search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Convert LDAP / Active Directory authentication to use native PHP LDAP… (#2746)
[openemr.git] / interface / usergroup / user_admin.php
blobb3b2c55011f8b2c3f5d2d567d78d034d2641d6cd
1 <?php
2 /**
3 * Edit user.
4 *
5 * @package OpenEMR
6 * @link http://www.open-emr.org
7 * @author Brady Miller <brady.g.miller@gmail.com>
8 * @author Rod Roark <rod@sunsetsystems.com>
9 * @copyright Copyright (c) 2018 Brady Miller <brady.g.miller@gmail.com>
10 * @license https://github.com/openemr/openemr/blob/master/LICENSE GNU General Public License 3
11 */
12
13
14 require_once("../globals.php");
15 require_once("../../library/acl.inc");
16 require_once("$srcdir/calendar.inc");
17 require_once("$srcdir/options.inc.php");
18 require_once("$srcdir/erx_javascript.inc.php");
19
20 use OpenEMR\Common\Csrf\CsrfUtils;
21 use OpenEMR\Core\Header;
22 use OpenEMR\Menu\MainMenuRole;
23 use OpenEMR\Menu\PatientMenuRole;
24 use OpenEMR\Services\FacilityService;
25
26 if (!empty($_GET)) {
27 if (!CsrfUtils::verifyCsrfToken($_GET["csrf_token_form"])) {
28 CsrfUtils::csrfNotVerified();
29 }
30 }
31
32 $facilityService = new FacilityService();
33
34 if (!$_GET["id"] || !acl_check('admin', 'users')) {
35 exit();
36 }
37
38 $res = sqlStatement("select * from users where id=?", array($_GET["id"]));
39 for ($iter = 0; $row = sqlFetchArray($res); $iter++) {
40 $result[$iter] = $row;
41 }
42
43 $iter = $result[0];
44
45 ?>
46
47 <html>
48 <head>
49
50 <?php Header::setupHeader(['common','opener']); ?>
51
52 <script src="checkpwd_validation.js" type="text/javascript"></script>
53
54 <!-- validation library -->
55 <!--//Not lbf forms use the new validation, please make sure you have the corresponding values in the list Page validation-->
56 <?php $use_validate_js = 1;?>
57 <?php require_once($GLOBALS['srcdir'] . "/validation/validation_script.js.php"); ?>
58 <?php
59 //Gets validation rules from Page Validation list.
60 //Note that for technical reasons, we are bypassing the standard validateUsingPageRules() call.
61 $collectthis = collectValidationPageRules("/interface/usergroup/user_admin.php");
62 if (empty($collectthis)) {
63 $collectthis = "undefined";
64 } else {
65 $collectthis = json_sanitize($collectthis["user_form"]["rules"]);
66 }
67 ?>
68
69 <script language="JavaScript">
70
71 /*
72 * validation on the form with new client side validation (using validate.js).
73 * this enable to add new rules for this form in the pageValidation list.
74 * */
75 var collectvalidation = <?php echo $collectthis; ?>;
76
77 function checkChange()
78 {
79 alert(<?php echo xlj('If you change e-RX Role for ePrescription, it may affect the ePrescription workflow. If you face any difficulty, contact your ePrescription vendor.'); ?>);
80 }
81 function submitform() {
82
83 var valid = submitme(1, undefined, 'user_form', collectvalidation);
84 if (!valid) return;
85
86 top.restoreSession();
87 var flag=0;
88 <?php if (empty($GLOBALS['gbl_ldap_enabled']) || empty($GLOBALS['gbl_ldap_exclusions'])) { ?>
89 if(document.forms[0].clearPass.value!="")
90 {
91 //Checking for the strong password if the 'secure password' feature is enabled
92 if(document.forms[0].secure_pwd.value === 1)
93 {
94 var pwdresult = passwordvalidate(document.forms[0].clearPass.value);
95 if(pwdresult == 0) {
96 flag=1;
97 alert(<?php echo xlj('The password must be at least eight characters, and should'); ?> +
98 '\n' +
99 <?php echo xlj('contain at least three of the four following items:'); ?> +
100 '\n' +
101 <?php echo xlj('A number'); ?> +
102 '\n' +
103 <?php echo xlj('A lowercase letter'); ?> +
104 '\n' +
105 <?php echo xlj('An uppercase letter'); ?> +
106 '\n' +
107 <?php echo xlj('A special character'); ?> +
108 '\n' +
109 '(' +
110 <?php echo xlj('not a letter or number'); ?> +
111 ').' +
112 '\n' +
113 <?php echo xlj('For example:'); ?> +
114 ' healthCare@09');
115 return false;
116 }
117 }
118
119 }//If pwd null ends here
120 <?php } ?>
121 //Request to reset the user password if the user was deactived once the password expired.
