Some requested security fixes.
[openemr.git] / interface / eRx.php
blob2059346822fa4c3e6ea00f7f0143351f0ed9b635
1 <?php
2 // +-----------------------------------------------------------------------------+
3 // Copyright (C) 2011 ZMG LLC <sam@zhservices.com>
4 //
5 //
6 // This program is free software; you can redistribute it and/or
7 // modify it under the terms of the GNU General Public License
8 // as published by the Free Software Foundation; either version 2
9 // of the License, or (at your option) any later version.
12 // This program is distributed in the hope that it will be useful,
13 // but WITHOUT ANY WARRANTY; without even the implied warranty of
14 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 // GNU General Public License for more details.
18 // A copy of the GNU General Public License is included along with this program:
19 // openemr/interface/login/GnuGPL.html
20 // For more information write to the Free Software
21 // Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
23 // Author: Eldho Chacko <eldho@zhservices.com>
24 // Vinish K <vinish@zhservices.com>
26 // +------------------------------------------------------------------------------+
27 //SANITIZE ALL ESCAPES
28 $sanitize_all_escapes=true;
31 //STOP FAKE REGISTER GLOBALS
32 $fake_register_globals=false;
34 require('globals.php');
35 require('eRx_xml.php');
36 $message='';
37 if(!extension_loaded('soap')){
38 $message.=htmlspecialchars( xl("PLEASE ENABLE SOAP EXTENSION"), ENT_QUOTES)."<br>";
40 if(!extension_loaded('curl')){
41 $message.=htmlspecialchars( xl("PLEASE ENABLE CURL EXTENSION"), ENT_QUOTES)."<br>";
43 if(!extension_loaded('openssl')){
44 $message.=htmlspecialchars( xl("PLEASE ENABLE OPENSSL EXTENSION"), ENT_QUOTES)."<br>";
46 if(!extension_loaded('xml')){
47 $message.=htmlspecialchars( xl("PLEASE ENABLE XML EXTENSION"), ENT_QUOTES)."<br>";
49 if($message){
50 echo $message;die;
52 $userRole=sqlQuery("select * from users where username=?",array($_SESSION['authUser']));
53 $userRole['newcrop_user_role'] = preg_replace('/erx/','',$userRole['newcrop_user_role']);
54 $msg='';
55 $warning_msg='';
56 $dem_check='';
57 $doc = new DOMDocument();
58 $doc->formatOutput = true;
59 $GLOBALS['total_count']=60;
60 $r = $doc->createElement( "NCScript" );
61 $r->setAttribute('xmlns','http://secure.newcropaccounts.com/interfaceV7');
62 $r->setAttribute('xmlns:NCStandard','http://secure.newcropaccounts.com/interfaceV7:NCStandard');
63 $r->setAttribute('xmlns:xsi','http://www.w3.org/2001/XMLSchema-instance');
64 $doc->appendChild( $r );
66 credentials($doc,$r);
67 user_role($doc,$r);
68 $page=$_REQUEST['page'];
69 destination($doc,$r,$page,$pid);
70 account($doc,$r);
71 if($userRole['newcrop_user_role']!='manager')
73 location($doc,$r);
75 if($userRole['newcrop_user_role']=='doctor' || $page=='renewal')
77 LicensedPrescriber($doc,$r);
79 if($userRole['newcrop_user_role']=='manager' || $userRole['newcrop_user_role']=='admin' || $userRole['newcrop_user_role']=='nurse')
81 Staff($doc,$r);
83 if($userRole['newcrop_user_role']=='supervisingDoctor')
85 SupervisingDoctor($doc,$r);
87 if($userRole['newcrop_user_role']=='midlevelPrescriber')
89 MidlevelPrescriber($doc,$r);
91 $prescIds='';
92 if($pid)
94 $allergy=Patient($doc,$r,$pid);
95 $active = '';
96 if($GLOBALS['erx_upload_active']==1)
97 $active = 'and active=1';
98 $res_presc=sqlStatement("select id from prescriptions where patient_id=? and erx_source='0' and erx_uploaded='0' $active limit 0,".$GLOBALS['total_count'],array($pid));
99 $presc_limit=sqlNumRows($res_presc);
100 $med_limit=$GLOBALS['total_count']-$presc_limit;
