From 50d7a3c8b6054114db727111265c37f7ed60a207 Mon Sep 17 00:00:00 2001 From: "Jacob T.Paul" Date: Tue, 6 Sep 2011 14:06:12 +0530 Subject: [PATCH] Secure SOAP APIs to support third party patient portals. Contributed by Z&H Healthcare whom are also offering a free patient portal that works with this set of APIs. Signed-off-by: Jacob T.Paul --- acl_setup.php | 16 +- acl_upgrade.php | 8 + ccr/ccd/ccr_ccd.xsl | 2 + ccr/createCCR.php | 11 +- interface/main/left_nav.php | 3 + interface/main/messages/messages.php | 52 +- interface/patient_file/summary/demographics.php | 4 +- interface/super/edit_globals.php | 17 +- library/acl.inc | 4 + library/globals.inc.php | 30 +- myportal/index.php | 87 +++ myportal/soap_service/factory_class.php | 35 ++ myportal/soap_service/server_audit.php | 321 ++++++++++ myportal/soap_service/server_existingpatient.php | 568 ++++++++++++++++++ myportal/soap_service/server_mail.php | 118 ++++ myportal/soap_service/server_med_rec.php | 432 +++++++++++++ myportal/soap_service/server_newpatient.php | 322 ++++++++++ myportal/soap_service/server_oemruser.php | 218 +++++++ myportal/soap_service/server_side.php | 734 +++++++++++++++++++++++ sql/4_0_0-to-4_1_0_upgrade.sql | 95 +++ sql/database.sql | 123 +++- version.php | 2 +- 22 files changed, 3179 insertions(+), 23 deletions(-) create mode 100644 myportal/index.php create mode 100644 myportal/soap_service/factory_class.php create mode 100644 myportal/soap_service/server_audit.php create mode 100644 myportal/soap_service/server_existingpatient.php create mode 100644 myportal/soap_service/server_mail.php create mode 100644 myportal/soap_service/server_med_rec.php create mode 100644 myportal/soap_service/server_newpatient.php create mode 100644 myportal/soap_service/server_oemruser.php create mode 100644 myportal/soap_service/server_side.php diff --git a/acl_setup.php b/acl_setup.php index 1fa7df956..1b7926787 100644 --- a/acl_setup.php +++ b/acl_setup.php @@ -61,7 +61,8 @@ // xl('Placeholder') $gacl->add_object_section('Nation Notes' , 'nationnotes' , 10, 0, 'ACO'); // xl('Nation Notes') - + $gacl->add_object_section('Patient Portal','patientportal' , 10, 0, 'ACO'); + // xl('Patient Portal') // Create Accounting ACOs. // $gacl->add_object('acct', 'Billing (write optional)' , 'bill' , 10, 0, 'ACO'); @@ -131,7 +132,12 @@ // xl('Language List (write,addonly optional)') $gacl->add_object('lists', 'Ethnicity-Race List (write,addonly optional)' , 'ethrace' , 10, 0, 'ACO'); // xl('Ethnicity-Race List (write,addonly optional)') - + + // Create ACOs for patientportal. + // + $gacl->add_object('patientportal', 'Patient Portal' , 'portal' , 10, 0, 'ACO'); + // xl('Patient Portal') + // Create ACOs for patients. // $gacl->add_object('patients', 'Appointments (write optional)' , 'appt' , 10, 0, 'ACO'); @@ -216,7 +222,8 @@ $breakglass = $gacl->add_group('breakglass' , 'Emergency Login' , $users, 'A 'lists'=>array('default','state','country','language','ethrace'), 'patients'=>array('appt', 'demo', 'med', 'trans', 'docs', 'notes'), 'sensitivities'=>array('normal', 'high'), - 'nationnotes'=>array('nn_configure') + 'nationnotes'=>array('nn_configure'), + 'patientportal'=>array('portal') ), NULL, array($admin), NULL, NULL, 1, 1, 'write', 'Administrators can do anything' @@ -319,7 +326,8 @@ $breakglass = $gacl->add_group('breakglass' , 'Emergency Login' , $users, 'A 'lists'=>array('default','state','country','language','ethrace'), 'patients'=>array('appt', 'demo', 'med', 'trans', 'docs', 'notes'), 'sensitivities'=>array('normal', 'high'), - 'nationnotes'=>array('nn_configure') + 'nationnotes'=>array('nn_configure'), + 'patientportal'=>array('portal') ), NULL, array($breakglass), NULL, NULL, 1, 1, 'write', 'Emergency Login user can do anything' diff --git a/acl_upgrade.php b/acl_upgrade.php index 9ee4a83b1..3f520a90e 100644 --- a/acl_upgrade.php +++ b/acl_upgrade.php @@ -78,6 +78,8 @@ addObjectSectionAcl('lists', 'Lists'); addObjectSectionAcl('placeholder', 'Placeholder'); //Add 'Nation Notes' object section (added in 4.1.0) addObjectSectionAcl('nationnotes','Nation Notes'); +//Add 'Patient Portal' object section (added in 4.1.0) +addObjectSectionAcl('patientportal', 'Patient Portal'); //Add new Objects echo "
Adding new objects
"; @@ -107,6 +109,8 @@ addObjectAcl('placeholder', 'Placeholder', 'filler', 'Placeholder (Maintains emp addObjectAcl('patients', 'Patients', 'sign', 'Sign Lab Results (write,addonly optional)'); //Add 'nationnotes' object (added in 4.1.0) addObjectAcl('nationnotes', 'Nation Notes', 'nn_configure', 'Nation Notes Configure'); +//Add 'patientportal' object (added in 4.1.0) +addObjectAcl('patientportal', 'Patient Portal', 'portal', 'Patient Portal'); //Update already existing Objects echo "
Upgrading objects
"; @@ -236,6 +240,10 @@ updateAcl($doc_write, 'Physicians', 'patients', 'Patients', 'sign', 'Sign Lab Re updateAcl($admin_write, 'Administrators','nationnotes', 'Nation Notes', 'nn_configure', 'Nation Notes Configure','write'); //Insert the 'sign' object from the 'nationnotes' section into the Emergency Login group write ACL (added in 3.3.0) updateAcl($emergency_write, 'Emergency Login','nationnotes', 'Nation Notes', 'nn_configure', 'Nation Notes Configure','write'); +//Insert the 'patientportal' object from the 'patientportal' section into the Administrators group write ACL (added in 4.1.0) +updateAcl($admin_write, 'Administrators','patientportal', 'Patient Portal', 'portal', 'Patient Portal','write'); +//Insert the 'patientportal' object from the 'patientportal' section into the Emergency Login group write ACL (added in 4.1.0) +updateAcl($emergency_write, 'Emergency Login','patientportal', 'Patient Portal', 'portal', 'Patient Portal','write'); //Function will return an array that contains the ACL ID number. //It will also check to ensure the ACL exist and is not duplicated. diff --git a/ccr/ccd/ccr_ccd.xsl b/ccr/ccd/ccr_ccd.xsl index 976aaf380..0acc2683f 100755 --- a/ccr/ccd/ccr_ccd.xsl +++ b/ccr/ccd/ccr_ccd.xsl @@ -622,11 +622,13 @@ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" exclude-result-prefixes="a +
+ diff --git a/ccr/createCCR.php b/ccr/createCCR.php index 88155f25e..662aee592 100644 --- a/ccr/createCCR.php +++ b/ccr/createCCR.php @@ -210,13 +210,13 @@ function createCCR($action,$raw="no"){ $ccr->preserveWhiteSpace = false; $ccr->formatOutput = true; - $ccr->save('generatedXml/ccrForCCD.xml'); + $ccr->save(dirname(__FILE__) .'/generatedXml/ccrForCCD.xml'); $xmlDom = new DOMDocument(); $xmlDom->loadXML($ccr->saveXML()); $ccr_ccd = new DOMDocument(); - $ccr_ccd->load('ccd/ccr_ccd.xsl'); + $ccr_ccd->load(dirname(__FILE__) .'/ccd/ccr_ccd.xsl'); $xslt = new XSLTProcessor(); $xslt->importStylesheet($ccr_ccd); @@ -227,7 +227,7 @@ function createCCR($action,$raw="no"){ $ccd->loadXML($xslt->transformToXML($xmlDom)); - $ccd->save('generatedXml/ccdDebug.xml'); + $ccd->save(dirname(__FILE__) .'/generatedXml/ccdDebug.xml'); if ($raw == "yes") { // simply send the xml to a textarea (nice debugging tool) @@ -238,7 +238,7 @@ function createCCR($action,$raw="no"){ } $ss = new DOMDocument(); - $ss->load("stylesheet/cda.xsl"); + $ss->load(dirname(__FILE__) ."/stylesheet/cda.xsl"); $xslt->importStyleSheet($ss); @@ -310,6 +310,9 @@ function createCCR($action,$raw="no"){ echo $main_xml; } +if($_POST['ccrAction']) +{ createCCR($_POST['ccrAction'],$_POST['raw']); +} ?> diff --git a/interface/main/left_nav.php b/interface/main/left_nav.php index cb8391fab..e38275be3 100644 --- a/interface/main/left_nav.php +++ b/interface/main/left_nav.php @@ -100,6 +100,7 @@ $primary_docs = array( 'ros' => array(xl('Roster') , 0, 'reports/players_report.php?embed=1'), 'cal' => array(xl('Calendar') , 0, 'main/main_info.php'), + 'app' => array(xl('Portal Activity') , 0, '../myportal/index.php'), 'msg' => array(xl('Messages') , 0, 'main/messages/messages.php'), 'pwd' => array(xl('Password') , 0, 'usergroup/user_info.php'), 'prf' => array(xl('Preferences') , 0, 'super/edit_globals.php?mode=user'), @@ -869,6 +870,7 @@ $(document).ready(function(){ $("#navigation-slide > li > a#cal0").prepend(''); $("#navigation-slide > li > a#msg0").prepend(''); $("#navigation-slide > li > a#patimg").prepend(''); + $("#navigation-slide > li > a#app0").prepend(''); $("#navigation-slide > li > a#repimg").prepend(''); $("#navigation-slide > li > a#feeimg").prepend(''); $("#navigation-slide > li > a#adm0").prepend(''); @@ -1079,6 +1081,7 @@ if ($GLOBALS['athletic_team']) { +
    • diff --git a/interface/main/messages/messages.php b/interface/main/messages/messages.php index 1b4f3e3f7..d68055ec5 100644 --- a/interface/main/messages/messages.php +++ b/interface/main/messages/messages.php @@ -69,12 +69,24 @@ switch($task) { $assigned_to = $_POST['assigned_to']; $form_message_status = $_POST['form_message_status']; $reply_to = $_POST['reply_to']; - if ($noteid) { - updatePnote($noteid, $note, $form_note_type, $assigned_to, $form_message_status); - $noteid = ''; - } - else { - $noteid = addPnote($reply_to, $note, $userauthorized, '1', $form_note_type, $assigned_to, '', $form_message_status); + $assigned_to_list = explode(';',$assigned_to); + foreach($assigned_to_list as $assigned_to){ + if ($noteid && $assigned_to != '-patient-') { + updatePnote($noteid, $note, $form_note_type, $assigned_to, $form_message_status); + $noteid = ''; + } + else { + if($noteid && $assigned_to == '-patient-'){ + $row = getPnoteById($noteid); + if (! $row) die("getPnoteById() did not find id '$noteid'"); + $pres = sqlQuery("SELECT lname, fname " . + "FROM patient_data WHERE pid = ?", array($reply_to) ); + $patientname = $pres['lname'] . ", " . $pres['fname']; + $note .= "\n\n$patientname on ".$row['date']." wrote:\n\n"; + $note .= $row['body']; + } + addPnote($reply_to, $note, $userauthorized, '1', $form_note_type, $assigned_to, '', $form_message_status); + } } } break; case "save" : { @@ -139,10 +151,14 @@ echo " ?>     : - + + \n"; } + else if ($fldtype == 'pwd') { + if ($_GET['mode'] == "user") { + $globalTitle = $globalValue; + } + echo " \n"; + } else if ($fldtype == 'pass') { if ($_GET['mode'] == "user") { diff --git a/library/acl.inc b/library/acl.inc index 2e713cd50..ebd737bc5 100644 --- a/library/acl.inc +++ b/library/acl.inc @@ -85,6 +85,10 @@ // // Section "nationnotes" (Nation Notes): // nn_configure Nation Notes + // + // Section "patientportal" (Patient Portal): + // portal Patient Portal + if (isset ($phpgacl_location)) { include_once("$phpgacl_location/gacl.class.php"); diff --git a/library/globals.inc.php b/library/globals.inc.php index 980aa3b79..45f2fafb0 100644 --- a/library/globals.inc.php +++ b/library/globals.inc.php @@ -1211,6 +1211,34 @@ $GLOBALS_METADATA = array( 'https://your_web_site.com/openemr/patients', xl('Website link for the Onsite Patient Portal.') ), + + 'portal_offsite_enable' => array( + xl('Enable Offsite Patient Portal'), + 'bool', // data type + '0', + xl('Enable Offsite Patient Portal.') + ), + + 'portal_offsite_username' => array( + xl('Offsite Patient Portal Username'), + 'text', // data type + '', + xl('Offsite Patient Portal Username(Put Blank If not Registered).') + ), + + 'portal_offsite_password' => array( + xl('Offsite Patient Portal Password'), + 'pwd', // data type + '', + xl('Offsite Patient Portal Password(Put Blank If not Registered).') + ), + + 'portal_offsite_address' => array( + xl('Offsite Patient Portal Site Address'), + 'text', // data type + 'https://mydocsportal.com/provider.php', + xl('Offsite Https link for the Patient Portal.') + ), ), @@ -1245,7 +1273,7 @@ $GLOBALS_METADATA = array( 'https://openemrsupport.com:29443/len/api', xl('Https link for the OpenEMR Support LLC Lab Exchange Service.') ), - + 'erx_enable' => array( xl('Enable NewCrop eRx Service'), 'bool', // data type diff --git a/myportal/index.php b/myportal/index.php new file mode 100644 index 000000000..d3e8d4a73 --- /dev/null +++ b/myportal/index.php @@ -0,0 +1,87 @@ + +// +// +// This program is free software; you can redistribute it and/or +// modify it under the terms of the GNU General Public License +// as published by the Free Software Foundation; either version 2 +// of the License, or (at your option) any later version. +// +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// +// A copy of the GNU General Public License is included along with this program: +// openemr/interface/login/GnuGPL.html +// For more information write to the Free Software +// Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. +// +// Author: Eldho Chacko +// Jacob T Paul +// Paul Simon +// +// +------------------------------------------------------------------------------+ + +//SANITIZE ALL ESCAPES +$sanitize_all_escapes=true; +// + +//STOP FAKE REGISTER GLOBALS +$fake_register_globals=false; +// +if (!extension_loaded('soap')) { + die("PLEASE ENABLE SOAP EXTENSION"); +} +require_once("../interface/globals.php"); + $emr_path = $_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']; + $emrpatharr = explode("/myportal",$emr_path); + $emr_path = (!empty($_SERVER['HTTPS'])) ? "https://".$emrpatharr[0] : "http://".$emrpatharr[0]; + $row = sqlQuery("SELECT fname,lname FROM users WHERE id=?",array($_SESSION['authId'])); + sqlStatement("DELETE FROM audit_details WHERE audit_master_id IN(SELECT id FROM audit_master WHERE type=5 AND created_time<'".date("Y-m-d H:m",(strtotime(date("Y-m-d H:m")-7200))).":00')"); + sqlStatement("DELETE FROM audit_master WHERE type=5 AND created_time<'".date("Y-m-d H:m",(strtotime(date("Y-m-d H:m")-7200))).":00'"); + + function md5_pass($length = 8) + { + $randkey = substr(md5(rand().rand()), 0, $length); + $res = sqlStatement("SELECT * FROM audit_master AS am LEFT OUTER JOIN audit_details AS ad ON ad.audit_master_id=am.id WHERE type=5 AND field_value=?",array($randkey)); + if(sqlNumRows($res)){ + md5_pass(); + } + else{ + $grpID = sqlInsert("INSERT INTO audit_master SET type=5"); + sqlStatement("INSERT INTO audit_details SET field_value=? , audit_master_id=?",array($randkey,$grpID)); + return $randkey; + } + } +?> + + + + + +<?php echo htmlspecialchars(xl("Redirection"),ENT_QUOTES);?> + +
