search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
fixes for prior commit
[openemr.git] / interface / patient_file / download_template.php
blobf58b6c2de63b2a99ed7e9665bc0b3b630d0737d1
1 <?php
2 /**
3 * Document Template Download Module.
4 *
5 * Copyright (C) 2013-2014 Rod Roark <rod@sunsetsystems.com>
6 *
7 * LICENSE: This program is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU General Public License
9 * as published by the Free Software Foundation; either version 2
10 * of the License, or (at your option) any later version.
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
15 * You should have received a copy of the GNU General Public License
16 * along with this program. If not, see <http://opensource.org/licenses/gpl-license.php>.
17 *
18 * @package OpenEMR
19 * @author Rod Roark <rod@sunsetsystems.com>
20 * @link http://www.open-emr.org
21 */
22
23 // This module downloads a specified document template to the browser after
24 // substituting relevant patient data into its variables.
25
26 // Disable magic quotes and fake register globals.
27 $sanitize_all_escapes = true;
28 $fake_register_globals = false;
29
30 require_once('../globals.php');
31 require_once($GLOBALS['srcdir'] . '/acl.inc');
32 require_once($GLOBALS['srcdir'] . '/htmlspecialchars.inc.php');
33 require_once($GLOBALS['srcdir'] . '/formdata.inc.php');
34 require_once($GLOBALS['srcdir'] . '/formatting.inc.php');
35 require_once($GLOBALS['srcdir'] . '/appointments.inc.php');
36 require_once($GLOBALS['srcdir'] . '/options.inc.php');
37
38 $nextLocation = 0; // offset to resume scanning
39 $keyLocation = false; // offset of a potential {string} to replace
40 $keyLength = 0; // length of {string} to replace
41 $groupLevel = 0; // 0 if not in a {GRP} section
42 $groupCount = 0; // 0 if no items in the group yet
43 $itemSeparator = '; '; // separator between group items
44
45 // Check if the current location has the specified {string}.
46 function keySearch(&$s, $key) {
47 global $keyLocation, $keyLength;
48 $keyLength = strlen($key);
49 if ($keyLength == 0) return false;
50 return $key == substr($s, $keyLocation, $keyLength);
51 }
52
53 // Replace the {string} at the current location with the specified data.
54 // Also update the location to resume scanning accordingly.
55 function keyReplace(&$s, $data) {
56 global $keyLocation, $keyLength, $nextLocation;
57 $nextLocation = $keyLocation + strlen($data);
58 return substr($s, 0, $keyLocation) . $data . substr($s, $keyLocation + $keyLength);
59 }
60
61 // Do some final processing of field data before it's put into the document.
62 function dataFixup($data, $title='') {
63 global $groupLevel, $groupCount, $itemSeparator;
64 if ($data !== '') {
65 // Replace some characters that can mess up XML without assuming XML content type.
66 $data = str_replace('&', '[and]' , $data);
67 $data = str_replace('<', '[less]' , $data);
68 $data = str_replace('>', '[greater]', $data);
69 // If in a group, include labels and separators.
70 if ($groupLevel) {
71 if ($title !== '') $data = $title . ': ' . $data;
72 if ($groupCount) $data = $itemSeparator . $data;
73 ++$groupCount;
74 }
75 }
76 return $data;
77 }
78
79 // Return a string naming all issues for the specified patient and issue type.
80 function getIssues($type) {
81 // global $itemSeparator;
82 $tmp = '';
83 $lres = sqlStatement("SELECT title, comments FROM lists WHERE " .
84 "pid = ? AND type = ? AND enddate IS NULL " .
85 "ORDER BY begdate", array($GLOBALS['pid'], $type));
86 while ($lrow = sqlFetchArray($lres)) {
87 if ($tmp) $tmp .= '; ';
88 $tmp .= $lrow['title'];
89 if ($lrow['comments']) $tmp .= ' (' . $lrow['comments'] . ')';
90 }
91 return $tmp;
92 }
93
94 // Top level function for scanning and replacement of a file's contents.
