3 * Audit Log Tamper Report.
5 * Copyright (C) 2014 Ensoftek
7 * LICENSE: This program is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU General Public License
9 * as published by the Free Software Foundation; either version 3
10 * of the License, or (at your option) any later version.
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
15 * You should have received a copy of the GNU General Public License
16 * along with this program. If not, see <http://opensource.org/licenses/gpl-license.php>;.
19 * @author Anil N <aniln@ensoftek.com>
20 * @link http://www.open-emr.org
23 //SANITIZE ALL ESCAPES
24 $sanitize_all_escapes=true;
27 //STOP FAKE REGISTER GLOBALS
28 $fake_register_globals=false;
31 include_once("../globals.php");
32 include_once("$srcdir/log.inc");
33 include_once("$srcdir/formdata.inc.php");
34 require_once("$srcdir/formatting.inc.php");
38 <?php
html_header_show();?
>
39 <link rel
="stylesheet" href
='<?php echo $GLOBALS['webroot
'] ?>/library/dynarch_calendar.css' type
='text/css'>
40 <script type
="text/javascript" src
="<?php echo $GLOBALS['webroot'] ?>/library/dialog.js"></script
>
41 <script type
="text/javascript" src
="<?php echo $GLOBALS['webroot'] ?>/library/dynarch_calendar.js"></script
>
42 <?php
include_once("{$GLOBALS['srcdir']}/dynarch_calendar_en.inc.php"); ?
>
43 <script type
="text/javascript" src
="<?php echo $GLOBALS['webroot'] ?>/library/dynarch_calendar_setup.js"></script
>
45 <script type
="text/javascript" src
="<?php echo $GLOBALS['webroot'] ?>/library/js/jquery-1.2.2.min.js"></script
>
46 <link rel
="stylesheet" href
="<?php echo $css_header;?>" type
="text/css">
53 border
-collapse
: collapse
;
56 background
-color
: #cccccc;
57 cursor
: pointer
; cursor
: hand
;
64 background
-color
: #ffffff;
65 border
-bottom
: 1px solid
#808080;
71 background
-color
: #336699;
79 //function to disable the event type field if the event name is disclosure
80 function eventTypeChange(eventname
)
82 if (eventname
== "disclosure") {
83 document
.theform
.type_event
.disabled
= true;
86 document
.theform
.type_event
.disabled
= false;
90 // VicarePlus :: This invokes the find-patient popup.
91 function sel_patient() {
92 dlgopen('../main/calendar/find_patient_popup.php?pflag=0', '_blank', 500, 400);
95 // VicarePlus :: This is for callback by the find-patient popup.
96 function setpatient(pid
, lname
, fname
, dob
) {
97 var f
= document
.theform
;
98 f
.form_patient
.value
= lname +
', ' + fname
;
99 f
.form_pid
.value
= pid
;
104 <body
class="body_top">
105 <font
class="title"><?php
echo xlt('Audit Log Tamper Report'); ?
></font
>
109 if ($_GET["start_date"])
110 $start_date = $_GET['start_date'];
112 if ($_GET["end_date"])
113 $end_date = $_GET['end_date'];
115 if ($_GET["form_patient"])
116 $form_patient = $_GET['form_patient'];
119 * Start date should not be greater than end date - Date Validation
121 if ($start_date && $end_date)
123 if($start_date > $end_date){
124 echo "<table><tr class='alert'><td colspan=7>"; echo xlt('Start Date should not be greater than End Date');
125 echo "</td></tr></table>";
132 $form_user = $_REQUEST['form_user'];
133 $form_pid = $_REQUEST['form_pid'];
134 if ($form_patient == '' ) $form_pid = '';
136 $get_sdate=$start_date ?
$start_date : date("Y-m-d H:i:s");
137 $get_edate=$end_date ?
$end_date : date("Y-m-d H:i:s");
141 <FORM METHOD
="GET" name
="theform" id
="theform" onSubmit
='top.restoreSession()'>
144 $sortby = $_GET['sortby'];
146 <input type
="hidden" name
="sortby" id
="sortby" value
="<?php echo attr($sortby); ?>">
147 <input type
=hidden name
=csum value
="">
150 <span
class="text"><?php
echo xlt('Start Date'); ?
