search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Added a provider filter to Procedures / Electronic Reports.
[openemr.git] / myportal / soap_service / server_audit.php
blobcfde89ffe92902921cdfc27df09f381352fb9e33
1 <?php
2 // +-----------------------------------------------------------------------------+
3 // Copyright (C) 2011 Z&H Consultancy Services Private Limited <sam@zhservices.com>
4 //
5 //
6 // This program is free software; you can redistribute it and/or
7 // modify it under the terms of the GNU General Public License
8 // as published by the Free Software Foundation; either version 2
9 // of the License, or (at your option) any later version.
10 //
11 //
12 // This program is distributed in the hope that it will be useful,
13 // but WITHOUT ANY WARRANTY; without even the implied warranty of
14 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 // GNU General Public License for more details.
16 //
17 //
18 // A copy of the GNU General Public License is included along with this program:
19 // openemr/interface/login/GnuGPL.html
20 // For more information write to the Free Software
21 // Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
22 //
23 // Author: Eldho Chacko <eldho@zhservices.com>
24 // Jacob T Paul <jacob@zhservices.com>
25 //
26 // +------------------------------------------------------------------------------+
27
28 //SANITIZE ALL ESCAPES
29 $sanitize_all_escapes=true;
30 //
31
32 //STOP FAKE REGISTER GLOBALS
33 $fake_register_globals=false;
34 //
35
36 require_once("server_mail.php");
37
38 class UserAudit extends UserMail{
39
40 //to generate random password
41
42 public function generatePassword($length = 20){
43 $password = "";
44 $possible = "2346789bcdfghjkmnpqrtvwxyzBCDFGHJKLMNPQRTVWXYZ";
45 $maxlength = strlen($possible);
46 if($length > $maxlength){
47 $length = $maxlength;
48 }
49 $i = 0;
50 while($i < $length){
51 $char = substr($possible, mt_rand(0, $maxlength-1), 1);
52 $password .= $char;
53 $i++;
54 }
55 return $password;
56 }
57
58 //During auditing if a new patient demo is rejected will delete the patient from DB
59
60 public function delete_if_new_patient($var)
61 {
62 $data_credentials=$var[0];
63 if(UserService::valid($data_credentials)=='oemruser'){
64 $audit_master_id = $var['audit_master_id'];
65 $qry = "select * from audit_master WHERE id=? and approval_status=1 and type=1";
66 $result=sqlStatement($qry,array($audit_master_id));
67 $rowfield = sqlFetchArray($result);
68 if($rowfield['pid']>0)
69 {
70 $pid=$rowfield['pid'];
71 $qry = "DELETE from patient_data WHERE pid=?";
72 sqlStatement($qry,array($pid));
73 $qry = "DELETE from employer_data WHERE pid=?";
74 sqlStatement($qry,array($pid));
75 $qry = "DELETE from history_data WHERE pid=?";
76 sqlStatement($qry,array($pid));
77 $qry = "DELETE from insurance_data WHERE pid=?";
78 sqlStatement($qry,array($pid));
79 $qry = "DELETE from patient_access_offsite WHERE pid=? ";
80 sqlStatement($qry,array($pid));
81 $qry = "DELETE from openemr_postcalendar_events WHERE pc_pid=? ";// appointments approved, but patient denied case.
82 sqlStatement($qry,array($pid));
83 $qry = "select * from documents_legal_master,documents_legal_detail where dld_pid=?