101 while($row_presc=sqlFetchArray($res_presc))
103 $prescIds.=$row_presc['id'].":";
105 $prescIds=preg_replace('/:$/','',$prescIds);
106 if($_REQUEST['id'] || $prescIds)
108 if($_REQUEST['id'])
109 $prescArr=explode(':',$_REQUEST['id']);
110 elseif($prescIds)
111 $prescArr=explode(':',$prescIds);
112 foreach($prescArr as $prescid)
114 if($prescid)
115 OutsidePrescription($doc,$r,$pid,$prescid);
118 else
120 OutsidePrescription($doc,$r,$pid,0);
122 if($res_presc<$GLOBALS['total_count'])
123 $uploaded_med_arr =PatientMedication($doc,$r,$pid,$med_limit);
125 $xml = $doc->saveXML();
126 $xml = preg_replace('/"/',"'",$xml);
127 //echo $xml."<br><br>";
128 $xml = stripStrings($xml,array('&#xD;'=>'','\t'=>''));
129 //$xml = stripStrings($xml,array('&#xD;'=>'','\t'=>'','\r'=>'','\n'=>''));
130 if($dem_check){
131 echo "<b>".htmlspecialchars( xl("Warning"), ENT_NOQUOTES).":</b><br><br>";
132 echo $dem_check."<br>";
133 echo htmlspecialchars( xl("The page will be redirected to Demographics. You can edit the country field and clickthrough to NewCrop again."), ENT_NOQUOTES);
134 ob_end_flush();
136 <script type="text/javascript">
137 window.setTimeout(function nav(){
138 window.location="patient_file/summary/demographics_full.php";
139 },5000);
140 </script>
141 <?php
142 die;
144 if($msg)
146 echo htmlspecialchars( xl('The following fields have to be filled to send request.'), ENT_NOQUOTES);
147 echo "<br>";
148 echo $msg;
149 die;
151 if($warning_msg)
153 echo "<font style='font-weight:bold;font-size:15px'>".htmlspecialchars( xl("Warning"), ENT_NOQUOTES)." : </font><br>".$warning_msg;
154 echo "<br><b>".htmlspecialchars( xl('This will not prevent you from going to the e-Prescriptions site.'), ENT_NOQUOTES)."</b>";
155 sleep(2);
157 //################################################
158 //XML GENERATED BY OPENEMR
159 //################################################
160 //$fh=fopen('click_xml.txt','a');
161 //fwrite($fh,$xml);
162 //echo $xml;
163 //die;
164 //################################################
165 if(!extension_loaded('curl'))
167 echo htmlspecialchars( xl('PHP CURL module should be enabled in your server.'), ENT_NOQUOTES);die;
169 $error = checkError($xml);
170 if($error==0)
172 if($page=='compose'){
173 sqlQuery("update patient_data set soap_import_status=1 where pid=?",array($pid));
175 elseif($page=='medentry'){
176 sqlQuery("update patient_data set soap_import_status=3 where pid=?",array($pid));
178 foreach($allergy as $allId)
180 sqlQuery("update lists set erx_uploaded='1' where type='allergy' and pid=? and id=?",array($pid,$allId));
182 $prescArr=explode(':',$prescIds);
183 foreach($prescArr as $prescid)
185 sqlQuery("update prescriptions set erx_uploaded='1' ,active='0' where patient_id=? and id=?",array($pid,$prescid));
187 foreach($uploaded_med_arr as $value)
189 sqlQuery("update lists set erx_uploaded='1' where id=?",array($value));
190 //sqlQuery("update lists set enddate=".date('Y-m-d')." where
191 //(enddate is null or enddate = '' ) and id=? ",array($value));
194 <script language='JavaScript'>
195 <?php require($GLOBALS['srcdir'] . "/restoreSession.php"); ?>
196 </script>
197 <form name='info' method='post' action="<?php echo getErxPath()?>" onsubmit='return top.restoreSession()'>
198 <input type='submit' style='display:none'>
199 <input type='hidden' id='RxInput' name='RxInput' value="<?php echo $xml;?>">
200 </form>
201 <script type="text/javascript" src="../library/js/jquery.1.3.2.js"></script>
202 <script type='text/javascript'>
203 document.forms[0].submit();
204 </script>
205 <?php
207 else
209 echo htmlspecialchars( xl('NewCrop call failed', ENT_NOQUOTES));