>: </span
>
152 <input type
="text" size
="18" name
="start_date" id
="start_date" value
="<?php echo $start_date ? $start_date : date('Y-m-d H:i:s'); ?>" title
="<?php echo xla('yyyy-mm-dd H:m Start date'); ?>" onkeyup
="datekeyup(this,mypcc,true)" onblur
="dateblur(this,mypcc,true)" />
153 <img src
="../pic/show_calendar.gif" align
="absbottom" width
="24" height
="22" id
="img_begin_date" border
="0" alt
="[?]" style
="cursor: pointer; cursor: hand" title
="<?php echo xla('Click here to choose date time'); ?>"> 
;
156 <span
class="text"><?php
echo xlt('End Date'); ?
>: </span
>
158 <input type
="text" size
="18" name
="end_date" id
="end_date" value
="<?php echo $end_date ? $end_date : date('Y-m-d H:i:s'); ?>" title
="<?php echo xla('yyyy-mm-dd H:m End date'); ?>" onkeyup
="datekeyup(this,mypcc,true)" onblur
="dateblur(this,mypcc,true)" />
159 <img src
="../pic/show_calendar.gif" align
="absbottom" width
="24" height
="22" id
="img_end_date" border
="0" alt
="[?]" style
="cursor: pointer; cursor: hand" title
="<?php echo xla('Click here to choose date time'); ?>"> 
;
163  
; 
;<span
class='text'><?php
echo xlt('Patient'); ?
>: </span
>
166 <input type
='text' size
='20' name
='form_patient' style
='width:100%;cursor:pointer;cursor:hand' value
='<?php echo attr($form_patient) ? attr($form_patient) : xla('Click To Select
'); ?>' onclick
='sel_patient()' title
='<?php echo xlt('Click to select patient
'); ?>' />
167 <input type
='hidden' name
='form_pid' value
='<?php echo attr($form_pid); ?>' />
172 <span
class='text'><?php
echo xlt('Include Checksum'); ?
>: </span
>
176 $check_sum = $_GET['check_sum'];
178 <input type
="checkbox" name
="check_sum" " <?php if ($check_sum == 'on') echo "checked
"; ?>"></input
>
181 <input type
=hidden name
="event" value
=<?php
echo attr($event) ; ?
>>
182 <a href
="javascript:document.theform.submit();" class='link_submit'>[<?php
echo xlt('Refresh'); ?
>]</a
>
189 <?php
if ($start_date && $end_date && $err_message!=1) { ?
>
191 <span
class="text" id
="display_tamper" style
="display:none;"><?php
echo xlt('Following rows in the audit log have been tampered'); ?
></span
>
194 <th id
="sortby_date" class="text" title
="<?php echo xla('Sort by Tamper date/time'); ?>"><?php
echo xlt('Tamper Date'); ?
></th
>
195 <th id
="sortby_user" class="text" title
="<?php echo xla('Sort by User'); ?>"><?php
echo xlt('User'); ?
></th
>
196 <th id
="sortby_pid" class="text" title
="<?php echo xla('Sort by PatientID'); ?>"><?php
echo xlt('PatientID'); ?
></th
>
197 <th id
="sortby_comments" class="text" title
="<?php echo xla('Sort by Comments'); ?>"><?php
echo xlt('Comments'); ?
></th
>
198 <?php
if($check_sum) {?
>
199 <th id
="sortby_newchecksum" class="text" title
="<?php xla('Sort by New Checksum'); ?>"><?php
xlt('Tampered Checksum'); ?
></th
>
200 <th id
="sortby_oldchecksum" class="text" title
="<?php xla('Sort by Old Checksum'); ?>"><?php
xlt('Original Checksum'); ?
></th
>
205 $eventname = $_GET['eventname'];
206 $type_event = $_GET['type_event'];
208 <input type
=hidden name
=event value
=<?php
echo attr($eventname)."-".attr($type_event) ?