84 and dlm_document_id=dld_master_docid and dlm_subcategory not in (SELECT dlc_id FROM `documents_legal_categories`
85 where dlc_category_name='Layout Signed' and dlc_category_type=2)";
86 $result=sqlStatement($qry,array($pid));
87 while($row_sql=sqlFetchArray($result))
88 {
89 @unlink('../documents/'.$row_sql['dld_filepath'].$row_sql['dld_filename']);
90 }
91 $qry = "DELETE from documents_legal_detail WHERE dld_pid=?";
92 sqlStatement($qry,array($pid));
93 $qry = "DELETE from audit_details WHERE audit_master_id in
94 (select id from audit_master WHERE pid=? )";//type and approval_status=1 is not called purposefully,so as to delete the appointments also
95 sqlStatement($qry,array($pid));
96 $qry = "DELETE from audit_master WHERE pid=?";//type and approval_status=1 is not called purposefully,so as to delete the appointments also
97 sqlStatement($qry,array($pid));
98 }
99 }
100 else{
101 throw new SoapFault("Server", "credentials failed");
102 }
103 }
104
105
106 //update the audit master_table with the status ie denied,approved etc.
107
108 public function update_audit_master($var)
109 {
110 $data_credentials=$var[0];
111 if(UserService::valid($data_credentials)){
112 $audit_master_id=$var['audit_master_id'];
113 $approval_status=$var['approval_status'];
114 $comments=$var['comments'];
115 $user_id=$var['user_id'];
116 sqlStatement("UPDATE audit_master SET approval_status=?, comments=?,modified_time=NOW(),user_id=? WHERE id=? ",array($approval_status,$comments,$user_id,$audit_master_id));
117 $dld_pid = sqlQuery("SELECT pid from audit_master WHERE id=?",array($audit_master_id));
118 sqlStatement("UPDATE documents_legal_detail SET dld_signed=? WHERE dld_pid=? AND dld_signed=0",array($approval_status,$dld_pid['pid']));
119 }
120 else{
121 throw new SoapFault("Server", "credentials failed");
122 }
123 }
124
125
126
127 // Will update the corresponding tables with the audited and approved data.
128 //Appointments and Demos are updated from the audit_details table to the actual transaction tables
129 public function update_audited_data($var)
130 {
131 $data_credentials=$var[0];
132 $last_insert_ids = array();
133 $validtables = array("patient_data","employer_data","insurance_data","history_data","openemr_postcalendar_events","ar_session","documents_legal_master","documents_legal_detail","patient_access_offsite");
134 if(UserService::valid($data_credentials)){
135 $audit_master_id = $var['audit_master_id'];
136 $res = sqlStatement("SELECT DISTINCT ad.table_name,am.id,am.pid FROM audit_master as am,audit_details as ad WHERE am.id=ad.audit_master_id and am.approval_status in ('1','4') and am.id=? ORDER BY ad.id",array($audit_master_id));
137 $tablecnt = sqlNumRows($res);
138 while($row = sqlFetchArray($res)){
139 if($row['pid']){
140 $pid=$row['pid'];
141 }
142 $resfield = sqlStatement("SELECT * FROM audit_details WHERE audit_master_id=? AND table_name=?",array($audit_master_id,$row['table_name']));
143 $table = $row['table_name'];
144 $cnt = 0;
145 foreach($validtables as $value){//Update will execute if and only if all tables are validtables
146 if($value==$table)
147 $cnt++;
148 }
149 if($cnt>0){
150 while($rowfield = sqlFetchArray($resfield)){
151 if($rowfield['field_name'] == 'pid')
152 continue;
153 if($table=='patient_data'){
154 $newdata['patient_data'][$rowfield['field_name']]=$rowfield['field_value'];
155 }
156
157 if($table=='employer_data'){
158 $newdata['employer_data'][$rowfield['field_name']]=$rowfield['field_value'];
159 }
160
161 if($table=='insurance_data'){
162 $ins1_type="primary";
163 $ins2_type="secondary";
164 $ins3_type="tertiary";
165 for($i=1;$i<=3;$i++)
166 {
167 $newdata[$rowfield['entry_identification']][$rowfield['field_name']]=$rowfield['field_value'];
