portal/account/account.lib.php

   1 <?php
   2 /**
   3  * Ajax Library for Register
   4  *
   5  * @package OpenEMR
   6  * @link    http://www.open-emr.org
   7  * @author  Jerry Padgett <sjpadgett@gmail.com>
   8  * @copyright Copyright (c) 2017 Jerry Padgett <sjpadgett@gmail.com>
   9  * @license https://www.gnu.org/licenses/agpl-3.0.en.html GNU Affero General Public License 3
  10  */
  11 /* Library functions for register*/
  12
  13 function notifyAdmin($pid, $provider)
  14 {
  15
  16     $note = xl("New patient registration received from patient portal. Reminder to check for possible new appointment");
  17     $title = xl("New Patient");
  18     $user = sqlQueryNoLog("SELECT users.username FROM users WHERE authorized = 1 And id = ?", array($provider));
  19
  20     $rtn = addPnote($pid, $note, 1, 1, $title, $user['username'], '', 'New');
  21
  22     return $rtn;
  23 }
  24
  25 function isNew($dob = '', $lname = '', $fname = '', $email = '')
  26 {
  27     $last = '%' . trim($lname) . '%';
  28     $first = '%' . trim($fname) . '%';
  29     $dob = '%' . trim($dob) . '%';
  30     $semail = '%' . trim($email) . '%';
  31     $sql = "select pid from patient_data Where patient_data.lname LIKE ? And patient_data.fname LIKE ? And patient_data.DOB LIKE ? order by date limit 0,1";
  32     $data = array(
  33         $last,
  34         $first,
  35         $dob
  36     );
  37     if ($email) {
  38         $sql = "select pid from patient_data Where patient_data.lname LIKE ? And patient_data.fname LIKE ? And patient_data.DOB LIKE ? And patient_data.email LIKE ? order by date limit 0,1";
  39         $data = array(
  40             $last,
  41             $first,
  42             $dob,
  43             $semail
  44         );
  45     }
  46     $row = sqlQuery($sql, $data);
  47
  48     return $row['pid'] ? $row['pid'] : 0;
  49 }
  50
  51 function saveInsurance($pid)
  52 {
  53     newInsuranceData(
  54         $pid = $pid,
  55         $type = "primary",
  56         $provider = "0",
  57         $policy_number = $_REQUEST['policy_number'],
  58         $group_number = $_REQUEST['group_number'],
  59         $plan_name = $_REQUEST['provider'] . ' ' . $_REQUEST['plan_name'],
  60         $subscriber_lname = "",
  61         $subscriber_mname = "",
  62         $subscriber_fname = "",
  63         $subscriber_relationship = "",
  64         $subscriber_ss = "",
  65         $subscriber_DOB = "",
  66         $subscriber_street = "",
  67         $subscriber_postal_code = "",
  68         $subscriber_city = "",
  69         $subscriber_state = "",
  70         $subscriber_country = "",
  71         $subscriber_phone = "",
  72         $subscriber_employer = "",
  73         $subscriber_employer_street = "",
  74         $subscriber_employer_city = "",
  75         $subscriber_employer_postal_code = "",
  76         $subscriber_employer_state = "",
  77         $subscriber_employer_country = "",
  78         $copay = $_REQUEST['copay'],
  79         $subscriber_sex = "",
  80         $effective_date = DateToYYYYMMDD($_REQUEST['date']),
  81         $accept_assignment = "TRUE",
  82         $policy_type = ""
  83     );
  84     newInsuranceData($pid, "secondary");
  85     newInsuranceData($pid, "tertiary");
  86 }
  87
  88 function getNewPid()
  89 {
  90     $result = sqlQuery("select max(pid)+1 as pid from patient_data");
  91     $newpid = 1;
  92     if ($result['pid'] > 1) {
  93         $newpid = $result['pid'];
  94     }
  95     if ($newpid == null) {
  96         $newpid = 0;
  97     }
  98     return $newpid;
  99 }
 100
 101 function generatePassword($length = 8, $strength = 1)
 102 {
 103     $consonants = 'bdghjmnpqrstvzacefiklowxy';
 104     $numbers = '0234561789';
 105     $specials = '@#$%';
 106
 107     $password = '';
 108     $alt = time() % 2;
 109     for ($i = 0; $i < $length / 3; $i ++) {
 110         if ($alt == 1) {
 111             $password .= $consonants[(rand() % strlen($consonants))] . $numbers[(rand() % strlen($numbers))] . $specials[(rand() % strlen($specials))];
 112             $alt = 0;
 113         } else {
 114             $password .= $numbers[(rand() % strlen($numbers))] . $specials[(rand() % strlen($specials))] . $consonants[(rand() % strlen($consonants))];
 115             $alt = 1;
 116         }
 117     }
 118
 119     return $password;
 120 }
 121
 122 function validEmail($email)
 123 {
 124     if (preg_match("/^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$/i", $email)) {
 125         return true;
 126     }
 127
 128     return false;
 129 }
 130
 131 function messageCreate($uname, $pass)
 132 {
 133     $message = htmlspecialchars(xl("Patient Portal Web Address"), ENT_NOQUOTES) . ":<br>";
 134
 135     if ($GLOBALS['portal_onsite_enable']) {
 136         $message .= "<a href='" . htmlspecialchars($GLOBALS['portal_onsite_address'], ENT_QUOTES) . "'>" .
