3 * Audit Log Tamper Report.
6 * @link http://www.open-emr.org
7 * @author Anil N <aniln@ensoftek.com>
8 * @author Brady Miller <brady.g.miller@gmail.com>
9 * @copyright Copyright (c) 2014 Ensoftek
10 * @copyright Copyright (c) 2017 Brady Miller <brady.g.miller@gmail.com>
11 * @license https://github.com/openemr/openemr/blob/master/LICENSE GNU General Public License 3
15 require_once("../globals.php");
16 require_once("$srcdir/log.inc");
17 require_once("$srcdir/crypto.php");
23 <title
><?php
echo xlt("Audit Log Tamper Report"); ?
></title
>
25 <?php
html_header_show();?
>
27 <link rel
="stylesheet" href
="<?php echo $css_header;?>" type
="text/css">
28 <link rel
="stylesheet" href
="<?php echo $GLOBALS['assets_static_relative']; ?>/jquery-datetimepicker/build/jquery.datetimepicker.min.css">
30 <script type
="text/javascript" src
="<?php echo $GLOBALS['assets_static_relative']; ?>/jquery/dist/jquery.min.js"></script
>
31 <script type
="text/javascript" src
="<?php echo $GLOBALS['webroot'] ?>/library/dialog.js?v=<?php echo $v_js_includes; ?>"></script
>
32 <script type
="text/javascript" src
="<?php echo $GLOBALS['assets_static_relative']; ?>/jquery-datetimepicker/build/jquery.datetimepicker.full.min.js"></script
>
40 border
-collapse
: collapse
;
43 background
-color
: #cccccc;
44 cursor
: pointer
; cursor
: hand
;
51 background
-color
: #ffffff;
52 border
-bottom
: 1px solid
#808080;
58 background
-color
: #336699;
66 //function to disable the event type field if the event name is disclosure
67 function eventTypeChange(eventname
)
69 if (eventname
== "disclosure") {
70 document
.theform
.type_event
.disabled
= true;
73 document
.theform
.type_event
.disabled
= false;
77 // VicarePlus :: This invokes the find-patient popup.
78 function sel_patient() {
79 dlgopen('../main/calendar/find_patient_popup.php?pflag=0', '_blank', 500, 400);
82 // VicarePlus :: This is for callback by the find-patient popup.
83 function setpatient(pid
, lname
, fname
, dob
) {
84 var f
= document
.theform
;
85 f
.form_patient
.value
= lname +
', ' + fname
;
86 f
.form_pid
.value
= pid
;
91 <body
class="body_top">
92 <font
class="title"><?php
echo xlt('Audit Log Tamper Report'); ?
></font
>
97 $start_date = (!empty($_GET["start_date"])) ?
DateTimeToYYYYMMDDHHMMSS($_GET["start_date"]) : date("Y-m-d") . " 00:00:00";
98 $end_date = (!empty($_GET["end_date"])) ?
DateTimeToYYYYMMDDHHMMSS($_GET["end_date"]) : date("Y-m-d") . " 23:59:59";
100 * Start date should not be greater than end date - Date Validation
102 if ($start_date > $end_date) {
103 echo "<table><tr class='alert'><td colspan=7>";
104 echo xlt('Start Date should not be greater than End Date');
105 echo "</td></tr></table>";
109 if ($_GET["form_patient"]) {
110 $form_patient = $_GET['form_patient'];
115 $form_user = $_REQUEST['form_user'];
116 $form_pid = $_REQUEST['form_pid'];
117 if ($form_patient == '') {
123 <FORM METHOD
="GET" name
="theform" id
="theform" onSubmit
='top.restoreSession()'>
126 $sortby = $_GET['sortby'];
128 <input type
="hidden" name
="sortby" id
="sortby" value
="<?php echo attr($sortby); ?>">
129 <input type
=hidden name
=csum value
="">
132 <span
class="text"><?php
echo xlt('Start Date'); ?
>: </span
>
134 <input type
="text" size
="18" class="datetimepicker" name
="start_date" id
="start_date" value
="<?php echo attr(oeFormatDateTime($start_date, 0, true)); ?>" title
="<?php echo xla('Start date'); ?>" />
137 <span
class="text"><?php
echo xlt('End Date'); ?
