search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
added support for mariadb in the ubuntu-debian packages
[openemr.git] / interface / reports / audit_log_tamper_report.php
blobd9024fb3bf285eae9980f3aab35e1d7238d1eb51
1 <?php
2 /**
3 * Audit Log Tamper Report.
4 *
5 * Copyright (C) 2014 Ensoftek
6 *
7 * LICENSE: This program is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU General Public License
9 * as published by the Free Software Foundation; either version 3
10 * of the License, or (at your option) any later version.
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
15 * You should have received a copy of the GNU General Public License
16 * along with this program. If not, see <http://opensource.org/licenses/gpl-license.php>;.
17 *
18 * @package OpenEMR
19 * @author Anil N <aniln@ensoftek.com>
20 * @link http://www.open-emr.org
21 */
22
23 //SANITIZE ALL ESCAPES
24 $sanitize_all_escapes=true;
25 //
26
27 //STOP FAKE REGISTER GLOBALS
28 $fake_register_globals=false;
29 //
30
31 include_once("../globals.php");
32 include_once("$srcdir/log.inc");
33 include_once("$srcdir/formdata.inc.php");
34 require_once("$srcdir/formatting.inc.php");
35 ?>
36 <html>
37 <head>
38 <?php html_header_show();?>
39 <link rel="stylesheet" href='<?php echo $GLOBALS['webroot'] ?>/library/dynarch_calendar.css' type='text/css'>
40 <script type="text/javascript" src="<?php echo $GLOBALS['webroot'] ?>/library/dialog.js"></script>
41 <script type="text/javascript" src="<?php echo $GLOBALS['webroot'] ?>/library/dynarch_calendar.js"></script>
42 <?php include_once("{$GLOBALS['srcdir']}/dynarch_calendar_en.inc.php"); ?>
43 <script type="text/javascript" src="<?php echo $GLOBALS['webroot'] ?>/library/dynarch_calendar_setup.js"></script>
44
45 <script type="text/javascript" src="<?php echo $GLOBALS['webroot'] ?>/library/js/jquery-1.2.2.min.js"></script>
46 <link rel="stylesheet" href="<?php echo $css_header;?>" type="text/css">
47 <style>
48 #logview {
49 width: 100%;
50 }
51 #logview table {
52 width:100%;
53 border-collapse: collapse;
54 }
55 #logview th {
56 background-color: #cccccc;
57 cursor: pointer; cursor: hand;
58 padding: 5px 5px;
59 align: left;
60 text-align: left;
61 }
62
63 #logview td {
64 background-color: #ffffff;
65 border-bottom: 1px solid #808080;
66 cursor: default;
67 padding: 5px 5px;
68 vertical-align: top;
69 }
70 .highlight {
71 background-color: #336699;
72 color: #336699;
73 }
74 .tamperColor{
75 color:red;
76 }
77 </style>
78 <script>
79 //function to disable the event type field if the event name is disclosure
80 function eventTypeChange(eventname)
81 {
82 if (eventname == "disclosure") {
83 document.theform.type_event.disabled = true;
84 }
85 else {
86 document.theform.type_event.disabled = false;
87 }
88 }
89
90 // VicarePlus :: This invokes the find-patient popup.
91 function sel_patient() {
92 dlgopen('../main/calendar/find_patient_popup.php?pflag=0', '_blank', 500, 400);
93 }
94
95 // VicarePlus :: This is for callback by the find-patient popup.
96 function setpatient(pid, lname, fname, dob) {
97 var f = document.theform;
98 f.form_patient.value = lname + ', ' + fname;
99 f.form_pid.value = pid;
100 }
101
102 </script>
103 </head>
104 <body class="body_top">
105 <font class="title"><?php echo xlt('Audit Log Tamper Report'); ?></font>
106 <br>
107 <?php
108 $err_message=0;
109 if ($_GET["start_date"])
110 $start_date = $_GET['start_date'];
111
112 if ($_GET["end_date"])
113 $end_date = $_GET['end_date'];
114
115 if ($_GET["form_patient"])
116 $form_patient = $_GET['form_patient'];
117
118 /*
119 * Start date should not be greater than end date - Date Validation
120 */
121 if ($start_date && $end_date)
122 {
123 if($start_date > $end_date){
124 echo "<table><tr class='alert'><td colspan=7>"; echo xlt('Start Date should not be greater than End Date');
125 echo "</td></tr></table>";
126 $err_message=1;
127 }
128 }
129
130 ?>
131 <?php
132 $form_user = $_REQUEST['form_user'];
133 $form_pid = $_REQUEST['form_pid'];
134 if ($form_patient == '' ) $form_pid = '';
135
136 $get_sdate=$start_date ? $start_date : date("Y-m-d H:i:s");
137 $get_edate=$end_date ? $end_date : date("Y-m-d H:i:s");
138
139 ?>
140 <br>
141 <FORM METHOD="GET" name="theform" id="theform" onSubmit='top.restoreSession()'>
142 <?php
143
144 $sortby = $_GET['sortby'];
145 ?>
