portal/lib/doc_lib.php

   1 <?php
   2
   3 /**
   4  * doc_lib.php
   5  *
   6  * @package   OpenEMR
   7  * @link      https://www.open-emr.org
   8  * @author    Jerry Padgett <sjpadgett@gmail.com>
   9  * @author    Brady Miller <brady.g.miller@gmail.com>
  10  * @copyright Copyright (c) 2016-2023 Jerry Padgett <sjpadgett@gmail.com>
  11  * @copyright Copyright (c) 2019 Brady Miller <brady.g.miller@gmail.com>
  12  * @license   https://github.com/openemr/openemr/blob/master/LICENSE GNU General Public License 3
  13  */
  14
  15 // Will start the (patient) portal OpenEMR session/cookie.
  16 require_once(__DIR__ . "/../../src/Common/Session/SessionUtil.php");
  17 OpenEMR\Common\Session\SessionUtil::portalSessionStart();
  18
  19 if (isset($_SESSION['pid']) && isset($_SESSION['patient_portal_onsite_two'])) {
  20     // ensure patient is bootstrapped (if sent)
  21     if (!empty($_POST['cpid'])) {
  22         if ($_POST['cpid'] != $_SESSION['pid']) {
  23             echo "illegal Action";
  24             OpenEMR\Common\Session\SessionUtil::portalSessionCookieDestroy();
  25             exit;
  26         }
  27     }
  28     $pid = $_SESSION['pid'];
  29     $ignoreAuth_onsite_portal = true;
  30     require_once(__DIR__ . "/../../interface/globals.php");
  31     // only support download handler from patient portal
  32     if ($_POST['handler'] != 'download' && $_POST['handler'] != 'fetch_pdf') {
  33         echo xlt("Not authorized");
  34         OpenEMR\Common\Session\SessionUtil::portalSessionCookieDestroy();
  35         exit;
  36     }
  37 } else {
  38     OpenEMR\Common\Session\SessionUtil::portalSessionCookieDestroy();
  39     $ignoreAuth = false;
  40     require_once(__DIR__ . "/../../interface/globals.php");
  41     if (!isset($_SESSION['authUserID'])) {
  42         $landingpage = "index.php";
  43         header('Location: ' . $landingpage);
  44         exit;
  45     }
  46 }
  47
  48 require_once("$srcdir/classes/Document.class.php");
  49 require_once("$srcdir/classes/Note.class.php");
  50 require_once(__DIR__ . "/appsql.class.php");
  51
  52 use Mpdf\Mpdf;
  53 use OpenEMR\Common\Csrf\CsrfUtils;
  54 use OpenEMR\Pdf\PatientPortalPDFDocumentCreator;
  55
  56 if (!(isset($GLOBALS['portal_onsite_two_enable'])) || !($GLOBALS['portal_onsite_two_enable'])) {
  57     echo xlt('Patient Portal is turned off');
  58     exit;
  59 }
  60 // confirm csrf (from both portal and core)
  61 if (!CsrfUtils::verifyCsrfToken($_POST["csrf_token_form"], 'doc-lib')) {
  62     CsrfUtils::csrfNotVerified();
  63 }
  64
  65 $logit = new ApplicationTable();
  66 $htmlin = $_POST['content'] ?? null;
  67 $dispose = $_POST['handler'] ?? null;
  68 $cpid = $_POST['cpid'] ?: $GLOBALS['pid'];
  69 $category = $_POST['catid'] ?? 0;
  70
  71 try {
  72     if (!$category) {
  73         $result = sqlQuery("SELECT id FROM categories WHERE name LIKE ?", array("Reviewed"));
  74         $category = $result['id'] ?: 3;
  75     }
  76     $form_filename = convert_safe_file_dir_name($_REQUEST['docid']) . '_' . convert_safe_file_dir_name($cpid) . '.pdf';
  77     $len = stripos($htmlin, 'data:application/pdf;base64,');
  78     if ($len !== false) {
  79         if ($dispose == "download") {
  80             //'<object data=data:application/pdf;base64,'
  81             $len = strpos($htmlin, ',');
  82             $content = substr($htmlin, $len + 1);
  83             $content = str_replace("type='application/pdf' width='100%' height='450'></object>", '', $content);
  84
  85             $pdf = base64_decode($content);
  86             header('Content-Description: File Transfer');
  87             header('Content-Type: application/pdf');
  88             header('Content-Disposition: attachment; filename=' . $form_filename);
  89             header('Content-Transfer-Encoding: binary');
  90             header('Expires: 0');
  91             header('Cache-Control: must-revalidate');
  92             header('Pragma: public');
  93             header('Content-Length: ' . strlen($pdf));
  94             ob_clean();
  95             flush();
  96             echo $pdf;
  97             flush();
  98             exit();
  99         }
 100     }
 101     $pdfCreator = new PatientPortalPDFDocumentCreator();
 102     $pdfObject = $pdfCreator->createPdfObject($htmlin);
 103     if ($dispose == 'download') {
 104         header('Content-type: application/pdf');
 105         header("Content-Disposition: attachment; filename=$form_filename");
 106         $pdfObject->Output($form_filename, 'D');
 107         $logit->portalLog('download document', $cpid, ('document:' . $form_filename));
 108         exit();
 109     }
 110
 111     if ($dispose == 'chart') {
 112         if (!$cpid) {
 113             echo js_escape("ERROR " . xla("Missing Patient ID"));
 114             exit();
 115         }
 116         $data = $pdfObject->Output($form_filename, 'S');
 117         $d = new Document();
 118         $rc = $d->createDocument($cpid, $category, $form_filename, 'application/pdf', $data);
 119         $logit->portalLog('chart document', $cpid, ('document:' . $form_filename));
 120         exit();
 121     }
 122
 123     if ($dispose == 'fetch_pdf') {
 124         try {
 125             $file = $pdfObject->Output($form_filename, 'S');
 126             $file = base64_encode($file);
 127             echo $file;
 128             $logit->portalLog('fetched PDF', $cpid, ('document:' . $form_filename));
 129             exit;
 130         } catch (Exception $e) {
 131             die(text($e->getMessage()));
 132         }
 133     }
 134 } catch (Exception $e) {
 135     die(text($e->getMessage()));
 136 }