6 * @link http://www.open-emr.org
7 * @author Jerry Padgett <sjpadgett@gmail.com>
8 * @author Brady Miller <brady.g.miller@gmail.com>
9 * @copyright Copyright (c) 2016-2019 Jerry Padgett <sjpadgett@gmail.com>
10 * @copyright Copyright (c) 2019 Brady Miller <brady.g.miller@gmail.com>
11 * @license https://github.com/openemr/openemr/blob/master/LICENSE GNU General Public License 3
14 //Need to unwrap data to ensure user/patient is authorized
15 $data = (array)(json_decode(file_get_contents("php://input")));
17 $user = $data['user'];
18 $type = $data['type'];
19 $isPortal = $data['is_portal'];
23 // this script is used by both the patient portal and main openemr; below does authorization.
25 require_once(dirname(__FILE__
) . "/../../../src/Common/Session/SessionUtil.php");
26 OpenEMR\Common\Session\SessionUtil
::portalSessionStart();
28 if (isset($_SESSION['pid']) && isset($_SESSION['patient_portal_onsite_two'])) {
29 // authorized by patient portal
30 $pid = $_SESSION['pid'];
33 OpenEMR\Common\Session\SessionUtil
::portalSessionCookieDestroy();
34 echo js_escape("error");
38 require_once("../../../interface/globals.php");
41 $lastmod = date('Y-m-d H:i:s');
43 $info_query = array();
44 $isAdmin = ($type === 'admin-signature');
49 if ($pid === 0 ||
empty($user)) {
50 if (!$isAdmin ||
empty($user)) {
51 echo(js_escape('error'));
56 if ($data['mode'] === 'fetch_info') {
57 $stmt = "Select CONCAT(IFNULL(fname,''), ' ',IFNULL(lname,'')) as userName From users Where id = ?";
58 $user_result = sqlQuery($stmt, array($user));
59 $stmt = "Select CONCAT(IFNULL(fname,''), ' ',IFNULL(lname,'')) as ptName From patient_data Where pid = ?";
60 $pt_result = sqlQuery($stmt, array($pid));
63 $info_query = array_merge($pt_result, $user_result, $signature);
65 $info_query = array_merge($user_result, $signature);
69 $signer = $user_result['userName'];
71 $signer = $pt_result['ptName'];
74 echo js_escape("error");
81 $row = sqlQuery("SELECT pid,status,sig_image,type,user FROM onsite_signatures WHERE user=? && type=?", array($user, $type));
83 $row = sqlQuery("SELECT pid,status,sig_image,type,user FROM onsite_signatures WHERE pid=? And user=?", array($pid, $user));
86 if (!$row['pid'] && !$row['user']) {
88 $qstr = "INSERT INTO onsite_signatures (pid,lastmod,status,type,user,signator,created) VALUES (?,?,?,?,?,?,?)";
89 sqlStatement($qstr, array($pid, $lastmod, $status, $type, $user, $signer, $created));
92 if ($row['status'] == 'filed') {
93 if ($data['mode'] === 'fetch_info') {
94 $info_query['signature'] = $row['sig_image'];
95 echo js_escape($info_query);
98 echo js_escape($row['sig_image']);
99 } elseif ($row['status'] == 'waiting' ||
$status == 'waiting') {
100 $info_query['message'] = 'waiting';
101 echo js_escape($info_query);