146 <input type="hidden" name="sortby" id="sortby" value="<?php echo attr($sortby); ?>">
147 <input type=hidden name=csum value="">
148 <table>
149 <tr><td>
150 <span class="text"><?php echo xlt('Start Date'); ?>: </span>
151 </td><td>
152 <input type="text" size="18" name="start_date" id="start_date" value="<?php echo $start_date ? $start_date : date('Y-m-d H:i:s'); ?>" title="<?php echo xla('yyyy-mm-dd H:m Start date'); ?>" onkeyup="datekeyup(this,mypcc,true)" onblur="dateblur(this,mypcc,true)" />
153 <img src="../pic/show_calendar.gif" align="absbottom" width="24" height="22" id="img_begin_date" border="0" alt="[?]" style="cursor: pointer; cursor: hand" title="<?php echo xla('Click here to choose date time'); ?>">&nbsp;
154 </td>
155 <td>
156 <span class="text"><?php echo xlt('End Date'); ?>: </span>
157 </td><td>
158 <input type="text" size="18" name="end_date" id="end_date" value="<?php echo $end_date ? $end_date : date('Y-m-d H:i:s'); ?>" title="<?php echo xla('yyyy-mm-dd H:m End date'); ?>" onkeyup="datekeyup(this,mypcc,true)" onblur="dateblur(this,mypcc,true)" />
159 <img src="../pic/show_calendar.gif" align="absbottom" width="24" height="22" id="img_end_date" border="0" alt="[?]" style="cursor: pointer; cursor: hand" title="<?php echo xla('Click here to choose date time'); ?>">&nbsp;
160 </td>
161
162 <td>
163 &nbsp;&nbsp;<span class='text'><?php echo xlt('Patient'); ?>: </span>
164 </td>
165 <td>
166 <input type='text' size='20' name='form_patient' style='width:100%;cursor:pointer;cursor:hand' value='<?php echo attr($form_patient) ? attr($form_patient) : xla('Click To Select'); ?>' onclick='sel_patient()' title='<?php echo xlt('Click to select patient'); ?>' />
167 <input type='hidden' name='form_pid' value='<?php echo attr($form_pid); ?>' />
168 </td>
169 </tr>
170
171 <tr><td>
172 <span class='text'><?php echo xlt('Include Checksum'); ?>: </span>
173 </td><td>
174 <?php
175
176 $check_sum = $_GET['check_sum'];
177 ?>
178 <input type="checkbox" name="check_sum" " <?php if ($check_sum == 'on') echo "checked"; ?>"></input>
179 </td>
180 <td>
181 <input type=hidden name="event" value=<?php echo attr($event) ; ?>>
182 <a href="javascript:document.theform.submit();" class='link_submit'>[<?php echo xlt('Refresh'); ?>]</a>
183 </td>
184 </tr>
185 </table>
186 </FORM>
187
188
189 <?php if ($start_date && $end_date && $err_message!=1) { ?>
190 <div id="logview">
191 <span class="text" id="display_tamper" style="display:none;"><?php echo xlt('Following rows in the audit log have been tampered'); ?></span>
192 <table>
193 <tr>
194 <th id="sortby_date" class="text" title="<?php echo xla('Sort by Tamper date/time'); ?>"><?php echo xlt('Tamper Date'); ?></th>
195 <th id="sortby_user" class="text" title="<?php echo xla('Sort by User'); ?>"><?php echo xlt('User'); ?></th>
196 <th id="sortby_pid" class="text" title="<?php echo xla('Sort by PatientID'); ?>"><?php echo xlt('PatientID'); ?></th>
197 <th id="sortby_comments" class="text" title="<?php echo xla('Sort by Comments'); ?>"><?php echo xlt('Comments'); ?></th>
198 <?php if($check_sum) {?>
199 <th id="sortby_newchecksum" class="text" title="<?php xla('Sort by New Checksum'); ?>"><?php xlt('Tampered Checksum'); ?></th>
200 <th id="sortby_oldchecksum" class="text" title="<?php xla('Sort by Old Checksum'); ?>"><?php xlt('Original Checksum'); ?></th>
201 <?php } ?>
202 </tr>
203 <?php
204
205 $eventname = $_GET['eventname'];
206 $type_event = $_GET['type_event'];
207 ?>
208 <input type=hidden name=event value=<?php echo attr($eventname)."-".attr($type_event) ?>>
209 <?php
210 $type_event = "update";
211 $tevent="";
212 $gev="";
213 if($eventname != "" && $type_event != ""){
214 $getevent=$eventname."-".$type_event;
215 }
216
217 if(($eventname == "") && ($type_event != "")){
218 $tevent=$type_event;
219 }else if($type_event =="" && $eventname != ""){
220 $gev=$eventname;
221 }else if ($eventname == ""){
222 $gev = "";
223 }else{
224 $gev = $getevent;
225 }
226
227 $dispArr = array();
228 $icnt = 1;
229 if ($ret = getEvents(array('sdate' => $get_sdate,'edate' => $get_edate, 'user' => $form_user, 'patient' => $form_pid, 'sortby' => $_GET['sortby'], 'levent' =>$gev, 'tevent' =>$tevent))) {
230 foreach ($ret as $iter) {
231 //translate comments
232 $patterns = array ('/^success/','/^failure/','/ encounter/');
233 $replace = array ( xl('success'), xl('failure'), xl('encounter','',' '));