122 if((document.forms[0].pwd_expires.value != 0) && (document.forms[0].clearPass.value == "")) {
123 if((document.forms[0].user_type.value != "Emergency Login") && (document.forms[0].pre_active.value == 0) && (document.forms[0].active.checked == 1) && (document.forms[0].grace_time.value != "") && (document.forms[0].current_date.value) > (document.forms[0].grace_time.value))
124 {
125 flag=1;
126 document.getElementById('error_message').innerHTML=<?php echo xlj('Please reset the password.') ?>;
127 }
128 }
129
130 if (document.forms[0].access_group_id) {
131 var sel = getSelected(document.forms[0].access_group_id.options);
132 for (var item in sel) {
133 if (sel[item].value == "Emergency Login") {
134 document.forms[0].check_acl.value = 1;
135 }
136 }
137 }
138
139 <?php if ($GLOBALS['erx_enable']) { ?>
140 alertMsg='';
141 f=document.forms[0];
142 for(i=0;i<f.length;i++){
143 if(f[i].type=='text' && f[i].value)
144 {
145 if(f[i].name == 'fname' || f[i].name == 'mname' || f[i].name == 'lname')
146 {
147 alertMsg += checkLength(f[i].name,f[i].value,35);
148 alertMsg += checkUsername(f[i].name,f[i].value);
149 }
150 else if(f[i].name == 'taxid')
151 {
152 alertMsg += checkLength(f[i].name,f[i].value,10);
153 alertMsg += checkFederalEin(f[i].name,f[i].value);
154 }
155 else if(f[i].name == 'state_license_number')
156 {
157 alertMsg += checkLength(f[i].name,f[i].value,10);
158 alertMsg += checkStateLicenseNumber(f[i].name,f[i].value);
159 }
160 else if(f[i].name == 'npi')
161 {
162 alertMsg += checkLength(f[i].name,f[i].value,10);
163 alertMsg += checkTaxNpiDea(f[i].name,f[i].value);
164 }
165 else if(f[i].name == 'drugid')
166 {
167 alertMsg += checkLength(f[i].name,f[i].value,30);
168 alertMsg += checkAlphaNumeric(f[i].name,f[i].value);
169 }
170 }
171 }
172 if(alertMsg)
173 {
174 alert(alertMsg);
175 return false;
176 }
177 <?php } ?>
178
179 if (flag === 0) {
180 let post_url = $("#user_form").attr("action");
181 let request_method = $("#user_form").attr("method");
182 let form_data = $("#user_form").serialize();
183 // submit form
184 $.ajax({
185 url: post_url,
186 type: request_method,
187 data: form_data
188 }).done(function (r) {
189 if (r) {
190 alert(r);
191 } else {
192 dlgclose('reload', false);
193 }
194 });
195 return false;
196 }
197 }
198 //Getting the list of selected item in ACL
199 function getSelected(opt) {
200 var selected = new Array();
201 var index = 0;
202 for (var intLoop = 0; intLoop < opt.length; intLoop++) {
203 if ((opt[intLoop].selected) ||
204 (opt[intLoop].checked)) {
205 index = selected.length;
206 selected[index] = new Object;
207 selected[index].value = opt[intLoop].value;
208 selected[index].index = intLoop;
209 }
210 }
211 return selected;
212 }
213
214 function authorized_clicked() {
215 var f = document.forms[0];
216 f.calendar.disabled = !f.authorized.checked;
217 f.calendar.checked = f.authorized.checked;
218 }
219
220 </script>
221 <style type="text/css">
222 .physician_type_class{
223 width: 150px !important;
224 }
225 #main_menu_role {
226 width: 120px !important;
227 }
228 </style>
229 </head>
230 <body class="body_top">
231
232 <div class="container">
233 <?php
234 /* Get the list ACL for the user */
