Patient Portal login fails

I am using latest XAMPP / Windows with installation v 7.02.

After following all portal instructions as far as I can research and then accessing the portal logon window and entering correct portal user_logon name and password, I either get an HTTP error 500 or a white blank screen with “problem loading page”.

The relevant error logs are as follows:
[Sun May 05 11:18:23.504789 2024] [php:warn] [pid 1596:tid 1680] [client ::1:49281] PHP Warning: require_once(C:\xampp\htdocs\openemr./…/interface/globals.php):
Failed to open stream: Permission denied in C:\xampp\htdocs\openemr\portal\verify_session.php on line 60, referer: https://localhost/openemr/portal/index.php?site=&w

I did change permissions on both verify_session.php and index.php for everyone full access.

I have followed all the user guides up to date and older on establishing and activating the patient portal. Including Admin portal defaults and also the specific user demographics required for the user to access the portal. The Admin physician user is also activated for the portal. I have made sure to close all EMR regular sessions and using a different browser to access the portal. I have unchecked the Enforce E-mail in portal log on dialog, so I am only using the created logon user name and password credentials for a newly created user that is activated for the portal so avoiding any SMTP issues etc.
I have seen other posts with some similar error logs and I did try changes suggested in the verify_session.php and also get_patient_info.php, without success. Perhaps there is something else I am missing that can help me further?


This is a bug on windows. Fix is in upcoming patch. Or you can fix by editing portal/verify_session.php
L-60 and make look like below line.
require_once(__DIR__ . '/../interface/globals.php');

Thanks Jerry

I did come across this fix but the change does not correct the problem on my installation.

Is there anything else I might do currently?



First the warning is a red flag IMO. You probably get the same warning if you click the errored link or run the path to index in browser.
Is your portal path correctly set in the Portals Config setup?

It’s strange to get the redirect from loading globals and only cause I can think of is your log in credentials are incorrect.
Also don’t try to run portal from the same browsers user agent if you have a logged in openemr session.
i.e. portal in chrome openemr in FF is okay.

The portal path setup I have tried are either https://localhost/openemr/portal or **https://serverIP/**openemr/portal
I have tried both with the same outcome.

If I enter any incorrect patient credentials, I see a different message: "something went wrong"

If I enter the correct credentials, I see either a blank white screen or a message
“This page isn’t’’ working”
localhost is currently unable to handle this request

I did change line 60 in the verify_session.php file as follows
require_once(dirname(DIR) . ‘./…/interface/globals.php’);

Could it be there is perhaps somewhere a faulty http entry vs https?

The more recent log error shows as follows:

Mon May 06 12:05:13.642004 2024] [php:error] [pid 5328:tid 1632] [client] PHP Fatal error: Uncaught Error: Failed opening required ‘C:\xampp\htdocs\openemr./…/interface/globals.php’ (include_path=‘C:\xampp\php\PEAR’) in C:\xampp\htdocs\openemr\portal\verify_session.php:60\nStack trace:\n#0 C:\xampp\htdocs\openemr\portal\home.php(19): require_once()\n#1 {main}\n thrown in C:\xampp\htdocs\openemr\portal\verify_session.php on line 60, referer: http://localhost/openemr/portal/

All (unless somebody slipped on in) links in portal are relative exactly for this reason. The browser determines. However for openemr document root that comes from server.

Making the path for require fail gets you nowhere.
For some reason globals is failing an init check and the warning you are getting just means for some reason globals can’t redirect to portals login.

Most likely the problem occurs in globals around L-177

if (isset($_SESSION['site_id']) && ($_SESSION['site_id'] != $tmp)) {
      // This is to prevent using session to penetrate other OpenEMR instances within same multisite module
        session_unset(); // clear session, clean logout
        if (isset($landingpage) && !empty($landingpage)) {
          // OpenEMR Patient Portal use
            header('Location: index.php?site=' . urlencode($tmp));
        } else {
          // Main OpenEMR use
            header('Location: ../login/login.php?site=' . urlencode($tmp)); // Assuming in the interface/main directory


Is the published URL for your patient to access the portal.

Also the portal must be in and accessed in the root openemr director tree i.e portal can not stand on its own.

I feel for some implementation reason the site_id isn’t being written to portal session.

Regarding the portal path, once I get the portal to work locally, I would then setup a path for patients to access from the internet.
Regarding Line-177 on globals.php. is there anything I could change here manually to correct the issue?
Or anything else I an try currently? changing the path for local access?

Sorry no clue. Your session is getting trashed somehow. This is most likely a server pathing/virtual host setup issue.
This problem is unique to you and unlikely an openemr issue. Look at browser console for errors.
Otherwise you may need to get a professional dev to help.

Thanks Jerry

I will investigate from other “angles”



I see on prior posts this issue can be solved by using an earlier version of XAMPP. Is there any safe way to use an earlier version in a production environment? With all the portal fixes and also adding teh paths to the environment variables, I now get one step further and reach the page for confirming or changing the user password, but after this still remain with a blank screen opening on openemr/portal/home.php.

Leave xampp alone! Latest I believe is PHP 8.2.
If you’ll PM or email me a URL, I’ll go take a look later today.

Thanks Jerry

I don’t have an external link yet to my OpenEMR.

Can I give you an AnyDesk link to my Windows server or something similar?



I currently don’t have AnyDesk setup on my new dev machine but will install for looking at your issue.
I’m hoping that indeed this is a portal issue due to resolving ease of use. Apparently that’s not the case for you!:slight_smile:

Give me the link and when I can access your machine.
I’ll do this as a favor in hopes of getting you successful.

Thanks Jerry

I appreciate this.

Is it possible to give you this link in a confidential communication?



email me at
My email is already public as an administrator of site so not worried about showing here.

This was resolved although I don’t know that I did anything decisive.
Cleared browser cache. Started using HTTPS protocol even with localhost. Added reChapcha v2 for password reset and new register. Fixed PHP error log to work by creating the /xampp/php/logs/php_error_log folder and file and verify path in php.ini

I have learned a few things concerning setup that I will try to address once I get time to work on portal again.
Hopefully clinic can move forward and we will continue to watch.

I do see the “Registration” button was not present previously

I see conflicting posts regarding the use of personal Gmail account for SMTP authentication.

Should I be able to use this option as follows:

  • Gmail personal accounts
  • Email Transport Method SMTP
  • SMTP Server Hostname:
  • SMTP Server Port Number: 587
  • SMTP User for Authentication: gmail address like
  • SMTP Password for Authentication: create app password, click on above Gmail personal accounts link
  • SMTP Security Protocol: TLS

Does Google allow “less secure” option for setting this up?

And I assume I would need to use an authentication code rather than the password?

Is there perhaps any “Test” command to make sure the settings are working apart from when trying to do a registration?



Google quit support for this usage. Sometimes I’ve seen folks still using but in my experience it gets reset or fails after a few days.
There are some free service out there just need to search them out on web.
I use sendgrid. You have to have a valid email
You also need to get a reChapcha v2 account from Google if using register for your site.

Thanks – I will find something suitable.

I notice you have entered reCAPTCHA V2 keys on my settings.

I assume these should suffice?



No you need to get your own. I just used one of my test sets to test your site.