      + + + + "> + + + +
      + + \ No newline at end of file diff --git a/myportal/soap_service/factory_class.php b/myportal/soap_service/factory_class.php new file mode 100644 index 000000000..8667fc6af --- /dev/null +++ b/myportal/soap_service/factory_class.php @@ -0,0 +1,35 @@ + +// +// +// This program is free software; you can redistribute it and/or +// modify it under the terms of the GNU General Public License +// as published by the Free Software Foundation; either version 2 +// of the License, or (at your option) any later version. +// +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// +// A copy of the GNU General Public License is included along with this program: +// openemr/interface/login/GnuGPL.html +// For more information write to the Free Software +// Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. +// +// Author: Eldho Chacko +// Jacob T Paul +// +// +------------------------------------------------------------------------------+ +class factoryclass{ +public static function dynamic_class_factory($page) + { + include_once ('server_'.$page.'.php'); + + return new $page; + } +} +?> \ No newline at end of file diff --git a/myportal/soap_service/server_audit.php b/myportal/soap_service/server_audit.php new file mode 100644 index 000000000..360ee937f --- /dev/null +++ b/myportal/soap_service/server_audit.php @@ -0,0 +1,321 @@ + +// +// +// This program is free software; you can redistribute it and/or +// modify it under the terms of the GNU General Public License +// as published by the Free Software Foundation; either version 2 +// of the License, or (at your option) any later version. +// +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// +// A copy of the GNU General Public License is included along with this program: +// openemr/interface/login/GnuGPL.html +// For more information write to the Free Software +// Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. +// +// Author: Eldho Chacko +// Jacob T Paul +// +// +------------------------------------------------------------------------------+ + +//SANITIZE ALL ESCAPES +$sanitize_all_escapes=true; +// + +//STOP FAKE REGISTER GLOBALS +$fake_register_globals=false; +// + +require_once("server_mail.php"); + +class UserAudit extends UserMail{ + + + +//During auditing if a new patient demo is rejected will delete the patient from DB + + public function delete_if_new_patient($var) + { + $data_credentials=$var[0]; + if(UserService::valid($data_credentials)=='oemruser'){ + $audit_master_id = $var['audit_master_id']; + $qry = "select * from audit_master WHERE id=? and approval_status=1 and type=1"; + $result=sqlStatement($qry,array($audit_master_id)); + $rowfield = sqlFetchArray($result); + if($rowfield['pid']>0) + { + $pid=$rowfield['pid']; + $qry = "DELETE from patient_data WHERE pid=?"; + sqlStatement($qry,array($pid)); + $qry = "DELETE from employer_data WHERE pid=?"; + sqlStatement($qry,array($pid)); + $qry = "DELETE from history_data WHERE pid=?"; + sqlStatement($qry,array($pid)); + $qry = "DELETE from insurance_data WHERE pid=?"; + sqlStatement($qry,array($pid)); + $qry = "DELETE from patient_access_offsite WHERE pid=? "; + sqlStatement($qry,array($pid)); + $qry = "DELETE from openemr_postcalendar_events WHERE pc_pid=? ";// appointments approved, but patient denied case. + sqlStatement($qry,array($pid)); + $qry = "select * from documents_legal_master,documents_legal_detail where dld_pid=? + and dlm_document_id=dld_master_docid and dlm_subcategory not in (SELECT dlc_id FROM `documents_legal_categories` + where dlc_category_name='Layout Signed' and dlc_category_type=2)"; + $result=sqlStatement($qry,array($pid)); + while($row_sql=sqlFetchArray($result)) + { + @unlink('../documents/'.$row_sql['dld_filepath'].$row_sql['dld_filename']); + } + $qry = "DELETE from documents_legal_detail WHERE dld_pid=?"; + sqlStatement($qry,array($pid)); + $qry = "DELETE from audit_details WHERE audit_master_id in + (select id from audit_master WHERE pid=? )";//type and approval_status=1 is not called purposefully,so as to delete the appointments also + sqlStatement($qry,array($pid)); + $qry = "DELETE from audit_master WHERE pid=?";//type and approval_status=1 is not called purposefully,so as to delete the appointments also + sqlStatement($qry,array($pid)); + } + } + else{ + throw new SoapFault("Server", "credentials failed in delete_if_new_patient error message"); + } + } + + +//update the audit master_table with the status ie denied,approved etc. + + public function update_audit_master($var) + { + $data_credentials=$var[0]; + if(UserService::valid($data_credentials)){ + $audit_master_id=$var['audit_master_id']; + $approval_status=$var['approval_status']; + $comments=$var['comments']; + $user_id=$var['user_id']; + sqlStatement("UPDATE audit_master SET approval_status=?, comments=?,modified_time=NOW(),user_id=? WHERE id=? ",array($approval_status,$comments,$user_id,$audit_master_id)); + } + else{ + throw new SoapFault("Server", "credentials failed in update_audit_master error message"); + } + } + + + +// Will update the corresponding tables with the audited and approved data. +//Appointments and Demos are updated from the audit_details table to the actual transaction tables + public function update_audited_data($var) + { + $data_credentials=$var[0]; + $validtables = array("patient_data","employer_data","insurance_data","history_data","openemr_postcalendar_events"); + if(UserService::valid($data_credentials)){ + $audit_master_id = $var['audit_master_id']; + $res = sqlStatement("SELECT * FROM audit_master where id=? and approval_status='1' and type='3' ",array($audit_master_id)); + if(sqlNumRows($res)>0)//skip this function if type=3(only documents saved.) + { + return; + } + $res = sqlStatement("SELECT DISTINCT ad.table_name,am.id,am.pid FROM audit_master as am,audit_details as ad WHERE am.id=ad.audit_master_id and am.approval_status in ('1','4') and am.id=?",array($audit_master_id)); + $tablecnt = sqlNumRows($res); + while($row = sqlFetchArray($res)){ + $pid=$row['pid']; + $resfield = sqlStatement("SELECT * FROM audit_details WHERE audit_master_id=? AND table_name=?",array($audit_master_id,$row['table_name'])); + $table = $row['table_name']; + $cnt = 0; + foreach($validtables as $value){//Update will execute if and only if all tables are validtables + if($value==$table) + $cnt++; + } + if($cnt>0){ + while($rowfield = sqlFetchArray($resfield)){ + + if($table=='patient_data'){ + $newdata['patient_data'][$rowfield['field_name']]=$rowfield['field_value']; + } + + if($table=='employer_data'){ + $newdata['employer_data'][$rowfield['field_name']]=$rowfield['field_value']; + } + + if($table=='insurance_data'){ + $ins1_type="primary"; + $ins2_type="secondary"; + $ins3_type="tertiary"; + for($i=1;$i<=3;$i++) + { + $newdata[$rowfield['entry_identification']][$rowfield['field_name']]=$rowfield['field_value']; + } + } + + if($table=='openemr_postcalendar_events'){ + $newdata['openemr_postcalendar_events'][$rowfield['field_name']]=$rowfield['field_value']; + } + + } + require_once("../../library/invoice_summary.inc.php"); + require_once("../../library/options.inc.php"); + require_once("../../library/acl.inc"); + require_once("../../library/patient.inc"); + if($table=='patient_data'){ + $pdrow = sqlQuery("SELECT id from patient_data WHERE pid=?",array($pid)); + $newdata['patient_data']['id']=$pdrow['id']; + updatePatientData($pid,$newdata['patient_data']); + } + elseif($table=='employer_data'){ + updateEmployerData($pid,$newdata['employer_data']); + } + elseif($table=='insurance_data'){ + for($i=1;$i<=3;$i++){ + newInsuranceData( + $pid, + add_escape_custom($newdata[${ins.$i._type}]['type']), + add_escape_custom($newdata[${ins.$i._type}]['provider']), + add_escape_custom($newdata[${ins.$i._type}]['policy_number']), + add_escape_custom($newdata[${ins.$i._type}]['group_number']), + add_escape_custom($newdata[${ins.$i._type}]['plan_name']), + add_escape_custom($newdata[${ins.$i._type}]['subscriber_lname']), + add_escape_custom($newdata[${ins.$i._type}]['subscriber_mname']), + add_escape_custom($newdata[${ins.$i._type}]['subscriber_fname']), + add_escape_custom($newdata[${ins.$i._type}]['subscriber_relationship']), + add_escape_custom($newdata[${ins.$i._type}]['subscriber_ss']), + add_escape_custom($newdata[${ins.$i._type}]['subscriber_DOB']), + add_escape_custom($newdata[${ins.$i._type}]['subscriber_street']), + add_escape_custom($newdata[${ins.$i._type}]['subscriber_postal_code']), + add_escape_custom($newdata[${ins.$i._type}]['subscriber_city']), + add_escape_custom($newdata[${ins.$i._type}]['subscriber_state']), + add_escape_custom($newdata[${ins.$i._type}]['subscriber_country']), + add_escape_custom($newdata[${ins.$i._type}]['subscriber_phone']), + add_escape_custom($newdata[${ins.$i._type}]['subscriber_employer']), + add_escape_custom($newdata[${ins.$i._type}]['subscriber_employer_street']), + add_escape_custom($newdata[${ins.$i._type}]['subscriber_employer_city']), + add_escape_custom($newdata[${ins.$i._type}]['subscriber_employer_postal_code']), + add_escape_custom($newdata[${ins.$i._type}]['subscriber_employer_state']), + add_escape_custom($newdata[${ins.$i._type}]['subscriber_employer_country']), + add_escape_custom($newdata[${ins.$i._type}]['copay']), + add_escape_custom($newdata[${ins.$i._type}]['subscriber_sex']), + add_escape_custom($newdata[${ins.$i._type}]['date']), + add_escape_custom($newdata[${ins.$i._type}]['accept_assignment'])); + } + } + elseif($table=='openemr_postcalendar_events'){ + sqlInsert("INSERT INTO openemr_postcalendar_events ( " . + "pc_pid,pc_title,pc_time,pc_hometext,pc_eventDate,pc_endDate,pc_startTime,pc_endTime,pc_duration,pc_catid,pc_eventstatus,pc_aid,pc_facility" . + ") VALUES ( " . + "'" . add_escape_custom($pid) . "', " . + "'" . add_escape_custom($newdata['openemr_postcalendar_events']['pc_title']) . "', " . + "NOW(), " . + "'" . add_escape_custom($newdata['openemr_postcalendar_events']['pc_hometext']) . "', " . + "'" . add_escape_custom($newdata['openemr_postcalendar_events']['pc_eventDate']) . "', " . + "'" . add_escape_custom($newdata['openemr_postcalendar_events']['pc_endDate']) . "', " . + "'" . add_escape_custom($newdata['openemr_postcalendar_events']['pc_startTime']) . "', " . + "'" . add_escape_custom($newdata['openemr_postcalendar_events']['pc_endTime']) . "', " . + "'" . add_escape_custom($newdata['openemr_postcalendar_events']['pc_duration']) . "', " . + "'" . add_escape_custom($newdata['openemr_postcalendar_events']['pc_catid']) . "', " . + "1, " . + "'" . add_escape_custom($newdata['openemr_postcalendar_events']['pc_aid'])."', " . + "'" . add_escape_custom($newdata['openemr_postcalendar_events']['pc_facility']) . "')" + ); + } + } + else{ + throw new SoapFault("Server", "Table Not Supported error message"); + } + } + } + else{ + throw new SoapFault("Server", "credentials failed in updated_audited_data error message"); + } + } + + +//Data from portal is inserted through this function. It will wait for audit and approval +//according to the facility settings. audit_details is the child table of Audit_master + + public function insert_to_be_audit_data($var) + { + global $pid; + $data_credentials = $var[0]; + if(UserService::valid($data_credentials)) + { + $audit_master_id_to_delete=$var['audit_master_id_to_delete']; + $approval_status=$var['approval_status']; + $type=$var['type']; + $ip_address=$var['ip_address']; + $table_name_array=$var['table_name_array']; + $field_name_value_array=$var['field_name_value_array']; + $entry_identification_array=$var['entry_identification_array']; + + if($audit_master_id_to_delete){ + $qry = "DELETE from audit_master WHERE id=?"; + sqlStatement($qry,array($audit_master_id_to_delete)); + $qry = "DELETE from audit_details WHERE audit_master_id=?"; + sqlStatement($qry,array($audit_master_id_to_delete)); + } + + $master_query="INSERT INTO audit_master SET + pid = ?, + approval_status = ?, + ip_address = ?, + type = ?"; + $audit_master_id= sqlInsert($master_query,array($pid,$approval_status,$ip_address,$type)); + $detail_query="INSERT INTO `audit_details` (`table_name`, `field_name`, `field_value`, `audit_master_id`, `entry_identification`) VALUES "; + $detail_query_array=''; + foreach($table_name_array as $key=>$table_name) + { + foreach($field_name_value_array[$key] as $field_name=>$field_value) + { + $detail_query.