Adding document download to portal, take 3.
[openemr.git] / interface / globals.php
blob3a5f8d35d24625e944c10730b07e6897f29a50fc
1 <?php
3 // Is this windows or non-windows? Create a boolean definition.
4 if (!defined('IS_WINDOWS'))
5 define('IS_WINDOWS', (stripos(PHP_OS,'WIN') === 0));
7 // Some important php.ini overrides. Defaults for these values are often
8 // too small. You might choose to adjust them further.
9 //
10 ini_set('session.gc_maxlifetime', '14400');
12 // This is for sanitization of all escapes.
13 // (ie. reversing magic quotes if it's set)
14 if (isset($sanitize_all_escapes) && $sanitize_all_escapes) {
15 if (get_magic_quotes_gpc()) {
16 function undoMagicQuotes($array, $topLevel=true) {
17 $newArray = array();
18 foreach($array as $key => $value) {
19 if (!$topLevel) {
20 $key = stripslashes($key);
22 if (is_array($value)) {
23 $newArray[$key] = undoMagicQuotes($value, false);
25 else {
26 $newArray[$key] = stripslashes($value);
29 return $newArray;
31 $_GET = undoMagicQuotes($_GET);
32 $_POST = undoMagicQuotes($_POST);
33 $_COOKIE = undoMagicQuotes($_COOKIE);
34 $_REQUEST = undoMagicQuotes($_REQUEST);
39 // The webserver_root and web_root are now automatically collected.
40 // If not working, can set manually below.
41 // Auto collect the full absolute directory path for openemr.
42 $webserver_root = dirname(dirname(__FILE__));
43 if (IS_WINDOWS) {
44 //convert windows path separators
45 $webserver_root = str_replace("\\","/",$webserver_root);
47 // Collect the apache server document root (and convert to windows slashes, if needed)
48 $server_document_root = realpath($_SERVER['DOCUMENT_ROOT']);
49 if (IS_WINDOWS) {
50 //convert windows path separators
51 $server_document_root = str_replace("\\","/",$server_document_root);
53 // Auto collect the relative html path, i.e. what you would type into the web
54 // browser after the server address to get to OpenEMR.
55 // This removes the leading portion of $webserver_root that it has in common with the web server's document
56 // root and assigns the result to $web_root. In addition to the common case where $webserver_root is
57 // /var/www/openemr and document root is /var/www, this also handles the case where document root is
58 // /var/www/html and there is an Apache "Alias" command that directs /openemr to /var/www/openemr.
59 $web_root = substr($webserver_root, strspn($webserver_root ^ $server_document_root, "\0"));
60 // Ensure web_root starts with a path separator
61 if (preg_match("/^[^\/]/",$web_root)) {
62 $web_root = "/".$web_root;
64 // The webserver_root and web_root are now automatically collected in
65 // real time per above code. If above is not working, can uncomment and
66 // set manually here:
67 // $webserver_root = "/var/www/openemr";
68 // $web_root = "/openemr";
71 // This is the directory that contains site-specific data. Change this
72 // only if you have some reason to.
73 $GLOBALS['OE_SITES_BASE'] = "$webserver_root/sites";
75 // The session name names a cookie stored in the browser.
76 // If you modify session_name, then need to place the identical name in
77 // the phpmyadmin file here: openemr/phpmyadmin/libraries/session.inc.php
78 // at line 71. This was required after embedded new phpmyadmin version on
79 // 05-12-2009 by Brady. Hopefully will figure out a more appropriate fix.
80 // Now that restore_session() is implemented in javaScript, session IDs are
81 // effectively saved in the top level browser window and there is no longer
82 // any need to change the session name for different OpenEMR instances.
83 session_name("OpenEMR");
85 session_start();
87 // Set the site ID if required. This must be done before any database
88 // access is attempted.
