From 60c6b978d533397bc0081feb543b0cbc9f40319f Mon Sep 17 00:00:00 2001 From: Saravanan Rathinakumar Date: Wed, 12 Oct 2016 14:45:18 +0530 Subject: [PATCH] final mu2 changes by Visolve for certification, take 2. --- controllers/C_Document.class.php | 27 +++++++- images/loading.gif | Bin 0 -> 878 bytes interface/logview/logview.php | 92 ++++++++++++++++++++------ interface/main/backup.php | 5 ++ interface/main/backuplog.sh | 9 ++- interface/main/messages/messages.php | 42 ++++++++++-- interface/orders/single_order_results.inc.php | 12 ++++ interface/patient_file/encounter/forms.php | 5 +- interface/reports/patient_list_creation.php | 13 +++- library/log.inc | 82 ++++++++++++++++++++--- library/log_validation.php | 62 +++++++++++++++++ sql/4_2_2-to-5_0_0_upgrade.sql | 17 +++++ sql/database.sql | 9 +++ 13 files changed, 334 insertions(+), 41 deletions(-) create mode 100644 images/loading.gif create mode 100644 library/log_validation.php diff --git a/controllers/C_Document.class.php b/controllers/C_Document.class.php index 9c23452df..ce42ef8da 100644 --- a/controllers/C_Document.class.php +++ b/controllers/C_Document.class.php @@ -1225,13 +1225,15 @@ function tag_action_process($patient_id="", $document_id) { $formID = sqlInsert($query,$bindArray); addForm($encounter, "New Patient Encounter",$formID,"newpatient", $patient_id, "1", date("Y-m-d H:i:s"), $username ); $d->set_encounter_id($encounter); + $this->image_result_indication($d->id, $encounter); } else { $d->set_encounter_id($encounter_id); + $this->image_result_indication($d->id, $encounter_id); } $d->set_encounter_check($encounter_check); $d->persist(); - + $messages .= xlt('Document tagged to Encounter successfully') . "
"; } @@ -1247,7 +1249,7 @@ function image_procedure_action($patient_id="",$document_id){ $proc_code = $_POST['procedure_code']; if(is_numeric($document_id)){ - + $img_order = sqlQuery("select * from procedure_order_code where procedure_order_id = ? and procedure_code = ? ",array($img_procedure_id,$proc_code)); $img_report = sqlQuery("select * from procedure_report where procedure_order_id = ? and procedure_order_seq = ? ",array($img_procedure_id,$img_order['procedure_order_seq'])); $img_report_id = !empty($img_report['procedure_report_id']) ? $img_report['procedure_report_id'] : 0; @@ -1260,6 +1262,8 @@ function image_procedure_action($patient_id="",$document_id){ if(empty($img_result)){ sqlInsert("INSERT INTO procedure_result(procedure_report_id,date,document_id,result_status) values(?,?,?,'final')",array($img_report_id,date('Y-m-d H:i:s'),$document_id)); } + + $this->image_result_indication($document_id, 0,$img_procedure_id); } return $this->view_action($patient_id, $document_id); } @@ -1283,5 +1287,24 @@ function get_mapped_procedure($document_id){ return $map; } +function image_result_indication($doc_id,$encounter,$image_procedure_id = 0){ + $doc_notes = sqlQuery("select note from notes where foreign_id = ?",array($doc_id)); + $narration = isset($doc_notes['note']) ? 'With Narration': 'Without Narration'; + + if($encounter != 0) { + $ep = sqlQuery("select u.username as assigned_to from form_encounter inner join users u on u.id = provider_id where encounter = ?",array($encounter)); + } + else if($image_procedure_id != 0){ + $ep = sqlQuery("select u.username as assigned_to from procedure_order inner join users u on u.id = provider_id where procedure_order_id = ?",array($image_procedure_id)); + } + else{ + $ep = array('assigned_to' => $_SESSION['authUser']); + } + + $encounter_provider = isset($ep['assigned_to']) ? $ep['assigned_to'] : $_SESSION['authUser']; + $noteid = addPnote($_SESSION['pid'],'New Image Report received '.