235 $is_super_user = acl_check('admin', 'super');
236 $acl_name=acl_get_group_titles($iter["username"]);
237 $bg_name='';
238 $bg_count=count($acl_name);
239 $selected_user_is_superuser = false;
240 for ($i=0; $i<$bg_count; $i++) {
241 if ($acl_name[$i] == "Emergency Login") {
242 $bg_name=$acl_name[$i];
243 }
244 //check if user member on group with superuser rule
245 if (is_group_include_superuser($acl_name[$i])) {
246 $selected_user_is_superuser = true;
247 }
248 }
249 $disabled_save = !$is_super_user && $selected_user_is_superuser ? 'disabled' : '';
250 ?>
251 <table><tr><td>
252 <span class="title"><?php echo xlt('Edit User'); ?></span>&nbsp;
253 </td><td>
254 <a class="btn btn-default btn-save" name='form_save' id='form_save' href='#' onclick='return submitform()' <?php echo $disabled_save; ?>> <span><?php echo xlt('Save');?></span> </a>
255 <a class="btn btn-link btn-cancel" id='cancel' href='#'><span><?php echo xlt('Cancel');?></span></a>
256 </td></tr>
257 </table>
258 <br>
259 <FORM NAME="user_form" id="user_form" METHOD="POST" ACTION="usergroup_admin.php">
260 <input type="hidden" name="csrf_token_form" value="<?php echo attr(CsrfUtils::collectCsrfToken()); ?>" />
261
262 <input type=hidden name="pwd_expires" value="<?php echo attr($GLOBALS['password_expiration_days']); ?>" >
263 <input type=hidden name="pre_active" value="<?php echo attr($iter["active"]); ?>" >
264 <input type=hidden name="exp_date" value="<?php echo attr($iter["pwd_expiration_date"]); ?>" >
265 <input type=hidden name="get_admin_id" value="<?php echo attr($GLOBALS['Emergency_Login_email']); ?>" >
266 <input type=hidden name="admin_id" value="<?php echo attr($GLOBALS['Emergency_Login_email_id']); ?>" >
267 <input type=hidden name="check_acl" value="">
268 <?php
269 //Calculating the grace time
270 $current_date = date("Y-m-d");
271 $password_exp=$iter["pwd_expiration_date"];
272 if ($password_exp != "0000-00-00") {
273 $grace_time1 = date("Y-m-d", strtotime($password_exp . "+".$GLOBALS['password_grace_time'] ."days"));
274 }
275 ?>
276 <input type=hidden name="current_date" value="<?php echo attr(strtotime($current_date)); ?>" >
277 <input type=hidden name="grace_time" value="<?php echo attr(strtotime($grace_time1)); ?>" >
278 <input type=hidden name="user_type" value="<?php echo attr($bg_name); ?>" >
279
280 <TABLE border=0 cellpadding=0 cellspacing=0>
281 <TR>
282 <TD style="width:180px;"><span class=text><?php echo xlt('Username'); ?>: </span></TD>
283 <TD style="width:270px;"><input type=entry name=username style="width:150px;" class="form-control" value="<?php echo attr($iter["username"]); ?>" disabled></td>
284 <?php if (empty($GLOBALS['gbl_ldap_enabled']) || empty($GLOBALS['gbl_ldap_exclusions'])) { ?>
285 <TD style="width:200px;"><span class=text>*<?php echo xlt('Your Password'); ?>*: </span></TD>
286 <TD class='text' style="width:280px;"><input type='password' name=adminPass style="width:150px;" class="form-control" value="" autocomplete='off'><font class="mandatory"></font></TD>
287 <?php } ?>
288 </TR>
289 <?php if (empty($GLOBALS['gbl_ldap_enabled']) || empty($GLOBALS['gbl_ldap_exclusions'])) { ?>
290 <TR>
291 <TD style="width:180px;"><span class=text></span></TD>
292 <TD style="width:270px;"></td>