="(? ,? ,? ,? ,?),"; + $detail_query_array[] = $table_name; + $detail_query_array[] = trim($field_name); + $detail_query_array[] = trim($field_value); + $detail_query_array[] = $audit_master_id; + $detail_query_array[] = trim($entry_identification_array[$key]); + } + } + $detail_query = substr($detail_query, 0, -1); + $detail_query=$detail_query.';'; + sqlInsert($detail_query,$detail_query_array); + if($var['auto_update']==1) + { + $var['audit_master_id'] = $audit_master_id; + UserAudit::update_audited_data($var); + } + } + else + { + throw new SoapFault("Server", "credentials failed in insert_to_be_audit_data error message"); + } + } + + +//Data from portal is inserted through this function. It will wait for audit and approval +//according to the facility settings. This is the master table entry. + + public function insert_audit_master($var) + { + global $pid; + $data_credentials=$var[0]; + if(UserService::valid($data_credentials)) + { + $approval_status=$var['approval_status']; + $type=$var['type']; + $ip_address=$var['ip_address']; + + $master_query="INSERT INTO audit_master SET + pid = ?, + approval_status = ?, + ip_address = ?, + type =?"; + $audit_master_id= sqlInsert($master_query,array($pid,$approval_status,$ip_address,$type)); + } + else + { + throw new SoapFault("Server", "credentials failed in insert_audit_master error message"); + } + } +} +?> \ No newline at end of file diff --git a/myportal/soap_service/server_existingpatient.php b/myportal/soap_service/server_existingpatient.php new file mode 100644 index 000000000..6085109ad --- /dev/null +++ b/myportal/soap_service/server_existingpatient.php @@ -0,0 +1,568 @@ + +// +// +// This program is free software; you can redistribute it and/or +// modify it under the terms of the GNU General Public License +// as published by the Free Software Foundation; either version 2 +// of the License, or (at your option) any later version. +// +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// +// A copy of the GNU General Public License is included along with this program: +// openemr/interface/login/GnuGPL.html +// For more information write to the Free Software +// Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. +// +// Author: Eldho Chacko +// Jacob T Paul +// +// +------------------------------------------------------------------------------+ + +//SANITIZE ALL ESCAPES +$sanitize_all_escapes=true; +// + +//STOP FAKE REGISTER GLOBALS +$fake_register_globals=false; +// + +class existingpatient { + + +//this will return the query string along with the parameter array, according to the case case. +//actual execution is done in the select_query function in Server_side + + public function query_formation($data){ + global $pid; + switch($data[0]){ + case 'A1': + //Select list of encounters for the patients + $query="select f.id, f.date, f.pid, f.encounter, f.stmt_count, f.last_stmt_date, f.facility_id,f.billing_facility, " . + "p.fname, p.mname, p.lname, p.street, p.city, p.state, p.postal_code " . + " ,u.fname as dfname, u.mname as dmname, u.lname as dlname". + " from ((form_encounter AS f, patient_data AS p) " . + " left join users as u on f.provider_id =u.id) ". + " left join facility as fa on fa.id =f.billing_facility ". + "WHERE ( f.pid=? ) AND " . + "p.pid = f.pid " . + "ORDER BY f.pid,f.billing_facility, f.date desc, f.encounter desc"; + return array($query,array($pid)); + break; + //Select list of providers + case 'A2': + $query="Select distinct u.fname, u.mname, u.lname". + " from (form_encounter AS f, billing AS b) " . + " left join users as u on f.provider_id =u.id ". + " WHERE f.pid = b.pid and f.encounter = b.encounter " . + " and f.encounter=? and f.pid=? ". + " ORDER BY u.fname, u.lname"; + array_push($data[1],$pid); + return array($query,array($data[1])); + break; + //Select list of encounters for the patients + case 'A3': + //ledger + $where = ''; + $wherearray=array(); + foreach($data[1][0] as $k=>$v) + { + $where .= " OR f.id = ?"; + $wherearray[]=$v; + } + $where = substr($where, 4); + if(!$where) + { + $where='?'; + $wherearray[]=0; + } + $wherearray[]=$pid; + $query= "Select f.id, f.date, f.pid, f.encounter, f.stmt_count, f.last_stmt_date, f.facility_id,f.billing_facility, " . + "p.fname, p.mname, p.lname, p.street, p.city, p.state, p.postal_code " . + " ,u.fname as dfname, u.mname as dmname, u.lname as dlname". + " from ((form_encounter AS f, patient_data AS p) " . + " left join users as u on f.provider_id =u.id) ". + " left join facility as fa on fa.id =f.billing_facility ". + "WHERE ( $where) AND " . + "p.pid = f.pid and f.pid=?" . + "ORDER BY f.pid,f.billing_facility, f.date desc, f.encounter desc"; + return array($query,$wherearray); + break; + + case 'A4': + $query="select * from form_encounter where pid=? limit 1 "; + return array($query,array($pid)); + break; + + case 'A5': + include_once('../../library/formdata.inc.php'); + $enc_set_array=array(); + $enc_set_array[]=$pid; + if($data[1][1]=='' && $data[1][2]>0) + { + $enc_set= " and encounter=? " ; + $enc_set_array[]=$data[1][2]; + } + $provider=""; + $provider =add_escape_custom($data[1][0]); + $query="select fe.id,fe.pid,encounter,date_format(fe.date,'%Y-%m-%d') + as date,concat(pd.lname,' ',pd.fname) as patname,concat(u.lname,', ',u.fname) + as provname,".$provider." from form_encounter fe left outer join users u + on u.id =fe.".$provider." join patient_data pd on pd.pid=fe.pid where + fe.pid=?". $enc_set ." order by fe.date desc"; + return array($query, $enc_set_array); + break; + + case 'A6': + $enc_set_array=array(); + $enc_set_array[]=$pid; + if($data[1][0]=='' && $data[1][1]>0) + { + $enc_set= " and encounter=? "; + $enc_set_array[]=$data[1][1]; + } + $query="select encounter,sum(fee) as copay ". + " from billing where code_type='copay' and pid=? $enc_set group by encounter"; + return array($query,$enc_set_array); + break; + //DEtails of CPT, Diagnosis etc of an encounter + case 'A7': + $enc_set_array=array(); + $enc_set_array[]=$pid; + if($data[1][0]=='' && $data[1][1]>0) + { + $enc_set= " and encounter=? "; + $enc_set_array[]=$data[1][1]; + + } + $query="select concat(encounter,code,modifier) as ecm,encounter,code, + modifier,units,fee,code_text,justify from billing where activity=1 and fee>0 and code_type not in('ICD9','copay') and pid=? $enc_set"; + return array($query,$enc_set_array); + break; + //Payment details of an encounter + case 'A8': + $enc_set_array=array(); + $enc_set_array[]=$pid; + if($data[1][0]=='' && $data[1][1]>0) + { + $enc_set= " and encounter=? "; + $enc_set_array[]=$data[1][1]; + } + $query="select concat(encounter,code,modifier) as pecm,encounter,code, + modifier,pay_amount,adj_amount,payer_type,post_time,account_code, + follow_up_note,memo,date_format(post_time,'%Y-%m-%d') as dtfrom from ar_activity where pid=? $enc_set"; + return array($query,$enc_set_array); + break; + case 'A9': + $query = "SELECT sum(pay_total) as pay_total FROM ar_session WHERE patient_id=? AND adjustment_code=?"; + return array($query,array($pid,'pre_payment')); + break; + case 'A10': + $query = "SELECT sum(pay_total) as pay_amount FROM ar_session,ar_activity WHERE patient_id=? AND adjustment_code=? + AND pid=? AND ar_session.session_id=ar_activity.session_id and pay_amount>0"; + return array($query,array($pid,'pre_payment',$pid)); + break; + case 'A11': + $query = "SELECT sum(pay_total) as pay_total FROM ar_session WHERE patient_id=? AND adjustment_code!=?"; + return array($query,array($pid,'pre_payment')); + break; + case 'A12': + $query = "SELECT sum(pay_total) as pay_amount FROM ar_session,ar_activity WHERE patient_id=? AND adjustment_code!=? + AND pid=? AND ar_session.session_id=ar_activity.session_id and pay_amount>0"; + return array($query,array($pid,'pre_payment',$pid)); + break; + + // Entries pending for approval for Existing Patient and New Patient. + case 'U4': + $query= "select * from audit_master where pid=? and approval_status='1' and (type='1' or type='2')"; + return array($query,array($pid)); + break; + // Entries pending for approval for documents only (no demo change). + case 'U5': + $query = " select * from audit_master where pid=? and approval_status='1' and type='3' "; + return array($query,$data[1]); + break; + + case 'P1': + $query= "select MAX(pid)+1 AS pid from patient_data "; + + return array($query); + break; + + //for building patient Demo + case 'P2': + $query="select * from layout_options " . + "WHERE form_id = 'DEM' AND uor > 0 AND field_id != '' " . + "ORDER BY group_name, seq"; + return array($query); + break; + + //for building patient Demo Date of Birth + case 'P3': + $query="select *, DATE_FORMAT(DOB,'%Y-%m-%d') as DOB_YMD from patient_data where pid=? order by date DESC limit 0,1 "; + return array($query,array($pid)); + break; + + //for building patient Demo Employer Data + case 'P4': + $query="select * from employer_data where pid=? order by date DESC limit 0,1 "; + return array($query,array($pid)); + break; + + //for building patient Demo Insurance company details for Patient + case 'P5': + $query=" select insd.*, ic.name as provider_name from insurance_data as insd " . + "left join insurance_companies as ic on ic.id = insd.provider " . + "where pid = ? and type =? order by date DESC limit 1 "; + array_unshift($data[1],$pid); + return array($query,$data[1]); + break; + + // Entries pending for approval demo and documents. + case 'P6': + $query=" select * from audit_master as am,audit_details as ad WHERE am.id=ad.audit_master_id and am.pid=? and am.approval_status='1' + and (am.type='1' or am.type='2' or am.type='3') order by ad.id"; + return array($query,array($pid)); + break; + // Demo building from layout options. + + case 'P7': + $query=" select * from layout_options WHERE form_id = 'DEM' AND uor > 0 AND field_id != '' " . + "ORDER BY group_name, seq"; + + return array($query); + break; + + //Global specific application for building demo. + case 'P8': + $query="select * from globals where gl_name ='specific_application' "; + return array($query); + break; + + //Global omit employers for building demo. + case 'P9': + $query=" select * from globals where gl_name ='omit_employers' "; + return array($query); + break; + //details of COpay and Fees + case 'P10': + array_push($data[1],$pid); + $query= "select date, code_type, code, modifier, code_text, fee , units, justify from billing WHERE encounter =? AND pid = ? AND " . + " activity = 1 AND fee != 0.00 ORDER BY fee desc,code,modifier"; + return array($query,$data[1]); + break; + + case 'P11': + $query = "select code_text from codes WHERE code = ? "; + return array($query,$data[1]); + break; + //Details of drug sales + case 'P12': + array_push($data[1],$pid); + $query = "select s.drug_id, s.sale_date, s.fee, s.quantity from drug_sales AS s " . + "WHERE s.encounter = ? and s.pid = ? AND s.fee != 0 " . + "ORDER BY s.sale_id"; + return array($query,$data[1]); + break; + //Details of Payments + case 'P14': + array_push($data[1],$pid); + $query = "Select a.code, a.modifier, a.memo, a.payer_type, a.adj_amount, a.pay_amount, " . + "a.post_time, a.session_id, a.sequence_no,a.follow_up, a.follow_up_note, " . + "s.payer_id, s.reference, s.check_date, s.deposit_date " . + ",i.name from ar_activity AS a " . + "LEFT OUTER JOIN ar_session AS s ON s.session_id = a.session_id " . + "LEFT OUTER JOIN insurance_companies AS i ON i.id = s.payer_id " . + "WHERE a.encounter = ? and a.pid = ? " . + "ORDER BY s.check_date, a.sequence_no"; + return array($query,$data[1]); + break; + //Address of Billing Facility + case 'P15': + $query = "SELECT f.name,f.street,f.city,f.state,f.postal_code,f.phone from facility f " . + " where id=?"; + return array($query,$data[1]); + break; + //Encounter status primary,secondary Etc + case 'P16': + array_push($data[1],$pid); + $query = "select last_level_closed from form_encounter where encounter= ? and pid =? "; + return array($query,$data[1]); + break; + + case 'P17': + $query = "select COUNT( DISTINCT TYPE ) NumberOfInsurance from insurance_data where pid =? and provider>0 "; + return array($query,array($pid)); + break; + + case 'P19': + $query = "select date,encounter from form_encounter where pid =? ORDER BY encounter"; + return array($query,array($pid)); + break; + + case 'P20': + if($data[1][1]>0) + { + $string_query=" and pid !=?"; + } + if($string_query) + { + $x=array($data[1][0],$pid); + } + else + { + $x=array($data[1][0]); + } + $query="select count(*) AS count from patient_data where pubpid = ? $string_query"; + return array($query,$x); + break; + + //getting DOB and SSN for verifying the duplicate patient existance + case 'P21': + if($data[1][1]>0) + { + $string_query=" and pid !=?"; + } + if($string_query) + { + $x=array($data[1][0],$pid); + } + else + { + $x=array($data[1][0]); + } + $query="select ss,DOB from patient_data where DOB=? $string_query "; + return array($query,$x); + break; + + //master data for calendar from Globals + case 'B1': + //patient appointment + if($data[1][0]=='calendar_interval'||$data[1][0]=='schedule_start'||$data[1][0]=='schedule_end') + { + $query="select gl_value from globals where gl_name=?"; + return array($query,$data[1]); + } + else + return 0; + break; + + case 'B4': + //Check whether an entry exist in the form Encounter to decide whether patient is an existing patient. + $query="select COUNT(*) AS cnt from form_encounter WHERE pid=?"; + return array($query,array($pid)); + break; + + case 'B5': + //Existing appointments for a patient + array_unshift($data[1],$pid); + $query="select pc_eid,pc_eventDate,pc_startTime,pc_endTime,fname,lname,name,pc_apptstatus from openemr_postcalendar_events AS c, + users AS u,facility AS f WHERE pc_pid=? AND pc_aid=u.id AND pc_facility=f.id AND pc_apptstatus!