portal/patient/index.php

   1 <?php
   2
   3 /** @package    Patient Portal
   4  *
   5  * From phreeze package
   6  * @license http://www.gnu.org/copyleft/lesser.html LGPL
   7  *
   8  */
   9
  10 //require_once ("./../verify_session.php");
  11 /* GlobalConfig object contains all configuration information for the app */
  12 require_once("_global_config.php");
  13 require_once("_app_config.php");
  14 require_once("_machine_config.php"); // This include auth any framework calls
  15
  16 if (!GlobalConfig::$CONNECTION_SETTING) {
  17     throw new Exception('GlobalConfig::$CONNECTION_SETTING is not configured.  Are you missing _machine_config.php?');
  18 }
  19
  20 /* require framework libs */
  21 require_once("verysimple/Phreeze/Dispatcher.php");
  22
  23 // the global config is used for all dependency injection
  24 $gc = GlobalConfig::GetInstance();
  25
  26 try {
  27     if (!empty($_SESSION['register'])) {
  28         // Need to bootstrap for registration
  29         $GLOBALS['bootstrap_register'] = true;
  30     } else {
  31         $GLOBALS['bootstrap_register'] = false;
  32     }
  33     if (isset($_SESSION['pid']) && (isset($_SESSION['patient_portal_onsite_two']))) {
  34         // Need to bootstrap all requests to only allow the pid in $_SESSION['pid']
  35         //  and to only allow access to api calls applicable to that pid (or patientId).
  36         // Also need to collect the id of the patient to verify the correct id is used
  37         //  in the uri check in GenericRouter.php .
  38         $GLOBALS['bootstrap_pid'] = $_SESSION['pid'];
  39         $sqlCollectPatientId = sqlQuery("SELECT `id` FROM `patient_data` WHERE `pid` = ?", [$GLOBALS['bootstrap_pid']]);
  40         $GLOBALS['bootstrap_uri_id'] = $sqlCollectPatientId['id'];
  41         if (
  42             (!empty($_POST['pid']) && ($_POST['pid'] != $GLOBALS['bootstrap_pid'])) ||
  43             (!empty($_GET['pid']) && ($_GET['pid'] != $GLOBALS['bootstrap_pid'])) ||
  44             (!empty($_REQUEST['pid']) && ($_REQUEST['pid'] != $GLOBALS['bootstrap_pid'])) ||
  45             (!empty($_POST['patientId']) && ($_POST['patientId'] != $GLOBALS['bootstrap_pid'])) ||
  46             (!empty($_GET['patientId']) && ($_GET['patientId'] != $GLOBALS['bootstrap_pid'])) ||
  47             (!empty($_REQUEST['patientId']) && ($_REQUEST['patientId'] != $GLOBALS['bootstrap_pid']))
  48         ) {
  49             // Unauthorized use
  50             $error = 'Unauthorized';
  51             throw new Exception($error);
  52         }
  53     }
  54     Dispatcher::Dispatch(
  55         $gc->GetPhreezer(),
  56         $gc->GetRenderEngine(),
  57         '',
  58         $gc->GetContext(),
  59         $gc->GetRouter()
  60     );
  61 } catch (exception $ex) {
  62     // This is the global error handler which will be called in the event of
  63     // uncaught errors.  If the endpoint appears to be an API request then
  64     // render it as JSON, otherwise attempt to render a friendly HTML page
  65
  66     $url = RequestUtil::GetCurrentURL();
  67     $isApiRequest = (strpos($url, 'api/') !== false);
  68
  69     if ($isApiRequest) {
  70         $result = new stdClass();
  71         $result->success = false;
  72         $result->message = $ex->getMessage();
  73         $result->data = $ex->getTraceAsString();
  74
  75         @header('HTTP/1.1 401 Unauthorized');
  76         echo json_encode($result);
  77     } else {
  78         $gc->GetRenderEngine()->assign("message", $ex->getMessage());
  79         $gc->GetRenderEngine()->assign("stacktrace", $ex->getTraceAsString());
  80         $gc->GetRenderEngine()->assign("code", $ex->getCode());
  81
  82         try {
  83             $gc->GetRenderEngine()->display("DefaultErrorFatal.tpl");
  84         } catch (Exception $ex2) {
  85             // this means there is an error with the template, in which case we can't display it nicely
  86             echo "<style>* { font-family: verdana, arial, helvetica, sans-serif; }</style>\n";
  87             echo "<h1>Fatal Error:</h1>\n";
  88             echo '<h3>' . htmlentities($ex->getMessage()) . "</h3>\n";
  89             echo "<h4>Original Stack Trace:</h4>\n";
  90             echo '<textarea wrap="off" style="height: 200px; width: 100%;">' . htmlentities($ex->getTraceAsString()) . '</textarea>';
  91             echo "<h4>In addition to the above error, the default error template could not be displayed:</h4>\n";
  92             echo '<textarea wrap="off" style="height: 200px; width: 100%;">' . htmlentities($ex2->getMessage()) . "\n\n" . htmlentities($ex2->getTraceAsString()) . '</textarea>';
  93         }
  94     }
  95 }