search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
simplified header by hiding html_header_show in template
[openemr.git] / interface / super / manage_site_files.php
blobe8be28563b7f9e524229a6114a88ea173909c0d5
1 <?php
2 // Copyright (C) 2010-2016 Rod Roark <rod@sunsetsystems.com>
3 //
4 // This program is free software; you can redistribute it and/or
5 // modify it under the terms of the GNU General Public License
6 // as published by the Free Software Foundation; either version 2
7 // of the License, or (at your option) any later version.
8
9 // This module provides for editing site-specific text files and
10 // for uploading site-specific image files.
11
12 require_once('../globals.php');
13 require_once($GLOBALS['srcdir'].'/acl.inc');
14 /* for formData() */
15
16 if (!acl_check('admin', 'super')) die(htmlspecialchars(xl('Not authorized')));
17
18 // Prepare array of names of editable files, relative to the site directory.
19 $my_files = array(
20 'config.php',
21 'faxcover.txt',
22 'faxtitle.eps',
23 'referral_template.html',
24 'statement.inc.php',
25 'letter_templates/custom_pdf.php',
26 );
27 // Append LBF plugin filenames to the array.
28 $lres = sqlStatement('SELECT * FROM list_options ' .
29 "WHERE list_id = 'lbfnames' AND activity = 1 ORDER BY seq, title");
30 while ($lrow = sqlFetchArray($lres)) {
31 $option_id = $lrow['option_id']; // should start with LBF
32 $title = $lrow['title'];
33 $my_files[] = "LBF/$option_id.plugin.php";
34 }
35
36 $form_filename = strip_escape_custom($_REQUEST['form_filename']);
37 // Sanity check to prevent evildoing.
38 if (!in_array($form_filename, $my_files)) $form_filename = '';
39 $filepath = "$OE_SITE_DIR/$form_filename";
40
41 $imagedir = "$OE_SITE_DIR/images";
42 $educationdir = "$OE_SITE_DIR/documents/education";
43
44 if (!empty($_POST['bn_save'])) {
45 if ($form_filename) {
46 // Textareas, at least in Firefox, return a \r\n at the end of each line
47 // even though only \n was originally there. For consistency with
48 // normal OpenEMR usage we translate those back.
49 file_put_contents($filepath, str_replace("\r\n", "\n",
50 $_POST['form_filedata']));
51 $form_filename = '';
52 }
53
54 // Handle image uploads.
55 if (is_uploaded_file($_FILES['form_image']['tmp_name']) && $_FILES['form_image']['size']) {
56 $form_dest_filename = $_POST['form_dest_filename'];
57 if ($form_dest_filename == '') {
58 $form_dest_filename = $_FILES['form_image']['name'];
59 }
60 $form_dest_filename = basename($form_dest_filename);
61 if ($form_dest_filename == '') {
62 die(htmlspecialchars(xl('Cannot find a destination filename')));
63 }
64 $imagepath = "$imagedir/$form_dest_filename";
65 // If the site's image directory does not yet exist, create it.
66 if (!is_dir($imagedir)) {
67 mkdir($imagedir);
68 }
69 if (is_file($imagepath)) unlink($imagepath);
70 $tmp_name = $_FILES['form_image']['tmp_name'];
71 if (!move_uploaded_file($_FILES['form_image']['tmp_name'], $imagepath)) {
72 die(htmlspecialchars(xl('Unable to create') . " '$imagepath'"));
73 }
74 }
75
76 // Handle PDF uploads for patient education.
77 if (is_uploaded_file($_FILES['form_education']['tmp_name']) && $_FILES['form_education']['size']) {
78 $form_dest_filename = $_FILES['form_education']['name'];
79 $form_dest_filename = strtolower(basename($form_dest_filename));
80 if (substr($form_dest_filename, -4) != '.pdf') {
81 die(xlt('Filename must end with ".pdf"'));
82 }
83 $educationpath = "$educationdir/$form_dest_filename";
84 // If the site's education directory does not yet exist, create it.