>: </span
>
139 <input type
="text" size
="18" class="datetimepicker" name
="end_date" id
="end_date" value
="<?php echo attr(oeFormatDateTime($end_date, 0, true)); ?>" title
="<?php echo xla('End date'); ?>" />
143  
; 
;<span
class='text'><?php
echo xlt('Patient'); ?
>: </span
>
146 <input type
='text' size
='20' name
='form_patient' style
='width:100%;cursor:pointer;cursor:hand' value
='<?php echo attr($form_patient) ? attr($form_patient) : xla('Click To Select
'); ?>' onclick
='sel_patient()' title
='<?php echo xlt('Click to select patient
'); ?>' />
147 <input type
='hidden' name
='form_pid' value
='<?php echo attr($form_pid); ?>' />
152 <span
class='text'><?php
echo xlt('Include Checksum'); ?
>: </span
>
156 $check_sum = isset($_GET['check_sum']);
158 <input type
="checkbox" name
="check_sum" <?php
echo ($check_sum) ?
"checked" : ""; ?
>>
161 <input type
=hidden name
="event" value
=<?php
echo attr($event) ; ?
>>
162 <a href
="javascript:document.theform.submit();" class='link_submit'>[<?php
echo xlt('Refresh'); ?
>]</a
>
169 <?php
if ($start_date && $end_date && $err_message!=1) { ?
>
171 <span
class="text" id
="display_tamper" style
="display:none;"><?php
echo xlt('Following rows in the audit log have been tampered'); ?
></span
>
174 <th id
="sortby_date" class="text" title
="<?php echo xla('Sort by Tamper date/time'); ?>"><?php
echo xlt('Tamper Date'); ?
></th
>
175 <th id
="sortby_user" class="text" title
="<?php echo xla('Sort by User'); ?>"><?php
echo xlt('User'); ?
></th
>
176 <th id
="sortby_pid" class="text" title
="<?php echo xla('Sort by PatientID'); ?>"><?php
echo xlt('PatientID'); ?
></th
>
177 <th id
="sortby_comments" class="text" title
="<?php echo xla('Sort by Comments'); ?>"><?php
echo xlt('Comments'); ?
></th
>
178 <?php
if ($check_sum) {?
>
179 <th id
="sortby_newchecksum" class="text" title
="<?php xla('Sort by New Checksum'); ?>"><?php
echo xlt('Tampered Checksum'); ?
></th
>
180 <th id
="sortby_oldchecksum" class="text" title
="<?php xla('Sort by Old Checksum'); ?>"><?php
echo xlt('Original Checksum'); ?
></th
>
185 $eventname = $_GET['eventname'];
186 $type_event = $_GET['type_event'];
188 <input type
=hidden name
=event value
=<?php
echo attr($eventname)."-".attr($type_event) ?
>>
190 $type_event = "update";
193 if ($eventname != "" && $type_event != "") {
194 $getevent=$eventname."-".$type_event;
197 if (($eventname == "") && ($type_event != "")) {
199 } else if ($type_event =="" && $eventname != "") {
201 } else if ($eventname == "") {
209 if ($ret = getEvents(array('sdate' => $start_date,'edate' => $end_date, 'user' => $form_user, 'patient' => $form_pid, 'sortby' => $_GET['sortby'], 'levent' =>$gev, 'tevent' =>$tevent))) {
210 foreach ($ret as $iter) {
212 $patterns = array ('/^success/','/^failure/','/ encounter/');
213 $replace = array ( xl('success'), xl('failure'), xl('encounter', '', ' '));
216 $log_id = $iter['id'];
217 $commentEncrStatus = "No";
219 $logEncryptData = logCommentEncryptData($log_id);
221 if (count($logEncryptData) > 0) {
222 $commentEncrStatus = $logEncryptData['encrypt'];
223 $checkSumOld = $logEncryptData['checksum'];
224 $encryptVersion = $logEncryptData['version'];
225 $concatLogColumns = $iter['date'].$iter['event'].$iter['user'].$iter['groupname'].$iter['comments'].$iter['patient_id'].$iter['success'].$iter['checksum'].$iter['crt_user'];
226 $checkSumNew = sha1($concatLogColumns);
228 if ($checkSumOld != $checkSumNew) {
238 if ($commentEncrStatus == "Yes") {
239 if ($encryptVersion == 1) {
240 // Use new openssl method
241 if (extension_loaded('openssl')) {
242 $trans_comments = preg_replace($patterns, $replace, trim(aes256Decrypt($iter["comments"])));
244 $trans_comments = xl("Unable to decrypt these comments since the PHP openssl module is not installed.");
246 } else { //$encryptVersion == 0
247 // Use old mcrypt method
248 if (extension_loaded('mcrypt')) {
249 $trans_comments = preg_replace($patterns, $replace, trim(aes256Decrypt_mycrypt($iter["comments"])));
251 $trans_comments = xl("Unable to decrypt these comments since the PHP mycrypt module is not installed.");
255 $trans_comments = preg_replace($patterns, $replace, trim($iter["comments"]));
258 //Alter Checksum value records only display here
260 $dispArr[] = $icnt++
;
262 <TR
class="oneresult">
263 <TD
class="text tamperColor"><?php
echo text(oeFormatDateTime($iter["date"], "global", true)); ?
