///<summary>Generates a username and password if necessary for this patient. If the patient already has access to the Patient Portal or if they ///are not eligible to be given access, this will return null.</summary> public static UserWeb GetNewPatientPortalCredentials(Patient pat, bool doUpdateDatabase, out string passwordGenerated) { //No need to check RemotingRole; no call to db. passwordGenerated = ""; if (string.IsNullOrEmpty(PrefC.GetString(PrefName.PatientPortalURL))) { return(null); //Haven't set up patient portal yet. } string errors; if (!UserWebs.ValidatePatientAccess(pat, out errors)) { return(null); //Patient is missing necessary fields. } UserWeb userWeb = UserWebs.GetByFKeyAndType(pat.PatNum, UserWebFKeyType.PatientPortal); if (userWeb == null) { userWeb = new UserWeb(); userWeb.UserName = UserWebs.CreateUserNameFromPat(pat, UserWebFKeyType.PatientPortal); userWeb.FKey = pat.PatNum; userWeb.FKeyType = UserWebFKeyType.PatientPortal; userWeb.RequireUserNameChange = true; userWeb.Password = ""; userWeb.IsNew = true; if (doUpdateDatabase) { UserWebs.Insert(userWeb); } } if (!string.IsNullOrEmpty(userWeb.Password) && //If they already have access to the Patient Portal, return. !userWeb.RequirePasswordChange) //If they need to change their password, we are going to generate another password for them. { return(null); } if (string.IsNullOrEmpty(userWeb.Password) && //Only insert an EHR event if their password is blank (meaning they don't currently have access). doUpdateDatabase) { EhrMeasureEvent newMeasureEvent = new EhrMeasureEvent(); newMeasureEvent.DateTEvent = DateTime.Now; newMeasureEvent.EventType = EhrMeasureEventType.OnlineAccessProvided; newMeasureEvent.PatNum = pat.PatNum; newMeasureEvent.MoreInfo = ""; EhrMeasureEvents.Insert(newMeasureEvent); } passwordGenerated = UserWebs.GenerateRandomPassword(8); userWeb.Password = Userods.HashPassword(passwordGenerated, false); userWeb.RequirePasswordChange = true; if (doUpdateDatabase) { UserWebs.Update(userWeb); } return(userWeb); }
///<summary>Throws an exception to display to the user if anything goes wrong.</summary> public static void TryToConnect(CentralConnection centralConnection, DatabaseType dbType, string connectionString = "", bool noShowOnStartup = false , List <string> listAdminCompNames = null, bool isCommandLineArgs = false) { if (!string.IsNullOrEmpty(centralConnection.ServiceURI)) { LoadMiddleTierProxySettings(); string originalURI = RemotingClient.ServerURI; RemotingClient.ServerURI = centralConnection.ServiceURI; bool useEcwAlgorithm = centralConnection.WebServiceIsEcw; RemotingRole originalRole = RemotingClient.RemotingRole; RemotingClient.RemotingRole = RemotingRole.ClientWeb; try { string password = centralConnection.OdPassword; if (useEcwAlgorithm) { //Userods.HashPassword explicitly goes over to middle tier in order to use it's MD5 algorithm. //It doesn't matter what Security.CurUser is when it is null because we are technically trying to set it for the first time. //It cannot be null before invoking HashPassword because middle needs it to NOT be null when creating the credentials for DtoGetString. if (Security.CurUser == null) { Security.CurUser = new Userod(); } password = Userods.HashPassword(password, true); } string username = centralConnection.OdUser; #if DEBUG if (username == "") { username = "******"; password = "******"; } #endif //ecw requires hash, but non-ecw requires actual password Security.CurUser = Security.LogInWeb(username, password, "", Application.ProductVersion, useEcwAlgorithm); Security.PasswordTyped = password; //for ecw, this is already encrypted. } catch (Exception ex) { RemotingClient.ServerURI = originalURI; RemotingClient.RemotingRole = originalRole; throw ex; } } else { DataConnection.DBtype = dbType; DataConnection dcon = new DataConnection(); if (connectionString.Length > 0) { dcon.SetDb(connectionString, "", DataConnection.DBtype); } else { //Password could be plain text password from the Password field of the config file, the decrypted password from the MySQLPassHash field //of the config file, or password entered by the user and can be blank (empty string) in all cases dcon.SetDb(centralConnection.ServerName, centralConnection.DatabaseName, centralConnection.MySqlUser , centralConnection.MySqlPassword, "", "", DataConnection.DBtype); } //a direct connection does not utilize lower privileges. RemotingClient.RemotingRole = RemotingRole.ClientDirect; } TrySaveConnectionSettings(centralConnection, dbType, connectionString, noShowOnStartup, listAdminCompNames, isCommandLineArgs); }