From fee4dee9618cb169d1656add0f5b01030aae6e4d Mon Sep 17 00:00:00 2001
From: Kevin Yeh <kevinyeh@alum.mit.edu>
Date: Mon, 21 Oct 2013 22:38:02 -0400
Subject: [PATCH] rename password functions for PHP 5.5 compatibility

---
 interface/patient_file/summary/create_portallogin.php |  4 ++--
 library/authentication/common_operations.php          |  6 +++---
 library/authentication/login_operations.php           |  2 +-
 library/authentication/password_change.php            | 14 +++++++-------
 library/authentication/password_hashing.php           |  4 ++--
 library/classes/Installer.class.php                   |  4 ++--
 patients/get_patient_info.php                         | 10 +++++-----
 7 files changed, 22 insertions(+), 22 deletions(-)

diff --git a/interface/patient_file/summary/create_portallogin.php b/interface/patient_file/summary/create_portallogin.php
index d516db16f..e80791211 100644
--- a/interface/patient_file/summary/create_portallogin.php
+++ b/interface/patient_file/summary/create_portallogin.php
@@ -148,9 +148,9 @@ if(isset($_REQUEST['form_save']) && $_REQUEST['form_save']=='SUBMIT'){
     if($portalsite=='on')
     {
         // For onsite portal create a blowfish based hash and salt.
-        $new_salt = password_salt();
+        $new_salt = oemr_password_salt();
         $salt_clause = ",portal_salt=? ";
-        array_push($query_parameters,password_hash($clear_pass,$new_salt),$new_salt);
+        array_push($query_parameters,oemr_password_hash($clear_pass,$new_salt),$new_salt);
     }
     else
     {
diff --git a/library/authentication/common_operations.php b/library/authentication/common_operations.php
index 65fe06537..1d816092a 100644
--- a/library/authentication/common_operations.php
+++ b/library/authentication/common_operations.php
@@ -46,8 +46,8 @@ define("COL_SALT_H2","salt_history2");
 function initializePassword($username,$userid,&$password)
 {
 
-    $salt=password_salt();
-    $hash=password_hash($password,$salt);
+    $salt=oemr_password_salt();
+    $hash=oemr_password_hash($password,$salt);
     $passwordSQL= "INSERT INTO ".TBL_USERS_SECURE.
                   " (".implode(",",array(COL_ID,COL_UNM,COL_PWD,COL_SALT,COL_LU)).")".
                   " VALUES (?,?,?,?,NOW()) ";
@@ -94,7 +94,7 @@ function confirm_user_password($username,&$password)
     $userSecure=privQuery($getUserSecureSQL,array($username));
     if(is_array($userSecure))
     {
-        $phash=password_hash($password,$userSecure[COL_SALT]);
+        $phash=oemr_password_hash($password,$userSecure[COL_SALT]);
         if($phash==$userSecure[COL_PWD])
         {
             
diff --git a/library/authentication/login_operations.php b/library/authentication/login_operations.php
index 78738eb24..00bb35927 100644
--- a/library/authentication/login_operations.php
+++ b/library/authentication/login_operations.php
@@ -43,7 +43,7 @@ function validate_user_password($username,&$password,$provider)
     $userSecure=privQuery($getUserSecureSQL,array($username));
     if(is_array($userSecure))
     {
-        $phash=password_hash($password,$userSecure[COL_SALT]);
+        $phash=oemr_password_hash($password,$userSecure[COL_SALT]);
         if($phash!=$userSecure[COL_PWD])
         {
             
diff --git a/library/authentication/password_change.php b/library/authentication/password_change.php
index f8245f5bc..6677c2393 100644
--- a/library/authentication/password_change.php
+++ b/library/authentication/password_change.php
@@ -86,7 +86,7 @@ function update_password($activeUser,$targetUser,&$currentPwd,&$newPwd,&$errMsg,
             return false;
         }
         // If this user is changing his own password, then confirm that they have the current password correct
-        $hash_current = password_hash($currentPwd,$userInfo[COL_SALT]);
+        $hash_current = oemr_password_hash($currentPwd,$userInfo[COL_SALT]);
         if(($hash_current!=$userInfo[COL_PWD]))
         {
             $errMsg=xl("Incorrect password!");
@@ -100,7 +100,7 @@ function update_password($activeUser,$targetUser,&$currentPwd,&$newPwd,&$errMsg,
                   ." FROM ".TBL_USERS_SECURE
                   ." WHERE ".COL_ID."=?";
         $adminInfo=privQuery($adminSQL,array($activeUser));
-        $hash_admin = password_hash($currentPwd,$adminInfo[COL_SALT]);
+        $hash_admin = oemr_password_hash($currentPwd,$adminInfo[COL_SALT]);
         if($hash_admin!=$adminInfo[COL_PWD])
         {
             $errMsg=xl("Incorrect password!");
@@ -170,9 +170,9 @@ function update_password($activeUser,$targetUser,&$currentPwd,&$newPwd,&$errMsg,
         if($forbid_reuse)
         {
             // password reuse disallowed
-            $hash_current = password_hash($newPwd,$userInfo[COL_SALT]);
-            $hash_history1 = password_hash($newPwd,$userInfo[COL_SALT_H1]);
-            $hash_history2 = password_hash($newPwd,$userInfo[COL_SALT_H2]);
+            $hash_current = oemr_password_hash($newPwd,$userInfo[COL_SALT]);
+            $hash_history1 = oemr_password_hash($newPwd,$userInfo[COL_SALT_H1]);
+            $hash_history2 = oemr_password_hash($newPwd,$userInfo[COL_SALT_H2]);
             if(($hash_current==$userInfo[COL_PWD]) 
                 ||($hash_history1==$userInfo[COL_PWD_H1]) 
                 || ($hash_history2==$userInfo[COL_PWD_H2]))
@@ -183,8 +183,8 @@ function update_password($activeUser,$targetUser,&$currentPwd,&$newPwd,&$errMsg,
         }
         