=? order by pc_eventDate desc"; + return array($query,$data[1]); + break; + + case 'B6': + //Appointments pending for approval + array_push($data[1],$pid); + $query="select am.id,am.approval_status,ad.audit_master_id,ad.field_name,ad.field_value,u.fname,u.lname,f.name from audit_master AS am, + audit_details AS ad LEFT JOIN users AS u ON ad.field_value=u.id AND ad.field_name=? LEFT JOIN facility AS f ON ad.field_value=f.id AND + ad.field_name=? WHERE am.pid=? AND am.id=ad.audit_master_id AND am.type='10' AND am.approval_status NOT IN ('2','4') + ORDER BY approval_status, am.id desc,ad.id desc"; + return array($query,$data[1]); + break; + + case 'B7': + //patient appointment history + array_unshift($data[1],$pid); + $query="select pc_eid,pc_eventDate,pc_startTime,pc_endTime,fname,lname,name,pc_apptstatus from openemr_postcalendar_events AS c, + users AS u,facility AS f WHERE pc_pid=? AND pc_aid=u.id AND pc_facility=f.id AND pc_apptstatus=? order by pc_eventDate desc"; + return array($query,$data[1]); + break; + + case 'B8': + //List of Service Facility + include_once('../../library/formdata.inc.php'); + $query="select * from facility where service_location != 0 and id in (".add_escape_custom($data[1][0]).") order by name"; + return array($query); + break; + + case 'B9': + //Providers list + $query="select id, lname, fname from users WHERE authorized = 1 AND username != '' AND username NOT LIKE '%Admin%' AND active = 1 + AND ( info IS NULL OR info NOT LIKE '%Inactive%' ) ORDER BY lname, fname"; + return array($query); + break; + + case 'B10': + //Calendar default visit time for visit category. value for Admin--->others-->calendar + $query="select pc_duration from openemr_postcalendar_categories WHERE pc_catid = ?"; + return array($query,$data[1]); + break; + + case 'B11'; + //patient appointment + $query="select pc_eventDate, pc_endDate, pc_startTime, pc_duration, pc_recurrtype, pc_recurrspec, pc_alldayevent, pc_catid, + pc_prefcatid from openemr_postcalendar_events WHERE pc_aid = ? AND ((pc_endDate >= ? AND pc_eventDate < ?) OR + (pc_endDate = '0000-00-00' AND pc_eventDate >= ? AND pc_eventDate < ?)) AND pc_facility = ?"; + return array($query,$data[1]); + break; + + case 'B12': + //Appointments pending for approval + $query="select * from audit_master WHERE pid =? AND type='10'"; + return array($query,array($pid)); + break; + + case 'B13': + //patient appointment + $query="select * from facility where service_location != 0 order by name"; + return array($query); + break; + + //C series for mailbox. + case 'C1': + $query = "SELECT username, fname, lname FROM users WHERE username != '' AND active = 1 AND ( info IS NULL OR info NOT LIKE + '%Inactive%' ) ORDER BY lname, fname"; + return array($query); + break; + + case 'C2': + $query = "SELECT option_id, title FROM list_options WHERE list_id = ? ORDER BY seq"; + return array($query,$data[1]); + break; + + //D series for patient. + case 'D1': + $query = "SELECT forms.encounter, forms.form_id, forms.id, forms.form_name, forms.formdir,forms.date AS fdate, + form_encounter.date ,form_encounter.reason FROM forms LEFT OUTER JOIN form_encounter ON forms.pid=form_encounter.pid + WHERE forms.pid = ? AND forms.deleted=0 AND forms.formdir<>? GROUP BY id ORDER BY forms.encounter,fdate ASC"; + array_unshift($data[1],$pid); + return array($query,$data[1]); + break; + + case 'D2': + $query = "SELECT name FROM registry ORDER BY priority"; + return array($query); + break; + + case 'D3': + $query = "select * from lists WHERE pid =? ORDER BY type, begdate"; + return array($query,array($pid)); + break; + + case 'D4': + $query = "select encounter from issue_encounter WHERE pid = ? AND list_id = ?"; + array_unshift($data[1],$pid); + return array($query,$data[1]); + break; + + //G series for form menu inc + case 'G1': + $query = "SELECT * FROM `documents_legal_categories` where dlc_category_name=? and dlc_category_type=2"; + return array($query,$data[1]); + break; + + case 'G2': + $query = "SELECT * FROM documents_legal_master AS dlm WHERE dlm_subcategory <> ? and dlm_effective_date <= now() AND + dlm_effective_date<>? AND dlm_document_id Not IN (SELECT distinct(dld_master_docid) FROM documents_legal_detail WHERE + dld_id IS NOT NULL AND dld_pid=?)"; + array_push($data[1],$pid); + return array($query,$data[1]); + break; + + case 'G3': + $query = "SELECT * FROM documents_legal_master AS dlm LEFT OUTER JOIN documents_legal_detail as dld ON + dlm_document_id=dld_master_docid WHERE dlm_subcategory <> ? and dlm_effective_date <= now() AND dlm_effective_date<>? + AND dld_id IS NOT NULL AND dld_signed=? AND dld_pid=? ORDER BY dlm_effective_date DESC"; + array_push($data[1],$pid); + return array($query,$data[1]); + break; + + case 'G4': + $query = "SELECT * FROM documents_legal_master AS dlm JOIN documents_legal_detail as dld ON dlm_document_id=dld_master_docid + JOIN form_encounter as fe ON encounter=dld_encounter WHERE dlm_subcategory = ? AND dlm_effective_date <= now() AND + dlm_effective_date<>? AND dld_id IS NOT NULL AND dld_signed=? AND dld_signing_person=? AND dld_pid=? + ORDER BY dlm_effective_date DESC"; + array_push($data[1],$pid); + return array($query,$data[1]); + break; + + case 'G5': + $query = "SELECT * FROM documents_legal_master AS dlm JOIN documents_legal_detail as dld ON dlm_document_id=dld_master_docid + JOIN form_encounter as fe ON encounter=dld_encounter WHERE dlm_subcategory = ? and dlm_effective_date <= now() AND + dlm_effective_date<>? AND dld_id IS NOT NULL AND dld_filename != '' AND dld_pid=? GROUP BY dld_encounter,dlm_document_id + ORDER BY dld_id DESC"; + array_push($data[1],$pid); + return array($query,$data[1]); + break; + + case 'F1': + //Patient details . + $query="select * from patient_data where pid=?"; + return array($query,array($pid)); + break; + + case 'F2': + //PDF forms detail selected + $query="select * from documents_legal_master where dlm_document_id=?"; + return array($query,$data[1]); + break; + + case 'F3': + //signing + array_unshift($data[1],$pid); + $query="select * from documents_legal_detail where dld_pid = ? and dld_signed='3' and dld_master_docid = ?"; + return array($query,$data[1]); + break; + + case 'F6': + //signing + $query="select * from documents_legal_master where dlm_document_id=?"; + return array($query,$data[1]); + break; + + case 'F8': + // Entries to be approved demo for new patient, existing patient and only documents + $query="select * from audit_master where pid=? and approval_status='1' and (type='1' or type='2' or type='3')"; + return array($query,array($pid)); + break; + + case 'F9': + //signing + $query="select * from documents_legal_master WHERE dlm_document_id=?"; + return array($query,$data[1]); + break; + + case 'F10': + //Documents ready to be signed and documents unsigned + array_unshift($data[1],$pid); + $query="select * from documents_legal_detail where dld_pid=? and (dld_signed='2' or dld_signed='0') and dld_master_docid=?"; + return array($query,$data[1]); + break; + + + case 'F12': + //Selection from master document for showing to patient + $query="select * from documents_legal_master WHERE dlm_document_name=?"; + return array($query,$data[1]); + break; + + case 'J1': + $query = "SELECT fname FROM patient_data WHERE pid=?"; + return array($query,array($pid)); + break; + //Checking whether a new patient entry is pending in the audit master + case 'J2': + $query = "SELECT pid FROM audit_master WHERE approval_status=1 and type=1 and pid=?"; + return array($query,array($pid)); + break; + } + } +} +?> \ No newline at end of file diff --git a/myportal/soap_service/server_mail.php b/myportal/soap_service/server_mail.php new file mode 100644 index 000000000..8b00c16da --- /dev/null +++ b/myportal/soap_service/server_mail.php @@ -0,0 +1,118 @@ + +// +// +// This program is free software; you can redistribute it and/or +// modify it under the terms of the GNU General Public License +// as published by the Free Software Foundation; either version 2 +// of the License, or (at your option) any later version. +// +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// +// A copy of the GNU General Public License is included along with this program: +// openemr/interface/login/GnuGPL.html +// For more information write to the Free Software +// Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. +// +// Author: Eldho Chacko +// Jacob T Paul +// Ajil P.M +// +// +------------------------------------------------------------------------------+ + +//SANITIZE ALL ESCAPES +$sanitize_all_escapes=true; +// + +//STOP FAKE REGISTER GLOBALS +$fake_register_globals=false; +// + +class UserMail { + + + public function getMails($data){ + global $pid; + if(UserService::valid($data[0])=='existingpatient'){ + require_once("../../library/pnotes.inc"); + if($data[2] == "inbox"){ + if($data[3] && $data[4]){ + $result_notes = getPatientNotes($pid,'','0',$data[3]); + $result_notifications = getPatientNotifications($pid,'','0',$data[4]); + $result = array_merge((array)$result_notes,(array)$result_notifications); + }else{ + $result_notes = getPatientNotes($pid); + $result_notifications = getPatientNotifications($pid); + $result = array_merge((array)$result_notes,(array)$result_notifications); + } + return $result; + }elseif($data[2] == "sent"){ + if($data[3]){ + $result_sent_notes = getPatientSentNotes($pid,'','0',$data[3]); + }else{ + $result_sent_notes = getPatientSentNotes($pid); + } + return $result_sent_notes; + } + }else{ + throw new SoapFault("Server", "credentials failed in getMails error message"); + } + } + + + + + + public function getMailDetails($data){ + if(UserService::valid($data[0])=='existingpatient'){ + require_once("../../library/pnotes.inc"); + $result = getPnoteById($data[1]); + if($result['assigned_to'] == '-patient-' && $result['message_status'] == 'New'){ + updatePnoteMessageStatus($data[1],'Read'); + } + return $result; + }else{ + throw new SoapFault("Server", "credentials failed in getMailDetails error message"); + } + } + + + + + + public function sendMail($data){ + global $pid; + if(UserService::valid($data[0])=='existingpatient'){ + require_once("../../library/pnotes.inc"); + $to_list = explode(';',$data[2]); + foreach($to_list as $to){ + addMailboxPnote($pid,$data[4],'1','1',$data[3],$to); + } + return 1; + }else{ + throw new SoapFault("Server", "credentials failed in getMailDetails error message"); + } + } + + + + + + public function updateStatus($data){ + if(UserService::valid($data[0])=='existingpatient'){ + require_once("../../library/pnotes.inc"); + foreach($data[1] as $id){ + updatePnoteMessageStatus($id,$data[2]); + } + }else{ + throw new SoapFault("Server", "credentials failed in getMailDetails error message"); + } + } +} +?> \ No newline at end of file diff --git a/myportal/soap_service/server_med_rec.php b/myportal/soap_service/server_med_rec.php new file mode 100644 index 000000000..8ddc154ba --- /dev/null +++ b/myportal/soap_service/server_med_rec.php @@ -0,0 +1,432 @@ + +// +// +// This program is free software; you can redistribute it and/or +// modify it under the terms of the GNU General Public License +// as published by the Free Software Foundation; either version 2 +// of the License, or (at your option) any later version. +// +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// +// A copy of the GNU General Public License is included along with this program: +// openemr/interface/login/GnuGPL.html +// For more information write to the Free Software +// Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. +// +// Author: Eldho Chacko +// Jacob T Paul +// +// +------------------------------------------------------------------------------+ + +//SANITIZE ALL ESCAPES +$sanitize_all_escapes=true; +// + +//STOP FAKE REGISTER GLOBALS +$fake_register_globals=false; +// + +require_once("server_audit.php"); +class Userforms extends UserAudit{ + + + + public function issue_type($data){ + if(UserService::valid($data[0])=='existingpatient'){ + global $ISSUE_TYPES; + require_once("../../library/lists.inc"); + return $ISSUE_TYPES; + } + else{ + throw new SoapFault("Server", "credentials failed in issue_type error message"); + } + } + + + + public function print_report($data){ + global $pid; + if(UserService::valid($data[0])=='existingpatient'){ + $repArr = $data[1]; + $type = $data[3]; + global $ISSUE_TYPES; + require_once("../../library/forms.inc"); + require_once("../../library/billing.inc"); + require_once("../../library/pnotes.inc"); + require_once("../../library/patient.inc"); + require_once("../../library/options.inc.php"); + require_once("../../library/acl.inc"); + require_once("../../library/lists.inc"); + require_once("../../library/report.inc"); + require_once("../../library/classes/Document.class.php"); + require_once("../../library/classes/Note.class.php"); + require_once("../../library/formatting.inc.php"); + require_once("../../custom/code_types.inc.php"); + foreach($repArr as $value){ + ob_start(); + if($type=="profile"){ + $this->getIncudes($value); + $out .