></TD
>
264 <TD
class="text tamperColor"><?php
echo text($iter["user"]); ?
></TD
>
265 <TD
class="text tamperColor"><?php
echo text($iter["patient_id"]);?
></TD
>
266 <TD
class="text tamperColor"><?php
echo text($trans_comments);?
></TD
>
267 <?php
if ($check_sum) { ?
>
268 <TD
class="text tamperColor"><?php
echo text($checkSumNew);?
></TD
>
269 <TD
class="text tamperColor"><?php
echo text($checkSumOld);?
></TD
>
277 if (count($dispArr) == 0) {?
>
278 <TR
class="oneresult">
285 <TD
class="text" colspan
="<?php echo $colspan;?>" align
="center"><?php
echo xlt('No audit log tampering detected in the selected date range.'); ?
></TD
>
289 <script type
="text/javascript">$
('#display_tamper').css('display', 'block');</script
>
298 <script language
="javascript">
300 // jQuery stuff to make the page a little easier to use
301 $
(document
).ready(function(){
302 // funny thing here... good learning experience
303 // the TR has TD children which have their own background and text color
304 // toggling the TR color doesn't change the TD color
305 // so we need to change all the TR's children (the TD's) just as we did the TR
306 // thus we have two calls to toggleClass:
307 // 1 - for the parent (the TR)
308 // 2 - for each of the children (the TDs)
309 $
(".oneresult").mouseover(function() { $
(this
).toggleClass("highlight"); $
(this
).children().toggleClass("highlight"); });
310 $
(".oneresult").mouseout(function() { $
(this
).toggleClass("highlight"); $
(this
).children().toggleClass("highlight"); });
312 // click-able column headers to sort the list
313 $
("#sortby_date").click(function() { $
("#sortby").val("date"); $
("#theform").submit(); });
314 $
("#sortby_event").click(function() { $
("#sortby").val("event"); $
("#theform").submit(); });
315 $
("#sortby_user").click(function() { $
("#sortby").val("user"); $
("#theform").submit(); });
316 $
("#sortby_cuser").click(function() { $
("#sortby").val("user"); $
("#theform").submit(); });
317 $
("#sortby_group").click(function() { $
("#sortby").val("groupname"); $
("#theform").submit(); });
318 $
("#sortby_pid").click(function() { $
("#sortby").val("patient_id"); $
("#theform").submit(); });
319 $
("#sortby_success").click(function() { $
("#sortby").val("success"); $
("#theform").submit(); });
320 $
("#sortby_comments").click(function() { $
("#sortby").val("comments"); $
("#theform").submit(); });
321 $
("#sortby_oldchecksum").click(function() { $
("#sortby").val("checksum"); $
("#theform").submit(); });
322 $
("#sortby_newchecksum").click(function() { $
("#sortby").val("checksum"); $
("#theform").submit(); });
324 $
('.datetimepicker').datetimepicker({
325 <?php
$datetimepicker_timepicker = true; ?
>
326 <?php
$datetimepicker_showseconds = true; ?
>
327 <?php
$datetimepicker_formatInput = true; ?
>
328 <?php
require($GLOBALS['srcdir'] . '/js/xl/jquery-datetimepicker-2-5-4.js.php'); ?
>
329 <?php
// can add any additional javascript settings to datetimepicker here; need to prepend first setting with a comma ?>