| blob | 0240e52dbfc81896b0124b235bb33b824ea51f5c |
1 <?php
3 /**
4 * pid.inc
5 *
6 * @package OpenEMR
7 * @link http://www.open-emr.org
8 * @author Brady Miller <brady.g.miller@gmail.com>
9 * @copyright Copyright (c) 2018 Brady Miller <brady.g.miller@gmail.com>
10 * @license https://github.com/openemr/openemr/blob/master/LICENSE GNU General Public License 3
11 */
13 use OpenEMR\Common\Logging\EventAuditLogger;
14 use OpenEMR\Common\Session\SessionUtil;
16 // Function called to set the global session variable for patient id (pid) number.
17 function setpid($new_pid)
18 {
19 global $pid, $encounter;
21 // Escape $new_pid by forcing it to an integer to protect from sql injection
22 $new_pid_int = intval($new_pid);
23 // If the $new_pid was not an integer, then send an error to error log
24 if (!is_numeric($new_pid)) {
25 error_log("Critical OpenEMR Error: Attempt to set pid to following non-integer value was denied: " . errorLogEscape($new_pid), 0);
26 error_log("Requested pid " . errorLogEscape($new_pid), 0);
27 error_log("Returned pid " . errorLogEscape($new_pid_int), 0);
28 }
30 // these will be used in below SessionUtil::setUnsetSession to modify applicable session variables
31 $sessionSetArray = [];
32 $sessionUnsetArray = [];
34 // Be careful not to clear the encounter unless the pid is really changing.
35 if (!isset($_SESSION['pid']) || $pid != $new_pid_int || $pid != $_SESSION['pid']) {
36 $encounter = 0;
37 $sessionSetArray['encounter'] = 0;
38 }
40 // unset therapy_group session when set session for patient
41 if ($_SESSION['pid'] != 0 && isset($_SESSION['therapy_group'])) {
42 $sessionUnsetArray[] = 'therapy_group';
43 }
45 // Set pid to the escaped pid and update the session variables
46 $sessionSetArray['pid'] = $new_pid_int;
47 SessionUtil::setUnsetSession($sessionSetArray, $sessionUnsetArray);
48 $pid = $new_pid_int;
49 EventAuditLogger::instance()->newEvent("view", $_SESSION["authUser"], $_SESSION["authProvider"], 1, '', $pid);
50 }