89 if (empty($_SESSION['site_id']) || !empty($_GET['site'])) {
90 if (!empty($_GET['site'])) {
91 $tmp = $_GET['site'];
93 else {
94 if (!$ignoreAuth) die("Site ID is missing from session data!");
95 $tmp = $_SERVER['HTTP_HOST'];
96 if (!is_dir($GLOBALS['OE_SITES_BASE'] . "/$tmp")) $tmp = "default";
98 if (empty($tmp) || preg_match('/[^A-Za-z0-9\\-.]/', $tmp))
99 die("Site ID '". htmlspecialchars($tmp,ENT_NOQUOTES) . "' contains invalid characters.");
100 if (isset($_SESSION['site_id']) && ($_SESSION['site_id'] != $tmp)) {
101 // This is to prevent using session to penetrate other OpenEMR instances within same multisite module
102 session_unset(); // clear session, clean logout
103 if (isset($landingpage) && !empty($landingpage)) {
104 // OpenEMR Patient Portal use
105 header('Location: index.php?site='.$tmp);
107 else {
108 // Main OpenEMR use
109 header('Location: ../login/login_frame.php?site='.$tmp); // Assuming in the interface/main directory
111 exit;
113 if (!isset($_SESSION['site_id']) || $_SESSION['site_id'] != $tmp) {
114 $_SESSION['site_id'] = $tmp;
115 //error_log("Session site ID has been set to '$tmp'"); // debugging
119 // Set the site-specific directory path.
120 $GLOBALS['OE_SITE_DIR'] = $GLOBALS['OE_SITES_BASE'] . "/" . $_SESSION['site_id'];
122 require_once($GLOBALS['OE_SITE_DIR'] . "/config.php");
124 // Collecting the utf8 disable flag from the sqlconf.php file in order
125 // to set the correct html encoding. utf8 vs iso-8859-1. If flag is set
126 // then set to iso-8859-1.
127 require_once(dirname(__FILE__) . "/../library/sqlconf.php");
128 if (!$disable_utf8_flag) {
129 ini_set('default_charset', 'utf-8');
130 $HTML_CHARSET = "UTF-8";
132 else {
133 ini_set('default_charset', 'iso-8859-1');
134 $HTML_CHARSET = "ISO-8859-1";
137 // Root directory, relative to the webserver root:
138 $GLOBALS['rootdir'] = "$web_root/interface";
139 $rootdir = $GLOBALS['rootdir'];
140 // Absolute path to the source code include and headers file directory (Full path):
141 $GLOBALS['srcdir'] = "$webserver_root/library";
142 // Absolute path to the location of documentroot directory for use with include statements:
143 $GLOBALS['fileroot'] = "$webserver_root";
144 // Absolute path to the location of interface directory for use with include statements:
145 $include_root = "$webserver_root/interface";
146 // Absolute path to the location of documentroot directory for use with include statements:
147 $GLOBALS['webroot'] = $web_root;
149 $GLOBALS['template_dir'] = $GLOBALS['fileroot'] . "/templates/";
150 $GLOBALS['incdir'] = $include_root;
151 // Location of the login screen file
152 $GLOBALS['login_screen'] = $GLOBALS['rootdir'] . "/login_screen.php";
154 // Variable set for Eligibility Verification [EDI-271] path
155 $GLOBALS['edi_271_file_path'] = $GLOBALS['OE_SITE_DIR'] . "/edi/";
157 // Include the translation engine. This will also call sql.inc to
158 // open the openemr mysql connection.
159 include_once (dirname(__FILE__) . "/../library/translation.inc.php");
161 // Include convenience functions with shorter names than "htmlspecialchars" (for security)
162 require_once (dirname(__FILE__) . "/../library/htmlspecialchars.inc.php");
164 // Include sanitization/checking functions (for security)
165 require_once (dirname(__FILE__) . "/../library/formdata.inc.php");
167 // Include sanitization/checking function (for security)
168 require_once (dirname(__FILE__) . "/../library/sanitize.inc.php");
170 // Includes functions for date internationalization
171 include_once (dirname(__FILE__) . "/../library/date_functions.php");
173 // Defaults for specific applications.
174 $GLOBALS['athletic_team'] = false;
175 $GLOBALS['weight_loss_clinic'] = false;
176 $GLOBALS['ippf_specific'] = false;
177 $GLOBALS['cene_specific'] = false;
179 // Defaults for drugs and products.
