Patient is assigned credentials and tries to login.
Data sent to server via post to portal/get_patient_info.php
uname=Lulus3374&pass=v3PdO%23%25b4%40XK&passaddon=Users%40gmail.com&languageChoice=1
Script at line 112 is executed.
$sql = “SELECT " . implode(”,", array(
COL_ID, COL_PID, COL_POR_PWD, COL_POR_SALT, COL_POR_USER, COL_POR_LOGINUSER, COL_POR_PWD_STAT)) . " FROM " . TBL_PAT_ACC_ON .
" WHERE " . COL_POR_LOGINUSER . “= ?”;
However COL_POR_LOGINUSER is defined as “portal_login_username” but the value provided to this query is $_POST[‘uname’]. It should be $_POST[‘passaddon’] or COL_POR_LOGINUSER should be defined as “portal_username”. The next line looks to update password and uses ‘COL_POR_USER . “= $_POST[‘uname’].”;’ So I am not sure what is correct.
Changing
‘DEFINE(“COL_POR_LOGINUSER”, “portal_login_username”);’
to
‘DEFINE(“COL_POR_LOGINUSER”, “portal_username”);’
works…