interface/patient_file/download_template.php

   1 <?php
   2 /**
   3  * Document Template Download Module.
   4  *
   5  * Copyright (C) 2013-2014 Rod Roark <rod@sunsetsystems.com>
   6  *
   7  * LICENSE: This program is free software; you can redistribute it and/or
   8  * modify it under the terms of the GNU General Public License
   9  * as published by the Free Software Foundation; either version 2
  10  * of the License, or (at your option) any later version.
  11  * This program is distributed in the hope that it will be useful,
  12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  14  * GNU General Public License for more details.
  15  * You should have received a copy of the GNU General Public License
  16  * along with this program. If not, see <http://opensource.org/licenses/gpl-license.php>.
  17  *
  18  * @package OpenEMR
  19  * @author  Rod Roark <rod@sunsetsystems.com>
  20  * @link    http://www.open-emr.org
  21  */
  22
  23 // This module downloads a specified document template to the browser after
  24 // substituting relevant patient data into its variables.
  25
  26 // Disable magic quotes and fake register globals.
  27 $sanitize_all_escapes = true;
  28 $fake_register_globals = false;
  29
  30 require_once('../globals.php');
  31 require_once($GLOBALS['srcdir'] . '/acl.inc');
  32 require_once($GLOBALS['srcdir'] . '/formatting.inc.php');
  33 require_once($GLOBALS['srcdir'] . '/appointments.inc.php');
  34 require_once($GLOBALS['srcdir'] . '/options.inc.php');
  35
  36 $nextLocation = 0;      // offset to resume scanning
  37 $keyLocation  = false;  // offset of a potential {string} to replace
  38 $keyLength    = 0;      // length of {string} to replace
  39 $groupLevel   = 0;      // 0 if not in a {GRP} section
  40 $groupCount   = 0;      // 0 if no items in the group yet
  41 $itemSeparator = '; ';  // separator between group items
  42
  43 // Check if the current location has the specified {string}.
  44 function keySearch(&$s, $key) {
  45   global $keyLocation, $keyLength;
  46   $keyLength = strlen($key);
  47   if ($keyLength == 0) return false;
  48   return $key == substr($s, $keyLocation, $keyLength);
  49 }
  50
  51 // Replace the {string} at the current location with the specified data.
  52 // Also update the location to resume scanning accordingly.
  53 function keyReplace(&$s, $data) {
  54   global $keyLocation, $keyLength, $nextLocation;
  55   $nextLocation = $keyLocation + strlen($data);
  56   return substr($s, 0, $keyLocation) . $data . substr($s, $keyLocation + $keyLength);
  57 }
  58
  59 // Do some final processing of field data before it's put into the document.
  60 function dataFixup($data, $title='') {
  61   global $groupLevel, $groupCount, $itemSeparator;
  62   if ($data !== '') {
  63     // Replace some characters that can mess up XML without assuming XML content type.
  64     $data = str_replace('&', '[and]'    , $data);
  65     $data = str_replace('<', '[less]'   , $data);
  66     $data = str_replace('>', '[greater]', $data);
  67     // If in a group, include labels and separators.
  68     if ($groupLevel) {
  69       if ($title !== '') $data = $title . ': ' . $data;
  70       if ($groupCount) $data = $itemSeparator . $data;
  71       ++$groupCount;
  72     }
  73   }
  74   return $data;
  75 }
  76
  77 // Return a string naming all issues for the specified patient and issue type.
  78 function getIssues($type) {
  79   // global $itemSeparator;
  80   $tmp = '';
  81   $lres = sqlStatement("SELECT title, comments FROM lists WHERE " .
  82     "pid = ? AND type = ? AND enddate IS NULL " .
  83     "ORDER BY begdate", array($GLOBALS['pid'], $type));
  84   while ($lrow = sqlFetchArray($lres)) {
  85     if ($tmp) $tmp .= '; ';
  86     $tmp .= $lrow['title'];
  87     if ($lrow['comments']) $tmp .= ' (' . $lrow['comments'] . ')';
  88   }
  89   return $tmp;
  90 }
  91
  92 // Top level function for scanning and replacement of a file's contents.