= ob_get_clean(); + } + else{ + if($type=='issue') + $this->getIid($value); + if($type=='forms') + $this->getforms($value); + $out .= ob_get_clean(); + } + + } + return $out; + } + else{ + throw new SoapFault("Server", "credentials failed in print_report error message"); + } + } + + + + + public function print_ccr_report($data){ + if(UserService::valid($data[0])=='existingpatient'){ + $ccraction = $data[1]; + $raw = $data[2]; + require_once("../../ccr/createCCR.php"); + ob_start(); + createCCR($ccraction,$raw); + $html = ob_get_clean(); + if($ccraction=='viewccd') + { + + $html = preg_replace('//','',$html); + $pos1 = strpos($html,'body {'); + $pos2 = strpos($html,'.h1center'); + $tes = substr("$html",$pos1,($pos2-$pos1)); + $html = str_replace($tes,'',$html); + $html = str_replace('h3>','h2>',$html); + $html = base64_encode($html); + } + else{ + $pos1 = strpos($html,'*{'); + $pos2 = strpos($html,'h1'); + $tes = substr("$html",$pos1,($pos2-$pos1)); + $html = str_replace($tes,'',$html); + } + return $html; + } + else{ + throw new SoapFault("Server", "credentials failed in print_ccr_report error message"); + } + } + + //Return the forms requested from Portal. + + private function getforms($fId){ + global $pid; + $GLOBALS['pid'] = $pid; + $inclookupres = sqlStatement("SELECT DISTINCT formdir FROM forms WHERE pid = ? AND deleted=0",array($pid)); + while($result = sqlFetchArray($inclookupres)) { + $formdir = $result['formdir']; + if (substr($formdir,0,3) == 'LBF') + include_once($GLOBALS['incdir'] . "/forms/LBF/report.php"); + else + include_once($GLOBALS['incdir'] . "/forms/$formdir/report.php"); + } + $N = 6; + $inclookupres = sqlStatement("SELECT encounter,form_id,formdir,id FROM forms WHERE pid = ? AND deleted=0 + AND id =? ",array($pid,$fId)); + while($result = sqlFetchArray($inclookupres)) { + $form_encounter=$result['encounter']; + $form_id=$result['form_id']; + $formdir = $result['formdir']; + $id=$result['id']; + ob_start(); + if (substr($formdir,0,3) == 'LBF') + call_user_func("lbf_report", $pid, $form_encounter, $N, $form_id, $formdir); + else + call_user_func($formdir . "_report", $pid, $form_encounter, $N, $form_id); + $out=ob_get_clean(); + ?> + + + +
      + + + + + + +
      :
      + +
      + : + + +
      + []
      + + : + +
      + +
      + + + + +
      + + + +
      + +
      + + + +
      +
      + + + + +
      +
      + +
      +
      + + + + +
      +
      + +
      +
      "; +
      +

      + +
      + +
      + +
      + +
      +
      +
      + 0) { + $billings = array(); + ?> + + + + + + + + "; + echo ""; + echo ""; + echo ""; + echo "
      + + + +
       
      ".htmlspecialchars(xl('Sub-Total'),ENT_QUOTES)."" . htmlspecialchars(oeFormatMoney($total + abs($copays)),ENT_QUOTES) . "
      ".htmlspecialchars(xl('Paid'),ENT_QUOTES)."" . htmlspecialchars(oeFormatMoney(abs($copays)),ENT_QUOTES) . "
      ".htmlspecialchars(xl('Total'),ENT_QUOTES)."" .htmlspecialchars(oeFormatMoney($total),ENT_QUOTES) . "
      "; + echo "
      ";
+		//print_r($billings);
+		echo "
      "; + } else { + printPatientBilling($pid); + } + echo "
      \n"; // end of billing DIV + } + elseif ($val == "immunizations") + { + + ?> +
      +
      +
      + '1','list_id'=>'immunizations'), $row['immunization_id']); + ?> +
      + +
      + +
      +
      +
      + +
      :

      + +
      + +
      +
      +
      + +
      + +
      +
      +
      + +
      + \ No newline at end of file diff --git a/myportal/soap_service/server_newpatient.php b/myportal/soap_service/server_newpatient.php new file mode 100644 index 000000000..6436e01b9 --- /dev/null +++ b/myportal/soap_service/server_newpatient.php @@ -0,0 +1,322 @@ + +// +// +// This program is free software; you can redistribute it and/or +// modify it under the terms of the GNU General Public License +// as published by the Free Software Foundation; either version 2 +// of the License, or (at your option) any later version. +// +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// +// A copy of the GNU General Public License is included along with this program: +// openemr/interface/login/GnuGPL.html +// For more information write to the Free Software +// Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. +// +// Author: Eldho Chacko +// Jacob T Paul +// +// +------------------------------------------------------------------------------+ + +//SANITIZE ALL ESCAPES +$sanitize_all_escapes=true; +// + +//STOP FAKE REGISTER GLOBALS +$fake_register_globals=false; +// + + +class newpatient{ + +//this will return the query string along with the parameter array, according to the case case. +//actual execution is done in the select_query function in Server_side + + + public function query_formation($data){ + global $pid; + switch($data[0]){ + // Entries pending for approval for Existing Patient and New Patient. + case 'U4': + $query= "select * from audit_master where pid=? and approval_status='1' and (type='1' or type='2')"; + return array($query,array($pid)); + break; + // Entries pending for approval for documents only (no demo change). + case 'U5': + $query = " select * from audit_master where pid=? and approval_status='1' and type='3' "; + return array($query,array($pid)); + break; + case 'J1': + $query = "SELECT fname FROM patient_data WHERE pid=?"; + return array($query,array($pid)); + break; + case 'P1': + $query= "select MAX(pid)+1 AS pid from patient_data "; + + return array($query); + break; + //for building patient Demo + case 'P2': + $query="select * from layout_options " . + "WHERE form_id = 'DEM' AND uor > 0 AND field_id != '' " . + "ORDER BY group_name, seq"; + return array($query); + break; + //for building patient Demo Date of Birth + case 'P3': + $query="select *, DATE_FORMAT(DOB,'%Y-%m-%d') as DOB_YMD from patient_data where pid=? order by date DESC limit 0,1 "; + return array($query,array($pid)); + break; + //for building patient Demo Employer Data + case 'P4': + $query="select * from employer_data where pid=? order by date DESC limit 0,1 "; + return array($query,array($pid)); + break; + //for building patient Demo Insurance company details for Patient + case 'P5': + $query=" select insd.*, ic.name as provider_name from insurance_data as insd " . + "left join insurance_companies as ic on ic.id = insd.provider " . + "where pid = ? and type =? order by date DESC limit 1 "; + array_push($data[1],$pid); + return array($query,$data[1]); + break; + // Entries pending for approval demo and documents. + case 'P6': + $query=" select * from audit_master as am,audit_details as ad WHERE am.id=ad.audit_master_id and am.pid=? and am.approval_status='1' + and (am.type='1' or am.type='2' or am.type='3') order by ad.id"; + return array($query,array($pid)); + break; + // Demo building from layout options. + case 'P7': + + $query=" select * from layout_options WHERE form_id = 'DEM' AND uor > 0 AND field_id != '' " . + " ORDER BY group_name, seq"; + + return array($query); + break; + //Global specific application for building demo. + case 'P8': + $query="select * from globals where gl_name ='specific_application' "; + return array($query); + break; + //Global omit employers for building demo. + case 'P9': + $query=" select * from globals where gl_name ='omit_employers' "; + return array($query); + break; + //getting the password + case 'P18': + $query = "select portal_username from patient_access_offsite where portal_username =? "; + return array($query,$data[1]); + break; + + case 'P20': + if($data[1][1]>0) + { + $string_query=" and pid !=?"; + } + if($string_query) + { + $x=array($data[1][0],$pid); + } + else + { + $x=array($data[1][0]); + } + $query="select count(*) AS count from patient_data where pubpid = ? $string_query"; + return array($query,$x); + break; + //getting DOB and SSN for verifying the duplicate patient existance + case 'P21': + if($data[1][1]>0) + { + $string_query=" and pid !=?"; + } + if($string_query) + { + $x=array($data[1][0],$pid); + } + else + { + $x=array($data[1][0]); + } + $query="select ss,DOB from patient_data where DOB=? $string_query "; + return array($query,$x); + break; + //master data for calendar from Globals + case 'B1': + + if($data[1][0]=='calendar_interval'||$data[1][0]=='schedule_start'||$data[1][0]=='schedule_end') + { + $query="select gl_value from globals where gl_name=?"; + return array($query,$data[1]); + } + else + return 0; + break; + + case 'B4': + //Check whether an entry exist in the form Encounter to decide whether patient is an existing patient. + $query="select COUNT(*) AS cnt from form_encounter WHERE pid=?"; + return array($query,array($pid)); + break; + + case 'B5': + //Existing appointments for a patient + array_unshift($data[1],$pid); + $query="select pc_eid,pc_eventDate,pc_startTime,pc_endTime,fname,lname,name,pc_apptstatus from openemr_postcalendar_events AS c, + users AS u,facility AS f WHERE pc_pid=? AND pc_aid=u.id AND pc_facility=f.id AND pc_apptstatus!=? order by pc_eventDate desc"; + return array($query,$data[1]); + break; + + case 'B6': + //Appointments pending for approval + array_push($data[1],$pid); + $query="select am.id,am.approval_status,ad.audit_master_id,ad.field_name,ad.field_value,u.fname,u.lname,f.name from audit_master AS am, + audit_details AS ad LEFT JOIN users AS u ON ad.field_value=u.id AND ad.field_name=? LEFT JOIN facility AS f ON ad.field_value=f.id AND + ad.field_name=? WHERE am.pid=? AND am.id=ad.audit_master_id AND am.type='10' AND am.approval_status NOT IN ('2','4') + ORDER BY approval_status, am.id desc,ad.id desc"; + return array($query,$data[1]); + break; + + case 'B7': + //patient appointment history + array_unshift($data[1],$pid); + $query="select pc_eid,pc_eventDate,pc_startTime,pc_endTime,fname,lname,name,pc_apptstatus from openemr_postcalendar_events AS c, + users AS u,facility AS f WHERE pc_pid=? AND pc_aid=u.id AND pc_facility=f.id AND pc_apptstatus=? order by pc_eventDate desc"; + return array($query,$data[1]); + break; + + case 'B8': + //List of Service Facility + $query="select * from facility where service_location != 0 and id in (".add_escape_custom($data[1][0]).") order by name"; + return array($query); + break; + + case 'B9': + //Providers list + $query="select id, lname, fname from users WHERE authorized = 1 AND username != '' AND username NOT LIKE '%Admin%' AND active = 1 + AND ( info IS NULL OR info NOT LIKE '%Inactive%' ) ORDER BY lname, fname"; + return array($query); + break; + + case 'B10': + //Calendar default visit time for visit category. value for Admin--->others-->calendar + $query="select pc_duration from openemr_postcalendar_categories WHERE pc_catid = ?"; + return array($query,$data[1]); + break; + + case 'B11'; + //patient appointment + $query="select pc_eventDate, pc_endDate, pc_startTime, pc_duration, pc_recurrtype, pc_recurrspec, pc_alldayevent, pc_catid, + pc_prefcatid from openemr_postcalendar_events WHERE pc_aid = ? AND ((pc_endDate >= ? AND pc_eventDate < ?) OR + (pc_endDate = '0000-00-00' AND pc_eventDate >= ? AND pc_eventDate < ?)) AND pc_facility = ?"; + return array($query,$data[1]); + break; + + case 'B12': + //Appointments pending for approval + $query="select * from audit_master WHERE pid =? AND type='10'"; + return array($query,array($pid)); + break; + + //G series for form menu inc + case 'G1': + $query = "SELECT * FROM `documents_legal_categories` where dlc_category_name=? and dlc_category_type=2"; + return array($query,$data[1]); + break; + + case 'G2': + $query = "SELECT * FROM documents_legal_master AS dlm WHERE dlm_subcategory <> ? and dlm_effective_date <= now() AND + dlm_effective_date<>? AND dlm_document_id Not IN (SELECT distinct(dld_master_docid) FROM documents_legal_detail WHERE + dld_id IS NOT NULL AND dld_pid=?)"; + array_push($data[1],$pid); + return array($query,$data[1]); + break; + + case 'G3': + $query = "SELECT * FROM documents_legal_master AS dlm LEFT OUTER JOIN documents_legal_detail as dld ON + dlm_document_id=dld_master_docid WHERE dlm_subcategory <> ? and dlm_effective_date <= now() AND dlm_effective_date<>? + AND dld_id IS NOT NULL AND dld_signed=? AND dld_pid=? ORDER BY dlm_effective_date DESC"; + array_push($data[1],$pid); + return array($query,$data[1]); + break; + + case 'G4': + $query = "SELECT * FROM documents_legal_master AS dlm JOIN documents_legal_detail as dld ON dlm_document_id=dld_master_docid + JOIN form_encounter as fe ON encounter=dld_encounter WHERE dlm_subcategory = ? AND dlm_effective_date <= now() AND + dlm_effective_date<>? AND dld_id IS NOT NULL AND dld_signed=? AND dld_signing_person=? AND dld_pid=? + ORDER BY dlm_effective_date DESC"; + array_push($data[1],$pid); + return array($query,$data[1]); + break; + + case 'G5': + $query = "SELECT * FROM documents_legal_master AS dlm JOIN documents_legal_detail as dld ON dlm_document_id=dld_master_docid + JOIN form_encounter as fe ON encounter=dld_encounter WHERE dlm_subcategory = ? and dlm_effective_date <= now() AND + dlm_effective_date<>? AND dld_id IS NOT NULL AND dld_filename != '' AND dld_pid=? GROUP BY dld_encounter,dlm_document_id + ORDER BY dld_id DESC"; + array_push($data[1],$pid); + return array($query,$data[1]); + break; + + case 'F1': + //Patient details . + $query="select * from patient_data where pid=?"; + return array($query,array($pid)); + break; + + case 'F2': + //PDF forms detail selected + $query="select * from documents_legal_master where dlm_document_id=?"; + return array($query,$data[1]); + break; + + case 'F3': + //signing + array_unshift($data[1],$pid); + $query="select * from documents_legal_detail where dld_pid = ? and dld_signed='3' and dld_master_docid = ?"; + return array($query,$data[1]); + break; + + case 'F6': + //signing + $query="select * from documents_legal_master where dlm_document_id=?"; + return array($query,$data[1]); + break; + + case 'F8': + // Entries to be approved demo for new patient, existing patient and only documents + $query="select * from audit_master where pid=? and approval_status='1' and (type='1' or type='2' or type='3')"; + return array($query,array($pid)); + break; + + case 'F9': + //signing + $query="select * from documents_legal_master WHERE dlm_document_id=?"; + return array($query,$data[1]); + break; + + case 'F10': + //Documents ready to be signed and documents unsigned + array_unshift($data[1],$pid); + $query="select * from documents_legal_detail where dld_pid=? and (dld_signed='2' or dld_signed='0') and dld_master_docid=?"; + return array($query,$data[1]); + break; + + case 'F12': + //Selection from master document for showing to patient + $query="select * from documents_legal_master WHERE dlm_document_name=?"; + return array($query,$data[1]); + break; + } + } +} +?