search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Focus the search term on load
[openemr.git] / myportal / soap_service / server_audit.php
blob6aba0c16171420ce27ad7efc52c94443236456d4
1 <?php
2 // +-----------------------------------------------------------------------------+
3 // Copyright (C) 2011 Z&H Consultancy Services Private Limited <sam@zhservices.com>
4 //
5 //
6 // This program is free software; you can redistribute it and/or
7 // modify it under the terms of the GNU General Public License
8 // as published by the Free Software Foundation; either version 2
9 // of the License, or (at your option) any later version.
10 //
11 //
12 // This program is distributed in the hope that it will be useful,
13 // but WITHOUT ANY WARRANTY; without even the implied warranty of
14 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 // GNU General Public License for more details.
16 //
17 //
18 // A copy of the GNU General Public License is included along with this program:
19 // openemr/interface/login/GnuGPL.html
20 // For more information write to the Free Software
21 // Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
22 //
23 // Author: Eldho Chacko <eldho@zhservices.com>
24 // Jacob T Paul <jacob@zhservices.com>
25 //
26 // +------------------------------------------------------------------------------+
27
28 //SANITIZE ALL ESCAPES
29 $sanitize_all_escapes=true;
30 //
31
32 //STOP FAKE REGISTER GLOBALS
33 $fake_register_globals=false;
34 //
35
36 require_once("server_mail.php");
37
38 class UserAudit extends UserMail{
39
40
41
42 //During auditing if a new patient demo is rejected will delete the patient from DB
43
44 public function delete_if_new_patient($var)
45 {
46 $data_credentials=$var[0];
47 if(UserService::valid($data_credentials)=='oemruser'){
48 $audit_master_id = $var['audit_master_id'];
49 $qry = "select * from audit_master WHERE id=? and approval_status=1 and type=1";
50 $result=sqlStatement($qry,array($audit_master_id));
51 $rowfield = sqlFetchArray($result);
52 if($rowfield['pid']>0)
53 {
54 $pid=$rowfield['pid'];
55 $qry = "DELETE from patient_data WHERE pid=?";
56 sqlStatement($qry,array($pid));
57 $qry = "DELETE from employer_data WHERE pid=?";
58 sqlStatement($qry,array($pid));
59 $qry = "DELETE from history_data WHERE pid=?";
60 sqlStatement($qry,array($pid));
61 $qry = "DELETE from insurance_data WHERE pid=?";
62 sqlStatement($qry,array($pid));
63 $qry = "DELETE from patient_access_offsite WHERE pid=? ";
64 sqlStatement($qry,array($pid));
65 $qry = "DELETE from openemr_postcalendar_events WHERE pc_pid=? ";// appointments approved, but patient denied case.
66 sqlStatement($qry,array($pid));
67 $qry = "select * from documents_legal_master,documents_legal_detail where dld_pid=?
68 and dlm_document_id=dld_master_docid and dlm_subcategory not in (SELECT dlc_id FROM `documents_legal_categories`
69 where dlc_category_name='Layout Signed' and dlc_category_type=2)";
70 $result=sqlStatement($qry,array($pid));
71 while($row_sql=sqlFetchArray($result))
72 {
73 @unlink('../documents/'.$row_sql['dld_filepath'].$row_sql['dld_filename']);
74 }
75 $qry = "DELETE from documents_legal_detail WHERE dld_pid=?";
76 sqlStatement($qry,array($pid));
77 $qry = "DELETE from audit_details WHERE audit_master_id in
78 (select id from audit_master WHERE pid=? )";//type and approval_status=1 is not called purposefully,so as to delete the appointments also
79 sqlStatement($qry,array($pid));
80 $qry = "DELETE from audit_master WHERE pid=?";//type and approval_status=1 is not called purposefully,so as to delete the appointments also
81 sqlStatement($qry,array($pid));
82 }
83 }
84 else{
85 throw new SoapFault("Server", "credentials failed");
86 }
87 }
88
89
90 //update the audit master_table with the status ie denied,approved etc.