  93 function doSubs($s) {
  94   global $ptrow, $hisrow, $enrow, $nextLocation, $keyLocation, $keyLength;
  95   global $groupLevel, $groupCount, $itemSeparator, $pid, $encounter;
  96
  97   $nextLocation = 0;
  98   $groupLevel   = 0;
  99   $groupCount   = 0;
 100
 101   while (($keyLocation = strpos($s, '{', $nextLocation)) !== FALSE) {
 102     $nextLocation = $keyLocation + 1;
 103
 104     if (keySearch($s, '{PatientName}')) {
 105       $tmp = $ptrow['fname'];
 106       if ($ptrow['mname']) {
 107         if ($tmp) $tmp .= ' ';
 108         $tmp .= $ptrow['mname'];
 109       }
 110       if ($ptrow['lname']) {
 111         if ($tmp) $tmp .= ' ';
 112         $tmp .= $ptrow['lname'];
 113       }
 114       $s = keyReplace($s, dataFixup($tmp, xl('Name')));
 115     }
 116
 117     else if (keySearch($s, '{PatientID}')) {
 118       $s = keyReplace($s, dataFixup($ptrow['pubpid'], xl('Chart ID')));
 119     }
 120
 121     else if (keySearch($s, '{Address}')) {
 122       $s = keyReplace($s, dataFixup($ptrow['street'], xl('Street')));
 123     }
 124
 125     else if (keySearch($s, '{City}')) {
 126       $s = keyReplace($s, dataFixup($ptrow['city'], xl('City')));
 127     }
 128
 129     else if (keySearch($s, '{State}')) {
 130       $s = keyReplace($s, dataFixup(getListItemTitle('state', $ptrow['state']), xl('State')));
 131     }
 132
 133     else if (keySearch($s, '{Zip}')) {
 134       $s = keyReplace($s, dataFixup($ptrow['postal_code'], xl('Postal Code')));
 135     }
 136
 137     else if (keySearch($s, '{PatientPhone}')) {
 138       $ptphone = $ptrow['phone_contact'];
 139       if (empty($ptphone)) $ptphone = $ptrow['phone_home'];
 140       if (empty($ptphone)) $ptphone = $ptrow['phone_cell'];
 141       if (empty($ptphone)) $ptphone = $ptrow['phone_biz'];
 142       if (preg_match("/([2-9]\d\d)\D*(\d\d\d)\D*(\d\d\d\d)/", $ptphone, $tmp)) {
 143         $ptphone = '(' . $tmp[1] . ')' . $tmp[2] . '-' . $tmp[3];
 144       }
 145       $s = keyReplace($s, dataFixup($ptphone, xl('Phone')));
 146     }
 147
 148     else if (keySearch($s, '{PatientDOB}')) {
 149       $s = keyReplace($s, dataFixup(oeFormatShortDate($ptrow['DOB']), xl('Birth Date')));
 150     }
 151
 152     else if (keySearch($s, '{PatientSex}')) {
 153       $s = keyReplace($s, dataFixup(getListItemTitle('sex', $ptrow['sex']), xl('Sex')));
 154     }
 155
 156     else if (keySearch($s, '{DOS}')) {
 157       $s = keyReplace($s, dataFixup(oeFormatShortDate(substr($enrow['date'], 0, 10)), xl('Service Date')));
 158     }
 159
 160     else if (keySearch($s, '{ChiefComplaint}')) {
 161       $cc = $enrow['reason'];
 162       $patientid = $ptrow['pid'];
 163       $DOS = substr($enrow['date'], 0, 10);
 164       // Prefer appointment comment if one is present.
 165       $evlist = fetchEvents($DOS, $DOS, " AND pc_pid = ? ", null, false, 0, array($patientid));
 166       foreach ($evlist as $tmp) {
 167         if ($tmp['pc_pid'] == $pid && !empty($tmp['pc_hometext'])) {
 168           $cc = $tmp['pc_hometext'];
 169         }
 170       }
 171       $s = keyReplace($s, dataFixup($cc, xl('Chief Complaint')));
 172     }
 173
 174     else if (keySearch($s, '{ReferringDOC}')) {
 175       $tmp = empty($ptrow['ur_fname']) ? '' : $ptrow['ur_fname'];
 176       if (!empty($ptrow['ur_mname'])) {
 177         if ($tmp) $tmp .= ' ';
 178         $tmp .= $ptrow['ur_mname'];
 179       }
 180       if (!empty($ptrow['ur_lname'])) {
 181         if ($tmp) $tmp .= ' ';
 182         $tmp .= $ptrow['ur_lname'];
 183       }
 184       $s = keyReplace($s, dataFixup($tmp, xl('Referer')));
 185     }
 186
 187     else if (keySearch($s, '{Allergies}')) {
 188       $tmp = generate_plaintext_field(array('data_type'=>'24','list_id'=>''), '');
 189       $s = keyReplace($s, dataFixup($tmp, xl('Allergies')));
 190     }
 191
 192     else if (keySearch($s, '{Medications}')) {
 193       $s = keyReplace($s, dataFixup(getIssues('medication'), xl('Medications')));
 194     }
 195
 196     else if (keySearch($s, '{ProblemList}')) {
 197       $s = keyReplace($s, dataFixup(getIssues('medical_problem'), xl('Problem List')));
 198     }
 199
 200     // This tag indicates the fields from here until {/GRP} are a group of fields
 201     // separated by semicolons.  Fields with no data are omitted, and fields with
 202     // data are prepended with their field label from the form layout.