168 }
169 }
170
171 if($table=='openemr_postcalendar_events'){
172 $newdata['openemr_postcalendar_events'][$rowfield['field_name']]=$rowfield['field_value'];
173 }
174
175 if($table=='ar_session'){
176 $newdata['ar_session'][$rowfield['field_name']]=$rowfield['field_value'];
177 }
178
179 if($table=='documents_legal_master'){
180 $newdata['documents_legal_master'][$rowfield['field_name']]=$rowfield['field_value'];
181 }
182
183 if($table=='documents_legal_detail'){
184 $newdata['documents_legal_detail'][$rowfield['field_name']]=$rowfield['field_value'];
185 }
186
187 if($table=='patient_access_offsite'){
188 $newdata['patient_access_offsite'][$rowfield['field_name']]=$rowfield['field_value'];
189 if($rowfield['field_name'] == 'portal_pwd'){
190 $newdata['patient_access_offsite']['pass_id']=$rowfield['id'];
191 }
192 }
193
194 }
195 require_once("../../library/invoice_summary.inc.php");
196 require_once("../../library/options.inc.php");
197 require_once("../../library/acl.inc");
198 require_once("../../library/patient.inc");
199 if($table=='patient_data'){
200 $pdrow = sqlQuery("SELECT id from patient_data WHERE pid=?",array($pid));
201 if($pdrow['id']){
202 $newdata['patient_data']['id'] = $pdrow['id'];
203 updatePatientData($pid,$newdata['patient_data']);
204 }else{
205 $prow = sqlQuery("SELECT IFNULL(MAX(pid)+1,1) AS pid FROM patient_data");
206 $pid = $prow['pid'];
207 $newdata['patient_data']['pubpid'] = $pid;
208 updatePatientData($pid,$newdata['patient_data'],true);
209 }
210 }
211 elseif($table=='employer_data'){
212 updateEmployerData($pid,$newdata['employer_data']);
213 }
214 elseif($table=='insurance_data'){
215 for($i=1;$i<=3;$i++){
216 newInsuranceData(
217 $pid,
218 add_escape_custom($newdata[${ins.$i._type}]['type']),
219 add_escape_custom($newdata[${ins.$i._type}]['provider']),
220 add_escape_custom($newdata[${ins.$i._type}]['policy_number']),
221 add_escape_custom($newdata[${ins.$i._type}]['group_number']),
222 add_escape_custom($newdata[${ins.$i._type}]['plan_name']),
223 add_escape_custom($newdata[${ins.$i._type}]['subscriber_lname']),
224 add_escape_custom($newdata[${ins.$i._type}]['subscriber_mname']),
225 add_escape_custom($newdata[${ins.$i._type}]['subscriber_fname']),
226 add_escape_custom($newdata[${ins.$i._type}]['subscriber_relationship']),
227 add_escape_custom($newdata[${ins.$i._type}]['subscriber_ss']),
228 add_escape_custom($newdata[${ins.$i._type}]['subscriber_DOB']),
229 add_escape_custom($newdata[${ins.$i._type}]['subscriber_street']),
230 add_escape_custom($newdata[${ins.$i._type}]['subscriber_postal_code']),
231 add_escape_custom($newdata[${ins.$i._type}]['subscriber_city']),
232 add_escape_custom($newdata[${ins.$i._type}]['subscriber_state']),
233 add_escape_custom($newdata[${ins.$i._type}]['subscriber_country']),
234 add_escape_custom($newdata[${ins.$i._type}]['subscriber_phone']),
235 add_escape_custom($newdata[${ins.$i._type}]['subscriber_employer']),
236 add_escape_custom($newdata[${ins.$i._type}]['subscriber_employer_street']),
237 add_escape_custom($newdata[${ins.$i._type}]['subscriber_employer_city']),
238 add_escape_custom($newdata[${ins.$i._type}]['subscriber_employer_postal_code']),
239 add_escape_custom($newdata[${ins.$i._type}]['subscriber_employer_state']),
240 add_escape_custom($newdata[${ins.$i._type}]['subscriber_employer_country']),
241 add_escape_custom($newdata[${ins.$i._type}]['copay']),
242 add_escape_custom($newdata[${ins.$i._type}]['subscriber_sex']),
243 add_escape_custom($newdata[${ins.$i._type}]['date']),
244 add_escape_custom($newdata[${ins.$i._type}]['accept_assignment']));
245 }
246 }
247 elseif($table=='openemr_postcalendar_events'){
248 sqlInsert("INSERT INTO openemr_postcalendar_events ( " .