$narration,0,1,'Image Results',$encounter_provider,'','New',''); + setGpRelation(1, $doc_id, 6, $noteid); +} + } ?> diff --git a/images/loading.gif b/images/loading.gif new file mode 100644 index 0000000000000000000000000000000000000000..6bdefde949d1aa49916541bd585dc0d95fa9d50d GIT binary patch literal 878 zcwTe&bhEHb6k!ly*v!H3qm1GIWTRtA3_D{O7W*;0s$jU9#qhsh?EnA&4A_9;e{Mh5 zkYH!W09PYD17=2$&`%atE(Q(;9gsZ8SO%70fs>xA_jU-J+4}6VfycczmV>HYOF9=_ zvkJ?XIxoiaZi>Q(_QOY>GqW}eJ?bwOQJe0j-k)xez|i2mHS1uKZnXBIfC&|w6AWkO zxHVsU`m#lLx;v6Rj0}tnLO{sC;wNxY^Y{Xb=-Dd;uBr*Le5-xvG3_#ElJ@O=k~i

Y=z-fHC|>^D`Ep52s@%#!EiuV0B!{zJCRoOE(BVUsd-h6lL^%dS%wFf4bZG; zKium8w}Oe0NGrTSR%kL@Rg+{xwc>8!gUJeLRx}>SHGo^e!9t`JjG%yeX?aymloc(Y z1RhLIM6-hBkgo#V3N~gUtvC-3D2}UYj0|W2<@g{t5Y39_gJ%=qRD1!&W3}{v`9b6j#w}OWa-3n^}8OctW literal 0 HcwPel00001 diff --git a/interface/logview/logview.php b/interface/logview/logview.php index cdab91ee6..1d5d74bc8 100644 --- a/interface/logview/logview.php +++ b/interface/logview/logview.php @@ -124,7 +124,9 @@ $get_edate=$end_date ? $end_date : date("Y-m-d H:i:s"); + @@ -253,6 +255,14 @@ $check_sum = formData('check_sum','G'); > [] +
+
+'> +
+ +
@@ -263,16 +273,17 @@ $check_sum = formData('check_sum','G'); - - - - - - - - + + + + + + + + + - + $get_sdate,'edate' => $get_edate, 'user' => $form_user, 'patient' => $form_pid, 'sortby' => $_GET['sortby'], 'levent' =>$gev, 'tevent' =>$tevent))) { +if ($ret = getEvents(array('sdate' => $get_sdate,'edate' => $get_edate, 'user' => $form_user, 'patient' => $form_pid, 'sortby' => $_GET['sortby'], 'levent' =>$gev, 'tevent' =>$tevent,'direction' => $_GET['direction']))) { foreach ($ret as $iter) { @@ -325,6 +336,7 @@ if ($ret = getEvents(array('sdate' => $get_sdate,'edate' => $get_edate, 'user' = + @@ -350,6 +362,7 @@ foreach ($ret as $iter) { + @@ -387,22 +400,63 @@ $(document).ready(function(){ $(".oneresult").mouseout(function() { $(this).toggleClass("highlight"); $(this).children().toggleClass("highlight"); }); // click-able column headers to sort the list - $("#sortby_date").click(function() { $("#sortby").val("date"); $("#theform").submit(); }); - $("#sortby_event").click(function() { $("#sortby").val("event"); $("#theform").submit(); }); - $("#sortby_user").click(function() { $("#sortby").val("user"); $("#theform").submit(); }); - $("#sortby_cuser").click(function() { $("#sortby").val("user"); $("#theform").submit(); }); - $("#sortby_group").click(function() { $("#sortby").val("groupname"); $("#theform").submit(); }); - $("#sortby_pid").click(function() { $("#sortby").val("patient_id"); $("#theform").submit(); }); - $("#sortby_success").click(function() { $("#sortby").val("success"); $("#theform").submit(); }); - $("#sortby_comments").click(function() { $("#sortby").val("comments"); $("#theform").submit(); }); - $("#sortby_checksum").click(function() { $("#sortby").val("checksum"); $("#theform").submit(); }); + $('.sortby') + $("#sortby_date").click(function() { set_sort_direction(); $("#sortby").val("date"); $("#theform").submit(); }); + $("#sortby_event").click(function() { set_sort_direction(); $("#sortby").val("event"); $("#theform").submit(); }); + $("#sortby_category").click(function() { set_sort_direction(); $("#sortby").val("category"); $("#theform").submit(); }); + $("#sortby_user").click(function() { set_sort_direction(); $("#sortby").val("user"); $("#theform").submit(); }); + $("#sortby_cuser").click(function() { set_sort_direction(); $("#sortby").val("user"); $("#theform").submit(); }); + $("#sortby_group").click(function() { set_sort_direction(); $("#sortby").val("groupname"); $("#theform").submit(); }); + $("#sortby_pid").click(function() { set_sort_direction(); $("#sortby").val("patient_id"); $("#theform").submit(); }); + $("#sortby_success").click(function() { set_sort_direction(); $("#sortby").val("success"); $("#theform").submit(); }); + $("#sortby_comments").click(function() { set_sort_direction(); $("#sortby").val("comments"); $("#theform").submit(); }); + $("#sortby_checksum").click(function() { set_sort_direction(); $("#sortby").val("checksum"); $("#theform").submit(); }); }); +function