85 if (!is_dir($educationdir)) {
86 mkdir($educationdir);
87 }
88 if (is_file($educationpath)) unlink($educationpath);
89 $tmp_name = $_FILES['form_education']['tmp_name'];
90 if (!move_uploaded_file($tmp_name, $educationpath)) {
91 die(text(xl('Unable to create') . " '$educationpath'"));
92 }
93 }
94
95 }
96
97 /**
98 * Thumbnails generator
99 * generating thumbnail image to all images files from documents table
100 */
101
102 if(isset($_POST['generate_thumbnails'])) {
103
104 $thumb_generator = new ThumbnailGenerator();
105 $results = $thumb_generator->generate_all();
106
107 $thumbnail_msg = "<p style='color: green'>" . xlt('Generated thumbnail(s)') . " : " . text($results['sum_success']) . "</p>";
108 $thumbnail_msg .= "<p style='color: red'>" . xlt('Failed to generate') . " : " . text($results['sum_failed']) . "</p>";
109 foreach($results['failed'] as $key => $file){
110 $num = $key +1;
111 $thumbnail_msg .= "<p style='color: red; font-size: 11px'> " .text($num) . ". " . text($file) . "</p>";
112 }
113 } else {
114
115 $count_not_generated = ThumbnailGenerator::count_not_generated();
116
117 $thumbnail_msg = "<p>" . xlt('Files with empty thumbnail') . ": " . text($count_not_generated) . " </p>";
118 }
119
120
121 /**
122 * White list files.
123 * Security feature that enable to upload only file with mime-type from white list.
124 * Important to prevention upload of virus script.
125 * Dependence - turn on global setting 'secure_upload'
126 */
127
128 if($GLOBALS['secure_upload']){
129
130 $mime_types = array('image/*', 'text/*', 'audio/*', 'video/*');
131
132 // Get cURL resource
133 $curl = curl_init();
134
135 curl_setopt_array($curl, array(
136 CURLOPT_RETURNTRANSFER => 1,
137 CURLOPT_URL => 'https://cdn.rawgit.com/jshttp/mime-db/master/db.json',
138 CURLOPT_CONNECTTIMEOUT => 5,
139 CURLOPT_TIMEOUT => 5
140 ));
141 // Send the request & save response to $resp
142 $resp = curl_exec($curl);
143 $httpinfo = curl_getinfo($curl);
144 if($resp && $httpinfo['http_code'] == 200 && $httpinfo['content_type'] == 'application/json;charset=utf-8'){
145 $all_mime_types = json_decode($resp, true);
146 foreach ($all_mime_types as $name => $value){
147 $mime_types[] = $name;
148 }
149 } else {
150 error_log('Get list of mime-type error: "' . curl_error($curl) . '" - Code: ' . curl_errno($curl));
151 $mime_types_list = array(
152 'application/pdf',
153 'image/jpeg',
154 'image/png',
155 'image/gif',
156 'application/msword',
157 'application/vnd.oasis.opendocument.spreadsheet',
158 'text/plain'
159 );
160 $mime_types = array_merge($mime_types, $mime_types_list);
161 }
162 curl_close($curl);
163
164 if(isset($_POST['submit_form'])){
165
166 $new_white_list = empty($_POST['white_list']) ? array() : $_POST['white_list'];
167
168 // truncate white list from list_options table
169 sqlStatement("DELETE FROM `list_options` WHERE `list_id` = 'files_white_list'");
170 foreach ($new_white_list as $mimetype){
171 sqlStatement("INSERT INTO `list_options` (`list_id`, `option_id`, `title`, `activity`) VALUES ('files_white_list', ?, ?, 1)", array($mimetype, $mimetype));
172 }
173
174 $white_list = $new_white_list;
175 } else {
176 $white_list = array();
177 $lres = sqlStatement("SELECT option_id FROM list_options WHERE list_id = 'files_white_list' AND activity = 1");
178 while ($lrow = sqlFetchArray($lres)) {
179 $white_list[] = $lrow['option_id'];
180 }
181 }
182 }
183
184
185 ?>
186 <html>
187
188 <head>
189 <title><?php echo xlt('File management'); ?></title>
190 <link rel="stylesheet" href='<?php echo $css_header ?>' type='text/css'>
191
192 <style type="text/css">
193 .dehead { color:#000000; font-family:sans-serif; font-size:10pt; font-weight:bold }
194 .detail { color:#000000; font-family:sans-serif; font-size:10pt; font-weight:normal }
195 #generate_thumb, #file_type_whitelist{
196 width: 95%;
197 margin: 50px auto;
198 border: 2px solid dimgrey;
199 }
200 #generate_thumb table{
201 font-size: 14px;
202 text-align: center;
203 }
204 #generate_thumb table td{
205 border-right: 1px solid dimgrey;
206 padding: 0 15px;
207 }
208 </style>
209
210 <script type="text/javascript" src="<?php echo $GLOBALS['assets_static_relative'] ?>/jquery-min-3-1-1/index.js"></script>
211
212 <script language="JavaScript">
213 // This is invoked when a filename selection changes in the drop-list.
