///<summary>Generates a username and password if necessary for this patient. If the patient already has access to the Patient Portal or if they
///are not eligible to be given access, this will return null.</summary>
public static UserWeb GetNewPatientPortalCredentials(Patient pat, bool doUpdateDatabase, out string passwordGenerated)
{
//No need to check RemotingRole; no call to db.
passwordGenerated = "";
if (string.IsNullOrEmpty(PrefC.GetString(PrefName.PatientPortalURL)))
{
return(null); //Haven't set up patient portal yet.
}
string errors;
if (!UserWebs.ValidatePatientAccess(pat, out errors))
{
return(null); //Patient is missing necessary fields.
}
UserWeb userWeb = UserWebs.GetByFKeyAndType(pat.PatNum, UserWebFKeyType.PatientPortal);
if (userWeb == null)
{
userWeb = new UserWeb();
userWeb.UserName = UserWebs.CreateUserNameFromPat(pat, UserWebFKeyType.PatientPortal);
userWeb.FKey = pat.PatNum;
userWeb.FKeyType = UserWebFKeyType.PatientPortal;
userWeb.RequireUserNameChange = true;
userWeb.Password = "";
userWeb.IsNew = true;
if (doUpdateDatabase)
{
UserWebs.Insert(userWeb);
}
}
if (!string.IsNullOrEmpty(userWeb.Password) && //If they already have access to the Patient Portal, return.
!userWeb.RequirePasswordChange) //If they need to change their password, we are going to generate another password for them.
{
return(null);
}
if (string.IsNullOrEmpty(userWeb.Password) && //Only insert an EHR event if their password is blank (meaning they don't currently have access).
doUpdateDatabase)
{
EhrMeasureEvent newMeasureEvent = new EhrMeasureEvent();
newMeasureEvent.DateTEvent = DateTime.Now;
newMeasureEvent.EventType = EhrMeasureEventType.OnlineAccessProvided;
newMeasureEvent.PatNum = pat.PatNum;
newMeasureEvent.MoreInfo = "";
EhrMeasureEvents.Insert(newMeasureEvent);
}
passwordGenerated = UserWebs.GenerateRandomPassword(8);
userWeb.Password = Userods.HashPassword(passwordGenerated, false);
userWeb.RequirePasswordChange = true;
if (doUpdateDatabase)
{
UserWebs.Update(userWeb);
}
return(userWeb);
}
///<summary>Throws an exception to display to the user if anything goes wrong.</summary>
public static void TryToConnect(CentralConnection centralConnection, DatabaseType dbType, string connectionString = "", bool noShowOnStartup = false
, List <string> listAdminCompNames = null, bool isCommandLineArgs = false)
{
if (!string.IsNullOrEmpty(centralConnection.ServiceURI))
{
LoadMiddleTierProxySettings();
string originalURI = RemotingClient.ServerURI;
RemotingClient.ServerURI = centralConnection.ServiceURI;
bool useEcwAlgorithm = centralConnection.WebServiceIsEcw;
RemotingRole originalRole = RemotingClient.RemotingRole;
RemotingClient.RemotingRole = RemotingRole.ClientWeb;
try {
string password = centralConnection.OdPassword;
if (useEcwAlgorithm)
{
//Userods.HashPassword explicitly goes over to middle tier in order to use it's MD5 algorithm.
//It doesn't matter what Security.CurUser is when it is null because we are technically trying to set it for the first time.
//It cannot be null before invoking HashPassword because middle needs it to NOT be null when creating the credentials for DtoGetString.
if (Security.CurUser == null)
{
Security.CurUser = new Userod();
}
password = Userods.HashPassword(password, true);
}
string username = centralConnection.OdUser;
#if DEBUG
if (username == "")
{
username = "******";
password = "******";
}
#endif
//ecw requires hash, but non-ecw requires actual password
Security.CurUser = Security.LogInWeb(username, password, "", Application.ProductVersion, useEcwAlgorithm);
Security.PasswordTyped = password; //for ecw, this is already encrypted.
}
catch (Exception ex) {
RemotingClient.ServerURI = originalURI;
RemotingClient.RemotingRole = originalRole;
throw ex;
}
}
else
{
DataConnection.DBtype = dbType;
DataConnection dcon = new DataConnection();
if (connectionString.Length > 0)
{
dcon.SetDb(connectionString, "", DataConnection.DBtype);
}
else
{
//Password could be plain text password from the Password field of the config file, the decrypted password from the MySQLPassHash field
//of the config file, or password entered by the user and can be blank (empty string) in all cases
dcon.SetDb(centralConnection.ServerName, centralConnection.DatabaseName, centralConnection.MySqlUser
, centralConnection.MySqlPassword, "", "", DataConnection.DBtype);
}
//a direct connection does not utilize lower privileges.
RemotingClient.RemotingRole = RemotingRole.ClientDirect;
}
TrySaveConnectionSettings(centralConnection, dbType, connectionString, noShowOnStartup, listAdminCompNames, isCommandLineArgs);
}