set_sort_direction(){ + if($('#direction').val() == 'asc') + $('#direction').val('desc'); + else + $('#direction').val('asc'); +} + + /* required for popup calendar */ Calendar.setup({inputField:"start_date", ifFormat:"%Y-%m-%d %H:%M:%S", button:"img_begin_date", showsTime:true}); Calendar.setup({inputField:"end_date", ifFormat:"%Y-%m-%d %H:%M:%S", button:"img_end_date", showsTime:true}); +function validatelog(){ + var img = document.getElementById('log_loading'); + var btn = document.getElementById('valid_button'); + if(img){ + if(img.style.display == "block"){ + return false; + } + img.style.display = "block"; + if(btn){btn.style.display = "none"} + } + $.ajax({ + url:"../../library/log_validation.php", + asynchronous : true, + method: "post", + success :function(response){ + if(img){ + img.style.display="none"; + if(btn){btn.style.display="block";} + } + alert(response); + }, + failure :function(){ + if(img){ + img.style.display="none"; + if(btn){btn.style.display="block";} + } + alert(''); + } + }); + +} diff --git a/interface/main/backup.php b/interface/main/backup.php index b006133ec..bb0c1ca99 100644 --- a/interface/main/backup.php +++ b/interface/main/backup.php @@ -536,6 +536,8 @@ $res=sqlStatement("create table if not exists log_comment_encrypt_new like log_c $res=sqlStatement("rename table log_comment_encrypt to log_comment_encrypt_backup,log_comment_encrypt_new to log_comment_encrypt"); $res=sqlStatement("create table if not exists log_new like log"); $res=sqlStatement("rename table log to log_backup,log_new to log"); +$res=sqlStatement("create table if not exists log_validator_new like log_validator"); +$res=sqlStatement("rename table log_validator to log_validator_backup, log_validator_new to log_validator"); echo "
"; $cmd = "$mysql_dump_cmd -u " . escapeshellarg($sqlconf["login"]) . " -p" . escapeshellarg($sqlconf["pass"]) . @@ -573,6 +575,8 @@ if ($cmd) { $res=sqlStatement("rename table log_comment_encrypt_backup to log_comment_encrypt"); $res=sqlStatement("drop table if exists log"); $res=sqlStatement("rename table log_backup to log"); + $res=sqlStatement("drop table if exists log_validator"); + $res=sqlStatement("rename table log_validator_backup to log_validator"); } die("\"$cmd\" returned $tmp2: $tmp0"); } @@ -580,6 +584,7 @@ if ($cmd) { if ($eventlog==1) { $res=sqlStatement("drop table if exists log_backup"); $res=sqlStatement("drop table if exists log_comment_encrypt_backup"); + $res=sqlStatement("drop table if exists log_validator_backup"); echo "
"; echo xl('Backup Successfully taken in')." "; echo $BACKUP_EVENTLOG_DIR; diff --git a/interface/main/backuplog.sh b/interface/main/backuplog.sh index 5a7174c93..d89bd5d8f 100644 --- a/interface/main/backuplog.sh +++ b/interface/main/backuplog.sh @@ -1,23 +1,28 @@ #/bin/bash # $1 - mysql user $2 mysql password $3 mysql Database $4 Log backup directory -# Create temp tables as that of Eventlog and log_comment_encrypt +# Create temp tables as that of Eventlog and log_comment_encrypt and log_validator mysql -u $1 -p$2 -D $3 -e "create table if not exists log_comment_encrypt_new like log_comment_encrypt" mysql -u $1 -p$2 -D $3 -e "create table if not exists log_new like log" +mysql -u $1 -p$2 -D $3 -e "create table if not exists log_validator_new like log_validator" # Rename the existing tables to backup & New tables to Event tables mysql -u $1 -p$2 -D $3 -e "rename table log_comment_encrypt to log_comment_encrypt_backup,log_comment_encrypt_new to log_comment_encrypt" mysql -u $1 -p$2 -D $3 -e "rename table log to log_backup,log_new to log" +mysql -u $1 -p$2 -D $3 -e "rename table log_validator to log_validator_backup,log_validator_new to log_validator" # Dump the Backup tables -mysqldump -u $1 -p$2 --opt --quote-names -r $4 $3 --tables log_comment_encrypt_backup log_backup +mysqldump -u $1 -p$2 --opt --quote-names -r $4 $3 --tables log_comment_encrypt_backup log_backup log_validator_backup if [ $? -eq 0 ] then # After Successful dumping, drop the Backup tables mysql -u $1 -p$2 -D $3 -e "drop table if exists log_comment_encrypt_backup" mysql -u $1 -p$2 -D $3 -e "drop table if exists log_backup" +mysql -u $1 -p$2 -D $3 -e "drop table if exists log_validator_backup" else # If dumping fails, then restore the previous state mysql -u $1 -p$2 -D $3 -e "drop table if exists log_comment_encrypt" mysql -u $1 -p$2 -D $3 -e "rename table log_comment_encrypt_backup to log_comment_encrypt" mysql -u $1 -p$2 -D $3 -e "drop table if exists log" mysql -u $1 -p$2 -D $3 -e "rename table log_backup to log" +mysql -u $1 -p$2 -D $3 -e "drop table if exists log_validator" +mysql -u $1 -p$2 -D $3 -e "rename table log_validator_backup to log_validator" fi diff --git a/interface/main/messages/messages.php b/interface/main/messages/messages.php index b2d728387..56e91c35d 100644 --- a/interface/main/messages/messages.php +++ b/interface/main/messages/messages.php @@ -235,7 +235,7 @@ echo " \n"; while ($gprow = sqlFetchArray($tmp)) { $d = new Document($gprow['id1']); - echo " "; + $enc_list = sqlStatement("SELECT fe.encounter,fe.date,openemr_postcalendar_categories.pc_catname FROM form_encounter AS fe ". + " left join openemr_postcalendar_categories on fe.pc_catid=openemr_postcalendar_categories.pc_catid WHERE fe.pid = ? order by fe.date desc", array($prow['pid'])); + $str_dob = htmlspecialchars(Xl("DOB:".$prow['DOB']." Age:".getPatientAge($prow['DOB']))); + $pname = $prow['fname']." ".$prow['lname']; + echo "get_id())).",'".addslashes(attr($pname))."',".addslashes(attr($prow['pid'])).",".addslashes(attr($prow['pubpid'])).",'".addslashes(attr($str_dob))."');\">"; echo text($d->get_url_file()); echo "\n"; } @@ -409,6 +410,35 @@ $(document).ready(function(){ $("#new_note").submit(); } }); + function gotoReport(doc_id,pname,pid,pubpid,str_dob){ + EncounterDateArray=new Array; + CalendarCategoryArray=new Array; + EncounterIdArray=new Array; + Count = 0; + 0 ){ + while($row = sqlFetchArray($enc_list)){ + ?> + EncounterIdArray[Count]=''; + EncounterDateArray[Count]=''; + CalendarCategoryArray[Count]=''; + Count++; + + $.ajax({ + type:'get', + url:'', + data:{set_pid: pid}, + async: false + }); + parent.left_nav.setPatient(pname,pid,pubpid,window.name,str_dob); + parent.left_nav.setPatientEncounter(EncounterIdArray,EncounterDateArray,CalendarCategoryArray); + var baseurl = ''; + var params = "&patient_id=" + pid + "&document_id=" + doc_id + "&"; + location.href = baseurl + params; + } // This is for callback by the find-patient popup. function setpatient(pid, lname, fname, dob) { var f = document.forms[0]; diff --git a/interface/orders/single_order_results.inc.php b/interface/orders/single_order_results.inc.php index 094a13b9a..29ae515f6 100644 --- a/interface/orders/single_order_results.inc.php +++ b/interface/orders/single_order_results.inc.php @@ -220,6 +220,18 @@ function generate_result_row(&$ctx, &$row, &$rrow, $priors_omitted=false) { echo ""; } echo "\n"; + $narrative_notes = sqlQuery("select group_concat(note SEPARATOR '\n') as notes from notes where foreign_id = ?",array($result_document_id)); + if(!empty($narrative_notes)){ + $nnotes = explode("\n",$narrative_notes['notes']); + $narrative_note_list = ''; + foreach($nnotes as $nnote){ + if($narrative_note_list == '') $narrative_note_list = 'Narrative Notes:'; + $narrative_note_list .