3 * Document Template Download Module.
5 * Copyright (C) 2013-2014 Rod Roark <rod@sunsetsystems.com>
7 * LICENSE: This program is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU General Public License
9 * as published by the Free Software Foundation; either version 2
10 * of the License, or (at your option) any later version.
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
15 * You should have received a copy of the GNU General Public License
16 * along with this program. If not, see <http://opensource.org/licenses/gpl-license.php>;.
19 * @author Rod Roark <rod@sunsetsystems.com>
20 * @link http://www.open-emr.org
23 // This module downloads a specified document template to the browser after
24 // substituting relevant patient data into its variables.
26 // Disable magic quotes and fake register globals.
27 $sanitize_all_escapes = true;
28 $fake_register_globals = false;
30 require_once('../globals.php');
31 require_once($GLOBALS['srcdir'] . '/acl.inc');
32 require_once($GLOBALS['srcdir'] . '/htmlspecialchars.inc.php');
33 require_once($GLOBALS['srcdir'] . '/formdata.inc.php');
34 require_once($GLOBALS['srcdir'] . '/formatting.inc.php');
35 require_once($GLOBALS['srcdir'] . '/appointments.inc.php');
36 require_once($GLOBALS['srcdir'] . '/options.inc.php');
41 function keySearch(&$s, $key) {
42 global $keyLocation, $keyLength;
43 $keyLength = strlen($key);
44 $keyLocation = strpos($s, $key);
45 return $keyLocation === false ?
false : true;
48 function keyReplace(&$s, $data) {
49 global $keyLocation, $keyLength;
50 return substr($s, 0, $keyLocation) . $data . substr($s, $keyLocation +
$keyLength);
54 global $ptrow, $enrow;
56 // $loopcount avoids infinite looping if we screw up.
58 for ($loopcount = 0; $loopcount < 500; ++
$loopcount) {
60 if (keySearch($s, '{PatientName}')) {
61 $tmp = $ptrow['fname'];
62 if ($ptrow['mname']) {
63 if ($tmp) $tmp .= ' ';
64 $tmp .= $ptrow['mname'];
66 if ($ptrow['lname']) {
67 if ($tmp) $tmp .= ' ';
68 $tmp .= $ptrow['lname'];
70 $s = keyReplace(&$s, $tmp);
73 else if (keySearch($s, '{PatientID}')) {
74 $s = keyReplace(&$s, $ptrow['pubpid']);
77 else if (keySearch($s, '{Address}')) {
78 $s = keyReplace(&$s, $ptrow['street']);
81 else if (keySearch($s, '{City}')) {
82 $s = keyReplace(&$s, $ptrow['city']);
85 else if (keySearch($s, '{State}')) {
86 $s = keyReplace(&$s, getListItemTitle('state', $ptrow['state']));
89 else if (keySearch($s, '{Zip}')) {
90 $s = keyReplace(&$s, $ptrow['postal_code']);
93 else if (keySearch($s, '{PatientPhone}')) {
94 $ptphone = $ptrow['phone_contact'];
95 if (empty($ptphone)) $ptphone = $ptrow['phone_home'];
96 if (empty($ptphone)) $ptphone = $ptrow['phone_cell'];
97 if (empty($ptphone)) $ptphone = $ptrow['phone_biz'];
98 if (preg_match("/([2-9]\d\d)\D*(\d\d\d)\D*(\d\d\d\d)/", $ptphone, $tmp)) {
99 $ptphone = '(' . $tmp[1] . ')' . $tmp[2] . '-' . $tmp[3];
101 $s = keyReplace(&$s, $ptphone);
104 else if (keySearch($s, '{PatientDOB}')) {
105 $s = keyReplace(&$s, oeFormatShortDate($ptrow['DOB']));
108 else if (keySearch($s, '{PatientSex}')) {
109 $s = keyReplace(&$s, getListItemTitle('sex', $ptrow['sex']));
112 else if (keySearch($s, '{DOS}')) {
113 $s = keyReplace(&$s, oeFormatShortDate(substr($enrow['date'], 0, 10)));
116 else if (keySearch($s, '{ChiefComplaint}')) {
117 $cc = $enrow['reason'];
118 $patientid = $ptrow['pid'];
119 $DOS = substr($enrow['date'], 0, 10);
120 // Prefer appointment comment if one is present.
