From 6ce645a991a62474dd6e9ea7a9c05c4e469635d8 Mon Sep 17 00:00:00 2001 From: Sam Likins Date: Sat, 3 Sep 2016 18:57:23 -0400 Subject: [PATCH] General BUG cleanup to decrease time to save globals: (#212) * General BUG cleanup to decrease time to save globals: - Added missing $ to variables - Added array_key_exists to check arrays prior to attempted access - Removed trailing whitespace * Simplified boolean conditionals. --- interface/globals.php | 34 ++++++------- interface/super/edit_globals.php | 106 ++++++++++++++++++++------------------- library/log.inc | 99 ++++++++++++++++++------------------ 3 files changed, 121 insertions(+), 118 deletions(-) diff --git a/interface/globals.php b/interface/globals.php index 7baac2f89..85ea87007 100644 --- a/interface/globals.php +++ b/interface/globals.php @@ -42,7 +42,7 @@ if (isset($sanitize_all_escapes) && $sanitize_all_escapes) { $webserver_root = dirname(dirname(__FILE__)); if (IS_WINDOWS) { //convert windows path separators - $webserver_root = str_replace("\\","/",$webserver_root); + $webserver_root = str_replace("\\","/",$webserver_root); } // Collect the apache server document root (and convert to windows slashes, if needed) $server_document_root = realpath($_SERVER['DOCUMENT_ROOT']); @@ -121,7 +121,7 @@ require_once($GLOBALS['OE_SITE_DIR'] . "/config.php"); // to set the correct html encoding. utf8 vs iso-8859-1. If flag is set // then set to iso-8859-1. require_once(dirname(__FILE__) . "/../library/sqlconf.php"); -if (!$disable_utf8_flag) { +if (!$disable_utf8_flag) { ini_set('default_charset', 'utf-8'); $HTML_CHARSET = "UTF-8"; mb_internal_encoding('UTF-8'); @@ -155,7 +155,7 @@ $GLOBALS['incdir'] = $include_root; // Location of the login screen file $GLOBALS['login_screen'] = $GLOBALS['rootdir'] . "/login_screen.php"; -// Variable set for Eligibility Verification [EDI-271] path +// Variable set for Eligibility Verification [EDI-271] path $GLOBALS['edi_271_file_path'] = $GLOBALS['OE_SITE_DIR'] . "/edi/"; // Include the translation engine. This will also call sql.inc to @@ -226,7 +226,7 @@ if (!empty($glrow)) { $GLOBALS['language_menu_show'] = array(); $glres = sqlStatement("SELECT gl_name, gl_index, gl_value FROM globals " . "ORDER BY gl_name, gl_index"); - while ($glrow = sqlFetchArray($glres)) { + while ($glrow = sqlFetchArray($glres)) { $gl_name = $glrow['gl_name']; $gl_value = $glrow['gl_value']; // Adjust for user specific settings @@ -237,7 +237,7 @@ if (!empty($glrow)) { } } } - if ($gl_name == 'language_menu_other') { + if ($gl_name == 'language_menu_other') { $GLOBALS['language_menu_show'][] = $gl_value; } else if ($gl_name == 'css_header') { @@ -265,36 +265,36 @@ if (!empty($glrow)) { if ((count($GLOBALS['language_menu_show']) >= 1) || $GLOBALS['language_menu_showall']) { $GLOBALS['language_menu_login'] = true; } - - + + // Additional logic to override theme name. // For RTL languages we substitute the theme name with the name of RTL-adapted CSS file. $rtl_override = false; if( isset( $_SESSION['language_direction'] )) { - if( $_SESSION['language_direction'] == 'rtl' && + if( $_SESSION['language_direction'] == 'rtl' && !strpos($GLOBALS['css_header'], 'rtl') ) { // the $css_header_value is set above $rtl_override = true; } - } - - else { + } + + else { //$_SESSION['language_direction'] is not set, so will use the default language $default_lang_id = sqlQuery('SELECT lang_id FROM lang_languages WHERE lang_description = ?',array($GLOBALS['language_default'])); - + if ( getLanguageDir( $default_lang_id['lang_id'] ) === 'rtl' && !strpos($GLOBALS['css_header'], 'rtl')) { // @todo eliminate 1 SQL query $rtl_override = true; } } - + // change theme name, if the override file exists. if( $rtl_override ) { // the $css_header_value is set above $new_theme = 'rtl_' . $temp_css_theme_name; - // Check file existance + // Check file existance if( file_exists( $include_root.'