95 function doSubs($s) {
96 global $ptrow, $enrow, $nextLocation, $keyLocation, $keyLength;
97 global $groupLevel, $groupCount, $itemSeparator, $pid, $encounter;
98
99 $nextLocation = 0;
100 $groupLevel = 0;
101 $groupCount = 0;
102
103 while (($keyLocation = strpos($s, '{', $nextLocation)) !== FALSE) {
104 $nextLocation = $keyLocation + 1;
105
106 if (keySearch($s, '{PatientName}')) {
107 $tmp = $ptrow['fname'];
108 if ($ptrow['mname']) {
109 if ($tmp) $tmp .= ' ';
110 $tmp .= $ptrow['mname'];
111 }
112 if ($ptrow['lname']) {
113 if ($tmp) $tmp .= ' ';
114 $tmp .= $ptrow['lname'];
115 }
116 $s = keyReplace($s, dataFixup($tmp, xl('Name')));
117 }
118
119 else if (keySearch($s, '{PatientID}')) {
120 $s = keyReplace($s, dataFixup($ptrow['pubpid'], xl('Chart ID')));
121 }
122
123 else if (keySearch($s, '{Address}')) {
124 $s = keyReplace($s, dataFixup($ptrow['street'], xl('Street')));
125 }
126
127 else if (keySearch($s, '{City}')) {
128 $s = keyReplace($s, dataFixup($ptrow['city'], xl('City')));
129 }
130
131 else if (keySearch($s, '{State}')) {
132 $s = keyReplace($s, dataFixup(getListItemTitle('state', $ptrow['state']), xl('State')));
133 }
134
135 else if (keySearch($s, '{Zip}')) {
136 $s = keyReplace($s, dataFixup($ptrow['postal_code'], xl('Postal Code')));
137 }
138
139 else if (keySearch($s, '{PatientPhone}')) {
140 $ptphone = $ptrow['phone_contact'];
141 if (empty($ptphone)) $ptphone = $ptrow['phone_home'];
142 if (empty($ptphone)) $ptphone = $ptrow['phone_cell'];
143 if (empty($ptphone)) $ptphone = $ptrow['phone_biz'];
144 if (preg_match("/([2-9]\d\d)\D*(\d\d\d)\D*(\d\d\d\d)/", $ptphone, $tmp)) {
145 $ptphone = '(' . $tmp[1] . ')' . $tmp[2] . '-' . $tmp[3];
146 }
147 $s = keyReplace($s, dataFixup($ptphone, xl('Phone')));
148 }
149
150 else if (keySearch($s, '{PatientDOB}')) {
151 $s = keyReplace($s, dataFixup(oeFormatShortDate($ptrow['DOB']), xl('Birth Date')));
152 }
153
154 else if (keySearch($s, '{PatientSex}')) {
155 $s = keyReplace($s, dataFixup(getListItemTitle('sex', $ptrow['sex']), xl('Sex')));
156 }
157
158 else if (keySearch($s, '{DOS}')) {
159 $s = keyReplace($s, dataFixup(oeFormatShortDate(substr($enrow['date'], 0, 10)), xl('Service Date')));
160 }
161
162 else if (keySearch($s, '{ChiefComplaint}')) {
163 $cc = $enrow['reason'];
164 $patientid = $ptrow['pid'];
165 $DOS = substr($enrow['date'], 0, 10);
166 // Prefer appointment comment if one is present.
