fn_b_check_user_credentials(); // If the user was logged in and there is a request URI set for them ... if($b_logged_in && isset($_SESSION['requestedURI'][SITE_ROOT_URL]) && FALSE !== strpos($_SESSION['requestedURI'][SITE_ROOT_URL], SITE_ROOT_URL)) { // Send them there fn_v_redirect($_SESSION['requestedURI'][SITE_ROOT_URL]); } // otherwise, if they have logged in to this site else if($b_logged_in && FALSE !== strpos($_SESSION['requestedURI'][SITE_ROOT_URL], SITE_ROOT_URL)) { // Send them to the main page of the site fn_v_redirect(SITE_ROOT_URL); } else { fn_v_redirect_to_login_page(); } } // Else, if this is the login page, and we're already logged in... else if(IS_LOGIN_PAGE && is_array($_SESSION['validSiteRoots']) && in_array(SITE_ROOT_URL, $_SESSION['validSiteRoots'])) { // Set this as a warning $_SESSION['auth_errors'][SITE_ROOT_URL] = $_SESSION['auth_errors'][SITE_ROOT_URL] . 'alreadyLoggedIn=true&'; // Redirect to the site root to prevent multiple logins to the site fn_v_redirect(SITE_ROOT_URL); } else { // Send the user to the login page; they're not logged in nor are they trying to login fn_v_redirect_to_login_page(); } // If this isn't the loging page, nor is the no access page, and the user shouldn't be here... if(!IS_LOGIN_PAGE && !IS_NOACCESS_PAGE && !fn_b_has_user_got_access()) { // Send them to the no access page or die fn_v_redirect(NO_ACCESS_URL . '?no_access=' . urlencode($_SERVER["REQUEST_URI"])); die; } /* * Redirect Function * * Redirects user to a page * * Inputs: * String: URL to redirect to * * Returns: * Nothing; void */ function fn_v_redirect($s_uri) { // If any errors were noted for this site's login... if(isset($_SESSION['auth_errors'][SITE_ROOT_URL])) { // Add them to the URL $s_uri .= '?' . $_SESSION['auth_errors'][SITE_ROOT_URL]; } // Remove any errors from last go unset($_SESSION['auth_errors'][SITE_ROOT_URL]); // If no headers have been sent... if(!headers_sent()) { // Trigger a PHP Redirect to the location (or die) header('Location: ' . $s_uri ); die; } // If headers have been set... else { // Carry out a META Redirect to the location (or die) echo ''; die; } } /* * Redirect to Login Page Function * * Redirects user to the login page if they're not there already * * Inputs: * None * * Returns: * Nothing; void */ function fn_v_redirect_to_login_page() { // If this isn't the login page, nor is there a user session... if (!IS_LOGIN_PAGE && !isset($_SESSION['userID'])) { // If this isn't the "No Access" page if(!IS_NOACCESS_PAGE) { // Store the location we're at so the user can be sent there when logged in $_SESSION['requestedURI'][SITE_ROOT_URL] = strtok($_SERVER["REQUEST_URI"], '?'); } // Redirect to login page fn_v_redirect(LOGIN_URL); } else if (isset($_SESSION['auth_errors'][SITE_ROOT_URL])) { // Redirect to login page fn_v_redirect(LOGIN_URL); } } /* * Check for Logout Function * * Logout a user out by destroying their session * * Inputs: * None * * Returns: * Nothing; void */ function fn_v_check_for_logout() { // If there is a user session, and the request is to logout... if(isset($_SESSION["userID"]) && isset($_REQUEST['logout'])) { // If we have only one valid site root if(isset($_SESSION["validSiteRoots"]) && 1 == count($_SESSION["validSiteRoots"])) { // Unset session variables and kill the session session_unset(); session_destroy(); } // otherwise else { // Delete this site from the valid sites list if(($o_key = array_search(SITE_ROOT_URL, $_SESSION["validSiteRoots"])) !== FALSE) { unset($_SESSION["validSiteRoots"][$o_key]); } } // Redirect the user to the main site page (or die) fn_v_redirect (SITE_ROOT_URL); die; } // Othrwise, if there is a user session, and valid sites ahave been set in that session else if (isset($_SESSION["userID"]) && isset($_SESSION["validSiteRoots"])) { // Check to see if they should be on this page (will be boolean FALSE if they're not) $b_okay_to_be_here = in_array(SITE_ROOT_URL, $_SESSION["validSiteRoots"]); // If it isn't okay for them to be here, and this isn't a login page... if(FALSE === $b_okay_to_be_here && !IS_LOGIN_PAGE) { // Store the loaction of the page they were trying to get to $_SESSION['requestedURI'][SITE_ROOT_URL] = $_SERVER["REQUEST_URI"]; // And bounce them to the login screen fn_v_redirect(LOGIN_URL); } } } /* * "Has User Got Access" Function * * Checks to see if a user has access to the current page or not * * Inputs: * None * * Returns: * Boolen, true for access, false for no access */ function fn_b_has_user_got_access() { // If the list of users with access to the page is defined... if(defined('T4_ACCESS_GROUPS')) { // Explode out the list of groups (ignore empty things) and if it's not empty... if(0 < count($a_groups_with_access = array_filter(explode (',' , T4_ACCESS_GROUPS)))) { // Check if the user in question is in any of the groups allowed view the page. Return true if they are; false otherwise return (is_array($_SESSION['user_groups']) && array_intersect($_SESSION['user_groups'], $a_groups_with_access)); } // otherwise nothing has been set... else { // Let anyone in return TRUE; } } // No groups have been defined for access so... else { // Let anyone in return TRUE; } // Return False to be on the safe side return FALSE; } /* * ------------------------------------------------------------------------ * Class 'WebServicesLogin' * ------------------------------------------------------------------------ * * Controls User Authentication via TERMINALFOUR Site Mangaer Web Services * * * */ class WebServicesLogin { /* * Define