3 * Document Template Management Module.
6 * @link http://www.open-emr.org
7 * @author Rod Roark <rod@sunsetsystems.com>
8 * @author Brady Miller <brady.g.miller@gmail.com>
9 * @copyright Copyright (c) 2013-2014 Rod Roark <rod@sunsetsystems.com>
10 * @copyright Copyright (c) 2018 Brady Miller <brady.g.miller@gmail.com>
11 * @license https://github.com/openemr/openemr/blob/master/LICENSE GNU General Public License 3
15 require_once('../globals.php');
16 require_once($GLOBALS['srcdir'].'/acl.inc');
18 use OpenEMR\Common\Crypto\CryptoGen
;
20 if (!acl_check('admin', 'super')) {
21 die(xlt('Not authorized'));
24 // Set up crypto object
25 $cryptoGen = new CryptoGen();
27 $form_filename = convert_safe_file_dir_name($_REQUEST['form_filename']);
29 $templatedir = "$OE_SITE_DIR/documents/doctemplates";
31 // If downloading a file, do the download and nothing else.
32 // Thus the current browser page should remain displayed.
34 if (!empty($_POST['bn_download'])) {
36 if (!verifyCsrfToken($_POST["csrf_token_form"])) {
40 $templatepath = "$templatedir/$form_filename";
42 // Place file in variable
43 $fileData = file_get_contents($templatepath);
45 // Decrypt file, if applicable
46 if ($cryptoGen->cryptCheckStandard($fileData)) {
47 $fileData = $cryptoGen->decryptStandard($fileData, null, 'database');
50 header('Content-Description: File Transfer');
51 header('Content-Transfer-Encoding: binary');
53 header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
54 header('Pragma: public');
55 // attachment, not inline
56 header("Content-Disposition: attachment; filename=\"$form_filename\"");
57 // Note we avoid providing a mime type that suggests opening the file.
58 header("Content-Type: application/octet-stream");
59 header("Content-Length: " . strlen($fileData));
64 if (!empty($_POST['bn_delete'])) {
66 if (!verifyCsrfToken($_POST["csrf_token_form"])) {
70 $templatepath = "$templatedir/$form_filename";
71 if (is_file($templatepath)) {
72 unlink($templatepath);
76 if (!empty($_POST['bn_upload'])) {
78 if (!verifyCsrfToken($_POST["csrf_token_form"])) {
83 $tmp_name = $_FILES['form_file']['tmp_name'];
84 if (is_uploaded_file($tmp_name) && $_FILES['form_file']['size']) {
85 // Choose the destination path/filename.
86 $form_dest_filename = $_POST['form_dest_filename'];
87 if ($form_dest_filename == '') {
88 $form_dest_filename = $_FILES['form_file']['name'];
91 $form_dest_filename = convert_safe_file_dir_name(basename($form_dest_filename));
92 if ($form_dest_filename == '') {
93 die(xlt('Cannot determine a destination filename'));
95 $path_parts = pathinfo($form_dest_filename);
96 if (!in_array(strtolower($path_parts['extension']), array('odt', 'txt', 'docx', 'zip'))) {
97 die(text(strtolower($path_parts['extension'])) . ' ' . xlt('filetype is not accepted'));
100 $templatepath = "$templatedir/$form_dest_filename";
101 // If the site's template directory does not yet exist, create it.
102 if (!is_dir($templatedir)) {
106 // If the target file already exists, delete it.
107 if (is_file($templatepath)) {
108 unlink($templatepath);
111 // Place uploaded file in variable.
112 $fileData = file_get_contents($tmp_name);
114 // Encrypt uploaded file, if applicable.
115 if ($GLOBALS['drive_encryption']) {
116 $storedData = $cryptoGen->encryptStandard($fileData, null, 'database');
118 $storedData = $fileData;
121 // Store the uploaded file.
122 if (file_put_contents($templatepath, $storedData) === false) {
123 die(xlt('Unable to create') . " '" . text($templatepath) . "'");
132 <title
><?php
echo xlt('Document Template Management'); ?
></title
>
133 <link rel
="stylesheet" href
='<?php echo $css_header ?>' type
='text/css'>
135 <style type
="text/css">
136 .dehead
{ color
:#000000; font-family:sans-serif; font-size:10pt; font-weight:bold }
137 .detail
{ color
:#000000; font-family:sans-serif; font-size:10pt; font-weight:normal }
142 <body
class="body_top">
143 <form method
='post' action
='manage_document_templates.php' enctype
='multipart/form-data'
144 onsubmit
='return top.restoreSession()'>
145 <input type
="hidden" name
="csrf_token_form" value
="<?php echo attr(collectCsrfToken()); ?>" />
149 <h2
><?php
echo xlt('Document Template Management'); ?
></h2
>
152 <table border
='1' width
='95%'>
154 <tr bgcolor
='#dddddd' class='dehead'>
155 <td align
='center'><?php
echo xlt('Upload a Template'); ?
></td
>
159 <td valign
='top' class='detail' style
='padding:10pt;' nowrap
>
160 <?php
echo xlt('Source File'); ?
>:
161 <input type
="hidden" name
="MAX_FILE_SIZE" value
="250000000" />
162 <input type
="file" name
="form_file" size
="40" /> 
;
163 <?php
echo xlt('Destination Filename'); ?
>:
164 <input type
='text' name
='form_dest_filename' size
='30' />
166 <input type
='submit' name
='bn_upload' value
='<?php echo xla('Upload
') ?>' />
174 <table border
='1' width
='95%'>
176 <tr bgcolor
='#dddddd' class='dehead'>
177 <td align
='center'><?php
echo xlt('Download or Delete a Template'); ?
></td
>
181 <td valign
='top' class='detail' style
='padding:10pt;' nowrap
>
182 <select name
='form_filename'>
184 // Generate an <option> for each existing file.
185 if (file_exists($templatedir)) {
186 $dh = opendir($templatedir);
191 $templateslist = array();
192 while (false !== ($sfname = readdir($dh))) {
193 if (substr($sfname, 0, 1) == '.') {
197 $templateslist[$sfname] = $sfname;
201 ksort($templateslist);
202 foreach ($templateslist as $sfname) {
203 echo " <option value='" . attr($sfname) . "'";
204 echo ">" . text($sfname) . "</option>\n";
210 <input type
='submit' name
='bn_download' value
='<?php echo xla('Download
') ?>' />
212 <input type
='submit' name
='bn_delete' value
='<?php echo xla('Delete
') ?>' />