 203     else if (keySearch($s, '{GRP}')) {
 204       ++$groupLevel;
 205       $groupCount = 0;
 206       $s = keyReplace($s, '');
 207     }
 208
 209     else if (keySearch($s, '{/GRP}')) {
 210       if ($groupLevel > 0) --$groupLevel;
 211       $s = keyReplace($s, '');
 212     }
 213
 214     // This is how we specify the separator between group items in a way that
 215     // is independent of the document format. Whatever is between {ITEMSEP} and
 216     // {/ITEMSEP} is the separator string.  Default is "; ".
 217     else if (preg_match('/^\{ITEMSEP\}(.*?)\{\/ITEMSEP\}/', substr($s, $keyLocation), $matches)) {
 218       $itemSeparator = $matches[1];
 219       $keyLength = strlen($matches[0]);
 220       $s = keyReplace($s, '');
 221     }
 222
 223     // This handles keys like {LBFxxx:fieldid} for layout-based encounter forms.
 224     else if (preg_match('/^\{(LBF\w+):(\w+)\}/', substr($s, $keyLocation), $matches)) {
 225       $formname = $matches[1];
 226       $fieldid  = $matches[2];
 227       $keyLength = 3 + strlen($formname) + strlen($fieldid);
 228       $data = '';
 229       $currvalue = '';
 230       $title = '';
 231       $frow = sqlQuery("SELECT * FROM layout_options " .
 232         "WHERE form_id = ? AND field_id = ? LIMIT 1",
 233         array($formname, $fieldid));
 234       if (!empty($frow)) {
 235         $ldrow = sqlQuery("SELECT ld.field_value " .
 236           "FROM lbf_data AS ld, forms AS f WHERE " .
 237           "f.pid = ? AND f.encounter = ? AND f.formdir = ? AND f.deleted = 0 AND " .
 238           "ld.form_id = f.form_id AND ld.field_id = ? " .
 239           "ORDER BY f.form_id DESC LIMIT 1",
 240           array($pid, $encounter, $formname, $fieldid));
 241         if (!empty($ldrow)) {
 242           $currvalue = $ldrow['field_value'];
 243           $title = $frow['title'];
 244         }
 245         if ($currvalue !== '') {
 246           $data = generate_plaintext_field($frow, $currvalue);
 247         }
 248       }
 249       $s = keyReplace($s, dataFixup($data, $title));
 250     }
 251
 252     // This handles keys like {DEM:fieldid} and {HIS:fieldid}.
 253     else if (preg_match('/^\{(DEM|HIS):(\w+)\}/', substr($s, $keyLocation), $matches)) {
 254       $formname = $matches[1];
 255       $fieldid  = $matches[2];
 256       $keyLength = 3 + strlen($formname) + strlen($fieldid);
 257       $data = '';
 258       $currvalue = '';
 259       $title = '';
 260       $frow = sqlQuery("SELECT * FROM layout_options " .
 261         "WHERE form_id = ? AND field_id = ? LIMIT 1",
 262         array($formname, $fieldid));
 263       if (!empty($frow)) {
 264         $tmprow = $formname == 'DEM' ? $ptrow : $hisrow;
 265         if (isset($tmprow[$fieldid])) {
 266           $currvalue = $tmprow[$fieldid];
 267           $title = $frow['title'];
 268         }
 269         if ($currvalue !== '') {
 270           $data = generate_plaintext_field($frow, $currvalue);
 271         }
 272       }
 273       $s = keyReplace($s, dataFixup($data, $title));
 274     }
 275
 276   } // End if { character found.
 277
 278   return $s;
 279 }
 280
 281 // if (!acl_check('admin', 'super')) die(htmlspecialchars(xl('Not authorized')));
 282
 283 // Get patient demographic info.
 284 $ptrow = sqlQuery("SELECT pd.*, " .
 285   "ur.fname AS ur_fname, ur.mname AS ur_mname, ur.lname AS ur_lname " .
 286   "FROM patient_data AS pd " .
 287   "LEFT JOIN users AS ur ON ur.id = pd.ref_providerID " .