= $nnote; + } + + if($narrative_note_list != ''){ if ($result_noteid) $result_noteid .= ', '; $result_noteid .= 1 + storeNote($narrative_note_list);} + } + } else { echo " + + + diff --git a/library/log.inc b/library/log.inc index 4be3fbccb..64a865305 100644 --- a/library/log.inc +++ b/library/log.inc @@ -7,6 +7,11 @@ function newEvent($event, $user, $groupname, $success, $comments="", $patient_id $adodb = $GLOBALS['adodb']['db']; $crt_user=isset($_SERVER['SSL_CLIENT_S_DN_CN']) ? $_SERVER['SSL_CLIENT_S_DN_CN'] : null; + $category = $event; + // Special case delete for lists table + if($event == 'delete') + $category = eventCategoryFinder($comments, $event, ''); + // deal with comments encryption, if turned on $encrypt_comment = 'No'; if (!empty($comments)) { @@ -25,13 +30,14 @@ function newEvent($event, $user, $groupname, $success, $comments="", $patient_id } $menuItemId = array_search($menu_item, $menuItems); - $sql = "insert into log ( date, event, user, patient_id, groupname, success, comments, - log_from, menu_item_id, crt_user, ccda_doc_id) values ( NOW(), ?, ?, ?, ?, ?, ?, ?, ?,?, ?)"; + $sql = "insert into log ( date, event,category, user, patient_id, groupname, success, comments, + log_from, menu_item_id, crt_user, ccda_doc_id) values ( NOW(), ?,'Patient Portal', ?, ?, ?, ?, ?, ?, ?,?, ?)"; $ret = sqlStatementNoLog($sql, array($event, $user, $patient_id, $groupname, $success, $comments,$log_from, $menuItemId,$crt_user, $ccda_doc_id)); } else { + /* More details added to the log */ - $sql = "insert into log ( date, event, user, groupname, success, comments, crt_user, patient_id) " . - "values ( NOW(), " . $adodb->qstr($event) . "," . $adodb->qstr($user) . + $sql = "insert into log ( date, event,category, user, groupname, success, comments, crt_user, patient_id) " . + "values ( NOW(), " . $adodb->qstr($event) . ",". $adodb->qstr($category) . "," . $adodb->qstr($user) . "," . $adodb->qstr($groupname) . "," . $adodb->qstr($success) . "," . $adodb->qstr($comments) ."," . $adodb->qstr($crt_user) ."," . $adodb->qstr($patient_id). ")"; @@ -78,7 +84,7 @@ function getEventByDate($date, $user="", $cols="DISTINCT date, event, user, grou function getEvents($params) { // parse the parameters - $cols = "DISTINCT date, event, user, groupname, patient_id, success, comments,checksum,crt_user, id "; + $cols = "DISTINCT date, event, category, user, groupname, patient_id, success, comments,checksum,crt_user, id "; if (isset($params['cols']) && $params['cols'] != "") $cols = $params['cols']; $date1 = date("Y-m-d H:i:s", time()); @@ -103,6 +109,9 @@ function getEvents($params) $tevent = ""; if (isset($params['tevent']) && $params['tevent'] != "") $tevent = $params['tevent']; + $direction = 'asc'; + if (isset($params['direction']) && $params['direction'] != "") $direction = $params['direction']; + $event = ""; if (isset($params['event']) && $params['event'] != "") $event = $params['event']; if ($event!