         // Everything checks out at this point, so update the password record
-        $newSalt = password_salt();
-        $newHash = password_hash($newPwd,$newSalt);
+        $newSalt = oemr_password_salt();
+        $newHash = oemr_password_hash($newPwd,$newSalt);
         $updateParams=array();
         $updateSQL= "UPDATE ".TBL_USERS_SECURE;
         $updateSQL.=" SET ".COL_PWD."=?,".COL_SALT."=?"; array_push($updateParams,$newHash); array_push($updateParams,$newSalt);
diff --git a/library/authentication/password_hashing.php b/library/authentication/password_hashing.php
index 9a3141148..7bf752246 100644
--- a/library/authentication/password_hashing.php
+++ b/library/authentication/password_hashing.php
@@ -46,7 +46,7 @@ define("SALT_PREFIX_SHA1",'$SHA1$');
  * 
  * @return type     The algorithm prefix + random data for salt.
  */
-function password_salt()
+function oemr_password_salt()
 {
     $Allowed_Chars ='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789./';
     $Chars_Len = 63;
@@ -90,7 +90,7 @@ function password_salt()
  * @param type $salt
  * @return type
  */
-function password_hash($plaintext,$salt)
+function oemr_password_hash($plaintext,$salt)
 {
     // if this is a SHA1 salt, the use prepended salt
     if(strpos($salt,SALT_PREFIX_SHA1)===0)
diff --git a/library/classes/Installer.class.php b/library/classes/Installer.class.php
index 38cc62152..d255473aa 100644
--- a/library/classes/Installer.class.php
+++ b/library/classes/Installer.class.php
@@ -218,8 +218,8 @@ class Installer
       return FALSE;
     }
     $password_hash = "NoLongerUsed";  // This is the value to insert into the password column in the "users" table. password details are now being stored in users_secure instead.
-    $salt=password_salt();     // Uses the functions defined in library/authentication/password_hashing.php
-    $hash=password_hash($this->iuserpass,$salt);
+    $salt=oemr_password_salt();     // Uses the functions defined in library/authentication/password_hashing.php
+    $hash=oemr_password_hash($this->iuserpass,$salt);
     if ($this->execute_sql("INSERT INTO users (id, username, password, authorized, lname, fname, facility_id, calendar, cal_ui) VALUES (1,'$this->iuser','$password_hash',1,'$this->iuname','$this->iufname',3,1,3)") == FALSE) {
       $this->error_message = "ERROR. Unable to add initial user\n" .
         "<p>".mysql_error()." (#".mysql_errno().")\n";
diff --git a/patients/get_patient_info.php b/patients/get_patient_info.php
index f8bb90a1c..8128390a0 100644
--- a/patients/get_patient_info.php
+++ b/patients/get_patient_info.php
@@ -89,8 +89,8 @@
                     header('Location: '.$landingpage.'&w');
                     exit;                        
                 }
-                $new_salt=password_salt();
-                $new_hash=password_hash($plain_code,$new_salt);
+                $new_salt=oemr_password_salt();
+                $new_hash=oemr_password_hash($plain_code,$new_salt);
                 $sqlUpdatePwd= " UPDATE " . TBL_PAT_ACC_ON
                               ." SET " .COL_POR_PWD."=?, "
                               . COL_POR_SALT . "=? "
@@ -98,7 +98,7 @@
                 privStatement($sqlUpdatePwd,array($new_hash,$new_salt,$auth[COL_ID]));   
             }
             else {
-                if(password_hash($plain_code,$auth[COL_POR_SALT])!=$auth[COL_POR_PWD])
+                if(oemr_password_hash($plain_code,$auth[COL_POR_SALT])!=$auth[COL_POR_PWD])
                 {
                     session_destroy();
                     header('Location: '.$landingpage.'&w');
@@ -138,8 +138,8 @@
                 $code_new=$_POST['pass_new'];
                 $code_new_confirm=$_POST['pass_new_confirm'];
                 if(!(empty($_POST['pass_new'])) && !(empty($_POST['pass_new_confirm'])) && ($code_new == $code_new_confirm)) {
-                $new_salt=password_salt();
-                $new_hash=password_hash($code_new,$new_salt);
+                $new_salt=oemr_password_salt();
+                $new_hash=oemr_password_hash($code_new,$new_salt);
 
                 // Update the password and continue (patient is authorized)
                 privStatement("UPDATE ".TBL_PAT_ACC_ON
-- 
2.11.4.GIT