249 "pc_pid,pc_title,pc_time,pc_hometext,pc_eventDate,pc_endDate,pc_startTime,pc_endTime,pc_duration,pc_catid,pc_eventstatus,pc_aid,pc_facility" .
250 ") VALUES ( " .
251 "'" . add_escape_custom($pid) . "', " .
252 "'" . add_escape_custom($newdata['openemr_postcalendar_events']['pc_title']) . "', " .
253 "NOW(), " .
254 "'" . add_escape_custom($newdata['openemr_postcalendar_events']['pc_hometext']) . "', " .
255 "'" . add_escape_custom($newdata['openemr_postcalendar_events']['pc_eventDate']) . "', " .
256 "'" . add_escape_custom($newdata['openemr_postcalendar_events']['pc_endDate']) . "', " .
257 "'" . add_escape_custom($newdata['openemr_postcalendar_events']['pc_startTime']) . "', " .
258 "'" . add_escape_custom($newdata['openemr_postcalendar_events']['pc_endTime']) . "', " .
259 "'" . add_escape_custom($newdata['openemr_postcalendar_events']['pc_duration']) . "', " .
260 "'" . add_escape_custom($newdata['openemr_postcalendar_events']['pc_catid']) . "', " .
261 "1, " .
262 "'" . add_escape_custom($newdata['openemr_postcalendar_events']['pc_aid'])."', " .
263 "'" . add_escape_custom($newdata['openemr_postcalendar_events']['pc_facility']) . "')"
264 );
265 }
266 elseif($table=='ar_session'){
267 sqlInsert("INSERT INTO ar_session ( " .
268 "payer_id, user_id, reference, check_date, pay_total, modified_time, payment_type, description, post_to_date, patient_id, payment_method" .
269 ") VALUES ( " .
270 "'" . add_escape_custom($newdata['ar_session']['payer_id']) . "', " .
271 "'" . add_escape_custom($newdata['ar_session']['user_id']) . "', " .
272 "'" . add_escape_custom($newdata['ar_session']['reference']) . "', " .
273 "NOW(), " .
274 "'" . add_escape_custom($newdata['ar_session']['pay_total']) . "', " .
275 "NOW(), " .
276 "'" . add_escape_custom($newdata['ar_session']['payment_type']) . "', " .
277 "'" . add_escape_custom($newdata['ar_session']['description']) . "', " .
278 "NOW(), " .
279 "'" . add_escape_custom($pid) . "', " .
280 "'" . add_escape_custom($newdata['ar_session']['payment_method']) . "')"
281 );
282 }
283 elseif($table=='documents_legal_master'){
284 $master_doc_id = sqlInsert("INSERT INTO documents_legal_master ( " .
285 "dlm_category,dlm_subcategory,dlm_document_name,dlm_filepath,dlm_facility,dlm_provider,dlm_sign_height,dlm_sign_width,dlm_filename,dlm_effective_date,dlm_version,content,dlm_savedsign,dlm_review,dlm_upload_type" .
286 ") VALUES ( " .
287 "'" . add_escape_custom($newdata['documents_legal_master']['dlm_category']) . "', " .
288 "'" . add_escape_custom($newdata['documents_legal_master']['dlm_subcategory']) . "', " .
289 "'" . add_escape_custom($newdata['documents_legal_master']['dlm_document_name']) . "', " .
290 "'" . add_escape_custom($newdata['documents_legal_master']['dlm_filepath']."/$pid") . "', " .
291 "'" . add_escape_custom($newdata['documents_legal_master']['dlm_facility']) . "', " .
292 "'" . add_escape_custom($newdata['documents_legal_master']['dlm_provider']) . "', " .
293 "'" . add_escape_custom($newdata['documents_legal_master']['dlm_sign_height']) . "', " .
