PageRenderTime 54ms CodeModel.GetById 25ms RepoModel.GetById 0ms app.codeStats 0ms

/patients/index.php

https://github.com/HanPH/openemr
PHP | 224 lines | 183 code | 26 blank | 15 comment | 24 complexity | b62bbc50894badc9688ac13c7756546a MD5 | raw file
    

  1. <?php
    2. 

  2.  // Copyright (C) 2011 Cassian LUP <cassi.lup@gmail.com>
    3. 

  3.  //
    4. 

  4.  // This program is free software; you can redistribute it and/or
    5. 

  5.  // modify it under the terms of the GNU General Public License
    6. 

  6.  // as published by the Free Software Foundation; either version 2
    7. 

  7.  // of the License, or (at your option) any later version.
    8. 

  8. 

  9.     //setting the session & other config options
    10. 

  10.     session_start();
    11. 

  11. 

  12.     //don't require standard openemr authorization in globals.php
    13. 

  13.     $ignoreAuth = 1;
    14. 

  14. 

  15.     //SANITIZE ALL ESCAPES
    16. 

  16.     $fake_register_globals=false;
    17. 

  17. 

  18.     //STOP FAKE REGISTER GLOBALS
    19. 

  19.     $sanitize_all_escapes=true;
    20. 

  20. 

  21.     //includes
    22. 

  22.     require_once('../interface/globals.php');
    23. 

  23.     require_once("$srcdir/sha1.js");
    24. 

  24.     // 
    25. 

  25. 

  26.     //exit if portal is turned off
    27. 

  27.     if ( !(isset($GLOBALS['portal_onsite_enable'])) || !($GLOBALS['portal_onsite_enable']) ) {
    28. 

  28.       echo htmlspecialchars( xl('Patient Portal is turned off'), ENT_NOQUOTES);
    29. 

  29.       exit;
    30. 

  30.     }
    31. 

  31. 

  32.     // security measure -- will check on next page.
    33. 

  33.     $_SESSION['itsme'] = 1;
    34. 

  34.     // 
    35. 

  35. ?>
    36. 

  36. 

  37. <html>
    38. 

  38. <head>
    39. 

  39.     <title><?php echo htmlspecialchars( xl('Patient Portal Login'), ENT_NOQUOTES); ?></title>
    40. 

  40. 

  41.     <script type="text/javascript" src="../library/js/jquery-1.5.js"></script>
    42. 

  42.     <script type="text/javascript" src="../library/js/jquery.gritter.min.js"></script>
    43. 

  43. 

  44.     <link rel="stylesheet" type="text/css" href="css/jquery.gritter.css" />
    45. 

  45.     <link rel="stylesheet" type="text/css" href="css/base.css" />
    46. 

  46. 

  47.     <script type="text/javascript">
    48. 

  48.         function process() {
    49. 

  49.             
    50. 

  50.             if (!(validate())) {
    51. 

  51.                 alert ('<?php echo addslashes( xl('Field(s) are missing!') ); ?>');
    52. 

  52.                 return false;
    53. 

  53.             }
    54. 

  54.             document.getElementById('code').value = SHA1(document.getElementById('pass').value);
    55. 

  55.             document.getElementById('pass').value='';
    56. 

  56.         }
    57. 

  57. 	function validate() {
    58. 

  58.             var pass=true;            
    59. 

  59. 	    if (document.getElementById('uname').value == "") {
    60. 

  60. 		document.getElementById('uname').style.border = "1px solid red";
    61. 

  61.                 pass=false;
    62. 

  62. 	    }
    63. 

  63. 	    if (document.getElementById('pass').value == "") {
    64. 

  64. 		document.getElementById('pass').style.border = "1px solid red";
    65. 

  65.                 pass=false;
    66. 

  66. 	    }
    67. 

  67.             return pass;
    68. 

  68. 	}
    69. 

  69.         function process_new_pass() {
    70. 

  70. 

  71.             if (!(validate_new_pass())) {
    72. 

  72.                 alert ('<?php echo addslashes( xl('Field(s) are missing!') ); ?>');
    73. 

  73.                 return false;
    74. 

  74.             }
    75. 

  75.             if (document.getElementById('pass_new').value != document.getElementById('pass_new_confirm').value) {
    76. 

  76.                 alert ('<?php echo addslashes( xl('The new password fields are not the same.') ); ?>');
    77. 

  77.                 return false;
    78. 

  78.             }
    79. 