91
92 public function update_audit_master($var)
93 {
94 $data_credentials=$var[0];
95 if(UserService::valid($data_credentials)){
96 $audit_master_id=$var['audit_master_id'];
97 $approval_status=$var['approval_status'];
98 $comments=$var['comments'];
99 $user_id=$var['user_id'];
100 sqlStatement("UPDATE audit_master SET approval_status=?, comments=?,modified_time=NOW(),user_id=? WHERE id=? ",array($approval_status,$comments,$user_id,$audit_master_id));
101 $dld_pid = sqlQuery("SELECT pid from audit_master WHERE id=?",array($audit_master_id));
102 sqlStatement("UPDATE documents_legal_detail SET dld_signed=? WHERE dld_pid=? AND dld_signed=0",array($approval_status,$dld_pid['pid']));
103 }
104 else{
105 throw new SoapFault("Server", "credentials failed");
106 }
107 }
108
109
110
111 // Will update the corresponding tables with the audited and approved data.
112 //Appointments and Demos are updated from the audit_details table to the actual transaction tables
113 public function update_audited_data($var)
114 {
115 $data_credentials=$var[0];
116 $validtables = array("patient_data","employer_data","insurance_data","history_data","openemr_postcalendar_events","ar_session","documents_legal_master","documents_legal_detail");
117 if(UserService::valid($data_credentials)){
118 $audit_master_id = $var['audit_master_id'];
119 $res = sqlStatement("SELECT * FROM audit_master where id=? and approval_status='1' and type='3' ",array($audit_master_id));
120 if(sqlNumRows($res)>0)//skip this function if type=3(only documents saved.)
121 {
122 return;
123 }
124 $res = sqlStatement("SELECT DISTINCT ad.table_name,am.id,am.pid FROM audit_master as am,audit_details as ad WHERE am.id=ad.audit_master_id and am.approval_status in ('1','4') and am.id=? ORDER BY ad.id",array($audit_master_id));
125 $tablecnt = sqlNumRows($res);
126 while($row = sqlFetchArray($res)){
127 $pid=$row['pid'];
128 $resfield = sqlStatement("SELECT * FROM audit_details WHERE audit_master_id=? AND table_name=?",array($audit_master_id,$row['table_name']));
129 $table = $row['table_name'];
130 $cnt = 0;
131 foreach($validtables as $value){//Update will execute if and only if all tables are validtables
132 if($value==$table)
133 $cnt++;
134 }
135 if($cnt>0){
136 while($rowfield = sqlFetchArray($resfield)){
137
138 if($table=='patient_data'){
139 $newdata['patient_data'][$rowfield['field_name']]=$rowfield['field_value'];
140 }
141
142 if($table=='employer_data'){
143 $newdata['employer_data'][$rowfield['field_name']]=$rowfield['field_value'];
144 }
145
146 if($table=='insurance_data'){
147 $ins1_type="primary";
148 $ins2_type="secondary";
149 $ins3_type="tertiary";
150 for($i=1;$i<=3;$i++)
151 {
152 $newdata[$rowfield['entry_identification']][$rowfield['field_name']]=$rowfield['field_value'];
153 }
154 }
155
156 if($table=='openemr_postcalendar_events'){
157 $newdata['openemr_postcalendar_events'][$rowfield['field_name']]=$rowfield['field_value'];
158 }
159
160 if($table=='ar_session'){
161 $newdata['ar_session'][$rowfield['field_name']]=$rowfield['field_value'];
162 }
163
164 if($table=='documents_legal_master'){
165 $newdata['documents_legal_master'][$rowfield['field_name']]=$rowfield['field_value'];
166 }
167
168 if($table=='documents_legal_detail'){
169 $newdata['documents_legal_detail'][$rowfield['field_name']]=$rowfield['field_value'];
170 }
171
172 }
173 require_once("../../library/invoice_summary.inc.php");
174 require_once("../../library/options.inc.php");
175 require_once("../../library/acl.inc");
176 require_once("../../library/patient.inc");
177 if($table=='patient_data'){
178 $pdrow = sqlQuery("SELECT id from patient_data WHERE pid=?",array($pid));
179 $newdata['patient_data']['id']=$pdrow['id'];
