3 // ------------------------------------------------------------------------ //
4 // OpenEMR Electronic Medical Records System //
5 // Copyright (c) 2005-2010 oemr.org //
6 // <http://www.oemr.org/> //
7 // ------------------------------------------------------------------------ //
8 // This program is free software; you can redistribute it and/or modify //
9 // it under the terms of the GNU General Public License as published by //
10 // the Free Software Foundation; either version 2 of the License, or //
11 // (at your option) any later version. //
13 // You may not change or alter any portion of this comment or credits //
14 // of supporting developers from this source code or any supporting //
15 // source code which is considered copyrighted (c) material of the //
16 // original comment or credit authors. //
18 // This program is distributed in the hope that it will be useful, //
19 // but WITHOUT ANY WARRANTY; without even the implied warranty of //
20 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the //
21 // GNU General Public License for more details. //
23 // You should have received a copy of the GNU General Public License //
24 // along with this program; if not, write to the Free Software //
25 // Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA //
26 // ------------------------------------------------------------------------ //
28 // Is this windows or non-windows? Create a boolean definition.
29 if (!defined('IS_WINDOWS'))
30 define('IS_WINDOWS', (stripos(PHP_OS
,'WIN') === 0));
32 // Some important php.ini overrides. Defaults for these values are often
33 // too small. You might choose to adjust them further.
35 ini_set('memory_limit', '64M');
36 ini_set('session.gc_maxlifetime', '14400');
38 /* If the includer didn't specify, assume they want us to "fake" register_globals. */
39 if (!isset($fake_register_globals)) {
40 $fake_register_globals = TRUE;
43 /* Pages with "myadmin" in the URL don't need register_globals. */
44 $fake_register_globals =
45 $fake_register_globals && (strpos($_SERVER['REQUEST_URI'],"myadmin") === FALSE);
47 // Emulates register_globals = On. Moved to here from the bottom of this file
48 // to address security issues. Need to change everything requiring this!
49 if ($fake_register_globals) {
54 // This is for sanitization of all escapes.
55 // (ie. reversing magic quotes if it's set)
56 if ($sanitize_all_escapes) {
57 if (get_magic_quotes_gpc()) {
58 function undoMagicQuotes($array, $topLevel=true) {
60 foreach($array as $key => $value) {
62 $key = stripslashes($key);
64 if (is_array($value)) {
65 $newArray[$key] = undoMagicQuotes($value, false);
68 $newArray[$key] = stripslashes($value);
73 $_GET = undoMagicQuotes($_GET);
74 $_POST = undoMagicQuotes($_POST);
75 $_COOKIE = undoMagicQuotes($_COOKIE);
76 $_REQUEST = undoMagicQuotes($_REQUEST);
81 // The webserver_root and web_root are now automatically collected.
82 // If not working, can set manually below.
83 // Auto collect the full absolute directory path for openemr.
84 $webserver_root = dirname(dirname(__FILE__
));
86 //convert windows path separators
87 $webserver_root = str_replace("\\","/",$webserver_root);
89 // Auto collect the relative html path, i.e. what you would type into the web
90 // browser after the server address to get to OpenEMR.
91 $web_root = substr($webserver_root, strlen($_SERVER['DOCUMENT_ROOT']));
92 // Ensure web_root starts with a path separator
93 if (preg_match("/^[^\/]/",$web_root)) {
94 $web_root = "/".$web_root;
96 // The webserver_root and web_root are now automatically collected in
97 // real time per above code. If above is not working, can uncomment and
99 // $webserver_root = "/var/www/openemr";
100 // $web_root = "/openemr";
103 // This is the directory that contains site-specific data. Change this
104 // only if you have some reason to.
105 $GLOBALS['OE_SITES_BASE'] = "$webserver_root/sites";
107 // The session name names a cookie stored in the browser.
108 // If you modify session_name, then need to place the identical name in
109 // the phpmyadmin file here: openemr/phpmyadmin/libraries/session.inc.php
110 // at line 71. This was required after embedded new phpmyadmin version on
111 // 05-12-2009 by Brady. Hopefully will figure out a more appropriate fix.
112 // Now that restore_session() is implemented in javaScript, session IDs are
113 // effectively saved in the top level browser window and there is no longer
114 // any need to change the session name for different OpenEMR instances.
115 session_name("OpenEMR");
119 // Set the site ID if required. This must be done before any database
120 // access is attempted.