214 // In this case anything else entered into the form is discarded.
215 function msfFileChanged() {
216 top.restoreSession();
217 document.forms[0].submit();
218 }
219 </script>
220
221 </head>
222
223 <body class="body_top">
224 <form method='post' action='manage_site_files.php' enctype='multipart/form-data'
225 onsubmit='return top.restoreSession()'>
226
227 <center>
228
229 <p>
230 <table border='1' width='95%'>
231
232 <tr bgcolor='#dddddd' class='dehead'>
233 <td colspan='2' align='center'><?php echo htmlspecialchars(xl('Edit File in') . " $OE_SITE_DIR"); ?></td>
234 </tr>
235
236 <tr>
237 <td valign='top' class='detail' nowrap>
238 <select name='form_filename' onchange='msfFileChanged()'>
239 <option value=''></option>
240 <?php
241 foreach ($my_files as $filename) {
242 echo " <option value='" . htmlspecialchars($filename, ENT_QUOTES) . "'";
243 if ($filename == $form_filename) echo " selected";
244 echo ">" . htmlspecialchars($filename) . "</option>\n";
245 }
246 ?>
247 </select>
248 <br />
249 <textarea name='form_filedata' rows='25' style='width:100%'><?php
250 if ($form_filename) {
251 echo htmlspecialchars(@file_get_contents($filepath));
252 }
253 ?></textarea>
254 </td>
255 </tr>
256
257 <tr bgcolor='#dddddd' class='dehead'>
258 <td colspan='2' align='center'><?php echo htmlspecialchars(xl('Upload Image to') . " $imagedir"); ?></td>
259 </tr>
260
261 <tr>
262 <td valign='top' class='detail' nowrap>
263 <?php echo htmlspecialchars(xl('Source File')); ?>:
264 <input type="hidden" name="MAX_FILE_SIZE" value="12000000" />
265 <input type="file" name="form_image" size="40" />&nbsp;
266 <?php echo htmlspecialchars(xl('Destination Filename')) ?>:
267 <select name='form_dest_filename'>
268 <option value=''>(<?php echo htmlspecialchars(xl('Use source filename')) ?>)</option>
269 <?php
270 // Generate an <option> for each file already in the images directory.
271 $dh = opendir($imagedir);
272 if (!$dh) die(htmlspecialchars(xl('Cannot read directory') . " '$imagedir'"));
273 $imagesslist = array();
274 while (false !== ($sfname = readdir($dh))) {
275 if (substr($sfname, 0, 1) == '.') continue;
276 if ($sfname == 'CVS' ) continue;
277 $imageslist[$sfname] = $sfname;
278 }
279 closedir($dh);
280 ksort($imageslist);
281 foreach ($imageslist as $sfname) {
282 echo " <option value='" . htmlspecialchars($sfname, ENT_QUOTES) . "'";
283 echo ">" . htmlspecialchars($sfname) . "</option>\n";
284 }
285 ?>
286 </select>
287 </td>
288 </tr>
289
290 <tr bgcolor='#dddddd' class='dehead'>
291 <td colspan='2' align='center'><?php echo text(xl('Upload Patient Education PDF to') . " $educationdir"); ?></td>
292 </tr>
293 <tr>
294 <td valign='top' class='detail' nowrap>
295 <?php echo xlt('Source File'); ?>:
296 <input type="file" name="form_education" size="40" />&nbsp;
297 <?php echo xlt('Name must be like codetype_code_language.pdf, for example icd9_274.11_en.pdf'); ?>
298 </td>
299 </tr>
300
301 </table>
302
303 <p>
304 <input type='submit' name='bn_save' value='<?php echo htmlspecialchars(xl('Save')) ?>' />
305 </p>
306
307 </center>
308
309 </form>
310
311 <div id="generate_thumb">
312 <table style="width: 100%">
313 <tr>
314 <td class="thumb_title" style="width: 33%">
315 <b><?php echo xlt('Generate Thumbnails')?></b>
316 </td>
317 <td class="thumb_msg" style="width: 50%">
318 <span><?php echo $thumbnail_msg ?></span>
319 </td>
320 <td class="thumb_form" style="width:17%;border-right:none">
321 <form method='post' action='manage_site_files.php#generate_thumb'>
322 <input style="margin-top: 10px" type="submit" name="generate_thumbnails" value="<?php echo xla('Generate') ?>">
323 </form>
324 </td>
325 </tr>
326 </table>
327 </div>
328
329 <?php if($GLOBALS['secure_upload']) { ?>
330
331 <div id="file_type_whitelist">
332 <h2><?php echo xlt('Create custom white list of MIME content type of a files to secure your documents system');?></h2>