>>
210 $type_event = "update";
213 if($eventname != "" && $type_event != ""){
214 $getevent=$eventname."-".$type_event;
217 if(($eventname == "") && ($type_event != "")){
219 }else if($type_event =="" && $eventname != ""){
221 }else if ($eventname == ""){
229 if ($ret = getEvents(array('sdate' => $get_sdate,'edate' => $get_edate, 'user' => $form_user, 'patient' => $form_pid, 'sortby' => $_GET['sortby'], 'levent' =>$gev, 'tevent' =>$tevent))) {
230 foreach ($ret as $iter) {
232 $patterns = array ('/^success/','/^failure/','/ encounter/');
233 $replace = array ( xl('success'), xl('failure'), xl('encounter','',' '));
236 $log_id = $iter['id'];
237 $commentEncrStatus = "No";
238 $logEncryptData = logCommentEncryptData($log_id);
240 if(count($logEncryptData) > 0){
241 $commentEncrStatus = $logEncryptData['encrypt'];
242 $checkSumOld = $logEncryptData['checksum'];
243 $concatLogColumns = $iter['date'].$iter['event'].$iter['user'].$iter['groupname'].$iter['comments'].$iter['patient_id'].$iter['success'].$iter['checksum'].$iter['crt_user'];
244 $checkSumNew = sha1($concatLogColumns);
246 if($checkSumOld != $checkSumNew){
256 if($commentEncrStatus == "Yes"){
257 $decrypt_comment = trim(aes256Decrypt($iter["comments"]));
258 $trans_comments = preg_replace($patterns, $replace, $decrypt_comment);
260 $comments = trim($iter["comments"]);
261 $trans_comments = preg_replace($patterns, $replace, $comments);
264 //Alter Checksum value records only display here
266 $dispArr[] = $icnt++
;
268 <TR
class="oneresult">
269 <TD
class="text tamperColor"><?php
echo oeFormatShortDate(substr($iter["date"], 0, 10)) . substr($iter["date"], 10) ?
></TD
>
270 <TD
class="text tamperColor"><?php
echo text($iter["user"]); ?
></TD
>
271 <TD
class="text tamperColor"><?php
echo text($iter["patient_id"]);?
></TD
>
272 <TD
class="text tamperColor"><?php
echo text($trans_comments);?
></TD
>
273 <?php
if($check_sum) { ?
>
274 <TD
class="text tamperColor"><?php
echo text($checkSumNew);?
></TD
>
275 <TD
class="text tamperColor"><?php
echo text($checkSumOld);?
></TD
>
283 if( count($dispArr) == 0 ){?
>
284 <TR
class="oneresult">
287 if($check_sum) $colspan=6;
289 <TD
class="text" colspan
="<?php echo $colspan;?>" align
="center"><?php
echo xlt('No audit log tampering detected in the selected date range.'); ?
></TD
>
293 <script type
="text/javascript">$
('#display_tamper').css('display', 'block');</script
>
302 <script language
="javascript">
304 // jQuery stuff to make the page a little easier to use
305 $
(document
).ready(function(){
306 // funny thing here... good learning experience
307 // the TR has TD children which have their own background and text color
308 // toggling the TR color doesn't change the TD color
309 // so we need to change all the TR's children (the TD's) just as we did the TR
310 // thus we have two calls to toggleClass:
311 // 1 - for the parent (the TR)
312 // 2 - for each of the children (the TDs)
313 $
(".oneresult").mouseover(function() { $
(this
).toggleClass("highlight"); $
(this
).children().toggleClass("highlight"); });
314 $
(".oneresult").mouseout(function() { $
(this
).toggleClass("highlight"); $
(this
).children().toggleClass("highlight"); });
316 // click-able column headers to sort the list
317 $
("#sortby_date").click(function() { $
("#sortby").val("date"); $
("#theform").submit(); });
318 $
("#sortby_event").click(function() { $
("#sortby").val("event"); $
("#theform").submit(); });
319 $
("#sortby_user").click(function() { $
("#sortby").val("user"); $
("#theform").submit(); });
320 $
("#sortby_cuser").click(function() { $
("#sortby").val("user"); $
("#theform").submit(); });
321 $
("#sortby_group").click(function() { $
("#sortby").val("groupname"); $
("#theform").submit(); });
322 $
("#sortby_pid").click(function() { $
("#sortby").val("patient_id"); $
("#theform").submit(); });
323 $
("#sortby_success").click(function() { $
("#sortby").val("success"); $
("#theform").submit(); });
324 $
("#sortby_comments").click(function() { $
("#sortby").val("comments"); $
("#theform").submit(); });
325 $
("#sortby_oldchecksum").click(function() { $
("#sortby").val("checksum"); $
("#theform").submit(); });
326 $
("#sortby_newchecksum").click(function() { $
("#sortby").val("checksum"); $
("#theform").submit(); });
330 /* required for popup calendar */
331 Calendar
.setup({inputField
:"start_date", ifFormat
:"%Y-%m-%d %H:%M:%S", button
:"img_begin_date", showsTime
:true});
332 Calendar
.setup({inputField
:"end_date", ifFormat
:"%Y-%m-%d %H:%M:%S", button
:"img_end_date", showsTime
:true});