From 93eef8cbe28105e5bcc7792285d2a3d771d36b0e Mon Sep 17 00:00:00 2001
From: ihabz <ihab.zeedia@stanford.edu>
Date: Thu, 27 Jun 2024 14:25:19 -0700
Subject: [PATCH] allow scheduler login EM to use different fields types to
 validate users.

---
 ChartLogin.php             | 45 ++++++++++++++++++++++++--------------
 ajax/index.php             |  4 ++--
 asset/js/authentication.js |  6 ++---
 3 files changed, 34 insertions(+), 21 deletions(-)

diff --git a/ChartLogin.php b/ChartLogin.php
index 7d84f43..0e74bff 100644
--- a/ChartLogin.php
+++ b/ChartLogin.php
@@ -58,10 +58,11 @@ function redcap_survey_page_top(
         $survey_hash,
         $response_id = null,
         $repeat_instance = 1
-    ) {
+    )
+    {
 
         $loginInstrument = $this->getProjectSetting('login-instrument');
-        $loginEventId    = $this->getProjectSetting('login-instrument-event');
+        $loginEventId = $this->getProjectSetting('login-instrument-event');
 
 
         // Handle a redirect to the main project
@@ -75,7 +76,8 @@ function redcap_survey_page_top(
     }
 
 
-    private function scheduleLogin() {
+    private function scheduleLogin()
+    {
         // Insert CSS (hide the submit button)
         echo '<link rel="stylesheet" type="text/css" href="' .
             $this->getUrl('asset/css/authentication.css', true, true) .
@@ -127,9 +129,9 @@ public function verifyCookie($name)
         return false;
     }
 
-    public function verifyUser($dob, $recordId)
+    public function verifyUser($value, $recordId)
     {
-        $dob = \DateTime::createFromFormat("m-d-Y", $dob);
+        $dateValue = \DateTime::createFromFormat("m-d-Y", $value);
         //$filter = "[newuniq] = '" . strtoupper($newuniq) . "' AND [zipcode_abs] = '" . $zipcode_abs . "'";
         $param = array(
             'project_id' => $this->getProjectId(),
@@ -139,9 +141,9 @@ public function verifyUser($dob, $recordId)
         );
         $data = REDCap::getData($param);
         if ($this->getProjectSetting('input-fields') != '') {
-            $dates = json_decode($this->getProjectSetting('input-fields'), true);
+            $validation_fields = json_decode($this->getProjectSetting('input-fields'), true);
         } else {
-            $dates = array('dob', 'zsfg_dob', 'birthdate');
+            $validation_fields = array('dob', 'zsfg_dob', 'birthdate');
         }
 
 
@@ -149,18 +151,29 @@ public function verifyUser($dob, $recordId)
         if (empty($data) || $withdraw) {
             return false;
         } else {
-            foreach ($dates as $date) {
-                $d = ($data[$recordId][$this->getProjectSetting('login-instrument-event')][$date]);
-                if ($d != '') {
-                    $d = \DateTime::createFromFormat("Y-m-d",
-                        $data[$recordId][$this->getProjectSetting('login-instrument-event')][$date]);
-                    if ($d->format('Y-m-d') == $dob->format('Y-m-d')) {
-                        $this->setUserCookie('login',
-                            $this->generateUniqueCodeHash($data[$recordId][$this->getProjectSetting('login-instrument-event')][$this->getProjectSetting('validation-field')]));
-                        return $this->getSchedulerLink($recordId);
+            foreach ($validation_fields as $field) {
+                // if user is loggin in with date
+                if ($dateValue != null) {
+                    $d = ($data[$recordId][$this->getProjectSetting('login-instrument-event')][$field]);
+                    if ($d != '') {
+                        $d = \DateTime::createFromFormat("Y-m-d",
+                            $data[$recordId][$this->getProjectSetting('login-instrument-event')][$field]);
+                        if ($d->format('Y-m-d') == $dateValue->format('Y-m-d')) {
+                            $this->setUserCookie('login',
+                                $this->generateUniqueCodeHash($data[$recordId][$this->getProjectSetting('login-instrument-event')][$this->getProjectSetting('validation-field')]));
+                            return $this->getSchedulerLink($recordId);
+                        }
                     }
+                }else{
+                    $v = ($data[$recordId][$this->getProjectSetting('login-instrument-event')][$field]);
+                    if ($v == $value) {
+                            $this->setUserCookie('login',
+                                $this->generateUniqueCodeHash($data[$recordId][$this->getProjectSetting('login-instrument-event')][$this->getProjectSetting('validation-field')]));
+                            return $this->getSchedulerLink($recordId);
+                        }
                 }
 
+
             }
         }
     }
diff --git a/ajax/index.php b/ajax/index.php
index 94ee35f..c9bc22a 100644
--- a/ajax/index.php
+++ b/ajax/index.php
@@ -5,8 +5,8 @@
 /** @var ChartLogin $module */
 
 try {
-    $dob = filter_var($_POST['dob'], FILTER_SANITIZE_STRING);
-    $recordId = filter_var($_POST['record_id'], FILTER_SANITIZE_STRING);
+    $dob = htmlspecialchars($_POST['verification_field']);
+    $recordId = htmlspecialchars($_POST['record_id']);
     if (!$link = $module->verifyUser($dob, $recordId)) {
         throw new \LogicException($module->getProjectSetting('failed-login-error-message') ?: "No user was found for provided information");
     } else {
diff --git a/asset/js/authentication.js b/asset/js/authentication.js
index a76e240..079a632 100644
--- a/asset/js/authentication.js
+++ b/asset/js/authentication.js
@@ -42,11 +42,11 @@ CHART = {
             e.stopPropagation();
             e.preventDefault();
             e.stopImmediatePropagation();
-            var elem = $(document).find('input')[1];
-            var dob = $(elem).val();
+            var elem = $('input[name="verification_field"]');
+            var value = $(elem).val();
             $.ajax({
                 url: CHART.endpoint,
-                data: {dob: dob, record_id: CHART.recordId},
+                data: {verification_field: value, record_id: CHART.recordId},
                 type: 'POST'
             })
                 .done(function (response) {