prepare($sql);
error_log("#query :" . $sql);
// echo "query:". $sql;
$query->bindParam(':usname', $username, PDO::PARAM_STR);
// echo "binding params:: username:".$username." param str:".PARAM_STR;
$query->execute();
$results = $query->fetch(PDO::FETCH_OBJ);
$currentDate = new DateTime();
$c_time = $currentDate->format('Y-m-d H:i:s');
// login check query
$ipaddress = null;
if (!empty($_SERVER['HTTP_CLIENT_IP'])) {
// ip from share internet
$ipaddress = $_SERVER['HTTP_CLIENT_IP'];
} elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
// ip pass from proxy
$ipaddress = $_SERVER['HTTP_X_FORWARDED_FOR'];
} else {
$ipaddress = $_SERVER['REMOTE_ADDR'];
}
$is_success = 0;
$id_session = $_SESSION['csrf_Token'];
$err_reason = "";
$logout_time = "";
$sn_log = 0;
if(!isset($_SESSION['__SSOAuthenticated_username'])){//No Lock if SSO User
$log_time_query = "select * from login_check where user_id='$username' AND login_time ";
$rs_log = "select sn_log from login_check";
if (!$r_log = @mysqli_query($conn, $rs_log)) {
error_log("I am here" . __LINE__ . " MySQL Error:" . mysqli_error($conn));
exit(mysqli_error($conn));
}
if (mysqli_num_rows($r_log) > 0) {
error_log("I am here" . __LINE__);
while ($row_log = mysqli_fetch_array($r_log)) {
error_log("I am here" . __LINE__);
$sn_log = $row_log['sn_log'];
}
}
$sn_log++;
$success_check = 0;
$log_time_query = "select * from login_check where user_id='$username' AND is_success=0";
if (!$r_log = @mysqli_query($conn, $log_time_query)) {
error_log("I am here" . __LINE__ . " MySQL Error:" . mysqli_error($conn));
exit(mysqli_error($conn));
}
if (mysqli_num_rows($r_log) > 0) {
error_log("I am here" . __LINE__);
$end = new DateTime();
while ($row_log = mysqli_fetch_array($r_log)) {
error_log("I am here" . __LINE__);
"
" . $start = $row_log['login_time'] . "";
$start = new DateTime($start);
$diff = $end->diff($start);
$days = $diff->format('%a');
$hours = $diff->format('%h');
$minutes = $diff->format('%i');
"
" . $diffInMinutes = $days * 24 * 60 + $hours * 60 + $minutes;
if ($diffInMinutes < 30) {
error_log("I am here" . __LINE__);
$success_check++;
} else {
error_log("I am here" . __LINE__);
$success_check = 0;
}
}
}
}//No Lock if SSO User end+
$log_check_query = "insert into login_check set sn_log='$sn_log',ip_address='$ipaddress',user_id='$username',u_password='$password' ";
if (!isset($_SESSION['__SSOAuthenticated_username']) && $success_check >= 5) {
error_log("I am here" . __LINE__);
$err_reason = "tryed more than 5 times";
$log_check_query = $log_check_query . ", is_success='$is_success' , id_session='$id_session',err_reason='$err_reason' ,logout_time='$logout_time' ";
if (!$login_check = @mysqli_query($conn, $log_check_query)) {
error_log("I am here" . __LINE__ . " MySQL Error:" . mysqli_error($conn) . " Query:" . $log_check_query);
exit(mysqli_error($conn));
} else {
error_log("I am here" . __LINE__);
$user_name = strtoupper($username);
$set_status = 2;
$status_change_query = "update tbl_users set status='" . $set_status . "' where user_name='" . $user_name . "' ";
error_log($status_change_query);
if (!$status_update_tbl = @mysqli_query($conn, $status_change_query)) {
error_log("I am here" . __LINE__ . " MySQL Error:" . mysqli_error($conn));
exit(mysqli_error($conn));
echo "";
} else {
error_log("I am here" . __LINE__);
echo " updated ";
}
echo "";
}
}
// error_log("#DATA" . print_r($results, true));
// // $query->rowCount();
// error_log("#count" . print_r($query->rowCount(), true));
// // echo $query->rowCount();
if ($query->rowCount() > 0) {
error_log("I am here" . __LINE__);
$fetchpassword = hash('sha256', $results->user_password);
error_log("#DB_PASSWORD: " . $fetchpassword);
error_log("#user_PASSWORD: " . $saltedpasswrd);
// // foreach ($results as $result)
// {
// //print_r($fetchpassword);
// // hashing for stored password
// // $storedpass= hash('sha256',$fetchpassword);
// }
// You can configure your cost value according to your server configuration.By Default value is 10.