180 $GLOBALS['inhouse_pharmacy'] = false;
181 $GLOBALS['sell_non_drug_products'] = 0;
183 $glrow = sqlQuery("SHOW TABLES LIKE 'globals'");
184 if (!empty($glrow)) {
185 // Collect user specific settings from user_settings table.
187 $gl_user = array();
188 if (!empty($_SESSION['authUserID'])) {
189 $glres_user = sqlStatement("SELECT `setting_label`, `setting_value` " .
190 "FROM `user_settings` " .
191 "WHERE `setting_user` = ? " .
192 "AND `setting_label` LIKE 'global:%'", array($_SESSION['authUserID']) );
193 for($iter=0; $row=sqlFetchArray($glres_user); $iter++) {
194 //remove global_ prefix from label
195 $row['setting_label'] = substr($row['setting_label'],7);
196 $gl_user[$iter]=$row;
199 // Set global parameters from the database globals table.
200 // Some parameters require custom handling.
202 $GLOBALS['language_menu_show'] = array();
203 $glres = sqlStatement("SELECT gl_name, gl_index, gl_value FROM globals " .
204 "ORDER BY gl_name, gl_index");
205 while ($glrow = sqlFetchArray($glres)) {
206 $gl_name = $glrow['gl_name'];
207 $gl_value = $glrow['gl_value'];
208 // Adjust for user specific settings
209 if (!empty($gl_user)) {
210 foreach ($gl_user as $setting) {
211 if ($gl_name == $setting['setting_label']) {
212 $gl_value = $setting['setting_value'];
216 if ($gl_name == 'language_menu_other') {
217 $GLOBALS['language_menu_show'][] = $gl_value;
219 else if ($gl_name == 'css_header') {
220 $GLOBALS[$gl_name] = "$rootdir/themes/" . $gl_value;
222 else if ($gl_name == 'specific_application') {
223 if ($gl_value == '1') $GLOBALS['athletic_team'] = true;
224 else if ($gl_value == '2') $GLOBALS['ippf_specific'] = true;
225 else if ($gl_value == '3') $GLOBALS['weight_loss_clinic'] = true;
227 else if ($gl_name == 'inhouse_pharmacy') {
228 if ($gl_value) $GLOBALS['inhouse_pharmacy'] = true;
229 if ($gl_value == '2') $GLOBALS['sell_non_drug_products'] = 1;
230 else if ($gl_value == '3') $GLOBALS['sell_non_drug_products'] = 2;
232 else {
233 $GLOBALS[$gl_name] = $gl_value;
236 // Language cleanup stuff.
237 $GLOBALS['language_menu_login'] = false;
238 if ((count($GLOBALS['language_menu_show']) >= 1) || $GLOBALS['language_menu_showall']) {
239 $GLOBALS['language_menu_login'] = true;
242 // End of globals table processing.
244 else {
245 // Temporary stuff to handle the case where the globals table does not
246 // exist yet. This will happen in sql_upgrade.php on upgrading to the
247 // first release containing this table.
248 $GLOBALS['language_menu_login'] = true;
249 $GLOBALS['language_menu_showall'] = true;
250 $GLOBALS['language_menu_show'] = array('English (Standard)','Swedish');
251 $GLOBALS['language_default'] = "English (Standard)";
252 $GLOBALS['translate_layout'] = true;
253 $GLOBALS['translate_lists'] = true;
254 $GLOBALS['translate_gacl_groups'] = true;
255 $GLOBALS['translate_form_titles'] = true;
256 $GLOBALS['translate_document_categories'] = true;
257 $GLOBALS['translate_appt_categories'] = true;
258 $GLOBALS['concurrent_layout'] = 2;
259 $timeout = 7200;
260 $openemr_name = 'OpenEMR';
261 $css_header = "$rootdir/themes/style_default.css";
262 $GLOBALS['css_header'] = $css_header;
263 $GLOBALS['schedule_start'] = 8;
264 $GLOBALS['schedule_end'] = 17;
265 $GLOBALS['calendar_interval'] = 15;
266 $GLOBALS['phone_country_code'] = '1';
267 $GLOBALS['disable_non_default_groups'] = true;
268 $GLOBALS['ippf_specific'] = false;
271 // If >0 this will enforce a separate PHP session for each top-level
272 // browser window. You must log in separately for each. This is not
273 // thoroughly tested yet and some browsers might have trouble with it,
274 // so make it 0 if you must. Alternatively, you can set it to 2 to be
275 // notified when the session ID changes.