180 updatePatientData($pid,$newdata['patient_data']);
181 }
182 elseif($table=='employer_data'){
183 updateEmployerData($pid,$newdata['employer_data']);
184 }
185 elseif($table=='insurance_data'){
186 for($i=1;$i<=3;$i++){
187 newInsuranceData(
188 $pid,
189 add_escape_custom($newdata[${ins.$i._type}]['type']),
190 add_escape_custom($newdata[${ins.$i._type}]['provider']),
191 add_escape_custom($newdata[${ins.$i._type}]['policy_number']),
192 add_escape_custom($newdata[${ins.$i._type}]['group_number']),
193 add_escape_custom($newdata[${ins.$i._type}]['plan_name']),
194 add_escape_custom($newdata[${ins.$i._type}]['subscriber_lname']),
195 add_escape_custom($newdata[${ins.$i._type}]['subscriber_mname']),
196 add_escape_custom($newdata[${ins.$i._type}]['subscriber_fname']),
197 add_escape_custom($newdata[${ins.$i._type}]['subscriber_relationship']),
198 add_escape_custom($newdata[${ins.$i._type}]['subscriber_ss']),
199 add_escape_custom($newdata[${ins.$i._type}]['subscriber_DOB']),
200 add_escape_custom($newdata[${ins.$i._type}]['subscriber_street']),
201 add_escape_custom($newdata[${ins.$i._type}]['subscriber_postal_code']),
202 add_escape_custom($newdata[${ins.$i._type}]['subscriber_city']),
203 add_escape_custom($newdata[${ins.$i._type}]['subscriber_state']),
204 add_escape_custom($newdata[${ins.$i._type}]['subscriber_country']),
205 add_escape_custom($newdata[${ins.$i._type}]['subscriber_phone']),
206 add_escape_custom($newdata[${ins.$i._type}]['subscriber_employer']),
207 add_escape_custom($newdata[${ins.$i._type}]['subscriber_employer_street']),
208 add_escape_custom($newdata[${ins.$i._type}]['subscriber_employer_city']),
209 add_escape_custom($newdata[${ins.$i._type}]['subscriber_employer_postal_code']),
210 add_escape_custom($newdata[${ins.$i._type}]['subscriber_employer_state']),
211 add_escape_custom($newdata[${ins.$i._type}]['subscriber_employer_country']),
212 add_escape_custom($newdata[${ins.$i._type}]['copay']),
213 add_escape_custom($newdata[${ins.$i._type}]['subscriber_sex']),
214 add_escape_custom($newdata[${ins.$i._type}]['date']),
215 add_escape_custom($newdata[${ins.$i._type}]['accept_assignment']));
216 }
217 }
218 elseif($table=='openemr_postcalendar_events'){
219 sqlInsert("INSERT INTO openemr_postcalendar_events ( " .
220 "pc_pid,pc_title,pc_time,pc_hometext,pc_eventDate,pc_endDate,pc_startTime,pc_endTime,pc_duration,pc_catid,pc_eventstatus,pc_aid,pc_facility" .
221 ") VALUES ( " .
222 "'" . add_escape_custom($pid) . "', " .
223 "'" . add_escape_custom($newdata['openemr_postcalendar_events']['pc_title']) . "', " .
224 "NOW(), " .
225 "'" . add_escape_custom($newdata['openemr_postcalendar_events']['pc_hometext']) . "', " .
226 "'" . add_escape_custom($newdata['openemr_postcalendar_events']['pc_eventDate']) . "', " .
227 "'" . add_escape_custom($newdata['openemr_postcalendar_events']['pc_endDate']) . "', " .
228 "'" . add_escape_custom($newdata['openemr_postcalendar_events']['pc_startTime']) . "', " .
229 "'" . add_escape_custom($newdata['openemr_postcalendar_events']['pc_endTime']) . "', " .
230 "'" . add_escape_custom($newdata['openemr_postcalendar_events']['pc_duration']) . "', " .
231 "'" . add_escape_custom($newdata['openemr_postcalendar_events']['pc_catid']) . "', " .
232 "1, " .
233 "'" . add_escape_custom($newdata['openemr_postcalendar_events']['pc_aid'])."', " .
234 "'" . add_escape_custom($newdata['openemr_postcalendar_events']['pc_facility']) . "')"
235 );
236 }
237 elseif($table=='ar_session'){
238 sqlInsert("INSERT INTO ar_session ( " .
239 "payer_id, user_id, reference, check_date, pay_total, modified_time, payment_type, description, post_to_date, patient_id, payment_method" .