/themes/'.$new_theme ) ) { $GLOBALS['css_header'] = $rootdir.'/themes/'.$new_theme; } else { @@ -304,7 +304,7 @@ if (!empty($glrow)) { } unset( $temp_css_theme_name, $new_theme,$rtl_override); // end of RTL section - + // // End of globals table processing. } @@ -408,10 +408,10 @@ $GLOBALS['backpic'] = $backpic; // 1 = send email message to given id for Emergency Login user activation, // else 0. -$GLOBALS['Emergency_Login_email'] = $GLOBALS['Emergency_Login_email_id'] ? 1 : 0; +$GLOBALS['Emergency_Login_email'] = empty($GLOBALS['Emergency_Login_email_id']) ? 0 : 1; //set include_de_identification to enable De-identification (currently de-identification works fine only with linux machines) -//Run de_identification_upgrade.php script to upgrade OpenEMR database to include procedures, +//Run de_identification_upgrade.php script to upgrade OpenEMR database to include procedures, //functions, tables for de-identification(Mysql root user and password is required for successful //execution of the de-identification upgrade script) $GLOBALS['include_de_identification']=0; diff --git a/interface/super/edit_globals.php b/interface/super/edit_globals.php index 43a4c113d..532ff11e3 100644 --- a/interface/super/edit_globals.php +++ b/interface/super/edit_globals.php @@ -34,24 +34,26 @@ require_once("$srcdir/user.inc"); require_once("$srcdir/classes/CouchDB.class.php"); require_once(dirname(__FILE__)."/../../myportal/soap_service/portal_connectivity.php"); -if ($_GET['mode'] != "user") { +$userMode = (array_key_exists('mode', $_GET) && $_GET['mode'] == 'user'); + +if (!$userMode) { // Check authorization. $thisauth = acl_check('admin', 'super'); if (!$thisauth) die(xlt('Not authorized')); } function checkCreateCDB(){ - $globalsres = sqlStatement("SELECT gl_name, gl_index, gl_value FROM globals WHERE gl_name IN + $globalsres = sqlStatement("SELECT gl_name, gl_index, gl_value FROM globals WHERE gl_name IN ('couchdb_host','couchdb_user','couchdb_pass','couchdb_port','couchdb_dbase','document_storage_method')"); $options = array(); while($globalsrow = sqlFetchArray($globalsres)){ $GLOBALS[$globalsrow['gl_name']] = $globalsrow['gl_value']; } $directory_created = false; - if($GLOBALS['document_storage_method'] != 0){ + if( !empty($GLOBALS['document_storage_method']) ) { // /documents/temp/ folder is required for CouchDB if(!is_dir($GLOBALS['OE_SITE_DIR'] . '/documents/temp/')){ - $directory_created = mkdir($GLOBALS['OE_SITE_DIR'] . '/documents/temp/',0777,true); + $directory_created = mkdir($GLOBALS['OE_SITE_DIR'] . '/documents/temp/',0777,true); if(!$directory_created){ echo htmlspecialchars( xl("Failed to create temporary folder. CouchDB will not work."),ENT_NOQUOTES); } @@ -101,10 +103,10 @@ function checkBackgroundServices(){ $GLOBALS[$globalsrow['gl_name']] = $globalsrow['gl_value']; } - //Set up phimail service - $phimail_active = $GLOBALS['phimail_enable'] ? '1' : '0'; - $phimail_interval = max(0,(int)$GLOBALS['phimail_interval']); - updateBackgroundService('phimail',$phimail_active,$phimail_interval); + //Set up phimail service + $phimail_active = empty($GLOBALS['phimail_enable']) ? '0' : '1'; + $phimail_interval = max(0, (int) $GLOBALS['phimail_interval']); + updateBackgroundService('phimail', $phimail_active, $phimail_interval); } ?