 288   "WHERE pd.pid = ?", array($pid));
 289
 290 $hisrow = sqlQuery("SELECT * FROM history_data WHERE pid = ? " .
 291   "ORDER BY date DESC LIMIT 1", array($pid));
 292
 293 $enrow = array();
 294
 295 // Get some info for the currently selected encounter.
 296 if ($encounter) {
 297   $enrow = sqlQuery("SELECT * FROM form_encounter WHERE pid = ? AND " .
 298     "encounter = ?", array($pid, $encounter));
 299 }
 300
 301 $form_filename = strip_escape_custom($_REQUEST['form_filename']);
 302 $templatedir   = "$OE_SITE_DIR/documents/doctemplates";
 303 $templatepath  = "$templatedir/$form_filename";
 304
 305 // Create a temporary file to hold the output.
 306 $fname = tempnam($GLOBALS['temporary_files_dir'], 'OED');
 307
 308 // Get mime type in a way that works with old and new PHP releases.
 309 $mimetype = 'application/octet-stream';
 310 $ext = strtolower(array_pop(explode('.', $filename)));
 311 if ('dotx' == $ext) {
 312   // PHP does not seem to recognize this type.
 313   $mimetype = 'application/msword';
 314 }
 315 else if (function_exists('finfo_open')) {
 316   $finfo = finfo_open(FILEINFO_MIME_TYPE);
 317   $mimetype = finfo_file($finfo, $templatepath);
 318   finfo_close($finfo);
 319 }
 320 else if (function_exists('mime_content_type')) {
 321   $mimetype = mime_content_type($templatepath);
 322 }
 323 else {
 324   if ('doc'  == $ext) $mimetype = 'application/msword'                             ; else
 325   if ('dot'  == $ext) $mimetype = 'application/msword'                             ; else
 326   if ('htm'  == $ext) $mimetype = 'text/html'                                      ; else
 327   if ('html' == $ext) $mimetype = 'text/html'                                      ; else
 328   if ('odt'  == $ext) $mimetype = 'application/vnd.oasis.opendocument.text'        ; else
 329   if ('ods'  == $ext) $mimetype = 'application/vnd.oasis.opendocument.spreadsheet' ; else
 330   if ('ott'  == $ext) $mimetype = 'application/vnd.oasis.opendocument.text'        ; else
 331   if ('pdf'  == $ext) $mimetype = 'application/pdf'                                ; else
 332   if ('ppt'  == $ext) $mimetype = 'application/vnd.ms-powerpoint'                  ; else
 333   if ('ps'   == $ext) $mimetype = 'application/postscript'                         ; else
 334   if ('rtf'  == $ext) $mimetype = 'application/rtf'                                ; else
 335   if ('txt'  == $ext) $mimetype = 'text/plain'                                     ; else
 336   if ('xls'  == $ext) $mimetype = 'application/vnd.ms-excel'                       ;
 337 }
 338
 339 $zipin = new ZipArchive;
 340 if ($zipin->open($templatepath) === true) {
 341   // Must be a zip archive.
 342   $zipout = new ZipArchive;
 343   $zipout->open($fname, ZipArchive::OVERWRITE);
 344   for ($i = 0; $i < $zipin->numFiles; ++$i) {
 345     $ename = $zipin->getNameIndex($i);
 346     $edata = $zipin->getFromIndex($i);
 347     $edata = doSubs($edata);
 348     $zipout->addFromString($ename, $edata);
 349   }
 350   $zipout->close();
 351   $zipin->close();
 352 }
 353 else {
 354   // Not a zip archive.
 355   $edata = file_get_contents($templatepath);
 356   $edata = doSubs($edata);
 357   file_put_contents($fname, $edata);
 358 }
 359
 360 // Compute a download name like "filename_lastname_pid.odt".
 361 $pi = pathinfo($form_filename);
 362 $dlname = $pi['filename'] . '_' . $ptrow['lname'] . '_' . $pid;
 363 if ($pi['extension'] !== '') $dlname .= '.' . $pi['extension'];
 364
 365 header('Content-Description: File Transfer');
 366 header('Content-Transfer-Encoding: binary');
 367 header('Expires: 0');
 368 header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
 369 header('Pragma: public');
 370 // attachment, not inline
 371 header("Content-Disposition: attachment; filename=\"$dlname\"");
 372 header("Content-Type: $mimetype");
 373 header("Content-Length: " . filesize($fname));
 374 ob_clean();
 375 flush();
 376 readfile($fname);
 377
 378 unlink($fname);
 379 ?>