  79.             if (document.getElementById('pass').value == document.getElementById('pass_new').value) {
    80. 

  80.                 alert ('<?php echo addslashes( xl('The new password can not be the same as the current password.') ); ?>');
    81. 

  81.                 return false;
    82. 

  82.             }
    83. 

  83.             document.getElementById('code').value = SHA1(document.getElementById('pass').value);
    84. 

  84.             document.getElementById('pass').value='';
    85. 

  85.             document.getElementById('code_new').value = SHA1(document.getElementById('pass_new').value);
    86. 

  86.             document.getElementById('pass_new').value='';
    87. 

  87.             document.getElementById('code_new_confirm').value = SHA1(document.getElementById('pass_new_confirm').value);
    88. 

  88.             document.getElementById('pass_new_confirm').value='';
    89. 

  89.         }
    90. 

  90.         function validate_new_pass() {
    91. 

  91.             var pass=true;
    92. 

  92.             if (document.getElementById('uname').value == "") {
    93. 

  93.                 document.getElementById('uname').style.border = "1px solid red";
    94. 

  94.                 pass=false;
    95. 

  95.             }
    96. 

  96.             if (document.getElementById('pass').value == "") {
    97. 

  97.                 document.getElementById('pass').style.border = "1px solid red";
    98. 

  98.                 pass=false;
    99. 

  99.             }
    100. 

  100.             if (document.getElementById('pass_new').value == "") {
    101. 

  101.                 document.getElementById('pass_new').style.border = "1px solid red";
    102. 

  102.                 pass=false;
    103. 

  103.             }
    104. 

  104.             if (document.getElementById('pass_new_confirm').value == "") {
    105. 

  105.                 document.getElementById('pass_new_confirm').style.border = "1px solid red";
    106. 

  106.                 pass=false;
    107. 

  107.             }
    108. 

  108.             return pass;
    109. 

  109.         }
    110. 

  110.     </script>
    111. 

  111.     <style type="text/css">
    112. 

  112. 	body {
    113. 

  113. 	    font-family: sans-serif;
    114. 

  114. 	    background-color: #638fd0;
    115. 

  115. 	    
    116. 

  116. 	    background: -webkit-radial-gradient(circle, white, #638fd0);
    117. 

  117. 	    background: -moz-radial-gradient(circle, white, #638fd0);
    118. 

  118. 	}
    119. 

  119. 

  120.     </style>
    121. 

  121.     
    122. 

  122.     
    123. 

  123. </head>
    124. 

  124. <body>
    125. 

  125. <br><br>
    126. 

  126.     <center>
    127. 

  127. 

  128.     <?php if (isset($_SESSION['password_update'])) { ?>
    129. 

  129.       <div id="wrapper" class="centerwrapper">
    130. 

  130.         <h2 class="title"><?php echo htmlspecialchars( xl('Please Enter a New Password'), ENT_NOQUOTES); ?></h2>
    131. 

  131.         <form action="get_patient_info.php" method="POST" onsubmit="return process_new_pass()" >
    132. 

  132.             <table>
    133. 

  133.                 <tr>
    134. 

  134.                     <td class="algnRight"><?php echo htmlspecialchars( xl('User Name'), ENT_NOQUOTES); ?></td>
    135. 

  135.                     <td><input name="uname" id="uname" type="text" /></td>
    136. 

  136.                 </tr>
    137. 

  137.                 <tr>
    138. 

  138.                     <td class="algnRight"><?php echo htmlspecialchars( xl('Current Password'), ENT_NOQUOTES);?></>
    139. 

  139.                     <td>
    140. 

  140.                         <input name="pass" id="pass" type="password" />
    141. 

  141.                         <input type="hidden" id="code" name="code" type="hidden" />
    142. 

  142.                     </td>
    143. 

  143.                 </tr>
    144. 

  144.                 <tr>
    145. 

  145.                     <td class="algnRight"><?php echo htmlspecialchars( xl('New Password'), ENT_NOQUOTES);?></>
    146. 

  146.                     <td>
    147. 

  147.                         <input name="pass_new" id="pass_new" type="password" />
    148. 

  148.                         <input type="hidden" id="code_new" name="code_new" type="hidden" />
    149. 

  149.                     </td>
    150. 

  150.                 </tr>
    151. 

  151.                 <tr>
    152. 

  152.                     <td class="algnRight"><?php echo htmlspecialchars( xl('Confirm New Password'), ENT_NOQUOTES);?></>
    153. 

  153.                     <td>
    154. 

