Session\SessionUtil::portalSessionCookieDestroy();
26 header('Location: ' . $landingpage . '&w');
27 exit;
28 }
29 require_once(dirname(__FILE__) . '/../../interface/globals.php');
30 require_once(dirname(__FILE__) . "/../lib/appsql.class.php");
31
32 use OpenEMR\Common\Auth\AuthHash;
33 use OpenEMR\Common\Csrf\CsrfUtils;
34 use OpenEMR\Core\Header;
35
36 $logit = new ApplicationTable();
37 //exit if portal is turned off
38 if (!(isset($GLOBALS['portal_onsite_two_enable'])) || !($GLOBALS['portal_onsite_two_enable'])) {
39 echo xlt('Patient Portal is turned off');
40 exit;
41 }
42 if (!empty($_POST)) {
43 if (!CsrfUtils::verifyCsrfToken($_POST["csrf_token_form"], "portal_index_reset")) {
44 CsrfUtils::csrfNotVerified();
45 }
46 }
47 $_SESSION['credentials_update'] = 1;
48
49 DEFINE("TBL_PAT_ACC_ON", "patient_access_onsite");
50 DEFINE("COL_ID", "id");
51 DEFINE("COL_PID", "pid");
52 DEFINE("COL_POR_PWD", "portal_pwd");
53 DEFINE("COL_POR_USER", "portal_username");
54 DEFINE("COL_POR_LOGINUSER", "portal_login_username");
55 DEFINE("COL_POR_PWD_STAT", "portal_pwd_status");
56
57 $sql = "SELECT " . implode(",", array(COL_ID, COL_PID, COL_POR_PWD, COL_POR_USER, COL_POR_LOGINUSER, COL_POR_PWD_STAT)) .
58 " FROM " . TBL_PAT_ACC_ON . " WHERE pid = ?";
59
60 $auth = privQuery($sql, array($_SESSION['pid']));
61 $valid = ((!empty(trim($_POST['uname']))) &&
62 (!empty(trim($_POST['login_uname']))) &&
63 (!empty(trim($_POST['pass_current']))) &&
64 (!empty(trim($_POST['pass_new']))) &&
65 (trim($_POST['uname']) == $auth[COL_POR_USER]) &&
66 (AuthHash::passwordVerify(trim($_POST['pass_current']), $auth[COL_POR_PWD])));
67 if (isset($_POST['submit'])) {
68 if (!$valid) {
69 $errmsg = xlt("Invalid Current Credentials Error.") . xlt("Unknown.");
70 $logit->portalLog('Credential update attempt', '', ($_POST['uname'] . ':unknown'), '', '0');
71 die($errmsg);
72 }
73 $new_hash = (new AuthHash('auth'))->passwordHash(trim($_POST['pass_new']));
74 if (empty($new_hash)) {
75 // Something is seriously wrong
76 error_log('OpenEMR Error : OpenEMR is not working because unable to create a hash.');
77 die("OpenEMR Error : OpenEMR is not working because unable to create a hash.");
78 }
79 $sqlUpdatePwd = " UPDATE " . TBL_PAT_ACC_ON . " SET " . COL_POR_PWD . "=?, " . COL_POR_LOGINUSER . "=?" . " WHERE " . COL_ID . "=?";
80 privStatement($sqlUpdatePwd, array(
81 $new_hash,
82 $_POST['login_uname'],
83 $auth[COL_ID]
84 ));
85 }
86
87 ?>
88 <!DOCTYPE html>
89 <html>
90 <head>
91 <title><?php echo xlt('Change Portal Credentials'); ?></title>
92 <?php
93 Header::setupHeader(['opener']);
94 if (!empty($_POST['submit'])) {
95 unset($_POST['submit']);
96 echo "<script>dlgclose();</script>\n";
97 }
98 ?>
99 <script>
100 function checkUserName() {
101 let vacct = document.getElementById('uname').value;
102 let vsuname = document.getElementById('login_uname').value;
103 let data = {
104 'action': 'userIsUnique',
105 'account': vacct,
106 'loginUname': vsuname
107 };
108 $.ajax({
109 type: 'GET',
110 url: './account.php',
111 data: data
112 }).done(function (rtn) {
113 if (rtn === '1') {
114 return true;
115 }
116 alert(<?php echo xlj('Log In Name is unavailable. Try again!'); ?>);
117 return false;
118 });
119 }
120
121 function process_new_pass() {
122 if (document.getElementById('login_uname').value != document.getElementById('confirm_uname').value) {
123 alert(<?php echo xlj('The Username fields are not the same.'); ?>);
124 return false;
125 }
126 if (document.getElementById('pass_new').value != document.getElementById('pass_new_confirm').value) {
