function MainMenuAppointments() { if (!freemed::acl('schedule', 'view')) { return false; } // Decide if this user is a physician or not... if (!is_object($GLOBALS['this_user'])) { $GLOBALS['this_user'] = CreateObject('org.freemedsoftware.core.User'); } if ($GLOBALS['this_user']->isPhysician()) { // If physician, give links to daily and weekly // schedules, as well as a total of appointments // Get day that is one week from today $begin_date = date("Y-m-d"); $end_date = $begin_date; for ($day = 1; $day < 7; $day++) { $end_date = freemed_get_date_next($end_date); } // Figure out appointments for today $day_count = $GLOBALS['sql']->queryOne("SELECT COUNT(*) AS day_count FROM scheduler WHERE " . "caldateof='" . $begin_date . "' AND " . "calphysician='" . $GLOBALS['this_user']->getPhysician() . "'"); // Figure out appointments for this week $week_count = $GLOBALS['sql']->queryOne("SELECT COUNT(*) AS week_count FROM scheduler WHERE " . "caldateof >= '" . $begin_date . "' AND " . "caldateof <= '" . $end_date . "' AND " . "calphysician='" . $GLOBALS['this_user']->getPhysician() . "'"); return array(__("Patient Scheduler"), sprintf(__("You have %s%d appointment(s) today%s and %s%d appointment(s) this week%s."), "<a href=\"physician_day_view.php?physician=" . urlencode($GLOBALS['this_user']->getPhysician()) . "\">", $day_count, "</a>", "<a href=\"physician_week_view.php?physician=" . urlencode($GLOBALS['this_user']->getPhysician()) . "\">", $week_count, "</a>"), "img/calendar_icon.png"); } else { // If not a physician, give number of appointments // for the current facility if there is one $day_count = $GLOBALS['sql']->query("SELECT COUNT(*) AS day_count FROM scheduler WHERE " . "caldateof = '" . date('Y-m-d') . "' " . (HTTP_Session2::get('default_facility') ? "AND calfacility='" . addslashes(HTTP_Session2::get('default_facility')) . "' " : "")); // Figure out appointments for this week return array(__("Patient Scheduler"), sprintf(__("There are %s appointments scheduled for today."), "<b>{$day_count}</b>"), "img/calendar_icon.png"); } }
public function GetDefaultFacility() { if (HTTP_Session2::get('facility_id')) { $defaultDFacility['id'] = HTTP_Session2::get('facility_id') . ""; $defaultDFacility['facility'] = $this->get_field(HTTP_Session2::get('facility_id'), 'psrname'); return $defaultDFacility; } }
public function getStationsByType($type) { switch ($type) { case 'dosing': case 'label': case 'signature': case 'vitals': $c = $type . "_enabled = 1"; break; default: return NULL; break; } $q = "SELECT id AS Id, location AS ds_location, name as D_name from shimstation WHERE {$c} AND facility=" . (int) HTTP_Session2::get('facility_id') . " AND ip='" . $_SERVER['REMOTE_ADDR'] . "';"; syslog(LOG_INFO, $q); return $GLOBALS['sql']->queryAll($q); }
protected function add_post($id, $data) { if ($data['pnotesbillable'] != '') { $q = "SELECT id,covtype from coverage WHERE covpatient = " . $GLOBALS['sql']->quote($data['pnotespat']) . " AND covstatus =1 ORDER BY covtype ASC LIMIT 1"; $cov = $GLOBALS['sql']->queryRow($q); //return $cov['id']+0; if (function_exists('json_decode')) { $pnotesbillables = json_decode($data['pnotesbillable']); } else { $json = CreateObject('net.php.pear.Services_JSON'); $pnotesbillables = $json->decode($data['pnotesbillable']); } foreach ($pnotesbillables as $k => $v) { foreach ($v as $key => $val) { if ($key == 'proccode') { $proccode = $val; } else { if ($key == 'diagcode') { $diagcode = $val; } } } //return $proccode.":".$diagcode; $proc = CreateObject('org.freemedsoftware.module.ProcedureModule'); $fee = $proc->CalculateCharge($cov, 1, $proccode, $data['pnotesdoc'], $data['pnotespat']); $proc_data = array("procpatient" => $data['pnotespat'], "procphysician" => $data['pnotesdoc'], "procdiag1" => $diagcode, "proccpt" => $proccode, "procunits" => "1", "procpos" => HTTP_Session2::get('facility_id'), "proccharges" => $fee, "procbalorig" => $fee, "procbalcurrent" => $fee, "proccurcovid" => $cov['id'] + 0, "proccurcovtp" => $cov['covtype'] + 0, "procbillable" => "1", "procdt" => $data['pnotesdt']); if ($cov['covtype'] + 0 == 1) { $proc_data['proccov1'] = $cov['id']; } else { if ($cov['covtype'] + 0 == 2) { $proc_data['proccov2'] = $cov['id']; } else { if ($cov['covtype'] + 0 == 3) { $proc_data['proccov3'] = $cov['id']; } else { if ($cov['covtype'] + 0 == 4) { $proc_data['proccov4'] = $cov['id']; } } } } $proc->add($proc_data); } } }