167 $evlist = fetchEvents($DOS, $DOS, " AND pc_pid = '$patientid' ");
168 foreach ($evlist as $tmp) {
169 if ($tmp['pc_pid'] == $pid && !empty($tmp['pc_hometext'])) {
170 $cc = $tmp['pc_hometext'];
171 }
172 }
173 $s = keyReplace($s, dataFixup($cc, xl('Chief Complaint')));
174 }
175
176 else if (keySearch($s, '{ReferringDOC}')) {
177 $tmp = empty($ptrow['ur_fname']) ? '' : $ptrow['ur_fname'];
178 if (!empty($ptrow['ur_mname'])) {
179 if ($tmp) $tmp .= ' ';
180 $tmp .= $ptrow['ur_mname'];
181 }
182 if (!empty($ptrow['ur_lname'])) {
183 if ($tmp) $tmp .= ' ';
184 $tmp .= $ptrow['ur_lname'];
185 }
186 $s = keyReplace($s, dataFixup($tmp, xl('Referer')));
187 }
188
189 else if (keySearch($s, '{Allergies}')) {
190 $tmp = generate_plaintext_field(array('data_type'=>'24','list_id'=>''), '');
191 $s = keyReplace($s, dataFixup($tmp, xl('Allergies')));
192 }
193
194 else if (keySearch($s, '{Medications}')) {
195 $s = keyReplace($s, dataFixup(getIssues('medication'), xl('Medications')));
196 }
197
198 else if (keySearch($s, '{ProblemList}')) {
199 $s = keyReplace($s, dataFixup(getIssues('medical_problem'), xl('Problem List')));
200 }
201
202 // This tag indicates the fields from here until {/GRP} are a group of fields
203 // separated by semicolons. Fields with no data are omitted, and fields with
204 // data are prepended with their field label from the form layout.
205 else if (keySearch($s, '{GRP}')) {
206 ++$groupLevel;
207 $groupCount = 0;
208 $s = keyReplace($s, '');
209 }
210
211 else if (keySearch($s, '{/GRP}')) {
212 if ($groupLevel > 0) --$groupLevel;
213 $s = keyReplace($s, '');
214 }
215
216 // This is how we specify the separator between group items in a way that
217 // is independent of the document format. Whatever is between {ITEMSEP} and
218 // {/ITEMSEP} is the separator string. Default is "; ".
219 else if (preg_match('/^\{ITEMSEP\}(.*?)\{\/ITEMSEP\}/', substr($s, $keyLocation), $matches)) {
220 $itemSeparator = $matches[1];
221 $keyLength = strlen($matches[0]);
222 $s = keyReplace($s, '');
223 }
224
225 // This handles keys like {LBFxxx:fieldid} for layout-based encounter forms.
226 else if (preg_match('/^\{(LBF\w+):(\w+)\}/', substr($s, $keyLocation), $matches)) {
227 $formname = $matches[1];
228 $fieldid = $matches[2];
229 $keyLength = 3 + strlen($formname) + strlen($fieldid);
230 $data = '';
231 $currvalue = '';
232 $title = '';
233 $frow = sqlQuery("SELECT * FROM layout_options " .
234 "WHERE form_id = ? AND field_id = ? LIMIT 1",
235 array($formname, $fieldid));
236 if (!empty($frow)) {
237 $ldrow = sqlQuery("SELECT ld.field_value " .
238 "FROM lbf_data AS ld, forms AS f WHERE " .
239 "f.pid = ? AND f.encounter = ? AND f.formdir = ? AND f.deleted = 0 AND " .
240 "ld.form_id = f.form_id AND ld.field_id = ? " .
241 "ORDER BY f.form_id DESC LIMIT 1",
242 array($pid, $encounter, $formname, $fieldid));
243 if (!empty($ldrow)) {
244 $currvalue = $ldrow['field_value'];
245 $title = $frow['title'];
246 }
247 if ($currvalue !== '') {
248 $data = generate_plaintext_field($frow, $currvalue);
249 }
250 }
251 $s = keyReplace($s, dataFixup($data, $title));
252 }
253
254 } // End if { character found.
255
256 return $s;
257 }
258
259 // if (!acl_check('admin', 'super')) die(htmlspecialchars(xl('Not authorized')));
260
261 // Get patient demographic info.
262 $ptrow = sqlQuery("SELECT pd.*, " .
263 "ur.fname AS ur_fname, ur.mname AS ur_mname, ur.lname AS ur_lname " .
264 "FROM patient_data AS pd " .
265 "LEFT JOIN users AS ur ON ur.id = pd.ref_providerID " .