=""){ @@ -110,12 +119,13 @@ function getEvents($params) if ($sortby == "groupname") $sortby = ""; //VicarePlus :: since there is no groupname in extended_log if ($sortby == "success") $sortby = ""; //VicarePlus :: since there is no success field in extended_log if ($sortby == "checksum") $sortby = ""; //VicarePlus :: since there is no checksum field in extended_log + if ($sortby == "category") $sortby = ""; //VicarePlus :: since there is no category field in extended_log $columns = "DISTINCT date, event, user, recipient,patient_id,description"; $sql = "SELECT $columns FROM extended_log WHERE date >= '$date1' AND date <= '$date2'"; if ($user != "") $sql .= " AND user LIKE '$user'"; if ($patient != "") $sql .= " AND patient_id LIKE '$patient'"; if ($levent != "") $sql .= " AND event LIKE '$levent%'"; - if ($sortby != "") $sql .= " ORDER BY ".$sortby." DESC "; // descending order + if ($sortby != "") $sql .= " ORDER BY ".$sortby." DESC"; // descending order $sql .= " LIMIT 5000"; } else @@ -126,7 +136,7 @@ function getEvents($params) if ($patient != "") $sql .= " AND patient_id LIKE '$patient'"; if ($levent != "") $sql .= " AND event LIKE '$levent%'"; if ($tevent != "") $sql .= " AND event LIKE '%$tevent'"; - if ($sortby != "") $sql .= " ORDER BY ".$sortby." DESC "; // descending order + if ($sortby != "") $sql .= " ORDER BY ".$sortby." ".escape_sort_order($direction); // descending order $sql .= " LIMIT 5000"; } $res = sqlStatement($sql); @@ -595,6 +605,7 @@ function auditSQLEvent($statement, $outcome, $binds=NULL) /* Determine the audit event based on the database tables */ $event = "other"; + $category = "other"; $tables = array("billing" => "patient-record", "claims" => "patient-record", "employer_data" => "patient-record", @@ -656,7 +667,11 @@ function auditSQLEvent($statement, $outcome, $binds=NULL) "gacl_axo_sections" => "security-administration", "gacl_groups_aro_map" => "security-administration", "gacl_groups_axo_map" => "security-administration", - "gacl_phpgacl" => "security-administration" + "gacl_phpgacl" => "security-administration", + "procedure_order" => "lab-order", + "procedure_order_code" => "lab-order", + "procedure_report" => "lab-results", + "procedure_result" => "lab-results" ); /* When searching for table names, truncate the SQL statement, @@ -688,10 +703,12 @@ function auditSQLEvent($statement, $outcome, $binds=NULL) foreach ($tables as $table => $value) { if (strpos($truncated_sql, $table) !== FALSE) { $event = $value; - break; + $category = eventCategoryFinder($comments, $event,$table); + break; } else if (strpos($truncated_sql, "form_") !== FALSE) { $event = "patient-record"; + $category = eventCategoryFinder($comments, $event,$table); break; } } @@ -749,10 +766,11 @@ function auditSQLEvent($statement, $outcome, $binds=NULL) $current_datetime = date("Y-m-d H:i:s"); $SSL_CLIENT_S_DN_CN=isset($_SERVER['SSL_CLIENT_S_DN_CN']) ? $_SERVER['SSL_CLIENT_S_DN_CN'] : ''; - $sql = "insert into log (date, event, user, groupname, comments, patient_id, success, checksum,crt_user) " . + $sql = "insert into log (date, event,category, user, groupname, comments, patient_id, success, checksum,crt_user) " . "values ( ". $adodb->qstr($current_datetime). ", ". $adodb->qstr($event) . ", " . + $adodb->qstr($category) . ", " . $adodb->qstr($user) . "," . $adodb->qstr($group) . "," . $adodb->qstr($comments) . "," . @@ -918,4 +936,48 @@ function logCommentEncryptData($log_id){ } return $encryptRow; } + +/** + * Function used to determine category of the event + * + */ +function eventCategoryFinder($sql,$event,$table){ + if($event == 'delete'){ + if(strpos($sql, "lists:") === 0){ + $fieldValues = explode("'",$sql); + if(in_array('medical_problem',$fieldValues) === TRUE) return 'Problem List'; + else if(in_array('medication',$fieldValues) === TRUE) return 