  154.                         <input name="pass_new_confirm" id="pass_new_confirm" type="password" />
    155. 

  155.                         <input type="hidden" id="code_new_confirm" name="code_new_confirm" type="hidden" />
    156. 

  156.                     </td>
    157. 

  157.                 </tr>
    158. 

  158.                 <tr>
    159. 

  159.                     <td colspan=2><br><center><input type="submit" value="<?php echo htmlspecialchars( xl('Log In'), ENT_QUOTES);?>" /></center></td>
    160. 

  160.                 </tr>
    161. 

  161.             </table>
    162. 

  162.         </form>
    163. 

  163. 

  164.         <div class="copyright"><?php echo htmlspecialchars( xl('Powered by'), ENT_NOQUOTES);?> <a href="../../">OpenEMR</a></div>
    165. 

  165.       </div>
    166. 

  166.     <?php } else { ?>
    167. 

  167.       <div id="wrapper" class="centerwrapper">
    168. 

  168. 	<h2 class="title"><?php echo htmlspecialchars( xl('Patient Portal Login'), ENT_NOQUOTES); ?></h2>
    169. 

  169. 	<form action="get_patient_info.php" method="POST" onsubmit="return process()" >
    170. 

  170. 	    <table>
    171. 

  171. 		<tr>
    172. 

  172. 		    <td class="algnRight"><?php echo htmlspecialchars( xl('User Name'), ENT_NOQUOTES); ?></td>
    173. 

  173. 		    <td><input name="uname" id="uname" type="text" /></td>
    174. 

  174. 		</tr>
    175. 

  175. 		<tr>
    176. 

  176. 		    <td class="algnRight"><?php echo htmlspecialchars( xl('Password'), ENT_NOQUOTES);?></>
    177. 

  177. 		    <td>
    178. 

  178. 			<input name="pass" id="pass" type="password" />
    179. 

  179. 			<input type="hidden" id="code" name="code" type="hidden" />
    180. 

  180. 		    </td>
    181. 

  181. 		</tr>
    182. 

  182. 		<tr>
    183. 

  183. 		    <td colspan=2><br><center><input type="submit" value="<?php echo htmlspecialchars( xl('Log In'), ENT_QUOTES);?>" /></center></td>
    184. 

  184. 		</tr>
    185. 

  185. 	    </table>
    186. 

  186. 	</form>
    187. 

  187.     
    188. 

  188.         <div class="copyright"><?php echo htmlspecialchars( xl('Powered by'), ENT_NOQUOTES);?> <a href="../../">OpenEMR</a></div>
    189. 

  189.       </div>
    190. 

  190.     <?php } ?>
    191. 

  191. 

  192.     </center>
    193. 

  193. 

  194. <script type="text/javascript">
    195. 

  195.       $(document).ready(function() {
    196. 

  196. 

  197. <?php // if something went wrong
    198. 

  198.      if (isset($_GET['w'])) { ?>    
    199. 

  199. 	var unique_id = $.gritter.add({
    200. 

  200. 	    title: '<span class="red"><?php echo htmlspecialchars( xl('Oops!'), ENT_QUOTES);?></span>',
    201. 

  201. 	    text: '<?php echo htmlspecialchars( xl('Something went wrong. Please try again.', ENT_QUOTES)); ?>',
    202. 

  202. 	    sticky: false,
    203. 

  203. 	    time: '5000',
    204. 

  204. 	    class_name: 'my-nonsticky-class'
    205. 

  205. 	});    
    206. 

  206. <?php } ?>
    207. 

  207. 

  208. <?php // if successfully logged out
    209. 

  209.      if (isset($_GET['logout'])) { ?>    
    210. 

  210. 	var unique_id = $.gritter.add({
    211. 

  211. 	    title: '<span class="green"><?php echo htmlspecialchars( xl('Success'), ENT_QUOTES);?></span>',
    212. 

  212. 	    text: '<?php echo htmlspecialchars( xl('You have been successfully logged out.'), ENT_QUOTES);?>',
    213. 

  213. 	    sticky: false,
    214. 

  214. 	    time: '5000',
    215. 

  215. 	    class_name: 'my-nonsticky-class'
    216. 

  216. 	});    
    217. 

  217. <?php } ?>
    218. 

  218. 	return false;
    219. 

  219.     
    220. 

  220.     });
    221. 

  221. </script>
    222. 

  222. 

  223. </body>
    224. 

  224. </html>
    225. 

  225.