> \ No newline at end of file diff --git a/myportal/soap_service/server_oemruser.php b/myportal/soap_service/server_oemruser.php new file mode 100644 index 000000000..c5e18c298 --- /dev/null +++ b/myportal/soap_service/server_oemruser.php @@ -0,0 +1,218 @@ + +// +// +// This program is free software; you can redistribute it and/or +// modify it under the terms of the GNU General Public License +// as published by the Free Software Foundation; either version 2 +// of the License, or (at your option) any later version. +// +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// +// A copy of the GNU General Public License is included along with this program: +// openemr/interface/login/GnuGPL.html +// For more information write to the Free Software +// Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. +// +// Author: Eldho Chacko +// Jacob T Paul +// +// +------------------------------------------------------------------------------+ + +//SANITIZE ALL ESCAPES +$sanitize_all_escapes=true; +// + +//STOP FAKE REGISTER GLOBALS +$fake_register_globals=false; +// + +class OEMRUser{ + + //this will return the query string along with the parameter array, according to the case case. + //actual execution is done in the select_query function in Server_side + + private function getPid($id){ + $row = sqlQuery("SELECT pid FROM audit_master WHERE id=? AND approval_status=1",array($id)); + return $row['pid']; + } + + public function query_formation($data){ + global $pid; + switch($data[0]){ + case 'U1': + $query="select * from audit_master where approval_status='1' and (type='1' or type='2' or type='3') "; + return array($query); + break; + + case 'U2': + $query=" select * from audit_master where approval_status='1' and (type='1' or type='2' or type='3') order by id limit ?,1"; + return array($query,array($data[1][0]-1)); + break; + + case 'U3': + $pid = $this->getPid($data[1]); + $query="SELECT * FROM documents_legal_master AS dlm " . + "LEFT OUTER JOIN documents_legal_detail as dld ON dlm_document_id=dld_master_docid WHERE " . + " dlm_subcategory not in (SELECT dlc_id FROM `documents_legal_categories` where dlc_category_name='Layout Signed'". + " and dlc_category_type=2) and dlm_effective_date <= now() AND dlm_effective_date<>'0000-00-00 00:00:00' " . + "AND dld_id IS NOT NULL AND dld_pid=? and dld_signed='0' " . + "ORDER BY dlm_effective_date DESC"; + return array($query,array($pid)); + break; + + // Entries pending for approval for Existing Patient and New Patient. + case 'U4': + $pid = $this->getPid($data[1]); + $query= "select * from audit_master where pid=? and approval_status='1' and (type='1' or type='2')"; + return array($query,array($pid)); + break; + + // Entries pending for approval for documents only (no demo change). + case 'U5': + $pid = $this->getPid($data[1]); + $query = " select * from audit_master where pid=? and approval_status='1' and type='3' "; + return array($query,array($pid)); + break; + + case 'P1': + $query= "select MAX(pid)+1 AS pid from patient_data "; + + return array($query); + break; + + //for building patient Demo + case 'P2': + $query="select * from layout_options " . + "WHERE form_id = 'DEM' AND uor > 0 AND field_id != '' " . + "ORDER BY group_name, seq"; + return array($query); + break; + + //for building patient Demo Date of Birth + case 'P3': + $pid = $this->getPid($data[1]); + $query="select *, DATE_FORMAT(DOB,'%Y-%m-%d') as DOB_YMD from patient_data where pid=? order by date DESC limit 0,1 "; + return array($query,array($pid)); + break; + + //for building patient Demo Employer Data + case 'P4': + $pid = $this->getPid($data[1]); + $query="select * from employer_data where pid=? order by date DESC limit 0,1 "; + return array($query,array($pid)); + break; + + //for building patient Demo Insurance company details for Patient + case 'P5': + $data[1][0] = $this->getPid($data[1][0]); + $query=" select insd.*, ic.name as provider_name from insurance_data as insd " . + "left join insurance_companies as ic on ic.id = insd.provider " . + "where pid = ? and type =? order by date DESC limit 1 "; + return array($query,$data[1]); + break; + + // Entries pending for approval demo and documents. + case 'P6': + $pid = $this->getPid($data[1]); + $query=" select * from audit_master as am,audit_details as ad WHERE am.id=ad.audit_master_id and am.pid=? and am.approval_status='1' + and (am.type='1' or am.type='2' or am.type='3') order by ad.id"; + return array($query,array($pid)); + break; + // Demo building from layout options. + + case 'P7': + $query=" select * from layout_options WHERE form_id = 'DEM' AND uor > 0 AND field_id != '' " . + " ORDER BY group_name, seq"; + return array($query); + break; + + //Global specific application for building demo. + case 'P8': + $query="select * from globals where gl_name ='specific_application' "; + return array($query); + break; + + //Global omit employers for building demo. + case 'P9': + $query=" select * from globals where gl_name ='omit_employers' "; + return array($query); + break; + + case 'B13': + //patient appointment + $query="select * from facility where service_location != 0 order by name"; + return array($query); + break; + + case 'E1': + //list of approvals + $query="select *,audit_master.id as audit_master_id from audit_master,patient_data where audit_master.pid=patient_data.pid and + audit_master.approval_status='1' order by audit_master.id"; + return array($query); + break; + + case 'E2': + //list of approvals + $query="select * from facility"; + return array($query); + break; + + case 'E3': + //list of approvals + $query="select id,fname,lname,mname from users where authorized=1"; + return array($query); + break; + + case 'E4': + //list of approvals + $query="select * from audit_master,patient_data,audit_details where audit_master.pid=patient_data.pid and + audit_master.approval_status='1' and audit_master.type = 10 and audit_master_id=audit_master.id order by audit_master.id"; + return array($query); + break; + + case 'E5': + //list of approvals + $query="select * from audit_master where audit_master.id=?"; + $row = sqlQuery($query,$data[1]); + return array("SELECT * FROM documents_legal_detail join documents_legal_master on dld_master_docid=dlm_document_id WHERE dld_pid=? and dld_signed='0' + and dlm_document_id=dld_master_docid and dlm_subcategory not in (SELECT dlc_id FROM `documents_legal_categories` + where dlc_category_name='Layout Signed' and dlc_category_type=2)",array($row['pid'])); + break; + + case 'F4': + //signing + $query="select * from documents_legal_categories where dlc_category_name=? and dlc_category_type=2"; + return array($query,$data[1]); + break; + + case 'F5': + //signing + $query="select * from documents_legal_master LEFT OUTER JOIN documents_legal_categories ON dlm_category=dlc_id WHERE + dlm_subcategory <> ? and dlm_filename<>''"; + return array($query,$data[1]); + break; + + case 'F8': + //signing + $pid = $this->getPid($data[1]); + $query="select * from audit_master where pid=? and approval_status='1' and (type='1' or type='2' or type='3')"; + return array($query,array($pid)); + break; + + case 'F12': + //Selection from master document for showing to patient + $query="select * from documents_legal_master WHERE dlm_document_name=?"; + return array($query,$data[1]); + break; + + } + } +} +?> \ No newline at end of file diff --git a/myportal/soap_service/server_side.php b/myportal/soap_service/server_side.php new file mode 100644 index 000000000..d9649d4b2 --- /dev/null +++ b/myportal/soap_service/server_side.php @@ -0,0 +1,734 @@ + +// +// +// This program is free software; you can redistribute it and/or +// modify it under the terms of the GNU General Public License +// as published by the Free Software Foundation; either version 2 +// of the License, or (at your option) any later version. +// +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// +// A copy of the GNU General Public License is included along with this program: +// openemr/interface/login/GnuGPL.html +// For more information write to the Free Software +// Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. +// +// Author: Eldho Chacko +// Jacob T Paul +// Vinish K +// +// +------------------------------------------------------------------------------+ + +//SANITIZE ALL ESCAPES +$sanitize_all_escapes=true; +// + +//STOP FAKE REGISTER GLOBALS +$fake_register_globals=false; +// + +global $ISSUE_TYPES; +$ignoreAuth=true; +ob_start(); + +require_once("../../interface/globals.php"); +$err = ''; +if(!extension_loaded("soap")){ + dl("php_soap.dll"); +} +require_once("server_med_rec.php"); +require_once("factory_class.php"); +class UserService extends Userforms +{ + +//Converts a text to xml format.Format is as follows + public function text_to_xml($data){ + if($this->valid($data[0])){ + $text = $data[1]; + $doc = new DOMDocument(); + $doc->formatOutput = true; + + $root = $doc->createElement( "root" ); + $doc->appendChild( $root ); + + $level = $doc->createElement( "level" ); + $root->appendChild( $level ); + + $element = $doc->createElement( "text" ); + $element->appendChild( + $doc->createTextNode( $text ) + ); + $level->appendChild( $element ); + return $doc->saveXML(); + } + else{ + throw new SoapFault("Server", "credentials failed in text_to_xml"); + } + } + +//Accepts an array and returns the result in xml format.Format is as follows + + + public function function_return_to_xml($var=array()){ + + $doc = new DOMDocument(); + $doc->formatOutput = true; + + $root = $doc->createElement( "root" ); + $doc->appendChild( $root ); + + + $level = $doc->createElement( "level" ); + $root->appendChild( $level ); + foreach($var as $key=>$value){ + $element = $doc->createElement( "$key" ); + $element->appendChild( + $doc->createTextNode( $value ) + ); + $level->appendChild( $element ); + } + + return $doc->saveXML(); + + } + + //When a filled PDf is rejected During audit , the file is deleted + + + public function delete_file($data){ + if($this->valid($data[0])){ + $file_name_with_path=$data[1]; + @unlink($file_name_with_path); + } + else{ + throw new SoapFault("Server", "credentials failed in delete_file error message"); + } + } + + +//Accepts a file path.Fetches the file in xml format. +//Transfer the file to portal in XML format + public function file_to_xml($data){ + if($this->valid($data[0])){ + $file_name_with_path=$data[1]; + $path_parts = pathinfo($file_name_with_path); + $handler = fopen($file_name_with_path,"rb"); + $returnData = fread($handler,filesize($file_name_with_path)); + fclose($handler); + $doc = new DOMDocument(); + $doc->formatOutput = true; + + $root = $doc->createElement( "root" ); + $doc->appendChild( $root ); + + $level = $doc->createElement( "level" ); + $root->appendChild( $level ); + + $filename = $doc->createElement( "name" ); + $filename->appendChild( + $doc->createTextNode( $path_parts['basename'] ) + ); + $level->appendChild( $filename ); + + $type = $doc->createElement( "type" ); + $type->appendChild( + $doc->createTextNode( $path_parts['extension'] ) + ); + $level->appendChild( $type ); + $content = $doc->createElement( "file" ); + $content->appendChild( + $doc->createTextNode( base64_encode($returnData) ) + ); + $level->appendChild( $content ); + return $doc->saveXML(); + } + else{ + throw new SoapFault("Server", "credentials failed in file_to_xml error message"); + } + } + + + //File teceived from the portal side is saved to OpenEMR + + public function store_to_file($data){ + if($this->valid($data[0])){ + $file_name_with_path=$data[1]; + $data=$data[2]; + $savedpath=$GLOBALS['OE_SITE_DIR']."/documents/myportal/"; + if(is_dir($savedpath)); + else + { + mkdir($savedpath,0777); + chmod($savedpath, 0777); + } + $savedpath=$GLOBALS['OE_SITE_DIR']."/documents/myportal/unsigned/"; + if(is_dir($savedpath)); + else + { + mkdir($savedpath,0777); + chmod($savedpath, 0777); + } + $savedpath=$GLOBALS['OE_SITE_DIR']."