library/ajax/upload.php

   1 <?php
   2
   3 /**
   4  * Drag and Drop file uploader.
   5  *
   6  * @package   OpenEMR
   7  * @link      https://www.open-emr.org
   8  * @author    Sherwin Gaddis <sherwingaddis@gmail.com>
   9  * @author    Brady Miller <brady.g.miller@gmail.com>
  10  * @author    Jerry Padgett <sjpadgett@gmail.com>
  11  * @copyright Copyright (c) 2017 Sherwin Gaddis <sherwingaddis@gmail.com>
  12  * @copyright Copyright (c) 2018 Brady Miller <brady.g.miller@gmail.com>
  13  * @copyright Copyright (c) 2020-2023 Jerry Padgett <sjpadgett@gmail.com>
  14  * @license   https://github.com/openemr/openemr/blob/master/LICENSE GNU General Public License 3
  15  */
  16
  17 // Auth if core or portal.
  18 require_once(__DIR__ . "/../../src/Common/Session/SessionUtil.php");
  19 OpenEMR\Common\Session\SessionUtil::portalSessionStart();
  20 $isPortal = false;
  21 if (isset($_SESSION['pid']) && isset($_SESSION['patient_portal_onsite_two'])) {
  22     $pid = $_SESSION['pid'];
  23     $ignoreAuth_onsite_portal = true;
  24     $isPortal = true;
  25 } else {
  26     OpenEMR\Common\Session\SessionUtil::portalSessionCookieDestroy();
  27     $ignoreAuth = false;
  28 }
  29
  30 require_once(__DIR__ . "/../../interface/globals.php");
  31 require_once(__DIR__ . "/../documents.php");
  32
  33 use OpenEMR\Common\Csrf\CsrfUtils;
  34 use OpenEMR\Services\MessageService;
  35
  36 if (!CsrfUtils::verifyCsrfToken($_REQUEST["csrf_token_form"])) {
  37     CsrfUtils::csrfNotVerified();
  38 }
  39
  40 // check if this is for dicom image maintenance.
  41 $action = $_POST['action'] ?? null;
  42 $doc_id = (int)$_POST['doc_id'] ?? null;
  43 $json_data = $_POST['json_data'] ?? null;
  44
  45 if ($action == 'save') {
  46     $pass_it = dicom_history_action($action, $doc_id, $json_data);
  47     if ($pass_it === 'false') {
  48         // query success. send back a translated message for user.
  49         echo xlj("Server says thanks. Images state saved.");
  50     } else {
  51         echo xlj("Error! Images state save failed.");
  52     }
  53
  54     exit();
  55 }
  56 if ($action == 'fetch') {
  57     $json_data = dicom_history_action($action, $doc_id);
  58     echo $json_data;
  59
  60     exit();
  61 }
  62 // nope! so continue on with Sherwins uploader.
  63 $patient_id = filter_input(INPUT_GET, 'patient_id');
  64 $category_id = filter_input(INPUT_GET, 'parent_id');
  65
  66 if ($isPortal ?? false) {
  67     $owner = $GLOBALS['userauthorized'];
  68     $files = getMultiple();
  69     if (count($files["file"] ?? []) > 0) {
  70         $messageService = new MessageService();
  71         $data = [];
  72         $note['groupname'] = 'Default';
  73         // will send to all auth'ed portal users
  74         $note['to'] = 'portal-user';
  75         $note['from'] = 'portal-user';
  76         $note['message_status'] = 'New';
  77         $note['title'] = 'New Document';
  78         $category = sqlQuery("SELECT id FROM categories WHERE name LIKE ?", array($category_id))['id'] ?: 3;
  79         foreach ($files["file"] as $file) {
  80             $name = $file['name'];
  81             $type = $file['type'];
  82             $tmp_name = $file['tmp_name'];
  83             $size = $file['size'];
  84             $data = addNewDocument(
  85                 $name,
  86                 $type,
  87                 $tmp_name,
  88                 '',
  89                 $size,
  90                 $owner,
  91                 $pid,
  92                 $category,
  93                 '',
  94                 '',
  95                 true
  96             );
  97             $rtn[] = $data;
  98         }
  99         // give user a break and send just one message for multi documents
 100         $names = '';
 101         foreach ($rtn as $data) {
 102             $names .= '"' . $data['name'] . '", ';
 103         }
 104         if (!empty($names)) {
 105             $note['body'] = xl('A Portal Patient has uploaded new documents titled') .
 106                 ' ' . $names .
 107                 xl('to the Documents Onsite Portal Patient category.') . "\n" .
 108                 xl("Please review and take any necessary actions");
 109             $messageService->insert($pid, $note);
 110         }
 111         echo text(json_encode($rtn));
 112     }
 113     exit;
 114 }
 115 if (!empty($_FILES)) {
 116     $name = $_FILES['file']['name'];
 117     $type = $_FILES['file']['type'];
 118     $tmp_name = $_FILES['file']['tmp_name'];
 119     $size = $_FILES['file']['size'];
 120     $owner = $GLOBALS['userauthorized'];
 121
 122     addNewDocument($name, $type, $tmp_name, '', $size, $owner, $patient_id, $category_id);
 123     exit;
 124 }
 125
 126 function dicom_history_action($action, $doc_id, $json_data = ''): bool|string
 127 {
 128     if ($action == 'save') {
 129         $json_data = base64_encode($json_data);
 130         return json_encode(sqlQuery("UPDATE documents SET document_data = ? WHERE id = ?", array($json_data, $doc_id)));
 131     }
 132
 133     if ($action == 'fetch') {
 134         $qrtn = sqlQuery("Select document_data FROM documents WHERE id = ?", array($doc_id));
 135         return base64_decode($qrtn['document_data']);
 136     }
 137
 138     return xlj("Unknown");
 139 }
 140
 141 function getMultiple()
 142 {
 143     $_FILE = array();
 144     foreach ($_FILES as $name => $file) {
 145         foreach ($file as $property => $keys) {
 146             foreach ($keys as $key => $value) {
 147                 $_FILE[$name][$key][$property] = $value;
 148             }
 149         }
 150     }
 151     return $_FILE;
 152 }