121 $evlist = fetchEvents($DOS, $DOS, " AND pc_pid = '$patientid' ");
122 foreach ($evlist as $tmp) {
123 if ($tmp['pc_pid'] == $pid && !empty($tmp['pc_hometext'])) {
124 $cc = $tmp['pc_hometext'];
127 $s = keyReplace(&$s, $cc);
130 else if (keySearch($s, '{ReferringDOC}')) {
131 $tmp = empty($ptrow['ur_fname']) ?
'' : $ptrow['ur_fname'];
132 if (!empty($ptrow['ur_mname'])) {
133 if ($tmp) $tmp .= ' ';
134 $tmp .= $ptrow['ur_mname'];
136 if (!empty($ptrow['ur_lname'])) {
137 if ($tmp) $tmp .= ' ';
138 $tmp .= $ptrow['ur_lname'];
140 $s = keyReplace(&$s, $tmp);
143 else if (keySearch($s, '{Allergies}')) {
144 $tmp = generate_plaintext_field(array('data_type'=>'24','list_id'=>''), '');
145 $s = keyReplace(&$s, $tmp);
148 else if (keySearch($s, '{ProblemList}')) {
150 $query = "SELECT title FROM lists WHERE " .
151 "pid = ? AND type = 'medical_problem' AND enddate IS NULL " .
153 $lres = sqlStatement($query, array($GLOBALS['pid']));
155 while ($lrow = sqlFetchArray($lres)) {
156 if ($count++
) $tmp .= "; ";
157 $tmp .= $lrow['title'];
159 $s = keyReplace(&$s, $tmp);
171 // if (!acl_check('admin', 'super')) die(htmlspecialchars(xl('Not authorized')));
173 // Get patient demographic info.
174 $ptrow = sqlQuery("SELECT pd.*, " .
175 "ur.fname AS ur_fname, ur.mname AS ur_mname, ur.lname AS ur_lname " .
176 "FROM patient_data AS pd " .
177 "LEFT JOIN users AS ur ON ur.id = pd.ref_providerID " .
178 "WHERE pd.pid = ?", array($pid));
181 $enrow = sqlQuery("SELECT * FROM form_encounter WHERE pid = ? AND " .
182 "encounter = ?", array($pid, $encounter));
185 $form_filename = strip_escape_custom($_REQUEST['form_filename']);
186 $templatedir = "$OE_SITE_DIR/documents/doctemplates";
187 $templatepath = "$templatedir/$form_filename";
189 // Create a temporary file to hold the output.
190 $fname = tempnam($GLOBALS['temporary_files_dir'], 'OED');
192 // Get mime type in a way that works with old and new PHP releases.
193 $mimetype = 'application/octet-stream';
194 if (substr($templatepath, -5) == '.dotx') {
195 // PHP does not seem to recognize this type.
196 $mimetype = 'application/msword';
198 else if (function_exists('finfo_open')) {
199 $finfo = finfo_open(FILEINFO_MIME_TYPE
);
200 $mimetype = finfo_file($finfo, $templatepath);
204 $mimetype = mime_content_type($templatepath);
207 $zipin = new ZipArchive
;
208 if ($zipin->open($templatepath) === true) {
209 // Must be a zip archive.
210 $zipout = new ZipArchive
;
211 $zipout->open($fname, ZipArchive
::OVERWRITE
);
212 for ($i = 0; $i < $zipin->numFiles
; ++
$i) {
213 $ename = $zipin->getNameIndex($i);
214 $edata = $zipin->getFromIndex($i);
215 $edata = doSubs($edata);
216 $zipout->addFromString($ename, $edata);
222 // Not a zip archive.
223 $edata = file_get_contents($templatepath);
224 $edata = doSubs($edata);
225 file_put_contents($fname, $edata);
228 // Compute a download name like "filename_lastname_pid.odt".
229 $pi = pathinfo($form_filename);
230 $dlname = $pi['filename'] . '_' . $ptrow['lname'] . '_' . $pid;
231 if ($pi['extension'] !== '') $dlname .= '.' . $pi['extension'];
233 header('Content-Description: File Transfer');
234 header('Content-Transfer-Encoding: binary');
235 header('Expires: 0');
236 header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
237 header('Pragma: public');
238 // attachment, not inline
239 header("Content-Disposition: attachment; filename=\"$dlname\"");
240 header("Content-Type: $mimetype");
241 header("Content-Length: " . filesize($fname));