294 "'" . add_escape_custom($newdata['documents_legal_master']['dlm_sign_width']) . "', " .
295 "'" . add_escape_custom($newdata['documents_legal_master']['dlm_filename']) . "', " .
296 "'" . add_escape_custom($newdata['documents_legal_master']['dlm_effective_date']) . "', " .
297 "'" . add_escape_custom($newdata['documents_legal_master']['dlm_version']) . "', " .
298 "'" . add_escape_custom($newdata['documents_legal_master']['content']) . "', " .
299 "'" . add_escape_custom($newdata['documents_legal_master']['dlm_savedsign']) . "', " .
300 "'" . add_escape_custom($newdata['documents_legal_master']['dlm_review']) . "', " .
301 "'" . add_escape_custom($newdata['documents_legal_master']['dlm_upload_type']) . "')"
302 );
303 $last_insert_ids['dlm_id'] = $master_doc_id;
304 }
305 elseif($table=='documents_legal_detail'){
306 if($master_doc_id){
307 $mdoc_id = $master_doc_id;
308 }else{
309 $mdoc_id = $newdata['documents_legal_detail']['dld_master_docid'];
310 }
311 $last_insert_ids['dld_id'] = sqlInsert("INSERT INTO documents_legal_detail ( " .
312 "dld_pid,dld_facility,dld_provider,dld_encounter,dld_master_docid,dld_signed,dld_signed_time,dld_filepath,dld_filename,dld_signing_person,dld_sign_level,dld_content,dld_file_for_pdf_generation,dld_denial_reason,dld_moved,dld_patient_comments" .
313 ") VALUES ( " .
314 "'" . add_escape_custom($pid) . "', " .
315 "'" . add_escape_custom($newdata['documents_legal_detail']['dld_facility']) . "', " .
316 "'" . add_escape_custom($newdata['documents_legal_detail']['dld_provider']) . "', " .
317 "'" . add_escape_custom($newdata['documents_legal_detail']['dld_encounter']) . "', " .
318 "'" . add_escape_custom($mdoc_id) . "', " .
319 "'" . add_escape_custom($newdata['documents_legal_detail']['dld_signed']) . "', " .
320 "'" . add_escape_custom($newdata['documents_legal_detail']['dld_signed_time']) . "', " .
321 "'" . add_escape_custom($newdata['documents_legal_detail']['dld_filepath']) . "', " .
322 "'" . add_escape_custom($newdata['documents_legal_detail']['dld_filename']) . "', " .
323 "'" . add_escape_custom($newdata['documents_legal_detail']['dld_signing_person']) . "', " .
324 "'" . add_escape_custom($newdata['documents_legal_detail']['dld_sign_level']) . "', " .
325 "'" . add_escape_custom($newdata['documents_legal_detail']['dld_content']) . "', " .
326 "'" . add_escape_custom($newdata['documents_legal_detail']['dld_file_for_pdf_generation']) . "', " .
327 "'" . add_escape_custom($newdata['documents_legal_detail']['dld_denial_reason']) . "', " .
328 "'" . add_escape_custom($newdata['documents_legal_detail']['dld_moved']) . "', " .
329 "'" . add_escape_custom($newdata['documents_legal_detail']['dld_patient_comments']) . "')"
330 );
331 }
332 elseif($table=='patient_access_offsite'){
333 $query = sqlStatement("SELECT * FROM patient_access_offsite WHERE portal_username = '".$newdata['patient_access_offsite']['portal_username']."'");
334 if(sqlNumRows($query) == 0){
335 sqlInsert("INSERT INTO patient_access_offsite ( " .
336 "pid,portal_username,portal_pwd,portal_pwd_status" .
337 ") VALUES ( " .
338 "'" . add_escape_custom($pid) . "', " .
339 "'" . add_escape_custom($newdata['patient_access_offsite']['portal_username']) . "', " .
340 "'" . add_escape_custom($newdata['patient_access_offsite']['portal_pwd']) . "', ".
