OpenEMR User Creation and Password Reset

system · September 10, 2014, 10:14pm

tmcglaun wrote on Wednesday, September 10, 2014:

Hello OpenEMR community!

I am building an employee onboard/offboard solution as well self service password reset. I am wanting to incorporate building the OpenEMR user account during the employee onboard as well as setting the user’s password to the same password that the user uses for Active Directory. The problem that I am having is that I am unfamiliar with how to hash/salt the password. I know where this needs to go in the database but I am unsure of how to do this kind of hashing.

Can someone help me with this please??

Any help would be appreciated!

system · September 11, 2014, 7:26am

visolveemr wrote on Thursday, September 11, 2014:

Hello Trey

Updating the OpenEMR password similar to Active Directory requires to maintain a script to update the changes in OpenEMR whenever the password changes in Active Directory.

Instead of this, OpenEMR authentication can be customized to have ‘Active Directory Authentication’ (bypassing the normal database authentication). This will be more secure and only the authenticated active directory user can be able to access OpenEMR.

Thanks
OpenEMR Customization/Support Team,
ViSolve Inc
services@visolve.com
Demo’s @ ViSolve Demo Library

system · September 11, 2014, 5:43pm

tmcglaun wrote on Thursday, September 11, 2014:

That is great to know! Can you point me in the right direction for building an LDAP/AD connection?

Thanks for your help!

system · September 11, 2014, 7:11pm

tmcglaun wrote on Thursday, September 11, 2014:

Additionally, I am perfectly happy to script changing the password in OpenEMR. I just don’t know what the call would be to update the ‘users_secure’ table with the password and salt. I already have MySQL scripts to create the user, tie them to a location, and enable them. I have no idea how to do the hashing for the password.

system · September 11, 2014, 7:19pm

yehster wrote on Thursday, September 11, 2014:

github.com

openemr/openemr/blob/master/library/authentication/password_change.php#L73


* @param type $newPwd          the new password for the target user
* @param type $errMsg          passed by reference to return any
* @param type $create          Are we creating a new user or
* @param type $insert_sql      SQL to run to create the row in "users" (and generate a new id) when needed.
* @param type $new_username    The username for a new user
* @param type $newid           Return by reference of the ID of a created user
* @return boolean              Was the password successfully updated/created? If false, then $errMsg will tell you why it failed.
*/
function update_password($activeUser, $targetUser, &$currentPwd, &$newPwd, &$errMsg, $create = false, $insert_sql = "", $new_username = null, &$newid = null)
{
   $userSQL="SELECT ".implode(",", array(COL_PWD,COL_SALT,COL_PWD_H1,COL_SALT_H1,COL_PWD_H2,COL_SALT_H2))
           ." FROM ".TBL_USERS_SECURE
           ." WHERE ".COL_ID."=?";
   $userInfo=privQuery($userSQL, array($targetUser));
   
   // Verify the active user's password
   $changingOwnPassword = $activeUser==$targetUser;
   // True if this is the current user changing their own password
   if ($changingOwnPassword) {
       if ($create) {
           $errMsg=xl("Trying to create user with existing username!");

system · September 11, 2014, 8:57pm

tmcglaun wrote on Thursday, September 11, 2014:

Kevin,

Thanks for the link. Unfortunately, I have never used php in the past and after googling all night last night I’m not sure how to leverage this externally. Is there a way to run a command or powershell script that would pass this function in the php file the parameters?

I’m sure this is a serious newb question but my systems management experience doesn’t lend well to this kind of solution.

Again, I appreciate the help.

system · September 12, 2014, 12:24pm

visolveemr wrote on Friday, September 12, 2014:

Hello Trey

For Our Customers we have used PHP LDAP Functions (like ldap_connect, ldap_bind,…) to connect with any active directory servers.

Thanks
OpenEMR Customization/Support Team,
ViSolve Inc
services@visolve.com
Demo’s @ ViSolve Demo Library

system · September 12, 2014, 5:14pm

tmcglaun wrote on Friday, September 12, 2014:

I found the Function.pdf file that discusses how to use auth.inc functions to add and delete users as well as changing passwords. Can someone give me an example of how that functionality would work? I do not know the syntax for those commands.

TheTechTrax · September 21, 2021, 5:58pm

I tried to install openemr on ubuntu based lightsail aws instance. The default login and password was working fine as it was the new installation. Then i tried installing an SSL by creating a load balancer on my lightsail instance. Now, open emr portal gives me an error “Invalid username and password”.

Can anyone help me here please?

adunsulag · September 21, 2021, 8:47pm

Please open a new thread with your issue. This thread is over 7 years old. You may also try contacting one of the vendors.

TheTechTrax · September 22, 2021, 8:17am

sure. Thank you for your response