portal/sign/lib/save-signature.php

   1 <?php
   2 /**
   3  * Patient Portal
   4  *
   5  * @package   OpenEMR
   6  * @link      http://www.open-emr.org
   7  * @author    Jerry Padgett <sjpadgett@gmail.com>
   8  * @author    Brady Miller <brady.g.miller@gmail.com>
   9  * @copyright Copyright (c) 2016-2019 Jerry Padgett <sjpadgett@gmail.com>
  10  * @copyright Copyright (c) 2019 Brady Miller <brady.g.miller@gmail.com>
  11  * @license   https://github.com/openemr/openemr/blob/master/LICENSE GNU General Public License 3
  12  */
  13
  14 //Need to unwrap data to ensure user/patient is authorized
  15 $data = (array)(json_decode(file_get_contents("php://input")));
  16 $pid = $data['pid'];
  17 $user = $data['user'];
  18 $signer = !empty($data['signer']) ? $data['signer'] : '';
  19 $type = $data['type'];
  20 $isPortal = $data['is_portal'];
  21 $output = urldecode($data['output']);
  22 $ignoreAuth = false;
  23
  24 // this script is used by both the patient portal and main openemr; below does authorization.
  25 if ($isPortal) {
  26     require_once(dirname(__FILE__) . "/../../../src/Common/Session/SessionUtil.php");
  27     OpenEMR\Common\Session\SessionUtil::portalSessionStart();
  28
  29     if (isset($_SESSION['pid']) && isset($_SESSION['patient_portal_onsite_two'])) {
  30         // authorized by patient portal
  31         $pid = $_SESSION['pid'];
  32         $ignoreAuth = true;
  33     } else {
  34         OpenEMR\Common\Session\SessionUtil::portalSessionCookieDestroy();
  35         echo js_escape("error");
  36         exit();
  37     }
  38 }
  39 require_once("../../../interface/globals.php");
  40
  41 if ($_SERVER['REQUEST_METHOD'] == 'POST') {
  42     if ($type == 'admin-signature') {
  43         $pid = 0;
  44     }
  45     $sig_hash = sha1($output);
  46     $created = time();
  47     $ip = $_SERVER['REMOTE_ADDR'];
  48     $status = 'filed';
  49     $lastmod = date('Y-m-d H:i:s');
  50     $r = sqlStatement("SELECT COUNT( DISTINCT TYPE ) x FROM onsite_signatures where pid = ? and user = ? ", array($pid, $user));
  51     $c = sqlFetchArray($r);
  52     $isit = $c['x'] * 1;
  53     if ($isit) {
  54         $qstr = "UPDATE onsite_signatures SET pid=?,lastmod=?,status=?, user=?, signature=?, sig_hash=?, ip=?,sig_image=? WHERE pid=? && user=?";
  55         $rcnt = sqlStatement($qstr, array($pid, $lastmod, $status, $user, null, $sig_hash, $ip, $output, $pid, $user));
  56     } else {
  57         $qstr = "INSERT INTO onsite_signatures (pid,lastmod,status,type,user,signator, signature, sig_hash, ip, created, sig_image) VALUES (?,?,?,?,?,?,?,?,?,?,?) ";
  58         sqlStatement($qstr, array($pid, $lastmod, $status, $type, $user, $signer, null, $sig_hash, $ip, $created, $output));
  59     }
  60
  61     echo json_encode('Done');
  62     exit();
  63 }