Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- cLogin ; called by Login.csp
- Validate
- d INIT^CSP999
- #import MX
- s (UserID,UserXS,UserCO,MEN,Mobile,Mobile2)=""
- s IsValid=1
- &sql(SELECT ID,Menu,"Access",SMSOTP,Company->Code,Mobile1,Mobile2 INTO :UserID,:MEN,:UserXS,:SMSOTP,:UserCO,:Mobile,:Mobile2 FROM MX."User" WHERE UserID=:d1 AND %EXACT(Password)=:d2 AND IsNull(Deleted_DelDate,'')='' AND IsNull(Disabled,'')<>1 AND IsNull(IsNurse,'')<>1)
- d ValidatePassword
- s d3=$p(d3,$c(13,10),3)
- i UserID="" d q
- . ; Get the IP Address of the remote machine and log it along with the UserID & Password attempted
- . s LLog=$zdatetime($h,3,1),desc="An unsuccessful attempt to log into the system was detected from "_%request.CgiEnvs("REMOTE_ADDR")_", "_d3_". [User ID] = "_d1_", [Password] = "_d2_"."
- . &sql(INSERT INTO MX.SysLog (DateTime,LogProcess,Name,Description,Type) VALUES (:LLog,'Login','Unsuccessful Login Attempted',:desc,1))
- . &sql(SELECT ID,Company->Code INTO :UserID,:UserCO FROM MX."User" WHERE UserID=:d1)
- . q:UserID=""
- . &sql(INSERT INTO MX.SysLog (DateTime,LogUser,Name,Description,Type) VALUES (:LLog,:UserID,'Unsuccessful Login Attempted',:desc,1))
- ; <unauthenticated user>
- ; TODO: if User.Access=1 (Tied to IP Address) ??
- i SMSOTP'=1,(+UserXS=0!(UserXS=1)) d q
- . s IsValid=1
- . s %session.Data("SessionId")=%session.SessionId
- . s %session.Data("UserID")=UserID
- . s %session.Data("MenuID")=MEN
- . s %session.Data("UserCO")=UserCO
- . s %session.Data("BrowserType")=$replace($replace(d4,"""",""),"'","")
- . s User=##class(MX.User).%OpenId(UserID)
- . s x=User.LastLogIn
- . s photo=User.Photo
- . s %session.Data("LastLogIn")=$s(x="":"",1:$zdatetime($zdatetimeh(x,3,1),ZDATE))
- . s LLog=$zdatetime($h,3,1)
- . s User.LastLogIn=LLog
- . s desc="User "_User.UserID_" logged into the system from "_%request.CgiEnvs("REMOTE_ADDR")_", "_d3_"<br>"_d4
- . s x=User.%Save()
- . s User=""
- . &sql(INSERT INTO MX.SysLog (DateTime,LogUser,Name,Description,Type) VALUES (:LLog,:UserID,'User Login Successful',:desc,1))
- . s %session.Data("UserPhoto")=$s(photo="":"Images/User.gif",$a(photo)=0:"Images/User.gif",1:photo)
- . &js<document.getElementById("divLogin").style.visibility='hidden',document.getElementById("divLoginOTP").style.visibility='hidden',jLogIn()>
- ; <validate via Email>
- s vCode=$random(99999)
- k %session.Data("MXLOGIN")
- s %session.Data("MXLOGIN","UserXS")=vCode
- i +UserXS=2 d
- . s IsValid=1
- . &js<document.getElementById("divLogin").style.visibility="hidden";document.getElementById("divLoginOTP").style.visibility="visible";self.F1.Login3.focus()>
- . d VerifyByEmail^cLogin
- i SMSOTP=1 d
- . s IsValid=1
- . &js<document.getElementById("divLogin").style.visibility="hidden";document.getElementById("divLoginOTP").style.visibility="visible";self.F1.Login3.focus()>
- . d VerifyBySMS^cLogin
- q
- VerifyBySMS
- ;&js<alert("#(vCode)#")>
- q:(Mobile_Mobile2)=""
- s request=##class(%Net.HttpRequest).%New()
- ;s request.Https=1
- ;CE 30-01-2016
- s request.Https=1
- s request.SSLConfiguration="SMS"
- ;end