276 $GLOBALS['restore_sessions'] = 1; // 0=no, 1=yes, 2=yes+debug
278 // Theme definition. All this stuff should be moved to CSS.
280 if ($GLOBALS['concurrent_layout']) {
281 $top_bg_line = ' bgcolor="#dddddd" ';
282 $GLOBALS['style']['BGCOLOR2'] = "#dddddd";
283 $bottom_bg_line = $top_bg_line;
284 $title_bg_line = ' bgcolor="#bbbbbb" ';
285 $nav_bg_line = ' bgcolor="#94d6e7" ';
286 } else {
287 $top_bg_line = ' bgcolor="#94d6e7" ';
288 $GLOBALS['style']['BGCOLOR2'] = "#94d6e7";
289 $bottom_bg_line = ' background="'.$rootdir.'/pic/aquabg.gif" ';
290 $title_bg_line = ' bgcolor="#aaffff" ';
291 $nav_bg_line = ' bgcolor="#94d6e7" ';
293 $login_filler_line = ' bgcolor="#f7f0d5" ';
294 $logocode = "<img src='$web_root/sites/" . $_SESSION['site_id'] . "/images/login_logo.gif'>";
295 $linepic = "$rootdir/pic/repeat_vline9.gif";
296 $table_bg = ' bgcolor="#cccccc" ';
297 $GLOBALS['style']['BGCOLOR1'] = "#cccccc";
298 $GLOBALS['style']['TEXTCOLOR11'] = "#222222";
299 $GLOBALS['style']['HIGHLIGHTCOLOR'] = "#dddddd";
300 $GLOBALS['style']['BOTTOM_BG_LINE'] = $bottom_bg_line;
301 // The height in pixels of the Logo bar at the top of the login page:
302 $GLOBALS['logoBarHeight'] = 110;
303 // The height in pixels of the Navigation bar:
304 $GLOBALS['navBarHeight'] = 22;
305 // The height in pixels of the Title bar:
306 $GLOBALS['titleBarHeight'] = 40;
308 // The assistant word, MORE printed next to titles that can be clicked:
309 // Note this label gets translated here via the xl function
310 // -if you don't want it translated, then strip the xl function away
311 $tmore = xl('(More)');
312 // The assistant word, BACK printed next to titles that return to previous screens:
313 // Note this label gets translated here via the xl function
314 // -if you don't want it translated, then strip the xl function away
315 $tback = xl('(Back)');
317 // This is the idle logout function:
318 // if a page has not been refreshed within this many seconds, the interface
319 // will return to the login page
320 if (!empty($special_timeout)) {
321 $timeout = intval($special_timeout);
324 //Version tag
325 require_once(dirname(__FILE__) . "/../version.php");
326 $patch_appending = "";
327 if ( ($v_realpatch != '0') && (!(empty($v_realpatch))) ) {
328 $patch_appending = " (".$v_realpatch.")";
330 $openemr_version = "$v_major.$v_minor.$v_patch".$v_tag.$patch_appending;
332 $srcdir = $GLOBALS['srcdir'];
333 $login_screen = $GLOBALS['login_screen'];
334 $GLOBALS['css_header'] = $css_header;
335 $GLOBALS['backpic'] = $backpic;
337 // 1 = send email message to given id for Emergency Login user activation,
338 // else 0.
339 $GLOBALS['Emergency_Login_email'] = $GLOBALS['Emergency_Login_email_id'] ? 1 : 0;
341 //set include_de_identification to enable De-identification (currently de-identification works fine only with linux machines)
342 //Run de_identification_upgrade.php script to upgrade OpenEMR database to include procedures,
343 //functions, tables for de-identification(Mysql root user and password is required for successful
344 //execution of the de-identification upgrade script)
345 $GLOBALS['include_de_identification']=0;
346 // Include the authentication module code here, but the rule is
347 // if the file has the word "login" in the source code file name,
348 // don't include the authentication module - we do this to avoid
349 // include loops.