Class Variables */ // Array of Web Services settings private $a_ws_settings; // A cURL object private $o_curl; // To record if we have an Admin Login to Web Services already private $b_has_ws_admin_session = false; /* * Constructor * * Inputs: * None * * Returns: * Nothing; void */ public function __construct($s_ws_user, $s_ws_pass, $s_ws_url) { // Set Web Services parameters $this->a_ws_settings['ws_user'] = $s_ws_user; $this->a_ws_settings['ws_pass'] = $s_ws_pass; $this->a_ws_settings['ws_url'] = $s_ws_url; // Create Curl object $this->o_curl = curl_init(); // Set Curl options curl_setopt($this->o_curl, CURLOPT_HTTPHEADER, Array("Content-Type: application/json", 'Connection: Keep-Alive', 'Keep-Alive: 300')); curl_setopt($this->o_curl, CURLOPT_POST, true); curl_setopt($this->o_curl, CURLOPT_RETURNTRANSFER, 1); curl_setopt($this->o_curl, CURLOPT_COOKIEFILE, "cookies.txt"); curl_setopt($this->o_curl, CURLOPT_COOKIEJAR, "cookies.txt"); curl_setopt($this->o_curl, CURLOPT_SSLVERSION, 3); curl_setopt($this->o_curl, CURLOPT_SSL_VERIFYPEER, FALSE); } /* * Destructor * * Inputs: * None * * Returns: * Nothing; void */ public function __destruct() { // Destroy the curl object if it exists if($this->o_curl) curl_close($this->o_curl); } /* * "Get Cleaned POST VAR" Function * * Gets an HTML escaped copy of a post variable if it's set * * Inputs: * $s_key : String : POST variable key * * Returns: * String: The POST variable */ protected function fn_s_get_cleaned_post_var($s_key) { // Return the requested post variable, or an empty string if it's not been set return isset($_POST[$s_key]) ? htmlentities($_POST[$s_key]) : ''; } /* * "Do Web Services Call" Function * * Makes a call to Site Manager's Web Services via CURL * * Inputs: * $s_date : String : JSON Data to send via CURL * $s_function_name : String : The Web Service to call via CURL * * Returns: * String: HTML code for the login form */ protected function fn_s_do_ws_call($s_data, $s_function_name) { // Set the URL to hit with this call & add the JSON data to that call curl_setopt($this->o_curl, CURLOPT_URL , $this->a_ws_settings["ws_url"] . $s_function_name); curl_setopt($this->o_curl, CURLOPT_POSTFIELDS, $s_data); // Make the call and get the output $s_response = curl_exec($this->o_curl); // Get the response code from the WS call $i_response_code = curl_getinfo($this->o_curl, CURLINFO_HTTP_CODE); // If the response is anthing other than 200 (okay)... if( 200 != $i_response_code ) { // Add an error with the appropriate response code $_SESSION['auth_errors'][SITE_ROOT_URL] = $_SESSION['auth_errors'][SITE_ROOT_URL] . 'webServicesError=true&errorCode='.$i_response_code.'&'; } // Return the response return $s_response; } /* * "End Admin Session" Function * * Terminates the login session for the Web Services user * * Inputs: * None * * Returns: * Nothing; void */ protected function fn_v_end_admin_session() { // Set nothing for be sent on the WS call $s_data = '{"request":{}}'; // Terminate the admin session $this->fn_s_do_ws_call($s_data, "authentication/logout"); // Note that the admin session is logged out $this->b_has_ws_admin_session = FALSE; } /* * "Start Admin Session" Function * * Logs the Web Services user into Site Manager * * Inputs: * None * * Returns: * Boolean: Was the admin user logged in or not? */ protected function fn_b_start_admin_session() { // If the user is already logged in... if($this->b_has_ws_admin_session) { // Return TRUE. No need to check further return TRUE; } // Set JSON data string to make a login request for the Web Services user $s_data = '{"request":{"@username":"'.$this->a_ws_settings['ws_user'].'","@password":"'.$this->a_ws_settings['ws_pass'].'"}}'; // If the Web Services call goes through... if($s_result = $this->fn_s_do_ws_call($s_data, "authentication/login")) { // JSON decode the results from the Web Services call $s_result = json_decode($s_result, TRUE); // Check if the Web Services user has been logged in, note if it has or not and return the value $b_admin_login_okay = $this->b_has_ws_admin_session = (is_array($s_result) && isset($s_result['response']['user']['@id'])); // If the admin login fails, and we didn't record an error code 500 for the Web Services check if(!$b_admin_login_okay && ( FALSE === strpos($_SESSION['auth_errors'][SITE_ROOT_URL], 'errorCode') || FALSE !== strpos($_SESSION['auth_errors'][SITE_ROOT_URL], 'errorCode=500'))) { // Add an error to say that the specified admin account was not valid $_SESSION['auth_errors'][SITE_ROOT_URL] = $_SESSION['auth_errors'][SITE_ROOT_URL] . 'badWSAdminAccount=true&'; } // Return results return $b_admin_login_okay; } // To be on the safe side, return false return FALSE; } /* * "Get User Information from Username" Function * * Makes a Web Services call to Site Manager to get the user details assoicated with the username * * Inputs: * $s_username : String : The Username to look up * * Returns: * Array : Array of user details * OR Boolean : If the lookup fails */ protected function fn_a_get_user_information_from_username($s_username) { // Set the data for the Web Services Requect $s_data = '{request:{"@username" : "'.$s_username.'" , "@extensible" : "true" }}'; // If the Web Service call fails... if(!