- s request.Server="rest.nexmo.com"
- s request.Location="sms/xml"
- d request.SetParam("api_key",$p(^INST("nexmo.com"),Q,1))
- d request.SetParam("api_secret",$p(^INST("nexmo.com"),Q,2))
- i Mobile'="" d
- . s request=##class(%Net.HttpRequest).%New()
- . ;s request.Https=1
- . ;CE 30-01-2016
- . s request.Https=1
- . s request.SSLConfiguration="SMS"
- . ;end
- . s request.Server="rest.nexmo.com"
- . s request.Location="sms/xml"
- . d request.SetParam("api_key",$p(^INST("nexmo.com"),Q,1))
- . d request.SetParam("api_secret",$p(^INST("nexmo.com"),Q,2))
- . d request.SetParam("from","12525573225")
- . i $e(Mobile,1,1)'=1 d request.SetParam("from","RiskMx")
- . d request.SetParam("to",Mobile)
- . s text="The following One-Time Password was sent from RiskMx: "_vCode
- . d request.SetParam("text",text)
- . s sc=request.Get("sms/xml",0)
- . s result=request.HttpResponse.Data.ReadLine()
- i Mobile2'="" d
- . s request=##class(%Net.HttpRequest).%New()
- . ;s request.Https=1
- . ;CE 30-01-2016
- . s request.Https=1
- . s request.SSLConfiguration="SMS"
- . ;end
- . s request.Server="rest.nexmo.com"
- . s request.Location="sms/xml"
- . d request.SetParam("api_key",$p(^INST("nexmo.com"),Q,1))
- . d request.SetParam("api_secret",$p(^INST("nexmo.com"),Q,2))
- . d request.SetParam("from","12525573225")
- . i $e(Mobile2,1,1)'=1 d request.SetParam("from","RiskMx")
- . d request.SetParam("to",Mobile2)
- . s text="The following Login One-Time Password was sent from RiskMx: "_vCode
- . d request.SetParam("text",text)
- . s sc=request.Get("sms/xml",0)
- . s result=request.HttpResponse.Data.ReadLine()
- s res=$p($p(result,"<status>",2),"</status>",1)
- q
- VerifyByEmail ; send users a verification email
- ;s %session.Data("Login",ServerNo,No)=mailMsg.From_Q_mailMsg.Date_Q_mailMsg.Subject_Q_attachFile(path and name)
- d INIT^CSP999
- #include %occOptions
- #include %occStatus
- k %session.Data("MXLOGIN")
- n ServerNo,ServerName,UserID,Password,AttachDir,mailserver,status,err,mailMsg,NowDate,NowTime,MsgNo,filename,DeleteFlag
- s ServerNo=1
- s NowDate="",NowTime=""
- s ServerName=$p(^MAIL("O",ServerNo),Q,1)
- s FromMail="otp@riskmx.com"
- s AttachDir=$g(^MAIL("O",ServerNo,"TempDir"))
- i $e(AttachDir,$l(AttachDir),$l(AttachDir))'="\" s AttachDir=AttachDir_"\"
- s mailserver=##class(%Net.SMTP).%New()
- s mailserver.smtpserver="in.mailjet.com" ;$p(^MAIL,Q,1)
- s mailserver.port="25"
- s auth=##class(%Net.Authenticator).%New() ; use default authentication list
- s auth.UserName="658d7c3b9141bfcb0ae232d7c346f2ce" ;$p(^MAIL,Q,2)
- s auth.Password="cc1c37933d8480b632d9957ebed7d676" ;$p(^MAIL,Q,3)
- s mailserver.authenticator=auth
- s mailserver.smtpserver=ServerName
- s mail=##class(%Net.MailMessage).%New()
- ;s FromMail="The Matrix Login Authentication"
- s mail.From=FromMail
- s uid=d1
- s ToMail=""
- s (email1,email2)=""
- &sql(SELECT Email1,Email2 INTO :email1,:email2 FROM MX."User" WHERE USERID=:uid)
- i email2'="" s ToMail=email2 ; send to the office email if available
- i ToMail="",email1'="" s ToMail=email1 ; otherwse use this