293 <TD style="width:200px;"><span class=text><?php echo xlt('User\'s New Password'); ?>: </span></TD>
294 <TD class='text' style="width:280px;"> <input type=text name=clearPass style="width:150px;" class="form-control" value=""><font class="mandatory"></font></td>
295 </TR>
296 <?php } ?>
297
298 <TR height="30" style="valign:middle;">
299 <td class='text'>
300 <?php echo xlt('Clear 2FA'); ?>:
301 </td>
302 <td title='<?php echo xla('Remove multi-factor authentications for this person.'); ?>'>
303 <input type="checkbox" name="clear_2fa" value='1' />
304 </td>
305 <td colspan="2"><span class=text><?php echo xlt('Provider'); ?>:
306 <input type="checkbox" name="authorized" onclick="authorized_clicked()"<?php
307 if ($iter["authorized"]) {
308 echo " checked";
309 } ?> />
310 &nbsp;&nbsp;<span class='text'><?php echo xlt('Calendar'); ?>:
311 <input type="checkbox" name="calendar"<?php
312 if ($iter["calendar"]) {
313 echo " checked";
314 }
315
316 if (!$iter["authorized"]) {
317 echo " disabled";
318 } ?> />
319 &nbsp;&nbsp;<span class='text'><?php echo xlt('Active'); ?>:
320 <input type="checkbox" name="active"<?php echo ($iter["active"]) ? " checked" : ""; ?>/>
321 </TD>
322 </TR>
323
324 <TR>
325 <TD><span class=text><?php echo xlt('First Name'); ?>: </span></TD>
326 <TD><input type=entry name=fname id=fname style="width:150px;" class="form-control" value="<?php echo attr($iter["fname"]); ?>"><span class="mandatory"></span></td>
327 <td><span class=text><?php echo xlt('Middle Name'); ?>: </span></TD><td><input type=entry name=mname style="width:150px;" value="<?php echo attr($iter["mname"]); ?>"></td>
328 </TR>
329
330 <TR>
331 <td><span class=text><?php echo xlt('Last Name'); ?>: </span></td><td><input type=entry name=lname id=lname style="width:150px;" class="form-control" value="<?php echo attr($iter["lname"]); ?>"><span class="mandatory"></span></td>
332 <td><span class=text><?php echo xlt('Default Facility'); ?>: </span></td><td><select name=facility_id style="width:150px;" class="form-control">
333 <?php
334 $fres = $facilityService->getAllBillingLocations();
335 if ($fres) {
336 for ($iter2 = 0; $iter2 < sizeof($fres); $iter2++) {
337 $result[$iter2] = $fres[$iter2];
338 }
339
340 foreach ($result as $iter2) {
341 ?>
342 <option value="<?php echo attr($iter2['id']); ?>" <?php if ($iter['facility_id'] == $iter2['id']) {
343 echo "selected";
344 } ?>><?php echo text($iter2['name']); ?></option>
345 <?php
346 }
347 }
348 ?>
349 </select></td>
350 </tr>
351
352 <?php if ($GLOBALS['restrict_user_facility']) { ?>
353 <tr>
354 <td colspan=2>&nbsp;</td>
355 <td><span class=text><?php echo xlt('Schedule Facilities:');?></td>
356 <td>
357 <select name="schedule_facility[]" multiple style="width:150px;" class="form-control">
358 <?php
359 $userFacilities = getUserFacilities($_GET['id']);
360 $ufid = array();
361 foreach ($userFacilities as $uf) {
362 $ufid[] = $uf['id'];
363 }
364
365 $fres = $facilityService->getAllServiceLocations();
366 if ($fres) {
367 foreach ($fres as $frow) :
368 ?>
369 <option <?php echo in_array($frow['id'], $ufid) || $frow['id'] == $iter['facility_id'] ? "selected" : null ?>
370 class="form-control" value="<?php echo attr($frow['id']); ?>"><?php echo text($frow['name']) ?></option>