$s_result = $this->fn_s_do_ws_call($s_data, "user/getUserByUserName")) { // Return FALSE; Web Service call failed return FALSE; } // JSON decode the results from the Web Services call $s_result = json_decode($s_result, TRUE); // Return an array of user information if present in the results set; otherwise return FALSE return is_array($s_result) && isset($s_result['response']['user']['@id']) ? $s_result['response']['user'] : FALSE; } /* * "Check if User Account is Valid and Enabled" Function * * Checks to see if the user's account is both valid (ie: Username & Password are correct) * And also checks to make sure their account is marked "enabled" in Site Manager * * Inputs: * $s_result : String : JSON string of results from authentication check on username & password * * Returns: * Boolean : If their account is valid and enabled this is true; otherwise false */ protected function fn_b_check_is_user_account_valid_and_enabled($s_result) { // JSON decode the results $s_result = json_decode($s_result, true); // If the results set is valid, and the user's account is enabled and their username // and password were correct, this will return TRUE. If anything part is wrong, FALSE return (is_array($s_result) && isset($s_result['response']['@valid'], $s_result['response']['@enabled']) && $s_result['response']['@valid'] == 'true' && $s_result['response']['@enabled'] == 'true'); } /* * "Check User Credentials" Function * * Creates a login for the Web Services Admin user, then, using that login * looks up the username & password provided by the user to see if they're correct * If the user's credentials are okay, and their account is enabled then the * function will return TRUE to indicate they're logged in; otherwise FALSE * * Inputs: * None * * Returns: * Boolean : Is the user logged in? */ public function fn_b_check_user_credentials() { // If we cannot create an Admin session... if(!$this->fn_b_start_admin_session()) { // return false; we cannot check user details return FALSE; } // Data to pass to Web Services to check for a 'local' user account $s_data = '{"request":{"@username":"'.$_POST['uname'].'","@password":"'.$_POST['pwd'].'"}}'; // If we get nothing back from the Web Services call... if(!$s_result = $this->fn_s_do_ws_call($s_data, "authentication/validateLogin")) { // Note that we didn't reach the Validate Login Web Service $_SESSION['auth_errors'][SITE_ROOT_URL] = $_SESSION['auth_errors'][SITE_ROOT_URL] . 'validateLoginWSUnreachableLocalUser=true&'; // then return FALSE return FALSE; } // Check if the user's account is valid and enabled $b_login_success = $this->fn_b_check_is_user_account_valid_and_enabled($s_result); // If the account wasn't sucessful... if(!$b_login_success) { // Then set up the same data request, but this time for an LDAP user account $s_data = '{"request":{"@username":"'.$_POST['uname'].'","@password":"'.$_POST['pwd'].'", "@is_ldap":"TRUE"}}'; // If we get nothing back from the Web Services call... if(!$s_result = $this->fn_s_do_ws_call($s_data, "authentication/validateLogin")) { // Add an error to note that the LDAP lookup failed $_SESSION['auth_errors'][SITE_ROOT_URL] = $_SESSION['auth_errors'][SITE_ROOT_URL] . 'validateLoginWSUnreachableLDAPUser=true&'; // then return FALSE return FALSE; } // Check if the LDAP user's account is valid and enabled $b_login_success = $this->fn_b_check_is_user_account_valid_and_enabled($s_result); } // If it is valid & enabled then get their user details from the username if($b_login_success && $s_details = $this->fn_a_get_user_information_from_username($_POST['uname'])) { // Store their details in the session $this->fn_v_store_session_details($s_details); } // Log the admin user out of Site Manager $this->fn_v_end_admin_session(); // If the login failed, note the error for this site if(!$b_login_success) { // Add an error to say we couldn't login in, bad username & password $_SESSION['auth_errors'][SITE_ROOT_URL] = $_SESSION['auth_errors'][SITE_ROOT_URL] . 'badUserAccount=true&'; } // Send back the results return $b_login_success; } /* * "Store Session Details" Function * * Stores the user's details from Site Manager into their session * * Inputs: * $s_details : String : JSON string of user information * * Returns: * Nothing; void */ protected function fn_v_store_session_details($s_details) { // Set their user ID in their session $_SESSION['userID'] = $s_details['@id']; // If there is an array of valid sites... if(is_array($_SESSION['validSiteRoots'])) { // If it's not in there already (precautionary check) ... if(!in_array(SITE_ROOT_URL, $_SESSION['validSiteRoots'])) { // Record that they are now validly logged into this site $_SESSION['validSiteRoots'][] = SITE_ROOT_URL; } } // otherwise... else { // Record that they are now validly logged into this site $_SESSION['validSiteRoots'][] = SITE_ROOT_URL; } // Get the groups ther user is in $a_groups = isset($s_details["groups"]["group"]) ? $s_details["groups"]["group"] : FALSE; // If we have an array of groups for the user if(is_array($a_groups)) { // If they're only in one group (ie: this isn't a 2D array)... if(isset($a_groups['@group_name'])) { // Set the group in their session $_SESSION['user_groups'][] = $a_groups['@group_name']; } // Otherwise... else { // Loop through each sub-array... foreach($a_groups as $a_group) { // and if there is a group set... if(isset($a_group['@group_name'])) { // Note it on their session $_SESSION['user_groups'][] = $a_group['@group_name']; } } } } // Store the rest of the user's information in their session $_SESSION['user_name'] = $_POST['uname']; $_SESSION['full_name'] = isset($s_details['@firstname'], $s_details['@lastname']) ? $s_details['@firstname'].' '.$s_details['@lastname'] : ''; } } ?> Jonathan C. Williams - College of Chiropractic - Northwestern

