diff --git a/mermsemr/src/shared_tool/providers.cc b/mermsemr/src/shared_tool/providers.cc index d399a28..f76950e 100644 --- a/mermsemr/src/shared_tool/providers.cc +++ b/mermsemr/src/shared_tool/providers.cc @@ -16,6 +16,9 @@ #include "function_members.h" long provider_login(CVars in, CVars &out); +long PracticeLogin(CVars in, CVars &out); +long PracticeSessionCheck(long practice_id, long practice_users_id, const char *sessionid, int create); + long providers_call(CVars in, CVars &out) { long ret = PHP_API_BAD_PARAM; @@ -56,14 +59,14 @@ long providers_call(CVars in, CVars &out) { long provider_login(CVars in, CVars &out) { - long ret = 0; + long ret = -1; try{ REQ_STRING(in, "username", 2, 49, "(.*)"); REQ_STRING(in, "pass", 2, 49, "(.*)"); if ( load_db_record(out, "SELECT p.name AS practice_name,u.*,u.id AS user_id FROM practice_users u LEFT JOIN practice p ON p.id = u.practice_id WHERE u.id = 1 ") > 0 ){ - ret = PHP_LOGIN_OK; + ret = PracticeLogin( in, out ); } @@ -77,3 +80,110 @@ try{ return ret; } + + +long PracticeLogin(CVars in, CVars &out) { + long ret = PHP_API_BAD_PARAM; + + try { + REQ_STRING(in, "username", 2, 49, "(.*)"); + REQ_STRING(in, "pass", 2, 49, "(.*)"); + const char * loc = getenv("REMOTE_ADDR"); + ret = load_db_record(out, "SELECT UPPER( md5( now()::text) ) AS sessionid,m.*,m.*,m.id AS practice_users_id FROM practice_users m \ + WHERE m.status=1 AND LOWER(m.username)=LOWER('%s') AND m.password= md5('%s')", in["username"].c_str(), in["pass"].c_str()); + if (ret && out["practice_users_id"].Long() > 0) { + // remove all existing session + pgsql_exec("DELETE FROM practice_users_session WHERE practice_users_id=%ld ", out["practice_users_id"].Long()); + // Create New Session Now + if (PracticeSessionCheck(out["practice_id"].Long(), out["practice_users_id"].Long(),out["sessionid"].c_str(), 1) > 0) { + + out["stauts"] = "OK"; + /*LOAD THE SESSION INTO OUT now */ + load_db_record(out, "SELECT session FROM practice_users_session WHERE practice_users_id=%lu ORDER BY id DESC LIMIT 1", out["practice_users_id"].Long()); + provider_email_calls(in["action"].Long(), in, out); + //=============================================================================================================================== + pgsql_query("UPDATE practice_users SET last_login = now() WHERE id = %lu", out["practice_users_id"].Long()); + // account_email(ACCOUNT_LOGIN_ALERT,out,out); // ALERT CUSTOMER OF LOGIN + ret = PHP_LOGIN_OK; + } else { + out["status"] = "Practice Session Check Failed"; + } + + } else { + out["status_message"] = "Invalid Username/Password"; + } + + } catch (bad_parameter) { + logfmt(logINFO, "ERROR CALL long PracticeLogin(CVars in, CVars &out)"); + } + return ret; +} + + +long PracticeSessionCheck(long practice_id, long practice_users_id, const char *sessionid, int create) { + logfmt(logINFO, "long PracticeSessionCheck(long uid, const char *sessionid, int create )"); + // Sanity check + + long session_expired_minutes = 15; // load in the global + + + if (practice_users_id < 1 || sessionid == NULL || strlen(sessionid) < 4) { + return -1L; // Invalif parameters + } + logfmt(logINFO, "#######-#########-A"); + // Clean old sessions + if (create == 1) // Clean Previous session by force + { + pgsql_exec("DELETE FROM practice_users_session WHERE practice_user_id=%ld", practice_users_id); + } + logfmt(logINFO, "#######-#########-B"); + + pgsql_exec("DELETE FROM practice_users_session WHERE practice_user_id=%ld AND updated < (now() - interval '%lu minutes')", practice_users_id, session_expired_minutes); + // Update/check existing session + if (create == 0) { + + pgsql_exec("UPDATE practice_users_session SET updated=NOW() WHERE practice_users_id=%ld AND session='%s'", practice_users_id, sessionid); + + const PGresult *res = pgsql_query("SELECT * FROM practice_users_session WHERE practice_users_id=%ld AND session='%s'", practice_users_id, sessionid); + if (res != NULL && pgsql_num_rows(res) > 0) { + logfmt(logINFO, "VALID SESSION *****"); + return 1L; // Session updated + } else { + logfmt(logINFO, "INVALID SESSION *****"); + //INVALID SESSION DETECTED + return -1L; // Invalid parameters + } + + } + + + if (create > 0) { + // Check session i? + const PGresult *res = pgsql_query("SELECT * FROM practice_users_session WHERE practice_user_id=%ld AND session<>'%s'", practice_users_id, sessionid); + if (res != NULL && pgsql_num_rows(res) > 0) { + return -2L; // Active sessions found + } + CVars sess; // Do we have the same session already? + if (load_db_record(sess, "SELECT * FROM practice_users_session WHERE practice_user_id=%lu AND session='%s'", practice_users_id, sessionid) > 0) { + pgsql_exec("UPDATE practice_users_session SET updated=NOW() WHERE practice_user_id=%ld AND session='%s'", practice_users_id, sessionid); + return sess["id"].Long(); + } + // Create a new session + const char * loc = getenv("REMOTE_ADDR"); + sess["loc"] = loc; + sess["loc"].set_valid(true); + sess["practice_id"] = practice_id; + sess["practice_id"].set_valid(true); + sess["practice_user_id"] = practice_users_id; + sess["practice_user_id"].set_valid(true); + sess["session"] = sessionid; + sess["session"].set_valid(true); + long sid = insert_db_record(DBS_VALID, "practice_users_session", "practice_users_session_id_seq", sess); //members_session_id_seq + if (sid > 0) { + return sid; // New session created + } + return -3L; // Failed to create new session + } + logfmt(logINFO, "/long PracticeSessionCheck(long uid, const char *sessionid, int create )"); + return 0L; // No route +}