127 alert(<?php echo xlj('The new password fields are not the same.'); ?>);
128 return false;
129 }
130 if (document.getElementById('pass_current').value == document.getElementById('pass_new_confirm').value) {
131 if (!confirm(<?php echo xlj('The new password is the same as the current password. Click Okay to accept anyway.'); ?>)) {
132 return false;
133 }
134 }
135 return true;
136 }
137 </script>
138 <style>
139 .table > tbody > tr > td {
140 border-top: 0px;
141 }
142 </style>
143 </head>
144 <body>
145 <div class="container">
146 <form action="" method="POST" onsubmit="return process_new_pass()">
147 <input style="display:none" type="text" name="dummyuname" />
148 <input style="display:none" type="password" name="dummypassword" />
149 <input type="hidden" name="csrf_token_form" value="<?php echo attr(CsrfUtils::collectCsrfToken("portal_index_reset")); ?>" />
150 <table class="table table-sm" style="border-bottom:0px;width:100%">
151 <tr>
152 <td width="35%"><strong><?php echo xlt('Account Name'); ?><strong></td>
153 <td><input class="form-control" name="uname" id="uname" type="text" readonly
154 value="<?php echo attr($auth['portal_username']); ?>" /></td>
155 </tr>
156 <tr>
157 <td><strong><?php echo xlt('New or Current Username'); ?><strong></td>
158 <td><input class="form-control" name="login_uname" id="login_uname" type="text" required onblur="checkUserName()"
159 title="<?php echo xla('Change or keep current. Enter 12 to 80 characters. Recommended to include symbols and numbers but not required.'); ?>" pattern=".{12,80}"
160 value="<?php echo attr($auth['portal_login_username']); ?>" />
161 </td>
162 </tr>
163 <tr>
164 <tr>
165 <td><strong><?php echo xlt('Confirm Username'); ?><strong></td>
166 <td><input class="form-control" name="confirm_uname" id="confirm_uname" type="text" required
167 title="<?php echo xla('You must confirm this Username.'); ?>"
168 autocomplete="none" pattern=".{8,80}" value="" />
169 </td>
170 </tr>
171 </tr>
172 <tr>
173 <td><strong><?php echo xlt('Current Password'); ?><strong></td>
174 <td>
175 <input class="form-control" name="pass_current" id="pass_current" type="password" required
176 placeholder="<?php echo xla('Current password to authorize changes.'); ?>"
177 title="<?php echo xla('Enter your existing current password used to login.'); ?>"
178 pattern="(?=.*\d)(?=.*[a-z])(?=.*[A-Z]).{8,}" />
179 </td>
180 </tr>
181 <tr>
182 <td><strong><?php echo xlt('New or Current Password'); ?><strong></td>
183 <td>
184 <input class="form-control" name="pass_new" id="pass_new" type="password" required
185 placeholder="<?php echo xla('Min length is 8 with upper,lowercase,numbers mix'); ?>"
186 title="<?php echo xla('You must enter a new or reenter current password to keep it. Even for Username change.'); ?>"
187 pattern="(?=.*\d)(?=.*[a-z])(?=.*[A-Z]).{8,}" />
188 </td>
189 </tr>
190 <tr>
191 <td><strong><?php echo xlt('Confirm Password'); ?><strong></td>
192 <td>
193 <input class="form-control" name="pass_new_confirm" id="pass_new_confirm" type="password"
194 pattern="(?=.*\d)(?=.*[a-z])(?=.*[A-Z]).{8,}" autocomplete="none" />
195 </td>
196 </tr>
197 <tr>
198 <td colspan="2"><br /><input class="btn btn-primary float-right" type="submit" name="submit" value="<?php echo xla('Save'); ?>" /></td>
199 </tr>
200 </table>
201 <div><strong><?php echo '* ' . xlt("All credential fields are case sensitive!") ?></strong></div>
202 </form>
203 </div><!-- container -->
204 </body>
205 </html>
Mirror of official OpenEMR Sourceforge repository