'Medication'; + else if(in_array('allergy', $fieldValues) === TRUE) return 'Allergy'; + } + } + if($table == 'lists' || $table == 'lists_touch'){ + $trimSQL = stristr($sql, $table); + $fieldValues = explode("'",$trimSQL); + if(in_array('medical_problem',$fieldValues) === TRUE) return 'Problem List'; + else if(in_array('medication',$fieldValues) === TRUE) return 'Medication'; + else if(in_array('allergy', $fieldValues) === TRUE) return 'Allergy'; + } + else if($table == 'immunizations') return "Immunization"; + else if($table == 'form_vitals') return "Vitals"; + else if($table == 'history_data') return "Social and Family History"; + else if($table == 'forms' || $table == 'form_encounter' || strpos($table,'form_') === 0) return "Encounter Form"; + else if($table == 'insurance_data') return "Patient Insurance"; + else if($table == 'patient_data' || $table == 'employer_data') return "Patient Demographics"; + else if($table == 'payments' || $table == "billing" || $table == "claims") return "Billing"; + else if($table == 'pnotes') return "Clinical Mail"; + else if($table == 'prescriptions') return "Medication"; + else if($table == 'transactions'){ + $trimSQL = stristr($sql, "transactions"); + $fieldValues = explode("'",$trimSQL); + if(in_array("LBTref", $fieldValues)) return "Referral"; + else return $event; + } + else if($table == 'amendments' || $table == 'amendments_history') return "Amendments"; + else if($table == 'openemr_postcalendar_events') return "Scheduling"; + else if($table == 'procedure_order' || $table == 'procedure_order_code') return "Lab Order"; + else if($table == 'procedure_report' || $table == 'procedure_result') return "Lab Result"; + else if($event == 'security-administration') return "Security"; + + return $event; +} ?> diff --git a/library/log_validation.php b/library/log_validation.php new file mode 100644 index 000000000..a5644e13f --- /dev/null +++ b/library/log_validation.php @@ -0,0 +1,62 @@ + + * + * LICENSE: This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 3 + * of the License, or (at your option) any later version. + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * You should have received a copy of the GNU General Public License + * along with this program. If not, see ;. + * + * @package OpenEMR + * @author Visolve + * @link http://www.open-emr.org + */ + +$fake_register_globals=false; +$sanitize_all_escapes=true; + +require_once("../interface/globals.php"); +require_once("$srcdir/log.inc"); +require_once("$srcdir/formdata.inc.php"); +require_once("$srcdir/formatting.inc.php"); + + + $valid = true; + $errors = array(); + catch_logs(); + $sql = sqlStatement("select * from log_validator"); + while($row = sqlFetchArray($sql)){ + $logEntry = sqlQuery("select * from log where id = ?",array($row['log_id'])); + if(empty($logEntry)){ + $valid = false; + array_push($errors, xl("Following audit log entry number is missing") . ": " . $row['log_id']); + } + else if($row['log_checksum'] != $logEntry['checksum']){ + $valid = false; + array_push($errors, xl("Audit log tampering evident at entry number") . " " . $row['log_id']); + } + if(!$valid) break; + } + if($valid){ + echo "Audit Log Validated Successfully"; + } + else + { + echo "Audit Log validation failed(ERROR:: $errors[0])"; + } + + function catch_logs(){ + $sql = sqlStatement("select * from log where id not in(select log_id from log_validator) and checksum is NOT null and checksum != ''"); + while($row = sqlFetchArray($sql)){ + sqlInsert("INSERT into log_validator (log_id,log_checksum) VALUES(?,?)",array($row['id'],$row['checksum'])); + } + } +?