234
235 $dispCheck = false;
236 $log_id = $iter['id'];
237 $commentEncrStatus = "No";
238 $logEncryptData = logCommentEncryptData($log_id);
239
240 if(count($logEncryptData) > 0){
241 $commentEncrStatus = $logEncryptData['encrypt'];
242 $checkSumOld = $logEncryptData['checksum'];
243 $concatLogColumns = $iter['date'].$iter['event'].$iter['user'].$iter['groupname'].$iter['comments'].$iter['patient_id'].$iter['success'].$iter['checksum'].$iter['crt_user'];
244 $checkSumNew = sha1($concatLogColumns);
245
246 if($checkSumOld != $checkSumNew){
247 $dispCheck = true;
248 }else{
249 $dispCheck = false;
250 continue;
251 }
252 }else{
253 continue;
254 }
255
256 if($commentEncrStatus == "Yes"){
257 $decrypt_comment = trim(aes256Decrypt($iter["comments"]));
258 $trans_comments = preg_replace($patterns, $replace, $decrypt_comment);
259 }else{
260 $comments = trim($iter["comments"]);
261 $trans_comments = preg_replace($patterns, $replace, $comments);
262 }
263
264 //Alter Checksum value records only display here
265 if($dispCheck){
266 $dispArr[] = $icnt++;
267 ?>
268 <TR class="oneresult">
269 <TD class="text tamperColor"><?php echo oeFormatShortDate(substr($iter["date"], 0, 10)) . substr($iter["date"], 10) ?></TD>
270 <TD class="text tamperColor"><?php echo text($iter["user"]); ?></TD>
271 <TD class="text tamperColor"><?php echo text($iter["patient_id"]);?></TD>
272 <TD class="text tamperColor"><?php echo text($trans_comments);?></TD>
273 <?php if($check_sum) { ?>
274 <TD class="text tamperColor"><?php echo text($checkSumNew);?></TD>
275 <TD class="text tamperColor"><?php echo text($checkSumOld);?></TD>
276 <?php } ?>
277 </TR>
278 <?php
279 }
280 }
281 }
282
283 if( count($dispArr) == 0 ){?>
284 <TR class="oneresult">
285 <?php
286 $colspan = 4;
287 if($check_sum) $colspan=6;
288 ?>
289 <TD class="text" colspan="<?php echo $colspan;?>" align="center"><?php echo xlt('No audit log tampering detected in the selected date range.'); ?></TD>
290 </TR>
291 <?php
292 }else{?>
293 <script type="text/javascript">$('#display_tamper').css('display', 'block');</script>
294 <?php
295 }
296
297 ?>
298 </table>
299 </div>
300 <?php } ?>
301 </body>
302 <script language="javascript">
303
304 // jQuery stuff to make the page a little easier to use
305 $(document).ready(function(){
306 // funny thing here... good learning experience
307 // the TR has TD children which have their own background and text color
308 // toggling the TR color doesn't change the TD color
309 // so we need to change all the TR's children (the TD's) just as we did the TR
310 // thus we have two calls to toggleClass:
311 // 1 - for the parent (the TR)
312 // 2 - for each of the children (the TDs)
313 $(".oneresult").mouseover(function() { $(this).toggleClass("highlight"); $(this).children().toggleClass("highlight"); });
314 $(".oneresult").mouseout(function() { $(this).toggleClass("highlight"); $(this).children().toggleClass("highlight"); });
315
316 // click-able column headers to sort the list
317 $("#sortby_date").click(function() { $("#sortby").val("date"); $("#theform").submit(); });
318 $("#sortby_event").click(function() { $("#sortby").val("event"); $("#theform").submit(); });
319 $("#sortby_user").click(function() { $("#sortby").val("user"); $("#theform").submit(); });
320 $("#sortby_cuser").click(function() { $("#sortby").val("user"); $("#theform").submit(); });
321 $("#sortby_group").click(function() { $("#sortby").val("groupname"); $("#theform").submit(); });
322 $("#sortby_pid").click(function() { $("#sortby").val("patient_id"); $("#theform").submit(); });
323 $("#sortby_success").click(function() { $("#sortby").val("success"); $("#theform").submit(); });
324 $("#sortby_comments").click(function() { $("#sortby").val("comments"); $("#theform").submit(); });
325 $("#sortby_oldchecksum").click(function() { $("#sortby").val("checksum"); $("#theform").submit(); });
326 $("#sortby_newchecksum").click(function() { $("#sortby").val("checksum"); $("#theform").submit(); });
327 });
328
329
330 /* required for popup calendar */
331 Calendar.setup({inputField:"start_date", ifFormat:"%Y-%m-%d %H:%M:%S", button:"img_begin_date", showsTime:true});
332 Calendar.setup({inputField:"end_date", ifFormat:"%Y-%m-%d %H:%M:%S", button:"img_end_date", showsTime:true});
333
334 </script>
335
336 </html>
337
Mirror of official OpenEMR Sourceforge repository