Jonathan C. Williams

Jonathan Williams
Professor
College of Chiropractic
Professor
Acupuncture and Chinese Medicine Programs
Professor
Northwestern Health Clinic Bloomington

Personal Information

Activity

Currently Teaching (2017-2018)

My ultimate goal in education at Northwestern is two-fold. First, it is to guide the students to develop a moral and ethical practice that coincides with their responsibility to maintain and protect the virtues and order of society, and to uphold the tenets of their Chiropractic Oath. Second, is to aid the students to develop an organized clinical thought process that will enable them to come to a viable assessment and diagnosis of the patient’s condition, to develop an appropriate treatment plan, to make an adequate living and to protect themselves from adverse liability.

My philosophy of patient care is to identify problems before they become a clinical diagnosis. Once they are problems, it is necessary to assess a person’s nutritional and metabolic systems and the biomechanical changes that have taken place. I must correct deficiencies with nutritional biochemistry and address the physical changes or injuries with sound chiropractic treatments, appropriate rehabilitative exercises and performance enhancement programs.

I believe that in order for treatment to be successful it is important that a patient feels he or she is a part of the healing process and that the changes in diet, exercise or supplementation are reasonable and fit into a person’s lifestyle.

Education

  • Fellow, American Academy Chiropractic Physicians,
  • Diplomate, American Academy of Pain Management, 1991
  • Diplomate, American Board of Chiropractic Internists, 2001
  • Bachelor of Arts - University of Plano, 1974
  • Doctor of Chiropractic - Northwestern College of Chiropractic, 1989
Back to Top