- i ToMail="" s IsValid=0 &js<alert("This User Account does not have any email addresses to send the authentication code to!")> q
- d mail.To.Insert(ToMail)
- ; Calling Connect
- s mail.Subject="The Matrix Login Authentication Code"
- s mail.Charset="iso-8859-1"
- s mail.ContentType="text/html"
- s status=mail.TextData.Write("The following Login One-Time Password was sent from RiskMx: "_vCode)
- s status=mail.TextData.Write($char(13,10))
- // Attach a file
- /* currently not used. can be used to send some sort of "physical" authentication if needed
- set status=mail.AttachFile(AttachDir,filename)
- set nestedm=mail.AttachNewMessage()
- */
- s status=mailserver.Send(mail)
- s %session.Data("MXLOGIN","UserXS")=vCode
- i $$$ISERR(status) d $system.OBJ.DisplayError(status)
- q
- AccessMe
- d INIT^CSP999
- s (UserID,UserXS,UserCO)=""
- q:d3=""
- i d3'=$g(%session.Data("MXLOGIN","UserXS"))!(d3="") &js<document.getElementById("AlertText2").innerHTML="Invalid Validation Code, please try again."> q
- ; <repeat the successful login script>
- &sql(SELECT ID,Menu,"Access",Company->Code INTO :UserID,:MEN,:UserXS,:UserCO FROM MX."User" WHERE UserID=:d1 AND Password=:d2 AND IsNull(Deleted_DelDate,'')='' AND IsNull(Disabled,'')<>1)
- s %session.Data("SessionId")=%session.SessionId
- s %session.Data("UserID")=UserID
- s %session.Data("MenuID")=MEN
- s %session.Data("UserCO")=UserCO
- s %session.Data("BrowserType")=$replace($replace(d4,"""",""),"'","")
- s User=##class(MX.User).%OpenId(UserID)
- s x=User.LastLogIn
- s photo=User.Photo
- s %session.Data("LastLogIn")=$s(x="":"",1:$zdatetime($zdatetimeh(x,3,1),ZDATE))
- s LLog=$zdatetime($h,3,1)
- s User.LastLogIn=LLog
- s desc="User "_User.UserID_" logged into the system from "_%request.CgiEnvs("REMOTE_ADDR")_", "_d4_"<br>"_d5
- ;s desc="User "_User.UserID_" logged into the system from "_%request.CgiEnvs("REMOTE_ADDR")_", "_T4
- s x=User.%Save()
- s User=""
- &sql(INSERT INTO MX.SysLog (DateTime,LogUser,Name,Description,Type) VALUES (:LLog,:UserID,'User Login Successful',:desc,1))
- s %session.Data("UserPhoto")=$s(photo="":"Images/User.gif",$a(photo)=0:"Images/User.gif",1:photo)
- &js<document.getElementById("divLogin").style.visibility='hidden',document.getElementById("divLoginOTP").style.visibility='hidden',jLogIn()>
- q
- ValidatePassword
- d INIT^CSP999
- #import MX
- s (UserID,UserXS,UserCO,MEN,Mobile,Mobile2,CreatedDate)=""
- &sql(SELECT ID,CreatedDate,PasswordModDate INTO :UserID,:CreatedDate,:PasswordModDate FROM MX."User" WHERE UserID=:d1 AND %EXACT(Password)=:d2 AND IsNull(Deleted_DelDate,'')='' AND IsNull(Disabled,'')<>1 AND IsNull(IsNurse,'')<>1)
- s dayRegCtr=+$h-CreatedDate
- i UserID'="" d
- .i CreatedDate'="",MOD="" d
- ..s CreatedDate1=CreatedDate+365
- ..i CreatedDate1<=+$h s IsValid=1 &js<document.getElementById("AlertText1").innerHTML="Password Expired!">
- ..i CreatedDate1>=+$h s IsValid=0
- .i MOD'="" d
- ..s CreatedDate1=CreatedDate+365
- ..i CreatedDate1<=+$h s IsValid=1 &js<document.getElementById("AlertText1").innerHTML="Password Expired!">
- ..i CreatedDate1>=+$h s IsValid=0
- q
Add Comment
Please, Sign In to add comment