266 "WHERE pd.pid = ?", array($pid));
267 $enrow = array();
268
269 // Get some info for the currently selected encounter.
270 if ($encounter) {
271 $enrow = sqlQuery("SELECT * FROM form_encounter WHERE pid = ? AND " .
272 "encounter = ?", array($pid, $encounter));
273 }
274
275 $form_filename = strip_escape_custom($_REQUEST['form_filename']);
276 $templatedir = "$OE_SITE_DIR/documents/doctemplates";
277 $templatepath = "$templatedir/$form_filename";
278
279 // Create a temporary file to hold the output.
280 $fname = tempnam($GLOBALS['temporary_files_dir'], 'OED');
281
282 // Get mime type in a way that works with old and new PHP releases.
283 $mimetype = 'application/octet-stream';
284 $ext = strtolower(array_pop(explode('.', $filename)));
285 if ('dotx' == $ext) {
286 // PHP does not seem to recognize this type.
287 $mimetype = 'application/msword';
288 }
289 else if (function_exists('finfo_open')) {
290 $finfo = finfo_open(FILEINFO_MIME_TYPE);
291 $mimetype = finfo_file($finfo, $templatepath);
292 finfo_close($finfo);
293 }
294 else if (function_exists('mime_content_type')) {
295 $mimetype = mime_content_type($templatepath);
296 }
297 else {
298 if ('doc' == $ext) $mimetype = 'application/msword' ; else
299 if ('dot' == $ext) $mimetype = 'application/msword' ; else
300 if ('htm' == $ext) $mimetype = 'text/html' ; else
301 if ('html' == $ext) $mimetype = 'text/html' ; else
302 if ('odt' == $ext) $mimetype = 'application/vnd.oasis.opendocument.text' ; else
303 if ('ods' == $ext) $mimetype = 'application/vnd.oasis.opendocument.spreadsheet' ; else
304 if ('ott' == $ext) $mimetype = 'application/vnd.oasis.opendocument.text' ; else
305 if ('pdf' == $ext) $mimetype = 'application/pdf' ; else
306 if ('ppt' == $ext) $mimetype = 'application/vnd.ms-powerpoint' ; else
307 if ('ps' == $ext) $mimetype = 'application/postscript' ; else
308 if ('rtf' == $ext) $mimetype = 'application/rtf' ; else
309 if ('txt' == $ext) $mimetype = 'text/plain' ; else
310 if ('xls' == $ext) $mimetype = 'application/vnd.ms-excel' ;
311 }
312
313 $zipin = new ZipArchive;
314 if ($zipin->open($templatepath) === true) {
315 // Must be a zip archive.
316 $zipout = new ZipArchive;
317 $zipout->open($fname, ZipArchive::OVERWRITE);
318 for ($i = 0; $i < $zipin->numFiles; ++$i) {
319 $ename = $zipin->getNameIndex($i);
320 $edata = $zipin->getFromIndex($i);
321 $edata = doSubs($edata);
322 $zipout->addFromString($ename, $edata);
323 }
324 $zipout->close();
325 $zipin->close();
326 }
327 else {
328 // Not a zip archive.
329 $edata = file_get_contents($templatepath);
330 $edata = doSubs($edata);
331 file_put_contents($fname, $edata);
332 }
333
334 // Compute a download name like "filename_lastname_pid.odt".
335 $pi = pathinfo($form_filename);
336 $dlname = $pi['filename'] . '_' . $ptrow['lname'] . '_' . $pid;
337 if ($pi['extension'] !== '') $dlname .= '.' . $pi['extension'];
338
339 header('Content-Description: File Transfer');
340 header('Content-Transfer-Encoding: binary');
341 header('Expires: 0');
342 header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
343 header('Pragma: public');
344 // attachment, not inline
345 header("Content-Disposition: attachment; filename=\"$dlname\"");
346 header("Content-Type: $mimetype");
347 header("Content-Length: " . filesize($fname));
348 ob_clean();
349 flush();
350 readfile($fname);
351
352 unlink($fname);
353 ?>
Mirror of official OpenEMR Sourceforge repository