240 ") VALUES ( " .
241 "'" . add_escape_custom($newdata['ar_session']['payer_id']) . "', " .
242 "'" . add_escape_custom($newdata['ar_session']['user_id']) . "', " .
243 "'" . add_escape_custom($newdata['ar_session']['reference']) . "', " .
244 "NOW(), " .
245 "'" . add_escape_custom($newdata['ar_session']['pay_total']) . "', " .
246 "NOW(), " .
247 "'" . add_escape_custom($newdata['ar_session']['payment_type']) . "', " .
248 "'" . add_escape_custom($newdata['ar_session']['description']) . "', " .
249 "NOW(), " .
250 "'" . add_escape_custom($pid) . "', " .
251 "'" . add_escape_custom($newdata['ar_session']['payment_method']) . "')"
252 );
253 }
254 elseif($table=='documents_legal_master'){
255 $master_doc_id = sqlInsert("INSERT INTO documents_legal_master ( " .
256 "dlm_category,dlm_subcategory,dlm_document_name,dlm_filepath,dlm_facility,dlm_provider,dlm_sign_height,dlm_sign_width,dlm_filename,dlm_effective_date,dlm_version,content,dlm_savedsign,dlm_review,dlm_upload_type" .
257 ") VALUES ( " .
258 "'" . add_escape_custom($newdata['documents_legal_master']['dlm_category']) . "', " .
259 "'" . add_escape_custom($newdata['documents_legal_master']['dlm_subcategory']) . "', " .
260 "'" . add_escape_custom($newdata['documents_legal_master']['dlm_document_name']) . "', " .
261 "'" . add_escape_custom($newdata['documents_legal_master']['dlm_filepath']."/$pid") . "', " .
262 "'" . add_escape_custom($newdata['documents_legal_master']['dlm_facility']) . "', " .
263 "'" . add_escape_custom($newdata['documents_legal_master']['dlm_provider']) . "', " .
264 "'" . add_escape_custom($newdata['documents_legal_master']['dlm_sign_height']) . "', " .
265 "'" . add_escape_custom($newdata['documents_legal_master']['dlm_sign_width']) . "', " .
266 "'" . add_escape_custom($newdata['documents_legal_master']['dlm_filename']) . "', " .
267 "'" . add_escape_custom($newdata['documents_legal_master']['dlm_effective_date']) . "', " .
268 "'" . add_escape_custom($newdata['documents_legal_master']['dlm_version']) . "', " .
269 "'" . add_escape_custom($newdata['documents_legal_master']['content']) . "', " .
270 "'" . add_escape_custom($newdata['documents_legal_master']['dlm_savedsign']) . "', " .
271 "'" . add_escape_custom($newdata['documents_legal_master']['dlm_review']) . "', " .
272 "'" . add_escape_custom($newdata['documents_legal_master']['dlm_upload_type']) . "')"
273 );
274 }
275 elseif($table=='documents_legal_detail'){
276 sqlInsert("INSERT INTO documents_legal_detail ( " .
277 "dld_pid,dld_facility,dld_provider,dld_encounter,dld_master_docid,dld_signed,dld_signed_time,dld_filepath,dld_filename,dld_signing_person,dld_sign_level,dld_content,dld_file_for_pdf_generation,dld_denial_reason,dld_moved,dld_patient_comments" .
278 ") VALUES ( " .
279 "'" . add_escape_custom($pid) . "', " .
280 "'" . add_escape_custom($newdata['documents_legal_detail']['dld_facility']) . "', " .
281 "'" . add_escape_custom($newdata['documents_legal_detail']['dld_provider']) . "', " .
282 "'" . add_escape_custom($newdata['documents_legal_detail']['dld_encounter']) . "', " .
283 "'" . add_escape_custom($master_doc_id) . "', " .
284 "'" . add_escape_custom($newdata['documents_legal_detail']['dld_signed']) . "', " .
285 "'" . add_escape_custom($newdata['documents_legal_detail']['dld_signed_time']) . "', " .
286 "'" . add_escape_custom($newdata['documents_legal_detail']['dld_filepath']) . "', " .
287 "'" . add_escape_custom($newdata['documents_legal_detail']['dld_filename']) . "', " .