/documents/myportal/signed/"; + if(is_dir($savedpath)); + else + { + mkdir($savedpath,0777); + chmod($savedpath, 0777); + } + $savedpath=$GLOBALS['OE_SITE_DIR']."/documents/myportal/upload/"; + if(is_dir($savedpath)); + else + { + mkdir($savedpath,0777); + chmod($savedpath, 0777); + } + $handler = fopen($file_name_with_path,"w"); + fwrite($handler, base64_decode($data)); + fclose($handler); + chmod($file_name_with_path,0777); + } + else{ + throw new SoapFault("Server", "credentials failed in store_to_file error message"); + } + } + + +//receive a batch of function calls received from Portal, execute it and return the results to the portal +//The results will be stored in the key, which is received from portal. + + +static public function batch_despatch($var,$func,$data_credentials){ + global $pid; + if(UserService::valid($data_credentials)){ + require_once("../../library/invoice_summary.inc.php"); + require_once("../../library/options.inc.php"); + require_once("../../library/acl.inc"); + require_once("../../library/patient.inc"); + if($func=='ar_responsible_party') + { + $patient_id=$pid; + $encounter_id=$var['encounter']; + $x['ar_responsible_party']=ar_responsible_party($patient_id,$encounter_id); + return UserService::function_return_to_xml($x); + } + elseif($func=='getInsuranceData') + { + $type=$var['type']; + $given=$var['given']; + $x=getInsuranceData($pid,$type,$given); + return UserService::function_return_to_xml($x); + } + elseif($func=='generate_select_list') + { + $tag_name=$var['tag_name']; + $list_id=$var['list_id']; + $currvalue=$var['currvalue']; + $title=$var['title']; + $empty_name=$var['empty_name']; + $class=$var['class']; + $onchange=$var['onchange']; + $x['generate_select_list']=generate_select_list($tag_name,$list_id,$currvalue,$title,$empty_name,$class,$onchange); + return UserService::function_return_to_xml($x); + } + elseif($func=='xl_layout_label') + { + $constant=$var['constant']; + $x['xl_layout_label']=xl_layout_label($constant); + return UserService::function_return_to_xml($x); + } + elseif($func=='generate_form_field') + { + $frow=$var['frow']; + $currvalue=$var['currvalue']; + ob_start(); + generate_form_field($frow,$currvalue); + $x['generate_form_field']=ob_get_contents(); + ob_end_clean(); + return UserService::function_return_to_xml($x); + } + elseif($func=='getInsuranceProviders') + { + $i=$var['i']; + $provider=$var['provider']; + $insurancei=getInsuranceProviders(); + $x=$insurancei; + return $x; + } + elseif($func=='get_layout_form_value') + { + $frow=$var['frow']; + $_POST=$var['post_array']; + $x['get_layout_form_value']=get_layout_form_value($frow); + return UserService::function_return_to_xml($x); + } + elseif($func=='updatePatientData') + { + $patient_data=$var['patient_data']; + $create=$var['create']; + updatePatientData($pid,$patient_data,$create); + $x['ok']='ok'; + return UserService::function_return_to_xml($x); + } + elseif($func=='updateEmployerData') + { + $employer_data=$var['employer_data']; + $create=$var['create']; + updateEmployerData($pid,$employer_data,$create); + $x['ok']='ok'; + return UserService::function_return_to_xml($x); + } + elseif($func=='newHistoryData') + { + newHistoryData($pid); + $x['ok']='ok'; + return UserService::function_return_to_xml($x); + } + elseif($func=='newInsuranceData') + { + $_POST=$var[0]; + foreach($var as $key=>$value) + { + if($key>=3)//first 3 need to be skipped. + { + $var[$key]=formData($value); + } + if($key>=1) + { + $parameters[$key]=$var[$key]; + } + } + $parameters[12]=fixDate($parameters[12]); + $parameters[27]=fixDate($parameters[27]); + call_user_func_array('newInsuranceData',$parameters); + $x['ok']='ok'; + return UserService::function_return_to_xml($x); + } + + } + else{ + throw new SoapFault("Server", "credentials failed in batch_despatch error message"); + } + } + + //Writing patient credentials to table + public function insert_login_details($var) + { + global $pid; + $data_credentials=$var[0]; + if(UserService::valid($data_credentials)) + { + $username=$var['username']; + $authPass=$var['authPass']; + $query="insert into patient_access_offsite(pid,portal_username,portal_pwd) values (?,?,?)"; + sqlInsert($query,array($pid,$username,$authPass)); + } + else + { + throw new SoapFault("Server", "credentials failed in insert_login_details error message"); + } + } + + + +//Updating the password on a password change + + public function update_password($var){ + $data_credentials=$var[0]; + global $pid; + if(UserService::valid($data_credentials)=='existingpatient' || UserService::valid($data_credentials)=='newpatient'){ + $status = $var['new_pwd_status']; + $pwd=$var['new_pwd']; + $oldpwd = $var['old_pwd']; + $set = ''; + $setarray = ''; + $where = ''; + if($status) + { + $where = "portal_pwd_status=? and pid=?"; + $set= "portal_pwd=?,portal_pwd_status=?"; + $setarray[]=$pwd; + $setarray[]=$status; + $setarray[]=0; + $setarray[]=$pid; + } + + else + { + $set= "portal_pwd=? "; + $setarray[]=$pwd; + $where = " pid=?"; + $setarray[]=$pid; + } + $qry = "select * from patient_access_offsite WHERE pid=? AND portal_pwd=?"; + $res=sqlStatement($qry,array($pid,$oldpwd)); + if(sqlNumRows($res)>0) + { + $qry = "UPDATE patient_access_offsite SET $set WHERE $where"; + sqlStatement($qry,$setarray); + return 'ok'; + } + else + { + return 'notok'; + } + } + else{ + throw new SoapFault("Server", "credentials failed in update_password error message"); + } + } + + //appointment update + + + public function update_openemr_appointment($var) + { + $data_credentials=$var[0]; + if(UserService::valid($data_credentials)=='existingpatient' || UserService::valid($data_credentials)=='newpatient'){ + foreach($var[1] as $key=>$value) + { + $eid=explode('_',$var[1][$key]); + if($eid[0]=='calendar') + { + sqlQuery("update openemr_postcalendar_events set pc_apptstatus='x' where pc_eid=?",array($eid[1])); + } + elseif($eid[0]=='audit') + { + sqlQuery("update audit_master set approval_status='5' where id=?",array($eid[1])); + } + } + } + else{ + throw new SoapFault("Server", "credentials failed in update_openemr_appointment error message"); + } + } + + + //Marking the Documents as ready to be signed + + public function update_dlm_dld($var) + { + $data_credentials=$var[0]; + if(UserService::valid($data_credentials)){ + + $qry=" UPDATE documents_legal_detail set dld_signed=2 where dld_id=?"; + sqlStatement($qry,array($var['dld_id'])); + } + else{ + throw new SoapFault("Server", "credentials failed in update_dlm_dld error message"); + } + } + + +//Setting PDF documets approve /denial status + + public function update_dld_approve_deny($data){ + if($this->valid($data[0])){ + $qry = "UPDATE documents_legal_detail SET dld_signed=?,dld_denial_reason=? WHERE dld_id=?"; + sqlStatement($qry,$data[1]); + } + else{ + throw new SoapFault("Server", "credentials failed in update_dld_approve_deny error message"); + } + } + + //Marking PDF documets as signed + + public function update_dld_signed($data){ + if($this->valid($data[0])){ + $qry = "UPDATE documents_legal_detail SET dld_signed=1,dld_filepath=?,dld_filename=? WHERE dld_id=?"; + sqlStatement($qry,$data[1]); + } + else{ + throw new SoapFault("Server", "credentials failed in update_dld_approve_deny error message"); + } + } + + //Marking PDF documets for audit. + + public function update_dld_pending($data){ + if($this->valid($data[0])){ + $qry = "UPDATE documents_legal_detail SET dld_signed=0,dld_filepath=?,dld_filename=?, dld_file_for_pdf_generation=? WHERE dld_id=?"; + sqlStatement($qry,$data[1]); + } + else{ + throw new SoapFault("Server", "credentials failed in update_dld_approve_deny error message"); + } + } + + + + public function insert_dld($data){ + global $pid; + if(UserService::valid($data[0])=='existingpatient' || UserService::valid($data[0])=='newpatient'){ + sqlInsert("INSERT INTO documents_legal_detail (dld_pid,dld_signed,dld_filepath,dld_master_docid,dld_filename,dld_encounter,dld_file_for_pdf_generation) ". + " VALUES (?,?,?,?,?,?,?)",array($pid,$data[2],$data[3],$data[4],$data[5],$data[6],$data[7])); + } + else{ + throw new SoapFault("Server", "credentials failed in insert_dld error message"); + } + } + + + //Inserting the entries for Master PDF documents uploaded + + public function insert_dlm($data){ + if($this->valid($data[0])=='oemruser'){ + sqlStatement("INSERT INTO documents_legal_master(dlm_category, dlm_subcategory,dlm_document_name,dlm_facility,dlm_provider, + dlm_filename,dlm_filepath,dlm_effective_date,content) values (?,?,?,?,?,?,?,?,?)",array($data[1],$data[2],$data[3],$data[4],$data[5],$data[6],$data[7],$data[8],$data[9])); + } + else{ + throw new SoapFault("Server", "credentials failed in insert_dlm error message"); + } + } + + +//REceive an array of Select cases from portal execute it and return +// it in the keys received from portal. A batch of queries execute and returns it in one batch. + + public function batch_select($data){ + if($this->valid($data[0])){ + $batch = $data[1]; + foreach($batch as $key=>$value) + { + $batchkey=$value['batchkey']; + $case=$value['case']; + $param=$value['param']; + $arrproc[] = $case; + $arrproc[] = $param; + $return_array[$batchkey]=$this->selectquery(array($data[0],$arrproc)); + $arrproc=null; + } + return $return_array; + } + else{ + throw new SoapFault("Server", "credentials failed in batch_select error message"); + } + } + + +//Receive a batch of function calls from portal and execute it through batch despatch Function +//Any OpenEmr function can be executed this way, if necessary if clause is written in batch_despatch. + + public function batch_function($data){ + if($this->valid($data[0])){ + $batch = $data[1]; + foreach($batch as $key=>$value) + { + $batchkey=$value['batchkey']; + $function=$value['funcname']; + $param=$value['param']; + $param[]=$data[0]; + $res=call_user_func_array("UserService::$function",$param); + $return_array[$batchkey]=$res; + } + return $return_array; + } + else{ + throw new SoapFault("Server", "credentials failed in batch_function error message"); + } + } + +//Execute a batch of functions received from portal. But this function is limited to +// the functions written in the myportal module. + + public function multiplecall($data){ + $batch = $data[1]; + foreach($batch as $key=>$value) + { + $batchkey=$value['batchkey']; + $function=$value['funcname']; + $param=$value['param']; + if(is_array($param)) + array_unshift($param,$data[0]); + else + $param[]=$data[0]; + $res= UserService::$function($param); + $return_array[$batchkey]=$res; + } + return $return_array; + } + + + + + public function getversion($data){ + return 1; + } + + + public function loginchecking($data){ + if($this->valid($data[0])=='existingpatient' || $this->valid($data[0])=='newpatient'){ + $res = sqlStatement("SELECT portal_pwd_status FROM patient_access_offsite WHERE BINARY portal_username=? AND BINARY portal_pwd=?",$data[1]); + return $this->resourcetoxml($res); + } + + return false; + } + + //Execute a query and return its results. + + public function selectquery($data){ + //global $pid; + $sql_result_set=''; + $utype = $this->valid($data[0]); + if($utype){ + $newobj = factoryclass::dynamic_class_factory($utype); + $sql_result_setarr = $newobj->query_formation($data[1]); + $sql_result_set = sqlStatement($sql_result_setarr[0],$sql_result_setarr[1]); + return $this->resourcetoxml($sql_result_set); + } + } + +//Return an SQL resultset as an XML + + + public function resourcetoxml($sql_result_set){ + $doc = new DOMDocument(); + $doc->formatOutput = true; + + $root = $doc->createElement( "root" ); + $doc->appendChild( $root ); + while($row = sqlFetchArray($sql_result_set)) + { + $level = $doc->createElement( "level" ); + $root->appendChild( $level ); + foreach($row as $key=>$value){ + $element = $doc->createElement( "$key" ); + $element->appendChild( + $doc->createTextNode( $value ) + ); + $level->appendChild( $element ); + } + } + return $doc->saveXML(); + } + + + + public function valid($credentials){ + $timminus = date("Y-m-d H:m",(strtotime(date("Y-m-d H:m"))-7200)).":00"; + sqlStatement("DELETE FROM audit_details WHERE audit_master_id IN(SELECT id FROM audit_master WHERE type=5 AND created_time<=?)",array($timminus)); + sqlStatement("DELETE FROM audit_master WHERE type=5 AND created_time<=?",array($timminus)); + global $pid; + $ok=0; + $okE=0; + $okN=0; + $okO=0; + $okP=0; + $tim = strtotime(gmdate("Y-m-d H:m")); + $res = sqlStatement("SELECT * FROM audit_details WHERE field_value=?",array($credentials[3])); + if(sqlNumRows($res)){ + if($GLOBALS['validated_offsite_portal'] !=true){ + return false; + } + } + else{ + $grpID = sqlInsert("INSERT INTO audit_master SET type=5"); + sqlStatement("INSERT INTO audit_details SET field_value=? , audit_master_id=? ",array($credentials[3],$grpID)); + } + if(sha1($GLOBALS['portal_offsite_password'].date("Y-m-d H",$tim).$credentials[3])==$credentials[2]){ + $ok =1; + } + elseif(sha1($GLOBALS['portal_offsite_password'].date("Y-m-d H",($tim-3600)).$credentials[3])==$credentials[2]){ + $ok =1; + } + elseif(sha1($GLOBALS['portal_offsite_password'].date("Y-m-d H",($tim+3600)).