> diff --git a/sql/4_2_2-to-5_0_0_upgrade.sql b/sql/4_2_2-to-5_0_0_upgrade.sql index 23073e8df..0af897b54 100644 --- a/sql/4_2_2-to-5_0_0_upgrade.sql +++ b/sql/4_2_2-to-5_0_0_upgrade.sql @@ -2137,3 +2137,20 @@ CREATE TABLE `product_registration` ( #IfNotRow2D list_options list_id Eye_Defaults_for_GENERAL option_id LADNEXA INSERT INTO `list_options` (`list_id`, `option_id`, `title`, `seq`, `is_default`, `option_value`, `mapping`, `notes`, `codes`, `toggle_setting_1`, `toggle_setting_2`, `activity`, `subtype`) VALUES ('Eye_Defaults_for_GENERAL', 'LADNEXA', 'normal lacrimal gland and orbit', 91, 0, 0, '', 'EXT', '', 0, 0, 0, ''); #EndIf + +#IfMissingColumn log category +ALTER TABLE `log` ADD `category` varchar(255) default NULL; +#EndIf + +-- Table to copy log contents for audit log tamper resistance check +#IfNotTable log_validator +CREATE TABLE `log_validator` ( + `log_id` bigint(20) NOT NULL, + `log_checksum` longtext, + PRIMARY KEY (`log_id`) +) ENGINE=InnoDB; + +-- Add Image Result note type for electronic indication - a12 +#IfNotRow2D list_options list_id note_type option_id Image Results + INSERT INTO `list_options` (`list_id`, `option_id`, `title`, `seq`,`is_default`) VALUES ('note_type', 'Image Results', 'Image Results', 30, 0); +#EndIf diff --git a/sql/database.sql b/sql/database.sql index 206818b69..184fe4d0b 100644 --- a/sql/database.sql +++ b/sql/database.sql @@ -3577,6 +3577,7 @@ INSERT INTO list_options ( list_id, option_id, title, seq, is_default ) VALUES ( INSERT INTO list_options ( list_id, option_id, title, seq, is_default ) VALUES ('note_type','Lab Results' ,'Lab Results', 15,0); INSERT INTO list_options ( list_id, option_id, title, seq, is_default ) VALUES ('note_type','New Orders' ,'New Orders', 20,0); INSERT INTO list_options ( list_id, option_id, title, seq, is_default ) VALUES ('note_type','Patient Reminders' ,'Patient Reminders', 25,0); +INSERT INTO list_options ( list_id, option_id, title, seq, is_default ) VALUES ('note_type','Image Results' ,'Image Results', 30,0); INSERT INTO list_options ( list_id, option_id, title, seq, is_default ) VALUES ('lists' ,'irnpool','Invoice Reference Number Pools', 1,0); INSERT INTO list_options ( list_id, option_id, title, seq, is_default, notes ) VALUES ('irnpool','main','Main',1,1,'000001'); @@ -4687,6 +4688,7 @@ CREATE TABLE `log` ( `id` bigint(20) NOT NULL auto_increment, `date` datetime default NULL, `event` varchar(255) default NULL, + `category` varchar(255) default NULL, `user` varchar(255) default NULL, `groupname` varchar(255) default NULL, `comments` longtext, @@ -9582,3 +9584,10 @@ CREATE TABLE `product_registration` ( PRIMARY KEY (`registration_id`) ) ENGINE=InnoDB; +-- Table to copy log contents for audit log tamper resistance check. +DROP TABLE IF EXISTS `log_validator`; +CREATE TABLE `log_validator` ( + `log_id` bigint(20) NOT NULL, + `log_checksum` longtext NULL, + PRIMARY KEY (`log_id`) +) ENGINE=InnoDB; -- 2.11.4.GIT
"; diff --git a/interface/patient_file/encounter/forms.php b/interface/patient_file/encounter/forms.php index 628397cd0..44bb54438 100644 --- a/interface/patient_file/encounter/forms.php +++ b/interface/patient_file/encounter/forms.php @@ -532,7 +532,10 @@ if ( $esign->isButtonViewable() ) { } ?>
- + + + + diff --git a/interface/reports/patient_list_creation.php b/interface/reports/patient_list_creation.php index d7eed16b9..6852ec782 100644 --- a/interface/reports/patient_list_creation.php +++ b/interface/reports/patient_list_creation.php @@ -189,7 +189,11 @@ $('#com_pref').show(); }); - + + function printForm(){ + var win = top.printLogPrint ? top : opener.top; + win.printLogPrint(window); + } @@ -273,6 +277,13 @@ 		+