cLogin

1. cLogin ; called by Login.csp
2. Validate
3. d INIT^CSP999
4. #import MX
5. s (UserID,UserXS,UserCO,MEN,Mobile,Mobile2)=""
6. s IsValid=1
7. &sql(SELECT ID,Menu,"Access",SMSOTP,Company->Code,Mobile1,Mobile2 INTO :UserID,:MEN,:UserXS,:SMSOTP,:UserCO,:Mobile,:Mobile2 FROM MX."User" WHERE UserID=:d1 AND %EXACT(Password)=:d2 AND IsNull(Deleted_DelDate,'')='' AND IsNull(Disabled,'')<>1 AND IsNull(IsNurse,'')<>1)
8. d ValidatePassword
9. s d3=$p(d3,$c(13,10),3)
10. i UserID="" d q
11. . ; Get the IP Address of the remote machine and log it along with the UserID & Password attempted
12. . s LLog=$zdatetime($h,3,1),desc="An unsuccessful attempt to log into the system was detected from "_%request.CgiEnvs("REMOTE_ADDR")_", "_d3_". [User ID] = "_d1_", [Password] = "_d2_"."
13. . &sql(INSERT INTO MX.SysLog (DateTime,LogProcess,Name,Description,Type) VALUES (:LLog,'Login','Unsuccessful Login Attempted',:desc,1))
14. . &sql(SELECT ID,Company->Code INTO :UserID,:UserCO FROM MX."User" WHERE UserID=:d1)
15. . q:UserID=""
16. . &sql(INSERT INTO MX.SysLog (DateTime,LogUser,Name,Description,Type) VALUES (:LLog,:UserID,'Unsuccessful Login Attempted',:desc,1))
17.  
18. ; <unauthenticated user>
19. ; TODO: if User.Access=1 (Tied to IP Address) ??
20. i SMSOTP'=1,(+UserXS=0!(UserXS=1)) d q
21. . s IsValid=1
22. . s %session.Data("SessionId")=%session.SessionId
23. . s %session.Data("UserID")=UserID
24. . s %session.Data("MenuID")=MEN
25. . s %session.Data("UserCO")=UserCO
26. . s %session.Data("BrowserType")=$replace($replace(d4,"""",""),"'","")
27. . s User=##class(MX.User).%OpenId(UserID)
28. . s x=User.LastLogIn
29. . s photo=User.Photo
30. . s %session.Data("LastLogIn")=$s(x="":"",1:$zdatetime($zdatetimeh(x,3,1),ZDATE))
31. . s LLog=$zdatetime($h,3,1)
32. . s User.LastLogIn=LLog
33. . s desc="User "_User.UserID_" logged into the system from "_%request.CgiEnvs("REMOTE_ADDR")_", "_d3_"<br>"_d4
34. . s x=User.%Save()
35. . s User=""
36. . &sql(INSERT INTO MX.SysLog (DateTime,LogUser,Name,Description,Type) VALUES (:LLog,:UserID,'User Login Successful',:desc,1))
37. . s %session.Data("UserPhoto")=$s(photo="":"Images/User.gif",$a(photo)=0:"Images/User.gif",1:photo)
38. . &js<document.getElementById("divLogin").style.visibility='hidden',document.getElementById("divLoginOTP").style.visibility='hidden',jLogIn()>
39. ; <validate via Email>
40.  
41. s vCode=$random(99999)
42. k %session.Data("MXLOGIN")
43. s %session.Data("MXLOGIN","UserXS")=vCode
44. i +UserXS=2 d
45. . s IsValid=1
46. . &js<document.getElementById("divLogin").style.visibility="hidden";document.getElementById("divLoginOTP").style.visibility="visible";self.F1.Login3.focus()>
47. . d VerifyByEmail^cLogin
48. i SMSOTP=1 d
49. . s IsValid=1
50. . &js<document.getElementById("divLogin").style.visibility="hidden";document.getElementById("divLoginOTP").style.visibility="visible";self.F1.Login3.focus()>
51. . d VerifyBySMS^cLogin
52. q
53.  