121 if (empty($_SESSION['site_id']) ||
!empty($_GET['site'])) {
122 if (!empty($_GET['site'])) {
123 $tmp = $_GET['site'];
126 if (!$ignoreAuth) die("Site ID is missing from session data!");
127 $tmp = $_SERVER['HTTP_HOST'];
128 if (!is_dir($GLOBALS['OE_SITES_BASE'] . "/$tmp")) $tmp = "default";
130 if (empty($tmp) ||
preg_match('/[^A-Za-z0-9\\-.]/', $tmp))
131 die("Site ID '$tmp' contains invalid characters.");
132 if (!isset($_SESSION['site_id']) ||
$_SESSION['site_id'] != $tmp) {
133 $_SESSION['site_id'] = $tmp;
134 error_log("Session site ID has been set to '$tmp'"); // debugging
138 // Set the site-specific directory path.
139 $GLOBALS['OE_SITE_DIR'] = $GLOBALS['OE_SITES_BASE'] . "/" . $_SESSION['site_id'];
141 require_once($GLOBALS['OE_SITE_DIR'] . "/config.php");
143 // Collecting the utf8 disable flag from the sqlconf.php file in order
144 // to set the correct html encoding. utf8 vs iso-8859-1. If flag is set
145 // then set to iso-8859-1.
146 require_once(dirname(__FILE__
) . "/../library/sqlconf.php");
147 if (!$disable_utf8_flag) {
148 ini_set('default_charset', 'utf-8');
149 $HTML_CHARSET = "UTF-8";
152 ini_set('default_charset', 'iso-8859-1');
153 $HTML_CHARSET = "ISO-8859-1";
156 // Root directory, relative to the webserver root:
157 $GLOBALS['rootdir'] = "$web_root/interface";
158 $rootdir = $GLOBALS['rootdir'];
159 // Absolute path to the source code include and headers file directory (Full path):
160 $GLOBALS['srcdir'] = "$webserver_root/library";
161 // Absolute path to the location of documentroot directory for use with include statements:
162 $GLOBALS['fileroot'] = "$webserver_root";
163 // Absolute path to the location of interface directory for use with include statements:
164 $include_root = "$webserver_root/interface";
165 // Absolute path to the location of documentroot directory for use with include statements:
166 $GLOBALS['webroot'] = $web_root;
168 $GLOBALS['template_dir'] = $GLOBALS['fileroot'] . "/templates/";
169 $GLOBALS['incdir'] = $include_root;
170 // Location of the login screen file
171 $GLOBALS['login_screen'] = $GLOBALS['rootdir'] . "/login_screen.php";
173 // Variable set for Eligibility Verification [EDI-271] path
174 $GLOBALS['edi_271_file_path'] = $GLOBALS['OE_SITE_DIR'] . "/edi/";
176 // Include the translation engine. This will also call sql.inc to
177 // open the openemr mysql connection.
178 include_once (dirname(__FILE__
) . "/../library/translation.inc.php");
180 // Includes functions for date internationalization
181 include_once (dirname(__FILE__
) . "/../library/date_functions.php");
183 // Defaults for specific applications.
184 $GLOBALS['athletic_team'] = false;
185 $GLOBALS['weight_loss_clinic'] = false;
186 $GLOBALS['ippf_specific'] = false;
187 $GLOBALS['cene_specific'] = false;
189 // Defaults for drugs and products.
190 $GLOBALS['inhouse_pharmacy'] = false;
191 $GLOBALS['sell_non_drug_products'] = 0;
193 $glrow = sqlQuery("SHOW TABLES LIKE 'globals'");
194 if (!empty($glrow)) {
195 // Collect user specific settings from user_settings table.
198 if (!empty($_SESSION['authUserID'])) {
199 $glres_user = sqlStatement("SELECT `setting_label`, `setting_value` " .
200 "FROM `user_settings` " .
201 "WHERE `setting_user` = ? " .
202 "AND `setting_label` LIKE 'global:%'", array($_SESSION['authUserID']) );
203 for($iter=0; $row=sqlFetchArray($glres_user); $iter++
) {
204 //remove global_ prefix from label
205 $row['setting_label'] = substr($row['setting_label'],7);
206 $gl_user[$iter]=$row;
209 // Set global parameters from the database globals table.
210 // Some parameters require custom handling.
212 $GLOBALS['language_menu_show'] = array();
213 $glres = sqlStatement("SELECT gl_name, gl_index, gl_value FROM globals " .