$options = [
'cost' => 12
];
// Hashing of the post password
// $hash= password_hash($storedpass,PASSWORD_DEFAULT, $options);
// $hash= password_hash($saltedpasswrd,PASSWORD_DEFAULT, $options);
// echo $hash1;
// Verifying Post password againt stored password
// echo "
".$saltedpasswrd;
if ($saltedpasswrd === $fetchpassword || ( isset($_SESSION['__SSOAuthenticated_username']) && isset($results->user_name))){
error_log("Passwords Matched. I am here" . __LINE__);
// echo "welcome";
// $_SESSION['userlogin'] = $username;
error_log("status:" . $results->status);
if ($results->status == '1') {
error_log("I am here" . __LINE__);
$_SESSION['user_id'] = $results->user_id;
$id_session = $_SESSION['csrf_Token'];
$user_id_new = $results->user_id;
$_SESSION['username'] = $results->user_name;
$_SESSION['firstname'] = $results->first_name;
error_log("firstname:" . $results->first_name);
$_SESSION['lastname'] = $results->last_name;
$_SESSION['userpassword'] = $results->user_password;
// $_SESSION['RoleId'] = $results->role_id;
$_SESSION['RoleCode'] = $results->role_code;
$_SESSION['role_home_page'] = $results->role_home_page;
$_SESSION['logged_user_empid'] = $results->emp_id;
error_log("emp_id:" . $results->emp_id);
$menu_id = $results->menu_id;
// $s = $row['menu_url'];
$ohcTypes = $results->ohc_type;
$userRoles = $results->role_id;
// login check query
$is_success = 1;
$id_session = $_SESSION['csrf_Token'];
$log_check_query = $log_check_query . ", is_success='$is_success' , id_session='$id_session',err_reason='$err_reason' ,logout_time='$logout_time' ";
if (!$login_check = @mysqli_query($conn, $log_check_query)) {
error_log("I am here" . __LINE__ . " MySQL Error:" . mysqli_error($conn) . ". Failing Query:" . $log_check_query);
exit(mysqli_error($conn));
} else {
//echo "";
}
if (isset($ohcTypes) && strlen($ohcTypes) > 0) {
$ohc_arr = explode(",", $ohcTypes);
if (sizeOf($ohc_arr) > 1) {
$_SESSION['ohctypes'] = $ohcTypes;
echo "";
} else if (sizeOf($ohc_arr) == 1) {
$_SESSION['current_ohcttype'] = $ohc_arr[0];
}
}
$userRoles = $results->role_id;
if (isset($userRoles) && strlen($userRoles) > 0) {
$role_arr = explode(",", $userRoles);
if (sizeOf($role_arr) > 1) {
$_SESSION['roleids'] = $userRoles;
//echo "";
echo "";
} else if (sizeOf($role_arr) == 1) {
$_SESSION['RoleId'] = $role_arr[0];
if (sizeOf($ohc_arr) > 1) {
echo "";
}
}
}
if (isset($_SESSION['role_home_page']) && sizeOf($_SESSION['role_home_page']) > 0) {
// echo $_SESSION['role_home_page'];
echo "";
// echo "";
} else {
echo "";
}
}else{
//even patient record is not found.
//redirect to error page asking for user to connect OHC Team for registration.
error_log(" patient record is not found. Patient Id: " . $id);
}
//end SSO patient only login
} else {
$err_reason = "You are barred to use this application";
$msg = 'You are barred to use this application';
echo "";
}
//echo "";
} else if (isset($_SESSION['__SSOAuthenticated_username'])){
//to allow SSO Employee Users for whom specific role setup is not in place but still can access as Patient their individual records.
$patient_id = getFieldFromTable('id', 'patient_master', 'offiial_email_id', $_SESSION['__SSOAuthenticated_username'] );
if(isset($patient_id)){
//atleast patient record must be found for a patient to access the software.
error_log("atleast patient record is found. Patient Id: " . $patient_id);
$sql_emp = "select * from patient_master where id ='".$patient_id."' ";
$query_emp = $dbh->prepare($sql_emp);
error_log("#query_emp :" . $sql_emp);
$query_emp->execute();
$result_emp = $query_emp->fetch(PDO::FETCH_OBJ);
//Fix role to employee only when only patient .. no user.
$sql_role = "select * from role_master where role_code ='EMP' ";
$query_role = $dbh->prepare($sql_role);
error_log("#query_role :" . $sql_role);
$query_role->execute();
$result_role = $query_role->fetch(PDO::FETCH_OBJ);
$_SESSION['RoleCode'] = $result_role->role_code;
$_SESSION['role_home_page'] = $result_role->role_home_page;
$_SESSION['logged_user_empid'] = $patient_id;
$_SESSION['RoleId'] = $result_role->role_id;
//Patients can be assigned only one OHC if not OHC staff member as well.
$_SESSION['current_ohcttype'] = $result_emp->ohc_type_id;
//Menu id field is required to ensure the user is not accessing unauthenticated pages.
$menu_id = getFieldFromTable('menu_id', 'menu_master', 'menu_url',$result_role->role_home_page );
$_SESSION['username'] = $result_emp->offiial_email_id;
$_SESSION['firstname'] = $result_emp->first_name;
error_log("firstname:" . $result_emp->first_name);
$_SESSION['lastname'] = $result_emp->last_name;
error_log("redirecting to". $_SESSION['role_home_page']);
echo "";
} else {
$err_reason = "SSO User. No Patient Record Found for ".$_SESSION['__SSOAuthenticated_username'];
$msg = "Unidentified user. Please connect your IT/OHC team for getting yourself registered";
error_log($err_reason);
echo "";
}
} else {
$err_reason = "No Record Found and its not sso user";
$msg = "User name or Wrong password";
error_log($err_reason);
echo "";
}
$id_session = $_SESSION['csrf_Token'];
$log_check_query = $log_check_query;
if (!$login_check = @mysqli_query($conn, $log_check_query)) {
error_log("I am here" . __LINE__ . " MySQL Error:" . mysqli_error($conn) . ". Failing Query:" . $log_check_query);
exit(mysqli_error($conn));
echo "";
} else {
echo "";
}
}
} else {
$msg = 'Login failure !!!';
echo "";
// echo "";
}
}
?>
Environment, Health, and Safety System
$msg";
} else {
echo "
Sign in to Enter
";
}
?>
Alert! Your support will end on .Please get your
subscription renewed.
$due_date) { ?>
Alert! Your support has ended on .Please get your
subscription renewed as soon as possible.