371 <?php
372 endforeach;
373 }
374 ?>
375 </select>
376 </td>
377 </tr>
378 <?php } ?>
379
380 <TR>
381 <TD><span class=text><?php echo xlt('Federal Tax ID'); ?>: </span></TD><TD><input type=text name=taxid style="width:150px;" class="form-control" value="<?php echo attr($iter["federaltaxid"]); ?>"></td>
382 <TD><span class=text><?php echo xlt('DEA Number'); ?>: </span></TD><TD><input type=text name=drugid style="width:150px;" class="form-control" value="<?php echo attr($iter["federaldrugid"]); ?>"></td>
383 </TR>
384
385 <tr>
386 <td><span class="text"><?php echo xlt('UPIN'); ?>: </span></td><td><input type="text" name="upin" style="width:150px;" class="form-control" value="<?php echo attr($iter["upin"]); ?>"></td>
387 <td class='text'><?php echo xlt('See Authorizations'); ?>: </td>
388 <td><select name="see_auth" style="width:150px;" class="form-control" >
389 <?php
390 foreach (array(1 => xl('None{{Authorization}}'), 2 => xl('Only Mine'), 3 => xl('All')) as $key => $value) {
391 echo " <option value='" . attr($key) . "'";
392 if ($key == $iter['see_auth']) {
393 echo " selected";
394 }
395
396 echo ">" . text($value) . "</option>\n";
397 }
398 ?>
399 </select></td>
400 </tr>
401
402 <tr>
403 <td><span class="text"><?php echo xlt('NPI'); ?>: </span></td><td><input type="text" name="npi" style="width:150px;" class="form-control" value="<?php echo attr($iter["npi"]); ?>"></td>
404 <td><span class="text"><?php echo xlt('Job Description'); ?>: </span></td><td><input type="text" name="job" style="width:150px;" class="form-control" value="<?php echo attr($iter["specialty"]); ?>"></td>
405 </tr>
406
407 <tr>
408 <td><span class="text"><?php echo xlt('Taxonomy'); ?>: </span></td>
409 <td><input type="text" name="taxonomy" style="width:150px;" class="form-control" value="<?php echo attr($iter["taxonomy"]); ?>"></td>
410 <td>&nbsp;</td><td>&nbsp;</td></tr>
411
412 <tr>
413 <td><span class="text"><?php echo xlt('State License Number'); ?>: </span></td>
414 <td><input type="text" name="state_license_number" style="width:150px;" class="form-control" value="<?php echo attr($iter["state_license_number"]); ?>"></td>
415 <td class='text'><?php echo xlt('NewCrop eRX Role'); ?>:</td>
416 <td>
417 <?php echo generate_select_list("erxrole", "newcrop_erx_role", $iter['newcrop_user_role'], '', xl('Select Role'), '', '', '', array('style'=>'width:150px')); ?>
418 </td>
419 </tr>
420 <tr>
421 <td><span class="text"><?php echo xlt('Weno Provider ID'); ?>: </span></td><td><input type="text" name="erxprid" style="width:150px;" class="form-control" value="<?php echo attr($iter["weno_prov_id"]); ?>"></td>
422 </tr>
423
424 <tr>
425 <td><span class="text"><?php echo xlt('Provider Type'); ?>: </span></td>
426 <td><?php echo generate_select_list("physician_type", "physician_type", $iter['physician_type'], '', xl('Select Type'), 'physician_type_class', '', '', ''); ?></td>
427 </tr>
428 <tr>
429 <td>
430 <span class="text"><?php echo xlt('Main Menu Role'); ?>: </span>
431 </td>
432 <td>
433 <?php
434 $menuMain = new MainMenuRole($GLOBALS['kernel']->getEventDispatcher());
435 echo $menuMain->displayMenuRoleSelector($iter["main_menu_role"]);
436 ?>
437 </td>
438 <td>
