portal/sign/lib/show-signature.php

   1 <?php
   2 /**
   3  * Patient Portal
   4  *
   5  * @package   OpenEMR
   6  * @link      http://www.open-emr.org
   7  * @author    Jerry Padgett <sjpadgett@gmail.com>
   8  * @author    Brady Miller <brady.g.miller@gmail.com>
   9  * @copyright Copyright (c) 2016-2019 Jerry Padgett <sjpadgett@gmail.com>
  10  * @copyright Copyright (c) 2019 Brady Miller <brady.g.miller@gmail.com>
  11  * @license   https://github.com/openemr/openemr/blob/master/LICENSE GNU General Public License 3
  12  */
  13
  14 //Need to unwrap data to ensure user/patient is authorized
  15 $data = (array)(json_decode(file_get_contents("php://input")));
  16 $pid = $data['pid'];
  17 $user = $data['user'];
  18 $type = $data['type'];
  19 $isPortal = $data['is_portal'];
  20 $signer = '';
  21 $ignoreAuth = false;
  22
  23 // this script is used by both the patient portal and main openemr; below does authorization.
  24 if ($isPortal) {
  25     require_once(dirname(__FILE__) . "/../../../src/Common/Session/SessionUtil.php");
  26     OpenEMR\Common\Session\SessionUtil::portalSessionStart();
  27
  28     if (isset($_SESSION['pid']) && isset($_SESSION['patient_portal_onsite_two'])) {
  29         // authorized by patient portal
  30         $pid = $_SESSION['pid'];
  31         $ignoreAuth = true;
  32     } else {
  33         OpenEMR\Common\Session\SessionUtil::portalSessionCookieDestroy();
  34         echo js_escape("error");
  35         exit();
  36     }
  37 }
  38 require_once("../../../interface/globals.php");
  39
  40 $created = time();
  41 $lastmod = date('Y-m-d H:i:s');
  42 $status = 'filed';
  43 $info_query = array();
  44 $isAdmin = ($type === 'admin-signature');
  45 if ($isAdmin) {
  46     $pid = 0;
  47 }
  48
  49 if ($pid === 0 || empty($user)) {
  50     if (!$isAdmin || empty($user)) {
  51         echo(js_escape('error'));
  52         exit();
  53     }
  54 }
  55
  56 if ($data['mode'] === 'fetch_info') {
  57     $stmt = "Select CONCAT(IFNULL(fname,''), ' ',IFNULL(lname,'')) as userName From users Where id = ?";
  58     $user_result = sqlQuery($stmt, array($user));
  59     $stmt = "Select CONCAT(IFNULL(fname,''), ' ',IFNULL(lname,'')) as ptName From patient_data Where pid = ?";
  60     $pt_result = sqlQuery($stmt, array($pid));
  61     $signature = [];
  62     if ($pt_result) {
  63         $info_query = array_merge($pt_result, $user_result, $signature);
  64     } else {
  65         $info_query = array_merge($user_result, $signature);
  66     }
  67
  68     if ($isAdmin) {
  69         $signer = $user_result['userName'];
  70     } else {
  71         $signer = $pt_result['ptName'];
  72     }
  73     if (!$signer) {
  74         echo js_escape("error");
  75         exit();
  76     }
  77 }
  78
  79 if ($isAdmin) {
  80     $pid = 0;
  81     $row = sqlQuery("SELECT pid,status,sig_image,type,user FROM onsite_signatures WHERE user=? && type=?", array($user, $type));
  82 } else {
  83     $row = sqlQuery("SELECT pid,status,sig_image,type,user FROM onsite_signatures WHERE pid=? And user=?", array($pid, $user));
  84 }
  85
  86 if (!$row['pid'] && !$row['user']) {
  87     $status = 'waiting';
  88     $qstr = "INSERT INTO onsite_signatures (pid,lastmod,status,type,user,signator,created) VALUES (?,?,?,?,?,?,?)";
  89     sqlStatement($qstr, array($pid, $lastmod, $status, $type, $user, $signer, $created));
  90 }
  91
  92 if ($row['status'] == 'filed') {
  93     if ($data['mode'] === 'fetch_info') {
  94         $info_query['signature'] = $row['sig_image'];
  95         echo js_escape($info_query);
  96         exit();
  97     }
  98     echo js_escape($row['sig_image']);
  99 } elseif ($row['status'] == 'waiting' || $status == 'waiting') {
 100     $info_query['message'] = 'waiting';
 101     echo js_escape($info_query);
 102 }
 103
 104 exit();