> @@ -117,7 +119,7 @@ html_header_show(); // If we are saving user_specific globals. // -if ($_POST['form_save'] && $_GET['mode'] == "user") { +if (array_key_exists('form_save', $_POST) && $_POST['form_save'] && $userMode) { $i = 0; foreach ($GLOBALS_METADATA as $grpname => $grparr) { if (in_array($grpname, $USER_SPECIFIC_TABS)) { @@ -147,8 +149,8 @@ if ($_POST['form_save'] && $_GET['mode'] == "user") { echo ""; } -if ($_POST['form_download']) { - $client = portal_connection(); +if (array_key_exists('form_download', $_POST) && $_POST['form_download']) { + $client = portal_connection(); try { $response = $client->getPortalConnectionFiles($credentials); } @@ -160,22 +162,22 @@ if ($_POST['form_download']) { error_log('Exception Error'); error_log(var_dump(get_object_vars($e))); } - if($response['status'] == "1") {//WEBSERVICE RETURNED VALUE SUCCESSFULLY - $tmpfilename = realpath(sys_get_temp_dir())."/".date('YmdHis').".zip"; + if(array_key_exists('status', $response) && $response['status'] == "1") {//WEBSERVICE RETURNED VALUE SUCCESSFULLY + $tmpfilename = realpath(sys_get_temp_dir())."/".date('YmdHis').".zip"; $fp = fopen($tmpfilename,"wb"); fwrite($fp,base64_decode($response['value'])); fclose($fp); - $practice_filename = $response['file_name'];//practicename.zip - ob_clean(); + $practice_filename = $response['file_name'];//practicename.zip + ob_clean(); // Set headers header("Cache-Control: public"); header("Content-Description: File Transfer"); header("Content-Disposition: attachment; filename=".$practice_filename); header("Content-Type: application/zip"); - header("Content-Transfer-Encoding: binary"); + header("Content-Transfer-Encoding: binary"); // Read the file from disk - readfile($tmpfilename); - unlink($tmpfilename); + readfile($tmpfilename); + unlink($tmpfilename); exit; } else{//WEBSERVICE CALL FAILED AND RETURNED AN ERROR MESSAGE @@ -184,7 +186,7 @@ if ($_POST['form_download']) { - @@ -194,7 +196,7 @@ if ($_POST['form_download']) { // If we are saving main globals. // -if ($_POST['form_save'] && $_GET['mode'] != "user") { +if (array_key_exists('form_save', $_POST) && $_POST['form_save'] && !$userMode) { $force_off_enable_auditlog_encryption = true; // Need to force enable_auditlog_encryption off if the php mycrypt module // is not installed. @@ -210,7 +212,7 @@ if ($_POST['form_save'] && $_GET['mode'] != "user") { * Compare form values with old database values. * Only save if values differ. Improves speed. */ - + // Get all the globals from DB $old_globals = sqlGetAssoc( 'SELECT gl_name, gl_index, gl_value FROM `globals` ORDER BY gl_name, gl_index',false,true ); @@ -227,9 +229,9 @@ if ($_POST['form_save'] && $_GET['mode'] != "user") { if (!is_array($fldtype) && substr($fldtype, 0, 2) == 'm_') { if (isset($_POST["form_$i"])) { $fldindex = 0; - + sqlStatement("DELETE FROM globals WHERE gl_name = ?", array( $fldid ) ); - + foreach ($_POST["form_$i"] as $fldvalue) { $fldvalue = trim($fldvalue); sqlStatement('INSERT INTO `globals` ( gl_name, gl_index, gl_value ) VALUES ( ?,?,?)', array( $fldid, $fldindex, $fldvalue ) ); @@ -239,7 +241,7 @@ if ($_POST['form_save'] && $_GET['mode'] != "user") { } else { /* check value of single field. Don't update if the database holds the same value */ - if (isset($_POST["form_$i"])) { + if (isset($_POST["form_$i"])) { $fldvalue = trim($_POST["form_$i"]); } else { @@ -248,10 +250,10 @@ if ($_POST['form_save'] && $_GET['mode'] != "user") { if($fldtype=='pwd') $fldvalue = $fldvalue ? SHA1($fldvalue) : $fldvalueold; // TODO: salted passwords? // We rely on the fact that set of keys in globals.inc === set of keys in `globals` table! - - if( + + if( !isset( $old_globals[$fldid]) // if the key not found in database - update database - || + || ( isset($old_globals[$fldid]) && $old_globals[ $fldid ]['gl_value'] !== $fldvalue ) // if the value in database is different ) { // Need to force enable_auditlog_encryption off if the php mcrypt module @@ -310,7 +312,7 @@ if ($_POST['form_save'] && $_GET['mode'] != "user") { - + <?php echo xlt('User Settings'); ?