54. VerifyBySMS
55. ;&js<alert("#(vCode)#")>
56. q:(Mobile_Mobile2)=""
57. s request=##class(%Net.HttpRequest).%New()
58. ;s request.Https=1
59. ;CE 30-01-2016
60. s request.Https=1
61. s request.SSLConfiguration="SMS"
62. ;end
63. s request.Server="rest.nexmo.com"
64. s request.Location="sms/xml"
65. d request.SetParam("api_key",$p(^INST("nexmo.com"),Q,1))
66. d request.SetParam("api_secret",$p(^INST("nexmo.com"),Q,2))
67.  
68. i Mobile'="" d
69. . s request=##class(%Net.HttpRequest).%New()
70. . ;s request.Https=1
71. . ;CE 30-01-2016
72. . s request.Https=1
73. . s request.SSLConfiguration="SMS"
74. . ;end
75. . s request.Server="rest.nexmo.com"
76. . s request.Location="sms/xml"
77. . d request.SetParam("api_key",$p(^INST("nexmo.com"),Q,1))
78. . d request.SetParam("api_secret",$p(^INST("nexmo.com"),Q,2))
79. . d request.SetParam("from","12525573225")
80. . i $e(Mobile,1,1)'=1 d request.SetParam("from","RiskMx")
81. . d request.SetParam("to",Mobile)
82. . s text="The following One-Time Password was sent from RiskMx: "_vCode
83. . d request.SetParam("text",text)
84. . s sc=request.Get("sms/xml",0)
85. . s result=request.HttpResponse.Data.ReadLine()
86.  
87. i Mobile2'="" d
88. . s request=##class(%Net.HttpRequest).%New()
89. . ;s request.Https=1
90. . ;CE 30-01-2016
91. . s request.Https=1
92. . s request.SSLConfiguration="SMS"
93. . ;end
94. . s request.Server="rest.nexmo.com"
95. . s request.Location="sms/xml"
96. . d request.SetParam("api_key",$p(^INST("nexmo.com"),Q,1))
97. . d request.SetParam("api_secret",$p(^INST("nexmo.com"),Q,2))
98. . d request.SetParam("from","12525573225")
99. . i $e(Mobile2,1,1)'=1 d request.SetParam("from","RiskMx")
100. . d request.SetParam("to",Mobile2)
101. . s text="The following Login One-Time Password was sent from RiskMx: "_vCode
102. . d request.SetParam("text",text)
103. . s sc=request.Get("sms/xml",0)
104. . s result=request.HttpResponse.Data.ReadLine()
105.  
106. s res=$p($p(result,"<status>",2),"</status>",1)
107. q
108.  
109. VerifyByEmail ; send users a verification email
110. ;s %session.Data("Login",ServerNo,No)=mailMsg.From_Q_mailMsg.Date_Q_mailMsg.Subject_Q_attachFile(path and name)
111. d INIT^CSP999
112. #include %occOptions
113. #include %occStatus
114. k %session.Data("MXLOGIN")
115. n ServerNo,ServerName,UserID,Password,AttachDir,mailserver,status,err,mailMsg,NowDate,NowTime,MsgNo,filename,DeleteFlag
116. s ServerNo=1
117. s NowDate="",NowTime=""
118. s ServerName=$p(^MAIL("O",ServerNo),Q,1)
119. s FromMail="otp@riskmx.com"
120. s AttachDir=$g(^MAIL("O",ServerNo,"TempDir"))
121. i $e(AttachDir,$l(AttachDir),$l(AttachDir))'="\" s AttachDir=AttachDir_"\"
122. s mailserver=##class(%Net.SMTP).%New()
123. s mailserver.smtpserver="in.mailjet.com" ;$p(^MAIL,Q,1)
124. s mailserver.port="25"
125. s auth=##class(%Net.Authenticator).%New() ; use default authentication list
126. s auth.UserName="658d7c3b9141bfcb0ae232d7c346f2ce" ;$p(^MAIL,Q,2)
127. s auth.Password="cc1c37933d8480b632d9957ebed7d676" ;$p(^MAIL,Q,3)
128. s mailserver.authenticator=auth
129. s mailserver.smtpserver=ServerName
130. s mail=##class(%Net.MailMessage).%New()
131. ;s FromMail="The Matrix Login Authentication"
132. s mail.From=FromMail
133. s uid=d1
134. s ToMail=""
135. s (email1,email2)=""
136. &sql(SELECT Email1,Email2 INTO :email1,:email2 FROM MX."User" WHERE USERID=:uid)
137. i email2'="" s ToMail=email2 ; send to the office email if available
138. i ToMail="",email1'="" s ToMail=email1 ; otherwse use this
139. i ToMail="" s IsValid=0 &js<alert("This User Account does not have any email addresses to send the authentication code to!")> q
140. d mail.To.Insert(ToMail)
141. ; Calling Connect
142. s mail.Subject="The Matrix Login Authentication Code"
143. s mail.Charset="iso-8859-1"
144. s mail.ContentType="text/html"
145. s status=mail.TextData.Write("The following Login One-Time Password was sent from RiskMx: "_vCode)
146. s status=mail.TextData.Write($char(13,10))
147. // Attach a file
148. /* currently not used. can be used to send some sort of "physical" authentication if needed
149. set status=mail.AttachFile(AttachDir,filename)
150. set nestedm=mail.AttachNewMessage()
151. */
152. s status=mailserver.Send(mail)
153. s %session.Data("MXLOGIN","UserXS")=vCode
154. i $$$ISERR(status) d $system.OBJ.DisplayError(status)
155. q
156.  