 137             htmlspecialchars($GLOBALS['portal_onsite_address'], ENT_NOQUOTES) . "</a><br>";
 138     }
 139
 140     if ($GLOBALS['portal_onsite_two_enable']) {
 141         $message .= "<a href='" . htmlspecialchars($GLOBALS['portal_onsite_two_address'], ENT_QUOTES) . "'>" .
 142             htmlspecialchars($GLOBALS['portal_onsite_two_address'], ENT_NOQUOTES) . "</a><br>";
 143     }
 144
 145     $message .= "<br>";
 146
 147     $message .= htmlspecialchars(xl("User Name"), ENT_NOQUOTES) . ": " . htmlspecialchars($uname, ENT_NOQUOTES) .
 148     "<br><br>" . htmlspecialchars(xl("Password"), ENT_NOQUOTES) . ": " . htmlspecialchars($pass, ENT_NOQUOTES) . "<br><br>";
 149
 150     return $message;
 151 }
 152
 153 function doCredentials($pid)
 154 {
 155     global $srcdir;
 156     require_once("$srcdir/authentication/common_operations.php");
 157
 158     $newpd = sqlQuery("SELECT * FROM `patient_data` WHERE `pid`=?", array(
 159         $pid
 160     ));
 161
 162     $clear_pass = generatePassword();
 163
 164     $uname = $newpd['fname'] . $newpd['id'];
 165
 166     $res = sqlStatement("SELECT * FROM patient_access_onsite WHERE pid=?", array(
 167         $pid
 168     ));
 169     $query_parameters = array(
 170         $uname
 171     );
 172     $salt_clause = "";
 173     // For onsite portal create a blowfish based hash and salt.
 174     $new_salt = oemr_password_salt();
 175     $salt_clause = ",portal_salt=? ";
 176     array_push($query_parameters, oemr_password_hash($clear_pass, $new_salt), $new_salt);
 177     array_push($query_parameters, $pid);
 178     if (sqlNumRows($res)) {
 179         sqlStatement("UPDATE patient_access_onsite SET portal_username=?,portal_pwd=?,portal_pwd_status=0 " . $salt_clause . " WHERE pid=?", $query_parameters);
 180     } else {
 181         sqlStatement("INSERT INTO patient_access_onsite SET portal_username=?,portal_pwd=?,portal_pwd_status=0" . $salt_clause . " ,pid=?", $query_parameters);
 182     }
 183
 184     if (! (validEmail($newpd['email']))) {
 185         $sent = false;
 186     }
 187
 188     $message = messageCreate($uname, $clear_pass);
 189
 190     $mail = new MyMailer();
 191     $pt_name = $newpd['fname'] . ' ' . $newpd['lname'];
 192     $pt_email = $newpd['email'];
 193     $email_subject = xl('Access Your Patient Portal');
 194     $email_sender = $GLOBALS['patient_reminder_sender_email'];
 195     $mail->AddReplyTo($email_sender, $email_sender);
 196     $mail->SetFrom($email_sender, $email_sender);
 197     $mail->AddAddress($pt_email, $pt_name);
 198     $mail->Subject = $email_subject;
 199     $mail->MsgHTML("<html><body><div class='wrapper'>" . $message . "</div></body></html>");
 200     $mail->IsHTML(true);
 201     $mail->AltBody = $message;
 202
 203     if ($mail->Send()) {
 204         $sent = true;
 205     } else {
 206         $email_status = $mail->ErrorInfo;
 207         error_log("EMAIL ERROR: " . $email_status, 0);
 208         $sent = false;
 209     }
 210     if ($sent) {
 211         $sent = "User : " . $uname . " Password : " . $clear_pass;
 212     }
 213     return $sent;
 214 }