> <?php echo xlt('Global Settings'); ?> @@ -328,11 +330,11 @@ input { font-size:10pt; } type: "POST", url: "/library/ajax/offsite_portal_ajax.php", data: { - action: 'check_file', + action: 'check_file', }, cache: false, success: function( message ) - { + { if(message == 'OK'){ document.getElementById('form_download').value = 1; document.getElementById('file_error_message').innerHTML = ''; @@ -341,7 +343,7 @@ input { font-size:10pt; } else{ document.getElementById('form_download').value = 0; document.getElementById('file_error_message').innerHTML = message; - return false; + return false; } } }); @@ -351,13 +353,13 @@ input { font-size:10pt; } - +
- +

@@ -367,7 +369,7 @@ input { font-size:10pt; } $grparr) { - if ( $_GET['mode'] != "user" || ($_GET['mode'] == "user" && in_array($grpname, $USER_SPECIFIC_TABS)) ) { + if ( !$userMode || in_array($grpname, $USER_SPECIFIC_TABS) ) { echo " " . xlt($grpname) . "\n"; @@ -381,13 +383,13 @@ foreach ($GLOBALS_METADATA as $grpname => $grparr) { $grparr) { - if ( $_GET['mode'] != "user" || ($_GET['mode'] == "user" && in_array($grpname, $USER_SPECIFIC_TABS)) ) { + if ( !$userMode || in_array($grpname, $USER_SPECIFIC_TABS) ) { echo "

\n"; echo " "; - if ($_GET['mode'] == "user") { + if ($userMode) { echo ""; echo ""; echo ""; @@ -398,7 +400,7 @@ foreach ($GLOBALS_METADATA as $grpname => $grparr) { } foreach ($grparr as $fldid => $fldarr) { - if ( $_GET['mode'] != "user" || ($_GET['mode'] == "user" && in_array($fldid, $USER_SPECIFIC_GLOBALS)) ) { + if ( !$userMode || in_array($fldid, $USER_SPECIFIC_GLOBALS) ) { list($fldname, $fldtype, $flddef, $flddesc) = $fldarr; // Most parameters will have a single value, but some will be arrays. @@ -414,7 +416,7 @@ foreach ($GLOBALS_METADATA as $grpname => $grparr) { // Collect user specific setting if mode set to user $userSetting = ""; $settingDefault = "checked='checked'"; - if ($_GET['mode'] == "user") { + if ($userMode) { $userSettingArray = sqlQuery("SELECT * FROM user_settings WHERE setting_user=? AND setting_label=?",array($_SESSION['authId'],"global:".$fldid)); $userSetting = $userSettingArray['setting_value']; $globalValue = $fldvalue; @@ -429,7 +431,7 @@ foreach ($GLOBALS_METADATA as $grpname => $grparr) { if (is_array($fldtype)) { echo " $grparr) { } else if ($fldtype == 'text') { - if ($_GET['mode'] == "user") { + if ($userMode) { $globalTitle = $globalValue; } echo " \n"; } else if ($fldtype == 'pwd') { - if ($_GET['mode'] == "user") { + if ($userMode) { $globalTitle = $globalValue; } echo " $grparr) { } else if ($fldtype == 'pass') { - if ($_GET['mode'] == "user") { + if ($userMode) { $globalTitle = $globalValue; } echo " $grparr) { } else if ($fldtype == 'color_code') { - if ($_GET['mode'] == "user") { + if ($userMode) { $globalTitle = $globalValue; } echo " $grparr) { } else if ($fldtype == 'css') { - if ($_GET['mode'] == "user") { + if ($userMode) { $globalTitle = $globalValue; } $themedir = "$webserver_root/interface/themes"; @@ -574,7 +576,7 @@ foreach ($GLOBALS_METADATA as $grpname => $grparr) { } else if ($fldtype == 'hour') { - if ($_GET['mode'] == "user") { + if ($userMode) { $globalTitle = $globalValue; } echo " \n"; } - if ($_GET['mode'] == "user") { + if ($userMode) { echo " \n"; echo "\n"; echo ""; @@ -603,12 +605,12 @@ foreach ($GLOBALS_METADATA as $grpname => $grparr) { } ++$i; } - if(trim(strtolower($fldid)) == 'portal_offsite_address_patient_link' && $GLOBALS['portal_offsite_enable'] && $GLOBALS['portal_offsite_providerid']){ + if( trim(strtolower($fldid)) == 'portal_offsite_address_patient_link' && !empty($GLOBALS['portal_offsite_enable']) && !empty($GLOBALS['portal_offsite_providerid']) ){ echo ""; echo ""; } - } - echo "