157. AccessMe
158. d INIT^CSP999
159. s (UserID,UserXS,UserCO)=""
160. q:d3=""
161. i d3'=$g(%session.Data("MXLOGIN","UserXS"))!(d3="") &js<document.getElementById("AlertText2").innerHTML="Invalid Validation Code, please try again."> q
162. ; <repeat the successful login script>
163. &sql(SELECT ID,Menu,"Access",Company->Code INTO :UserID,:MEN,:UserXS,:UserCO FROM MX."User" WHERE UserID=:d1 AND Password=:d2 AND IsNull(Deleted_DelDate,'')='' AND IsNull(Disabled,'')<>1)
164.  
165. s %session.Data("SessionId")=%session.SessionId
166. s %session.Data("UserID")=UserID
167. s %session.Data("MenuID")=MEN
168. s %session.Data("UserCO")=UserCO
169. s %session.Data("BrowserType")=$replace($replace(d4,"""",""),"'","")
170. s User=##class(MX.User).%OpenId(UserID)
171. s x=User.LastLogIn
172. s photo=User.Photo
173. s %session.Data("LastLogIn")=$s(x="":"",1:$zdatetime($zdatetimeh(x,3,1),ZDATE))
174. s LLog=$zdatetime($h,3,1)
175. s User.LastLogIn=LLog
176. s desc="User "_User.UserID_" logged into the system from "_%request.CgiEnvs("REMOTE_ADDR")_", "_d4_"<br>"_d5
177. ;s desc="User "_User.UserID_" logged into the system from "_%request.CgiEnvs("REMOTE_ADDR")_", "_T4
178. s x=User.%Save()
179. s User=""
180. &sql(INSERT INTO MX.SysLog (DateTime,LogUser,Name,Description,Type) VALUES (:LLog,:UserID,'User Login Successful',:desc,1))
181. s %session.Data("UserPhoto")=$s(photo="":"Images/User.gif",$a(photo)=0:"Images/User.gif",1:photo)
182. &js<document.getElementById("divLogin").style.visibility='hidden',document.getElementById("divLoginOTP").style.visibility='hidden',jLogIn()>
183. q
184.  
185. ValidatePassword
186. d INIT^CSP999
187. #import MX
188. s (UserID,UserXS,UserCO,MEN,Mobile,Mobile2,CreatedDate)=""
189. &sql(SELECT ID,CreatedDate,PasswordModDate INTO :UserID,:CreatedDate,:PasswordModDate FROM MX."User" WHERE UserID=:d1 AND %EXACT(Password)=:d2 AND IsNull(Deleted_DelDate,'')='' AND IsNull(Disabled,'')<>1 AND IsNull(IsNurse,'')<>1)
190. s dayRegCtr=+$h-CreatedDate
191. i UserID'="" d
192. .i CreatedDate'="",MOD="" d
193. ..s CreatedDate1=CreatedDate+365
194. ..i CreatedDate1<=+$h s IsValid=1 &js<document.getElementById("AlertText1").innerHTML="Password Expired!">
195. ..i CreatedDate1>=+$h s IsValid=0
196. .i MOD'="" d
197. ..s CreatedDate1=CreatedDate+365
198. ..i CreatedDate1<=+$h s IsValid=1 &js<document.getElementById("AlertText1").innerHTML="Password Expired!">
199. ..i CreatedDate1>=+$h s IsValid=0
200.  
201. q