351 if (!isset($ignoreAuth) || !$ignoreAuth) {
352 include_once("$srcdir/auth.inc");
355 // If you do not want your accounting system to have a customer added to it
356 // for each insurance company, then set this to true. SQL-Ledger currently
357 // (2005-03-21) does nothing useful with insurance companies as customers.
358 $GLOBALS['insurance_companies_are_not_customers'] = true;
360 // This is the background color to apply to form fields that are searchable.
361 // Currently it is applicable only to the "Search or Add Patient" form.
362 $GLOBALS['layout_search_color'] = '#ffff55';
364 //EMAIL SETTINGS
365 $SMTP_Auth = !empty($GLOBALS['SMTP_USER']);
367 // Customize these if you are using SQL-Ledger with OpenEMR, or if you are
368 // going to run sl_convert.php to convert from SQL-Ledger.
370 $sl_cash_acc = '1060'; // sql-ledger account number for checking account
371 $sl_ar_acc = '1200'; // sql-ledger account number for accounts receivable
372 $sl_income_acc = '4320'; // sql-ledger account number for medical services income
373 $sl_services_id = 'MS'; // sql-ledger parts table id for medical services
374 $sl_dbname = 'sql-ledger'; // sql-ledger database name
375 $sl_dbuser = 'sql-ledger'; // sql-ledger database login name
376 $sl_dbpass = 'secret'; // sql-ledger database login password
377 //////////////////////////////////////////////////////////////////
379 //module configurations
380 $GLOBALS['baseModDir'] = "interface/modules/"; //default path of modules
381 $GLOBALS['customModDir']= "custom_modules"; //non zend modules
382 $GLOBALS['zendModDir'] = "zend_modules"; //zend modules
384 // Don't change anything below this line. ////////////////////////////
386 $encounter = empty($_SESSION['encounter']) ? 0 : $_SESSION['encounter'];
388 if (!empty($_GET['pid']) && empty($_SESSION['pid'])) {
389 $_SESSION['pid'] = $_GET['pid'];
391 elseif (!empty($_POST['pid']) && empty($_SESSION['pid'])) {
392 $_SESSION['pid'] = $_POST['pid'];
394 $pid = empty($_SESSION['pid']) ? 0 : $_SESSION['pid'];
395 $userauthorized = empty($_SESSION['userauthorized']) ? 0 : $_SESSION['userauthorized'];
396 $groupname = empty($_SESSION['authProvider']) ? 0 : $_SESSION['authProvider'];
398 // global interface function to format text length using ellipses
399 function strterm($string,$length) {
400 if (strlen($string) >= ($length-3)) {
401 return substr($string,0,$length-3) . "...";
402 } else {
403 return $string;
407 // Override temporary_files_dir if PHP >= 5.2.1.
408 if (version_compare(phpversion(), "5.2.1", ">=")) {
409 $GLOBALS['temporary_files_dir'] = rtrim(sys_get_temp_dir(),'/');
412 // turn off PHP compatibility warnings
413 ini_set("session.bug_compat_warn","off");
415 //////////////////////////////////////////////////////////////////
417 /* If the includer didn't specify, assume they want us to "fake" register_globals. */
418 if (!isset($fake_register_globals)) {
419 $fake_register_globals = TRUE;
422 /* Pages with "myadmin" in the URL don't need register_globals. */
423 $fake_register_globals =
424 $fake_register_globals && (strpos($_SERVER['REQUEST_URI'],"myadmin") === FALSE);
427 // Emulates register_globals = On. Moved to the bottom of globals.php to prevent
428 // overrides of any variables used during global setup.
429 // EXTR_SKIP flag set to prevent overriding any variables defined earlier
430 if ($fake_register_globals) {
431 extract($_GET,EXTR_SKIP);
432 extract($_POST,EXTR_SKIP);