 " . htmlspecialchars( xl('User Specific Setting'), ENT_NOQUOTES) . "" . attr($globalTitle) . " 
\n"; + } + echo " \n"; echo "
\n"; } } @@ -631,7 +633,7 @@ $(document).ready(function(){ enable_modals(); // Use the counter ($i) to make the form user friendly for user-specific globals use - + $("#form_").change(function() { $("#toggle_").attr('checked',false); diff --git a/library/log.inc b/library/log.inc index 2b3648256..4be3fbccb 100644 --- a/library/log.inc +++ b/library/log.inc @@ -15,7 +15,7 @@ function newEvent($event, $user, $groupname, $success, $comments="", $patient_id $encrypt_comment = 'Yes'; } } - + if ($log_from == 'patient-portal') { $sqlMenuItems = "SELECT * FROM patient_portal_menu"; @@ -25,10 +25,10 @@ function newEvent($event, $user, $groupname, $success, $comments="", $patient_id } $menuItemId = array_search($menu_item, $menuItems); - $sql = "insert into log ( date, event, user, patient_id, groupname, success, comments, + $sql = "insert into log ( date, event, user, patient_id, groupname, success, comments, log_from, menu_item_id, crt_user, ccda_doc_id) values ( NOW(), ?, ?, ?, ?, ?, ?, ?, ?,?, ?)"; $ret = sqlStatementNoLog($sql, array($event, $user, $patient_id, $groupname, $success, $comments,$log_from, $menuItemId,$crt_user, $ccda_doc_id)); - } else { + } else { /* More details added to the log */ $sql = "insert into log ( date, event, user, groupname, success, comments, crt_user, patient_id) " . "values ( NOW(), " . $adodb->qstr($event) . "," . $adodb->qstr($user) . @@ -46,7 +46,7 @@ function newEvent($event, $user, $groupname, $success, $comments="", $patient_id $adodb->qstr($last_log_id) . "," . $adodb->qstr($encrypt_comment) . "," . "'')"; - sqlInsertClean_audit($encryptLogQry); + sqlInsertClean_audit($encryptLogQry); if(($patient_id=="NULL") || ($patient_id==null))$patient_id=0; @@ -75,7 +75,7 @@ function getEventByDate($date, $user="", $cols="DISTINCT date, event, user, grou * RETURNS: * array of results ******************/ -function getEvents($params) +function getEvents($params) { // parse the parameters $cols = "DISTINCT date, event, user, groupname, patient_id, success, comments,checksum,crt_user, id "; @@ -83,26 +83,26 @@ function getEvents($params) $date1 = date("Y-m-d H:i:s", time()); if (isset($params['sdate']) && $params['sdate'] != "") $date1= $params['sdate']; - + $date2 = date("Y-m-d H:i:s", time()); if (isset($params['edate']) && $params['edate'] != "") $date2= $params['edate']; - + $user = ""; if (isset($params['user']) && $params['user'] != "") $user= $params['user']; //VicarePlus :: For Generating log with patient id. $patient = ""; if (isset($params['patient']) && $params['patient'] != "") $patient= $params['patient']; - + $sortby = ""; if (isset($params['sortby']) && $params['sortby'] != "") $sortby = $params['sortby']; - + $levent = ""; if (isset($params['levent']) && $params['levent'] != "") $levent = $params['levent']; - + $tevent = ""; if (isset($params['tevent']) && $params['tevent'] != "") $tevent = $params['tevent']; - + $event = ""; if (isset($params['event']) && $params['event'] != "") $event = $params['event']; if ($event!