function IsValid($credentials) { syslog(LOG_INFO, "isvalid"); if (!isset($credentials['username'])) { return false; } // Find this user $r = $GLOBALS['sql']->queryRow("SELECT * FROM user " . "WHERE username = '******'username']) . "'"); // If the user isn't found, false if (!$r['id']) { return false; } if (LOGLEVEL < 1 || (LOG_HIPAA || LOG_LOGIN)) { syslog(LOG_INFO, "FreeMED.Authentication_Basic| verify_auth login attempt {$user} "); } $db_pass = $r['userpassword']; // Check password if ($credentials['password'] == $r['userpassword']) { // Set session vars unset($r['userpassword']); HTTP_Session2::set('authdata', array("username" => $credentials['username'], "user" => $r['id'], "user_record" => $r)); // Set ipaddr for SESSION_PROTECTION HTTP_Session2::set('ipaddr', $_SERVER['REMOTE_ADDR']); // Authorize if (LOGLEVEL < 1 || LOG_ERRORS || (LOG_HIPAA || LOG_LOGIN)) { syslog(LOG_INFO, "FreeMED.Authentication_Basic| verify_auth successful login"); } $log = freemed::log_object(); $log->SystemLog(LOG__SECURITY, 'Authentication', get_class($this), "Successfully logged in"); return true; } else { // check password // Failed password check HTTP_Session2::set('authdata', null); HTTP_Session2::set('ipaddr', null); if (LOGLEVEL < 1 || LOG_ERRORS || (LOG_HIPAA || LOG_LOGIN)) { syslog(LOG_INFO, "FreeMED.Authentication_Basic| verify_auth failed login"); } $log = freemed::log_object(); $log->SystemLog(LOG__SECURITY, 'Authentication', get_class($this), "Failed login"); return false; } // end check password }
// the Free Software Foundation; either version 2 of the License, or // (at your option) any later version. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the // GNU General Public License for more details. // // You should have received a copy of the GNU General Public License // along with this program; if not, write to the Free Software // Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. include_once dirname(__FILE__) . '/php-gettext/gettext.inc'; include_once dirname(__FILE__) . '/iso-set.php'; if (!defined('SESSION_DISABLE')) { LoadObjectDependency('net.php.pear.HTTP_Session2'); $lang = HTTP_Session2::get('language', DEFAULT_LANGUAGE); } else { $lang = DEFAULT_LANGUAGE; } $locale_dir = dirname(dirname(__FILE__)) . '/locale'; $__domains = array('freemed', UI); _setlocale(LC_MESSAGES, $lang); $GLOBALS['ISOSET'] = language2isoset($lang); foreach ($__domains as $_v) { _bindtextdomain($_v, $locale_dir); _bind_textdomain_codeset($_v, language2isoset($lang)); _textdomain($_v); } function get_translation_matrix($domain) { global $default_domain;
function menu_notify() { // Check to see if we're the person who is supposed to be // notified. If not, die out right now. $supposed = freemed::config_value('uffax_user'); $authdata = HTTP_Session2::get('authdata'); if (!(strpos($supposed, ',') === false)) { // Handle array $found = false; foreach (explode(',', $supposed) as $s) { if ($s == $authdata['user']) { $found = true; } } if (!$found) { return false; } } else { if ($supposed > 0 and $supposed != $authdata['user']) { return false; } } // Decide if we have any "unfiled documents" in the system $query = "SELECT COUNT(*) AS unfiled FROM " . $this->table_name; $unfiled = $GLOBALS['sql']->queryOne($query); if ($unfiled > 0) { return array(sprintf(__("You have %d unfiled documents"), $unfiled), "module_loader.php?module=" . urlencode(get_class($this)) . "&action=display"); } else { // For now, we're just going to return nothing so that // the box doesn't show up return false; } }
/** * Replicate session data to specified target * * @param string $target Target to replicate to * @param string $id Id of record to replicate, * if not specified current session id will be used * * @return boolean */ public function replicate($target, $id = null) { if (is_null($id)) { $id = HTTP_Session2::id(); } // Check if table row already exists $query = sprintf("SELECT COUNT(id) FROM %s WHERE id = %s", $target, $this->_db->quoteSmart(md5($id))); $result = $this->_db->getOne($query); if (DB::isError($result)) { new DB_Error($result->code, PEAR_ERROR_DIE); return false; } // Insert new row into target table if (0 == intval($result)) { $query = "INSERT INTO {$target} SELECT * FROM"; $query .= " " . $this->options['table']; $query .= " WHERE id = " . $this->_db->quoteSmart(md5($id)); } else { // Update existing row $query = "UPDATE {$target} dst,"; $query .= " " . $this->options['table']; $query .= " src SET dst.expiry = src.expiry,"; $query .= " dst.data = src.data"; $query .= " WHERE dst.id = src.id"; $query .= " AND src.id = " . $this->_db->quoteSmart(md5($id)); } $result = $this->_db->query($query); if (DB::isError($result)) { new DB_Error($result->code, PEAR_ERROR_DIE); return false; } return true; }