288 "'" . add_escape_custom($newdata['documents_legal_detail']['dld_signing_person']) . "', " .
289 "'" . add_escape_custom($newdata['documents_legal_detail']['dld_sign_level']) . "', " .
290 "'" . add_escape_custom($newdata['documents_legal_detail']['dld_content']) . "', " .
291 "'" . add_escape_custom($newdata['documents_legal_detail']['dld_file_for_pdf_generation']) . "', " .
292 "'" . add_escape_custom($newdata['documents_legal_detail']['dld_denial_reason']) . "', " .
293 "'" . add_escape_custom($newdata['documents_legal_detail']['dld_moved']) . "', " .
294 "'" . add_escape_custom($newdata['documents_legal_detail']['dld_patient_comments']) . "')"
295 );
296 }
297 }
298 else{
299 throw new SoapFault("Server", "Table Not Supported error message");
300 }
301 }
302 }
303 else{
304 throw new SoapFault("Server", "credentials failed");
305 }
306 }
307
308
309 //Data from portal is inserted through this function. It will wait for audit and approval
310 //according to the facility settings. audit_details is the child table of Audit_master
311
312 public function insert_to_be_audit_data($var)
313 {
314 global $pid;
315 $data_credentials = $var[0];
316 if(UserService::valid($data_credentials))
317 {
318 $audit_master_id_to_delete=$var['audit_master_id_to_delete'];
319 $approval_status=$var['approval_status'];
320 $type=$var['type'];
321 $ip_address=$var['ip_address'];
322 $table_name_array=$var['table_name_array'];
323 $field_name_value_array=$var['field_name_value_array'];
324 $entry_identification_array=$var['entry_identification_array'];
325
326 if($audit_master_id_to_delete){
327 $qry = "DELETE from audit_master WHERE id=?";
328 sqlStatement($qry,array($audit_master_id_to_delete));
329 $qry = "DELETE from audit_details WHERE audit_master_id=?";
330 sqlStatement($qry,array($audit_master_id_to_delete));
331 }
332
333 $master_query="INSERT INTO audit_master SET
334 pid = ?,
335 approval_status = ?,
336 ip_address = ?,
337 type = ?";
338 $audit_master_id= sqlInsert($master_query,array($pid,$approval_status,$ip_address,$type));
339 $detail_query="INSERT INTO `audit_details` (`table_name`, `field_name`, `field_value`, `audit_master_id`, `entry_identification`) VALUES ";
340 $detail_query_array='';
341 foreach($table_name_array as $key=>$table_name)
342 {
343 foreach($field_name_value_array[$key] as $field_name=>$field_value)
344 {
345 $detail_query.="(? ,? ,? ,? ,?),";
346 $detail_query_array[] = $table_name;
347 $detail_query_array[] = trim($field_name);
348 $detail_query_array[] = trim($field_value);
349 $detail_query_array[] = $audit_master_id;
350 $detail_query_array[] = trim($entry_identification_array[$key]);
351 }
352 }
353 $detail_query = substr($detail_query, 0, -1);
354 $detail_query=$detail_query.';';
355 sqlInsert($detail_query,$detail_query_array);
356 if($var['auto_update']==1)
357 {
358 $var['audit_master_id'] = $audit_master_id;
359 UserAudit::update_audited_data($var);
360 }
361 }
362 else
363 {
364 throw new SoapFault("Server", "credentials failed");
365 }
366 }
367
368
369 //Data from portal is inserted through this function. It will wait for audit and approval
370 //according to the facility settings. This is the master table entry.
371
372 public function insert_audit_master($var)
373 {
374 global $pid;
375 $data_credentials=$var[0];
376 if(UserService::valid($data_credentials))
377 {
378 $approval_status=$var['approval_status'];
379 $type=$var['type'];
380 $ip_address=$var['ip_address'];
381
382 $master_query="INSERT INTO audit_master SET
383 pid = ?,
384 approval_status = ?,
385 ip_address = ?,
386 type =?";
387 $audit_master_id= sqlInsert($master_query,array($pid,$approval_status,$ip_address,$type));
388 }
389 else
390 {
391 throw new SoapFault("Server", "credentials failed");
392 }
393 }
394 }
395 ?>
Mirror of official OpenEMR Sourceforge repository