333 <form id="whitelist_form" method="post">
334 <div class="subject-black-list">
335 <div class="top-list">
336 <h2><?php echo xlt('Black list'); ?></h2>
337 <b><?php echo xlt('Filter');?>:</b> <input type="text" id="filter-black-list" >
338 </div>
339 <select multiple="multiple" id='black-list' class="form-control">
340 <?php
341 foreach ($mime_types as $type) {
342 if(!in_array($type, $white_list)){
343 echo "<option value='" . attr($type) . "'> " . text($type) . "</option>";
344 }
345 }
346 ?>
347 </select>
348 </div>
349
350 <div class="subject-info-arrows">
351 <input type="button" id="btnAllRight" value=">>" /><br />
352 <input type="button" id="btnRight" value=">" /><br />
353 <input type="button" id="btnLeft" value="<" /><br />
354 <input type="button" id="btnAllLeft" value="<<" />
355 </div>
356
357 <div class="subject-white-list">
358 <div class="top-list">
359 <h2><?php echo xlt('White list'); ?></h2>
360 <b><?php echo xlt('Add manually');?>:</b> <input type="text" id="add-manually-input"> <input type="button" id="add-manually" value="+">
361 </div>
362 <select name="white_list[]" multiple="multiple" id='white-list' class="form-control">
363 <?php
364 foreach ($white_list as $type) {
365 echo "<option value='" . attr($type) . "'> " . text($type) . "</option>";
366 }
367 ?>
368 </select>
369 </div>
370 <div class="subject-info-save">
371 <input type="button" id="submit-whitelist" value="<?php echo xlt('Save'); ?>" />
372 <input type="hidden" name="submit_form" value="1" />
373 </div>
374 </form>
375
376 </div>
377
378 <script>
379
380 (function () {
381 $('#btnRight').click(function (e) {
382 var selectedOpts = $('#black-list option:selected');
383 if (selectedOpts.length == 0) {
384 e.preventDefault();
385 }
386
387 $('#white-list').append($(selectedOpts).clone());
388 $(selectedOpts).remove();
389 e.preventDefault();
390 });
391
392 $('#btnAllRight').click(function (e) {
393 var selectedOpts = $('#black-list option');
394 if (selectedOpts.length == 0) {
395 e.preventDefault();
396 }
397
398 $('#white-list').append($(selectedOpts).clone());
399 $(selectedOpts).remove();
400 e.preventDefault();
401 });
402
403 $('#btnLeft').click(function (e) {
404 var selectedOpts = $('#white-list option:selected');
405 if (selectedOpts.length == 0) {
406 e.preventDefault();
407 }
408
409 $('#black-list').append($(selectedOpts).clone());
410 $(selectedOpts).remove();
411 e.preventDefault();
412 });
413
414 $('#btnAllLeft').click(function (e) {
415 var selectedOpts = $('#white-list option');
416 if (selectedOpts.length == 0) {
417 e.preventDefault();
418 }
419
420 $('#black-list').append($(selectedOpts).clone());
421 $(selectedOpts).remove();
422 e.preventDefault();
423 });
424
425 var storeElements = [];
426
427 $('#filter-black-list').on('keyup', function() {
428 var val = this.value.toLowerCase();
429
430 $('#black-list option').each(function(){
431
432 if(this.value.toLowerCase().indexOf( val ) == -1){
433 if(storeElements.indexOf(this) == -1){
434 storeElements.unshift(this)
435 }
436 $(this).remove();
437 }
438 });
439
440 $(storeElements).each(function(key, element){
441
442 if(element.value.toLowerCase().indexOf( val ) > -1){
443
444 $('#black-list').prepend(element);
445 storeElements.splice(key, 1)
446 }
447
448 });
449
450 });
451
452 $('#add-manually').on('click', function () {
453 var new_type = $("#add-manually-input").val();
454 if(new_type.length < 1)return;
455 $('#white-list').prepend("<option value="+new_type+">"+new_type+"</option>")
456 })
457
458 $('#submit-whitelist').on('click', function () {
459 $('#white-list option').prop('selected', true);
460 $('#whitelist_form').submit();
461 })
462
463 }(jQuery));
464
465 </script>
466
467
468 <?php } ?>
469
470 </body>
471 </html>
472
Mirror of official OpenEMR Sourceforge repository