439 <span class="text"><?php echo xlt('Patient Menu Role'); ?>: </span>
440 </td>
441 <td>
442 <?php
443 $menuPatient = new PatientMenuRole();
444 echo $menuPatient->displayMenuRoleSelector($iter["patient_menu_role"]);
445 ?>
446 </td>
447
448
449 </tr>
450 <?php if ($GLOBALS['inhouse_pharmacy']) { ?>
451 <tr>
452 <td class="text"><?php echo xlt('Default Warehouse'); ?>: </td>
453 <td class='text'>
454 <?php
455 echo generate_select_list(
456 'default_warehouse',
457 'warehouse',
458 $iter['default_warehouse'],
459 ''
460 );
461 ?>
462 </td>
463 <td class="text"><?php echo xlt('Invoice Refno Pool'); ?>: </td>
464 <td class='text'>
465 <?php
466 echo generate_select_list(
467 'irnpool',
468 'irnpool',
469 $iter['irnpool'],
470 xl('Invoice reference number pool, if used')
471 );
472 ?>
473 </td>
474 </tr>
475 <?php } ?>
476
477 <tr>
478 <td class='text'><?php echo xlt('Access Control'); ?>:</td>
479 <td><select id="access_group_id" name="access_group[]" multiple style="width:150px;" class="form-control">
480 <?php
481 // Collect the access control group of user
482 $list_acl_groups = acl_get_group_title_list($is_super_user || $selected_user_is_superuser);
483 $username_acl_groups = acl_get_group_titles($iter["username"]);
484 foreach ($list_acl_groups as $value) {
485 if (($username_acl_groups) && in_array($value, $username_acl_groups)) {
486 // Modified 6-2009 by BM - Translate group name if applicable
487 echo " <option value='" . attr($value) . "' selected>" . text(xl_gacl_group($value)) . "</option>\n";
488 } else {
489 // Modified 6-2009 by BM - Translate group name if applicable
490 echo " <option value='" . attr($value) . "'>" . text(xl_gacl_group($value)) . "</option>\n";
491 }
492 }
493 ?>
494 </select></td>
495 <td><span class=text><?php echo xlt('Additional Info'); ?>:</span></td>
496 <td><textarea style="width:150px;" name="comments" wrap=auto rows=4 cols=25 class="form-control"><?php echo text($iter["info"]); ?></textarea></td>
497
498 </tr>
499 <tr height="20" valign="bottom">
500 <td colspan="4" class="text">
501 <p>*<?php echo xlt('You must enter your own password to change user passwords. Leave blank to keep password unchanged.'); ?></p>
502 <?php
503 if (!$is_super_user && $selected_user_is_superuser) {
504 echo '<p class="redtext">*' . xlt('View mode - only administrator can edit another administrator user') . '.</p>';
505 }
506 ?>
507 <!--
508 Display red alert if entered password matched one of last three passwords/Display red alert if user password was expired and the user was inactivated previously
509 -->
510 <div class="redtext" id="error_message">&nbsp;</div>
511 </td>
512 </tr>
513
514 </table>
515
516 <INPUT TYPE="HIDDEN" NAME="id" VALUE="<?php echo attr($_GET["id"]); ?>">
517 <INPUT TYPE="HIDDEN" NAME="mode" VALUE="update">
518 <INPUT TYPE="HIDDEN" NAME="privatemode" VALUE="user_admin">
519
520 <INPUT TYPE="HIDDEN" NAME="secure_pwd" VALUE="<?php echo attr($GLOBALS['secure_password']); ?>">
521 </FORM>
522 <script language="JavaScript">
523 $(function(){
524 $("#cancel").click(function() {
525 dlgclose();
526 });
527
528 });
529 </script>
530
531 <div class="container">
532
533 </BODY>
534
535 </HTML>
Mirror of official OpenEMR Sourceforge repository