=""){ @@ -182,7 +182,7 @@ function sql_checksum_of_modified_row($statement) }// if close } - else { + else { return ""; } } @@ -194,7 +194,7 @@ function sql_checksum_of_modified_row($statement) $offset = 3; $total = count($tokens); - /* Identifying the primary key column for the updated record */ + /* Identifying the primary key column for the updated record */ if ($table == "form_physical_exam") { $id = "forms_id"; } @@ -222,7 +222,7 @@ function sql_checksum_of_modified_row($statement) else { $id = "id"; } - + /* Identifying the primary key value for the updated record */ while ($offset < $total) { /* There are 4 possible ways that the id=123 can be parsed: @@ -255,7 +255,7 @@ function sql_checksum_of_modified_row($statement) if(is_numeric($tid)) $rid=$tid; break; - } + } $offset += 1; }//while ($offset < $total) }// else if ($tokens[0] == 'update' || $tokens[0] == 'UPDATE' ) @@ -263,7 +263,7 @@ function sql_checksum_of_modified_row($statement) if ($table == "" || $rid == "") { return ""; } - /* Framing sql statements for calculating checksum */ + /* Framing sql statements for calculating checksum */ if ($table == "form_physical_exam") { $sql = "select * from $table where forms_id = $rid"; } @@ -293,7 +293,7 @@ function sql_checksum_of_modified_row($statement) } // When this function is working perfectly, can then shift to the // sqlQueryNoLog() function. - $results = sqlQueryNoLogIgnoreError($sql); + $results = sqlQueryNoLogIgnoreError($sql); $column_values = ""; /* Concatenating the column values for the row inserted/updated */ if (is_array($results)) { @@ -374,7 +374,7 @@ function create_rfc3881_msg($user, $group, $event, $patient_id, $outcome, $comme } - + /* Variables used in ActiveParticipant section, which identifies * the IP address and application of the source and destination. @@ -499,9 +499,10 @@ function create_tls_conn($host, $port, $localcert, $cafile) { function send_atna_audit_msg($user, $group, $event, $patient_id, $outcome, $comments) { /* If no ATNA repository server is configured, return */ - if ($GLOBALS['atna_audit_host'] === null || $GLOBALS['atna_audit_host'] == "" || !($GLOBALS['enable_atna_audit'])) { + if (empty($GLOBALS['atna_audit_host']) || empty($GLOBALS['enable_atna_audit']) ) { return; } + $host = $GLOBALS['atna_audit_host']; $port = $GLOBALS['atna_audit_port']; $localcert = $GLOBALS['atna_audit_localcert']; @@ -625,7 +626,7 @@ function auditSQLEvent($statement, $outcome, $binds=NULL) "x12_partners" => "security-administration", "insurance_companies" => "security-administration", "codes" => "security-administration", - "registry" => "security-administration", + "registry" => "security-administration", "users" => "security-administration", "groups" => "security-administration", "openemr_postcalendar_events" => "scheduling", @@ -641,7 +642,7 @@ function auditSQLEvent($statement, $outcome, $binds=NULL) "gacl_aco_sections_seq" => "security-administration", "gacl_aco_seq" => "security-administration", "gacl_aro" => "security-administration", - "gacl_aro_groups" => "security-administration", + "gacl_aro_groups" => "security-administration", "gacl_aro_groups_id_seq" => "security-administration", "gacl_aro_groups_map" => "security-administration", "gacl_aro_map" => "security-administration", @@ -655,7 +656,7 @@ function auditSQLEvent($statement, $outcome, $binds=NULL) "gacl_axo_sections" => "security-administration", "gacl_groups_aro_map" => "security-administration", "gacl_groups_axo_map" => "security-administration", - "gacl_phpgacl" => "security-administration" + "gacl_phpgacl" => "security-administration" ); /* When searching for table names, truncate the SQL statement, @@ -696,7 +697,7 @@ function auditSQLEvent($statement, $outcome, $binds=NULL) } /* Avoid filling the audit log with trivial SELECT statements. - * Skip SELECTs from unknown tables. + * Skip SELECTs from unknown tables. * Skip SELECT count() statements. * Skip the SELECT made by the authCheckSession() function. */ @@ -719,48 +720,48 @@ function auditSQLEvent($statement, $outcome, $binds=NULL) } /* If query events are not enabled, don't log them */ - if (($querytype == "select") && !($GLOBALS['audit_events_query'])) - { + if (($querytype == "select") && !