341 "0)"
342 );
343 sqlQuery("UPDATE audit_details SET field_value = ? WHERE id = ?",array($this->generatePassword(),$newdata['patient_access_offsite']['pass_id']));
344 }
345 }
346 }
347 else{
348 throw new SoapFault("Server", "Table Not Supported error message");
349 }
350 }
351 return $last_insert_ids;
352 }
353 else{
354 throw new SoapFault("Server", "credentials failed");
355 }
356 }
357
358
359 //Data from portal is inserted through this function. It will wait for audit and approval
360 //according to the facility settings. audit_details is the child table of Audit_master
361
362 public function insert_to_be_audit_data($var)
363 {
364 global $pid;
365 $data_credentials = $var[0];
366 if(UserService::valid($data_credentials))
367 {
368 $audit_master_id_to_delete=$var['audit_master_id_to_delete'];
369 $approval_status=$var['approval_status'];
370 $type=$var['type'];
371 $ip_address=$var['ip_address'];
372 $table_name_array=$var['table_name_array'];
373 $field_name_value_array=$var['field_name_value_array'];
374 $entry_identification_array=$var['entry_identification_array'];
375
376 if($audit_master_id_to_delete){
377 $qry = "DELETE from audit_master WHERE id=?";
378 sqlStatement($qry,array($audit_master_id_to_delete));
379 $qry = "DELETE from audit_details WHERE audit_master_id=?";
380 sqlStatement($qry,array($audit_master_id_to_delete));
381 }
382 if((UserService::valid($data_credentials) == 'newpatient' || UserService::valid($data_credentials) == 'newpatienttoapprove') && $approval_status == 1){
383 $pid = 0;
384 }
385 $master_query="INSERT INTO audit_master SET
386 pid = ?,
387 approval_status = ?,
388 ip_address = ?,
389 type = ?";
390 $audit_master_id= sqlInsert($master_query,array($pid,$approval_status,$ip_address,$type));
391 $detail_query="INSERT INTO `audit_details` (`table_name`, `field_name`, `field_value`, `audit_master_id`, `entry_identification`) VALUES ";
392 $detail_query_array='';
393 foreach($table_name_array as $key=>$table_name)
394 {
395 foreach($field_name_value_array[$key] as $field_name=>$field_value)
396 {
397 if($field_name == 'pid'){
398 continue;
399 }
400 $detail_query.="(? ,? ,? ,? ,?),";
401 $detail_query_array[] = $table_name;
402 $detail_query_array[] = trim($field_name);
403 $detail_query_array[] = trim($field_value);
404 $detail_query_array[] = $audit_master_id;
405 $detail_query_array[] = trim($entry_identification_array[$key]);
406 }
407 }
408 $detail_query = substr($detail_query, 0, -1);
409 $detail_query=$detail_query.';';
410 sqlInsert($detail_query,$detail_query_array);
411 if($var['auto_update']==1)
412 {
413 $var['audit_master_id'] = $audit_master_id;
414 UserAudit::update_audited_data($var);
415 }
416 }
417 else
418 {
419 throw new SoapFault("Server", "credentials failed");
420 }
421 }
422
423
424 //Data from portal is inserted through this function. It will wait for audit and approval
425 //according to the facility settings. This is the master table entry.
426
427 public function insert_audit_master($var)
428 {
429 global $pid;
430 $data_credentials=$var[0];
431 if(UserService::valid($data_credentials))
432 {
433 $approval_status=$var['approval_status'];
434 $type=$var['type'];
435 $ip_address=$var['ip_address'];
436
437 $master_query="INSERT INTO audit_master SET
438 pid = ?,
439 approval_status = ?,
440 ip_address = ?,
441 type =?";
442 $audit_master_id= sqlInsert($master_query,array($pid,$approval_status,$ip_address,$type));
443 }
444 else
445 {
446 throw new SoapFault("Server", "credentials failed");
447 }
448 }
449 }
450 ?>
Mirror of official OpenEMR Sourceforge repository