214 "ORDER BY gl_name, gl_index");
215 while ($glrow = sqlFetchArray($glres)) {
216 $gl_name = $glrow['gl_name'];
217 $gl_value = $glrow['gl_value'];
218 // Adjust for user specific settings
219 if (!empty($gl_user)) {
220 foreach ($gl_user as $setting) {
221 if ($gl_name == $setting['setting_label']) {
222 $gl_value = $setting['setting_value'];
226 if ($gl_name == 'language_menu_other') {
227 $GLOBALS['language_menu_show'][] = $gl_value;
229 else if ($gl_name == 'css_header') {
230 $GLOBALS[$gl_name] = "$rootdir/themes/" . $gl_value;
232 else if ($gl_name == 'specific_application') {
233 if ($gl_value == '1') $GLOBALS['athletic_team'] = true;
234 else if ($gl_value == '2') $GLOBALS['ippf_specific'] = true;
235 else if ($gl_value == '3') $GLOBALS['weight_loss_clinic'] = true;
237 else if ($gl_name == 'inhouse_pharmacy') {
238 if ($gl_value) $GLOBALS['inhouse_pharmacy'] = true;
239 if ($gl_value == '2') $GLOBALS['sell_non_drug_products'] = 1;
240 else if ($gl_value == '3') $GLOBALS['sell_non_drug_products'] = 2;
243 $GLOBALS[$gl_name] = $gl_value;
246 // Language cleanup stuff.
247 $GLOBALS['language_menu_login'] = false;
248 if ((count($GLOBALS['language_menu_show']) >= 1) ||
$GLOBALS['language_menu_showall']) {
249 $GLOBALS['language_menu_login'] = true;
252 // End of globals table processing.
255 // Temporary stuff to handle the case where the globals table does not
256 // exist yet. This will happen in sql_upgrade.php on upgrading to the
257 // first release containing this table.
258 $GLOBALS['language_menu_login'] = true;
259 $GLOBALS['language_menu_showall'] = true;
260 $GLOBALS['language_menu_show'] = array('English (Standard)','Swedish');
261 $GLOBALS['language_default'] = "English (Standard)";
262 $GLOBALS['translate_layout'] = true;
263 $GLOBALS['translate_lists'] = true;
264 $GLOBALS['translate_gacl_groups'] = true;
265 $GLOBALS['translate_form_titles'] = true;
266 $GLOBALS['translate_document_categories'] = true;
267 $GLOBALS['translate_appt_categories'] = true;
268 $GLOBALS['concurrent_layout'] = 2;
270 $openemr_name = 'OpenEMR';
271 $css_header = "$rootdir/themes/style_default.css";
272 $GLOBALS['css_header'] = $css_header;
273 $GLOBALS['schedule_start'] = 8;
274 $GLOBALS['schedule_end'] = 17;
275 $GLOBALS['calendar_interval'] = 15;
276 $GLOBALS['phone_country_code'] = '1';
277 $GLOBALS['disable_non_default_groups'] = true;
278 $GLOBALS['ippf_specific'] = false;
281 // If >0 this will enforce a separate PHP session for each top-level
282 // browser window. You must log in separately for each. This is not
283 // thoroughly tested yet and some browsers might have trouble with it,
284 // so make it 0 if you must. Alternatively, you can set it to 2 to be
285 // notified when the session ID changes.
286 $GLOBALS['restore_sessions'] = 1; // 0=no, 1=yes, 2=yes+debug
288 // Theme definition. All this stuff should be moved to CSS.
290 if ($GLOBALS['concurrent_layout']) {
291 $top_bg_line = ' bgcolor="#dddddd" ';
292 $GLOBALS['style']['BGCOLOR2'] = "#dddddd";
293 $bottom_bg_line = $top_bg_line;
294 $title_bg_line = ' bgcolor="#bbbbbb" ';
295 $nav_bg_line = ' bgcolor="#94d6e7" ';
297 $top_bg_line = ' bgcolor="#94d6e7" ';
298 $GLOBALS['style']['BGCOLOR2'] = "#94d6e7";
299 $bottom_bg_line = ' background="'.$rootdir.'/pic/aquabg.gif" ';
300 $title_bg_line = ' bgcolor="#aaffff" ';
301 $nav_bg_line = ' bgcolor="#94d6e7" ';
303 $login_filler_line = ' bgcolor="#f7f0d5" ';
304 $login_body_line = ' background="'.$rootdir.'/pic/aquabg.gif" ';
305 $logocode = "<img src='$web_root/sites/" . $_SESSION['site_id'] . "/images/login_logo.gif'>";
306 $linepic = "$rootdir/pic/repeat_vline9.gif";
307 $table_bg = ' bgcolor="#cccccc" ';
308 $GLOBALS['style']['BGCOLOR1'] = "#cccccc";
309 $GLOBALS['style']['TEXTCOLOR11'] = "#222222";
310 $GLOBALS['style']['HIGHLIGHTCOLOR'] = "#dddddd";
311 $GLOBALS['style']['BOTTOM_BG_LINE'] = $bottom_bg_line;
312 // The height in pixels of the Logo bar at the top of the login page:
313 $GLOBALS['logoBarHeight'] = 110;
314 // The height in pixels of the Navigation bar:
315 $GLOBALS['navBarHeight'] = 22;
316 // The height in pixels of the Title bar:
317 $GLOBALS['titleBarHeight'] = 40;
319 // The assistant word, MORE printed next to titles that can be clicked:
320 // Note this label gets translated here via the xl function
321 // -if you don't want it translated, then strip the xl function away
322 $tmore = xl('(More)');
323 // The assistant word, BACK printed next to titles that return to previous screens:
324 // Note this label gets translated here via the xl function
325 // -if you don't want it translated, then strip the xl function away
326 $tback = xl('(Back)');
328 // This is the idle logout function:
329 // if a page has not been refreshed within this many seconds, the interface
330 // will return to the login page
331 if (!empty($special_timeout)) {
332 $timeout = intval($special_timeout);
336 require_once(dirname(__FILE__
) . "/../version.php");
337 $openemr_version = "$v_major.$v_minor.$v_patch".$v_tag; // Version tag used by program
339 $srcdir = $GLOBALS['srcdir'];
340 $login_screen = $GLOBALS['login_screen'];
341 $GLOBALS['css_header'] = $css_header;
342 $GLOBALS['backpic'] = $backpic;
344 // 1 = send email message to given id for Emergency Login user activation,
346 $GLOBALS['Emergency_Login_email'] = $GLOBALS['Emergency_Login_email_id'] ?
1 : 0;
348 //set include_de_identification to enable De-identification (currently de-identification works fine only with linux machines)
349 //Run de_identification_upgrade.php script to upgrade OpenEMR database to include procedures,
350 //functions, tables for de-identification(Mysql root user and password is required for successful
351 //execution of the de-identification upgrade script)
352 $GLOBALS['include_de_identification']=0;
353 // Include the authentication module code here, but the rule is
354 // if the file has the word "login" in the source code file name,
355 // don't include the authentication module - we do this to avoid
359 include_once("$srcdir/auth.inc");
362 // If you do not want your accounting system to have a customer added to it
363 // for each insurance company, then set this to true. SQL-Ledger currently
364 // (2005-03-21) does nothing useful with insurance companies as customers.
365 $GLOBALS['insurance_companies_are_not_customers'] = true;
367 // This is the background color to apply to form fields that are searchable.
368 // Currently it is applicable only to the "Search or Add Patient" form.
369 $GLOBALS['layout_search_color'] = '#ffff55';
372 $SMTP_Auth = !empty($GLOBALS['SMTP_USER']);
374 // Customize these if you are using SQL-Ledger with OpenEMR, or if you are
375 // going to run sl_convert.php to convert from SQL-Ledger.
377 $sl_cash_acc = '1060'; // sql-ledger account number for checking account
378 $sl_ar_acc = '1200'; // sql-ledger account number for accounts receivable
379 $sl_income_acc = '4320'; // sql-ledger account number for medical services income
380 $sl_services_id = 'MS'; // sql-ledger parts table id for medical services
381 $sl_dbname = 'sql-ledger'; // sql-ledger database name
382 $sl_dbuser = 'sql-ledger'; // sql-ledger database login name
383 $sl_dbpass = 'secret'; // sql-ledger database login password
384 //////////////////////////////////////////////////////////////////
386 // Don't change anything below this line. ////////////////////////////
388 $encounter = empty($_SESSION['encounter']) ?
0 : $_SESSION['encounter'];
390 if (!empty($_GET['pid']) && empty($_SESSION['pid'])) {
391 $_SESSION['pid'] = $_GET['pid'];
393 elseif (!empty($_POST['pid']) && empty($_SESSION['pid'])) {
394 $_SESSION['pid'] = $_POST['pid'];
396 $pid = empty($_SESSION['pid']) ?
0 : $_SESSION['pid'];
397 $userauthorized = empty($_SESSION['userauthorized']) ?
0 : $_SESSION['userauthorized'];
398 $groupname = empty($_SESSION['authProvider']) ?
0 : $_SESSION['authProvider'];
400 // global interface function to format text length using ellipses
401 function strterm($string,$length) {
402 if (strlen($string) >= ($length-3)) {
403 return substr($string,0,$length-3) . "...";
409 // Override temporary_files_dir if PHP >= 5.2.1.
410 if (version_compare(phpversion(), "5.2.1", ">=")) {
411 $GLOBALS['temporary_files_dir'] = rtrim(sys_get_temp_dir(),'/');
414 // turn off PHP compatibility warnings
415 ini_set("session.bug_compat_warn","off");
417 //////////////////////////////////////////////////////////////////