(array_key_exists('audit_events_query', $GLOBALS) && $GLOBALS['audit_events_query'])) + { if ((soundex($user) != soundex("emergency")) && (soundex($user) != soundex("breakglass"))) return; } - if (!($GLOBALS["audit_events_${event}"])) + if (!($GLOBALS["audit_events_${event}"])) { if ((soundex($user) != soundex("emergency")) && (soundex($user) != soundex("breakglass"))) return; } - + $event = $event . "-" . $querytype; $adodb = $GLOBALS['adodb']['db']; - + // ViSolve : Don't log sequences - to avoid the affect due to GenID calls if (strpos($comments, "sequences") !== FALSE) return; - + $encrypt_comment = 'No'; //July 1, 2014: Ensoftek: Check and encrypt audit logging - if ($GLOBALS["enable_auditlog_encryption"]) { + if (array_key_exists('enable_auditlog_encryption', $GLOBALS) && $GLOBALS["enable_auditlog_encryption"]) { $comments = aes256Encrypt($comments); $encrypt_comment = 'Yes'; } - + $current_datetime = date("Y-m-d H:i:s"); $SSL_CLIENT_S_DN_CN=isset($_SERVER['SSL_CLIENT_S_DN_CN']) ? $_SERVER['SSL_CLIENT_S_DN_CN'] : ''; $sql = "insert into log (date, event, user, groupname, comments, patient_id, success, checksum,crt_user) " . "values ( ". $adodb->qstr($current_datetime). ", ". $adodb->qstr($event) . ", " . - $adodb->qstr($user) . "," . + $adodb->qstr($user) . "," . $adodb->qstr($group) . "," . $adodb->qstr($comments) . "," . $adodb->qstr($pid) . "," . - $adodb->qstr($success) . "," . + $adodb->qstr($success) . "," . $adodb->qstr($checksum) . "," . $adodb->qstr($SSL_CLIENT_S_DN_CN) .")"; sqlInsertClean_audit($sql); - + $last_log_id = $GLOBALS['adodb']['db']->Insert_ID(); $checksumGenerate = ''; //July 1, 2014: Ensoftek: Record the encryption checksum in a secondary table(log_comment_encrypt) @@ -772,9 +773,9 @@ function auditSQLEvent($statement, $outcome, $binds=NULL) " VALUES ( ". $adodb->qstr($last_log_id) . "," . $adodb->qstr($encrypt_comment) . "," . - $adodb->qstr($checksumGenerate) .")"; + $adodb->qstr($checksumGenerate) .")"; sqlInsertClean_audit($encryptLogQry); - + send_atna_audit_msg($user, $group, $event, $pid, $success, $comments); //return $ret; } @@ -792,7 +793,7 @@ function auditSQLAuditTamper($enable) $adodb = $GLOBALS['adodb']['db']; - + if ($enable == "1") { $comments = "Audit Logging Enabled."; @@ -801,16 +802,16 @@ function auditSQLAuditTamper($enable) { $comments = "Audit Logging Disabled."; } - + $SSL_CLIENT_S_DN_CN=isset($_SERVER['SSL_CLIENT_S_DN_CN']) ? $_SERVER['SSL_CLIENT_S_DN_CN'] : ''; $sql = "insert into log (date, event, user, groupname, comments, patient_id, success, checksum,crt_user) " . - "values ( NOW(), " . + "values ( NOW(), " . $adodb->qstr($event) . ", " . - $adodb->qstr($user) . "," . + $adodb->qstr($user) . "," . $adodb->qstr($group) . "," . $adodb->qstr($comments) . "," . $adodb->qstr($pid) . "," . - $adodb->qstr($success) . "," . + $adodb->qstr($success) . "," . $adodb->qstr($checksum) . "," . $adodb->qstr($SSL_CLIENT_S_DN_CN) .")"; @@ -874,13 +875,13 @@ function aes256Encrypt($sValue){ base64_encode( mcrypt_encrypt( MCRYPT_RIJNDAEL_256, - $sSecretKey, $sValue, - MCRYPT_MODE_ECB, + $sSecretKey, $sValue, + MCRYPT_MODE_ECB, mcrypt_create_iv( mcrypt_get_iv_size( - MCRYPT_RIJNDAEL_256, + MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB - ), + ), MCRYPT_RAND) ) ), "\0" @@ -892,15 +893,15 @@ function aes256Decrypt($sValue){ $sSecretKey = pack('H*', "bcb04b7e103a0cd8b54763051cef08bc55abe029fdebae5e1d417e2ffb2a00a3"); return rtrim( mcrypt_decrypt( - MCRYPT_RIJNDAEL_256, - $sSecretKey, - base64_decode($sValue), + MCRYPT_RIJNDAEL_256, + $sSecretKey, + base64_decode($sValue), MCRYPT_MODE_ECB, mcrypt_create_iv( mcrypt_get_iv_size( MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB - ), + ), MCRYPT_RAND ) ), "\0" -- 2.11.4.GIT