$credentials[3])==$credentials[2]){ + $ok =1; + } + if(($credentials[1]==$GLOBALS['portal_offsite_username'] && $ok==1 && $GLOBALS['portal_offsite_enable']==1)||$GLOBALS['validated_offsite_portal']==true){ + $prow = sqlQuery("SELECT * FROM patient_access_offsite WHERE portal_username=?",array($credentials[6])); + if($credentials[4] == 'existingpatient'){ + if(UserService::validcredential($credentials)){ + $okE = 1; + } + else{ + return false; + } + } + elseif($credentials[4] == 'oemruser'){ + if($credentials[9]) + $prow = sqlQuery("SELECT pid FROM audit_master WHERE id=?",array($credentials[9])); + $okO = 1; + } + elseif($credentials[4] == 'newpatient'){ + if(UserService::validcredential($credentials)){ + $okN = 2; + } + else{ + $okN = 1; + $prow = sqlQuery("SELECT MAX(pid)+1 AS pid FROM patient_data"); + } + } + if($okE==1 || $okN == 2 || $okN == 1 || $okO == 1){ + $pid = $prow['pid']; + $GLOBALS['pid'] = $prow['pid']; + } + $_GET['site'] = $credentials[0]; + if($okE==1){ + $portal = sqlQuery("SELECT allow_patient_portal FROM patient_data WHERE pid=?",array($pid)); + if(strtolower($portal['allow_patient_portal'])!='yes') + return false; + } + $GLOBALS['validated_offsite_portal'] = true; + if($okO){ + return 'oemruser'; + } + elseif($okE){ + return 'existingpatient'; + } + elseif($okN){ + return 'newpatient'; + } + return false; + } + else{ + return false; + } + } + + + + + public function validcredential($credentials){ + $tim = strtotime(gmdate("Y-m-d H:m")); + if($credentials[6]){ + $prow = sqlQuery("SELECT * FROM patient_access_offsite WHERE portal_username=?",array($credentials[6])); + if(sha1($prow['portal_pwd'].date("Y-m-d H",$tim).$credentials[8])==$credentials[7]){ + return true; + } + elseif(sha1($prow['portal_pwd'].date("Y-m-d H",($tim-3600)).$credentials[8])==$credentials[7]){ + return true; + } + elseif(sha1($prow['portal_pwd'].date("Y-m-d H",($tim+3600)).$credentials[8])==$credentials[7]){ + return true; + } + } + return false; + } + + + //for checking the connection + + + + public function check_connection($data){ + if($this->valid($data[0])){ + return 'ok'; + } + else{ + return 'notok'; + } + } +} +$server = new SoapServer(null,array('uri' => "urn://portal/res")); +$server->setClass('UserService'); +$server->setPersistence(SOAP_PERSISTENCE_SESSION); +$server->handle(); +?> \ No newline at end of file diff --git a/sql/4_0_0-to-4_1_0_upgrade.sql b/sql/4_0_0-to-4_1_0_upgrade.sql index f4dab542a..936084af9 100644 --- a/sql/4_0_0-to-4_1_0_upgrade.sql +++ b/sql/4_0_0-to-4_1_0_upgrade.sql @@ -1534,3 +1534,98 @@ UPDATE `rule_target` SET `value` = '::form_vitals::weight::::::ge::1' WHERE `id` INSERT INTO `rule_filter` ( `id`, `include_flag`, `required_flag`, `method`, `method_detail`, `value` ) VALUES ('rule_adult_wt_screen_fu', 1, 1, 'filt_age_min', 'year', '18'); #EndIf +#EndIf +#IfNotTable documents_legal_detail +CREATE TABLE `documents_legal_detail` ( + `dld_id` int(10) unsigned NOT NULL AUTO_INCREMENT, + `dld_pid` int(10) unsigned DEFAULT NULL, + `dld_facility` int(10) unsigned DEFAULT NULL, + `dld_provider` int(10) unsigned DEFAULT NULL, + `dld_encounter` int(10) unsigned DEFAULT NULL, + `dld_master_docid` int(10) unsigned NOT NULL, + `dld_signed` smallint(5) unsigned NOT NULL COMMENT '0-Not Signed or Cannot Sign(Layout),1-Signed,2-Ready to sign,3-Denied(Pat Regi),10-Save(Layout)', + `dld_signed_time` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP, + `dld_filepath` varchar(75) DEFAULT NULL, + `dld_filename` varchar(45) NOT NULL, + `dld_signing_person` varchar(50) NOT NULL, + `dld_sign_level` int(11) NOT NULL COMMENT 'Sign flow level', + `dld_content` varchar(50) NOT NULL COMMENT 'Layout sign position', + `dld_file_for_pdf_generation` blob NOT NULL COMMENT 'The filled details in the fdf file is stored here.Patient Registration Screen', + `dld_denial_reason` longtext NOT NULL, + PRIMARY KEY (`dld_id`) +) ENGINE=MyISAM AUTO_INCREMENT=1 ; +#EndIf + +#IfNotTable documents_legal_master +CREATE TABLE `documents_legal_master` ( + `dlm_category` int(10) unsigned DEFAULT NULL, + `dlm_subcategory` int(10) unsigned DEFAULT NULL, + `dlm_document_id` int(10) unsigned NOT NULL AUTO_INCREMENT, + `dlm_document_name` varchar(75) NOT NULL, + `dlm_filepath` varchar(75) NOT NULL, + `dlm_facility` int(10) unsigned DEFAULT NULL, + `dlm_provider` int(10) unsigned DEFAULT NULL, + `dlm_sign_height` double NOT NULL, + `dlm_sign_width` double NOT NULL, + `dlm_filename` varchar(45) NOT NULL, + `dlm_effective_date` datetime NOT NULL, + `dlm_version` int(10) unsigned NOT NULL, + `content` varchar(255) NOT NULL, + `dlm_savedsign` varchar(255) DEFAULT NULL COMMENT '0-Yes 1-No', + `dlm_review` varchar(255) DEFAULT NULL COMMENT '0-Yes 1-No', + PRIMARY KEY (`dlm_document_id`) +) ENGINE=MyISAM COMMENT='List of Master Docs to be signed' AUTO_INCREMENT=1 ; +#EndIf + +#IfNotTable audit_master +CREATE TABLE `audit_master` ( + `id` bigint(20) NOT NULL AUTO_INCREMENT, + `pid` bigint(20) NOT NULL, + `user_id` bigint(20) NOT NULL COMMENT 'The Id of the user who approves or denies', + `approval_status` tinyint(4) NOT NULL COMMENT '1-Pending,2-Approved,3-Denied,4-Appointment directly updated to calendar table,5-Cancelled appointment', + `comments` text NOT NULL, + `created_time` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP, + `modified_time` datetime NOT NULL, + `ip_address` varchar(100) NOT NULL, + `type` tinyint(4) NOT NULL COMMENT '1-new patient,2-existing patient,3-change is only in the document,5-random key,10-Appointment', + PRIMARY KEY (`id`) +) ENGINE=MyISAM AUTO_INCREMENT=1; +#EndIf + +#IfNotTable audit_details +CREATE TABLE `audit_details` ( + `id` BIGINT(20) NOT NULL AUTO_INCREMENT, + `table_name` VARCHAR(100) NOT NULL COMMENT 'openemr table name', + `field_name` VARCHAR(100) NOT NULL COMMENT 'openemr table''s field name', + `field_value` TEXT NOT NULL COMMENT 'openemr table''s field value', + `audit_master_id` BIGINT(20) NOT NULL COMMENT 'Id of the audit_master table', + `entry_identification` VARCHAR(255) NOT NULL DEFAULT '1' COMMENT 'Used when multiple entry occurs from the same table.1 means no multiple entry', + PRIMARY KEY (`id`) +) ENGINE=MyISAM AUTO_INCREMENT=1; +#EndIf + +#IfNotTable documents_legal_categories +CREATE TABLE `documents_legal_categories` ( + `dlc_id` int(10) unsigned NOT NULL AUTO_INCREMENT, + `dlc_category_type` int(10) unsigned NOT NULL COMMENT '1 category 2 subcategory', + `dlc_category_name` varchar(45) NOT NULL, + `dlc_category_parent` int(10) unsigned DEFAULT NULL, + PRIMARY KEY (`dlc_id`) +) ENGINE=MyISAM AUTO_INCREMENT=7 ; +INSERT INTO `documents_legal_categories` (`dlc_id`, `dlc_category_type`, `dlc_category_name`, `dlc_category_parent`) VALUES +(3, 1, 'Category', NULL), +(4, 2, 'Sub Category', 1), +(5, 1, 'Layout Form', 0), +(6, 2, 'Layout Signed', 5); +#EndIf + +#IfNotTable patient_access_offsite +CREATE TABLE `patient_access_offsite`( + `id` INT NOT NULL AUTO_INCREMENT , + `pid` INT(11), + `portal_username` VARCHAR(100) NOT NULL,, + `portal_pwd` VARCHAR(100) NOT NULL,, + `portal_pwd_status` TINYINT DEFAULT '1' COMMENT '0=>Password Created Through Demographics by The provider or staff. Patient Should Change it at first time it.1=>Pwd updated or created by patient itself', + PRIMARY KEY (`id`) +)ENGINE=MyISAM AUTO_INCREMENT=1; +#EndIf \ No newline at end of file diff --git a/sql/database.sql b/sql/database.sql index 0f228d0bb..b68801892 100644 --- a/sql/database.sql +++ b/sql/database.sql @@ -54,6 +54,38 @@ CREATE TABLE `array` ( -- -------------------------------------------------------- +-- +-- Table structure for table `audit_master` +-- + +DROP TABLE IF EXISTS `audit_master`; +CREATE TABLE `audit_master` ( + `id` bigint(20) NOT NULL AUTO_INCREMENT, + `pid` bigint(20) NOT NULL, + `user_id` bigint(20) NOT NULL COMMENT 'The Id of the user who approves or denies', + `approval_status` tinyint(4) NOT NULL COMMENT '1-Pending,2-Approved,3-Denied,4-Appointment directly updated to calendar table,5-Cancelled appointment', + `comments` text NOT NULL, + `created_time` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP, + `modified_time` datetime NOT NULL, + `ip_address` varchar(100) NOT NULL, + `type` tinyint(4) NOT NULL COMMENT '1-new patient,2-existing patient,3-change is only in the document,5-random key,10-Appointment', + PRIMARY KEY (`id`) +) ENGINE=MyISAM AUTO_INCREMENT=1; + +-- +-- Table structure for table `audit_details` +-- + +DROP TABLE IF EXISTS `audit_details`; +CREATE TABLE `audit_details` ( + `id` BIGINT(20) NOT NULL AUTO_INCREMENT, + `table_name` VARCHAR(100) NOT NULL COMMENT 'openemr table name', + `field_name` VARCHAR(100) NOT NULL COMMENT 'openemr table''s field name', + `field_value` TEXT NOT NULL COMMENT 'openemr table''s field value', + `audit_master_id` BIGINT(20) NOT NULL COMMENT 'Id of the audit_master table', + `entry_identification` VARCHAR(255) NOT NULL DEFAULT '1' COMMENT 'Used when multiple entry occurs from the same table.1 means no multiple entry', + PRIMARY KEY (`id`) +) ENGINE=MyISAM AUTO_INCREMENT=1; -- -- Table structure for table `batchcom` -- @@ -551,6 +583,81 @@ CREATE TABLE `documents` ( -- -------------------------------------------------------- +-- +-- Table structure for table `documents_legal_detail` +-- + +DROP TABLE IF EXISTS `documents_legal_detail`; +CREATE TABLE `documents_legal_detail` ( + `dld_id` int(10) unsigned NOT NULL AUTO_INCREMENT, + `dld_pid` int(10) unsigned DEFAULT NULL, + `dld_facility` int(10) unsigned DEFAULT NULL, + `dld_provider` int(10) unsigned DEFAULT NULL, + `dld_encounter` int(10) unsigned DEFAULT NULL, + `dld_master_docid` int(10) unsigned NOT NULL, + `dld_signed` smallint(5) unsigned NOT NULL COMMENT '0-Not Signed or Cannot Sign(Layout),1-Signed,2-Ready to sign,3-Denied(Pat Regi),10-Save(Layout)', + `dld_signed_time` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP, + `dld_filepath` varchar(75) DEFAULT NULL, + `dld_filename` varchar(45) NOT NULL, + `dld_signing_person` varchar(50) NOT NULL, + `dld_sign_level` int(11) NOT NULL COMMENT 'Sign flow level', + `dld_content` varchar(50) NOT NULL COMMENT 'Layout sign position', + `dld_file_for_pdf_generation` blob NOT NULL COMMENT 'The filled details in the fdf file is stored here.Patient Registration Screen', + `dld_denial_reason` longtext NOT NULL, + PRIMARY KEY (`dld_id`) +) ENGINE=MyISAM AUTO_INCREMENT=1 ; + +-- -------------------------------------------------------- + +-- +-- Table structure for table `documents_legal_master` +-- + +DROP TABLE IF EXISTS `documents_legal_master`; +CREATE TABLE `documents_legal_master` ( + `dlm_category` int(10) unsigned DEFAULT NULL, + `dlm_subcategory` int(10) unsigned DEFAULT NULL, + `dlm_document_id` int(10) unsigned NOT NULL AUTO_INCREMENT, + `dlm_document_name` varchar(75) NOT NULL, + `dlm_filepath` varchar(75) NOT NULL, + `dlm_facility` int(10) unsigned DEFAULT NULL, + `dlm_provider` int(10) unsigned DEFAULT NULL, + `dlm_sign_height` double NOT NULL, + `dlm_sign_width` double NOT NULL, + `dlm_filename` varchar(45) NOT NULL, + `dlm_effective_date` datetime NOT NULL, + `dlm_version` int(10) unsigned NOT NULL, + `content` varchar(255) NOT NULL, + `dlm_savedsign` varchar(255) DEFAULT NULL COMMENT '0-Yes 1-No', + `dlm_review` varchar(255) DEFAULT NULL COMMENT '0-Yes 1-No', + PRIMARY KEY (`dlm_document_id`) +) ENGINE=MyISAM COMMENT='List of Master Docs to be signed' AUTO_INCREMENT=1 ; + +-- -------------------------------------------------------- + +-- +-- Table structure for table `documents_legal_categories` +-- + +DROP TABLE IF EXISTS `documents_legal_categories`; +CREATE TABLE `documents_legal_categories` ( + `dlc_id` int(10) unsigned NOT NULL AUTO_INCREMENT, + `dlc_category_type` int(10) unsigned NOT NULL COMMENT '1 category 2 subcategory', + `dlc_category_name` varchar(45) NOT NULL, + `dlc_category_parent` int(10) unsigned DEFAULT NULL, + PRIMARY KEY (`dlc_id`) +) ENGINE=MyISAM AUTO_INCREMENT=7 ; + +-- +-- Dumping data for table `documents_legal_categories` +-- + +INSERT INTO `documents_legal_categories` (`dlc_id`, `dlc_category_type`, `dlc_category_name`, `dlc_category_parent`) VALUES +(3, 1, 'Category', NULL), +(4, 2, 'Sub Category', 1), +(5, 1, 'Layout Form', 0), +(6, 2, 'Layout Signed', 5); + -- -- Table structure for table `drug_inventory` -- @@ -3361,6 +3468,20 @@ CREATE TABLE `patient_reminders` ( -- -------------------------------------------------------- +-- +-- Table structure for table `patient_access_offsite` +-- + +DROP TABLE IF EXISTS `patient_access_offsite`; +CREATE TABLE `patient_access_offsite`( + `id` INT NOT NULL AUTO_INCREMENT , + `pid` INT(11), + `portal_username` VARCHAR(100) NOT NULL,, + `portal_pwd` VARCHAR(100) NOT NULL,, + `portal_pwd_status` TINYINT DEFAULT '1' COMMENT '0=>Password Created Through Demographics by The provider or staff. Patient Should Change it at first time it.1=>Pwd updated or created by patient itself', + PRIMARY KEY (`id`) +)ENGINE=MyISAM AUTO_INCREMENT=1; + -- -- Table structure for table `payments` -- @@ -4788,5 +4909,3 @@ CREATE TABLE `template_users` ( UNIQUE KEY `templateuser` (`tu_user_id`,`tu_template_id`) ) ENGINE=MyISAM AUTO_INCREMENT=1; - - diff --git a/version.php b/version.php index 19bb2aaa6..a3ae0f503 100644 --- a/version.php +++ b/version.php @@ -12,5 +12,5 @@ $v_tag = '-dev'; // minor revision number, should be empty for production rele // is a database change in the course of development. It is used // internally to determine when a database upgrade is needed. // -$v_database = 41; +$v_database = 42; ?> -- 2.11.4.GIT