/** * Perform a vote action * * Runs the 'vote_template' template to get a confirmation on the vote and * adds the vote if confirmed. * * @param int $id The poll id * @param int $answer The answer id * @return bool true on success or false on errors */ protected function actionVote($id, $answer) { $expiration = @HTTP_Session2::get($this->id . '.expiration'); $voting = @HTTP_Session2::get($this->id . '.voting'); if ($voting && time() < $expiration) { TIP::notifyError('double'); return false; } if (is_null($row =& $this->fromRow($id, false))) { return false; } if (is_null($answer_label = $this->getField('answer' . $answer))) { TIP::notifyError('wrongparams'); $this->endView(); return false; } if (@TIP::getGet('process', 'int') == 1) { if (!$voting) { TIP::notifyError('nocookies'); $this->endView(); return false; } $old_row = $row; ++$row['votes' . $answer]; $this->_onDataRow($row); $this->data->updateRow($row, $old_row); HTTP_Session2::set($this->id . '.voting', false); HTTP_Session2::set($this->id . '.expiration', strtotime($this->expiration)); $this->appendToPage($this->view_template); } else { HTTP_Session2::set($this->id . '.voting', true); $this->appendToPage($this->vote_template); } $this->endView(); return true; }
/** * Sets user-defined session storage functions * * Sets the user-defined session storage functions which are used * for storing and retrieving data associated with a session. * This is most useful when a storage method other than * those supplied by PHP sessions is preferred. * i.e. Storing the session data in a local database. * * @param string $container Name of the container (e.g. DB, MDB, ...). * @param array $container_options Options, most likely an array. * * @return void * @see session_set_save_handler() */ static function setContainer($container, $container_options = null) { $container_class = 'HTTP_Session2_Container_' . $container; $container_classfile = 'HTTP/Session2/Container/' . $container . '.php'; if (!class_exists($container_class)) { include_once $container_classfile; } if (!class_exists($container_class)) { throw new HTTP_Session2_Exception("Container class, {$container_class}, does not exist", self::ERR_UNKNOWN_CONTAINER); } self::$container = new $container_class($container_options); self::$container->set(); }
private function _validate() { if ($this->action == TIP_FORM_ACTION_DELETE || $this->action == TIP_FORM_ACTION_CUSTOM) { // Special case: GET driven form $this->_form->freeze(); return TIP::getGet('process', 'int') == 1; } // Add element and form rules isset($this->validator) && $this->_form->addFormRule($this->validator); foreach (array_keys($this->fields) as $id) { if ($this->_form->elementExists($id)) { $this->_addGuessedRules($id); $this->_addCustomRules($id); } } $stage_id = $this->id . '.stage'; $last_stage = HTTP_Session2::get($stage_id); if (!$this->_form->isSubmitted() || isset($last_stage) && $last_stage < $this->_stage) { HTTP_Session2::set($stage_id, $this->_stage); $valid = false; } elseif (is_null($last_stage)) { // No last stage defined TIP::notifyError('double'); $valid = null; } else { // Validation $this->_form->applyFilter('__ALL__', array('TIP', 'extendedTrim')); $valid = $this->_form->validate(); } // Perform uploads (if needed) if (is_callable(array('HTML_QuickForm_attachment', 'doUploads'))) { HTML_QuickForm_attachment::doUploads($this->_form); } return $valid; }
function ValidSession() { // Associate "SESSION" with proper session variable $PHP_SELF = $_SERVER['PHP_SELF']; // Check for authdata array if (is_array(HTTP_Session2::get('authdata'))) { // Check to see if ipaddr is set or not... if (!SESSION_PROTECTION) { return true; } else { if (!empty(HTTP_Session2::get('ipaddr'))) { if (HTTP_Session2::get('ipaddr') == $_SERVER['REMOTE_ADDR']) { // We're already authorized return true; } else { // IP address has changed, ERROR HTTP_Session2::set('ipaddr', null); syslog(LOG_INFO, "Authentication Layer| IP address changed for session"); return false; } // end checking ipaddr } else { // Force check if no ip address is present. This // should get around null IPs getting set by // accident without compromising security. return false; } // end if isset ipaddr } // end checking for SESSION_PROTECTION } // end checking for authdata in session // If all else fails, return false return false; }
/** * Check if the picture is contained by the specified bounding box * * @param array $value Value as returned by HTML_QuickForm_captcha::getValue() * @return bool true if the captcha matches, false otherwise * @access public */ function _ruleCaptcha($value) { $old = HTTP_Session2::get('_HTML_QuickForm_captcha'); return $value == $old; }
public static function check_access_for_patient($patient_number, $_user = 0) { if ($_user == 0) { // Grab authdata $_authdata = HTTP_Session2::get('authdata', array()); $user = $_authdata['user']; } else { $user = $_user; } //eventually logging should include different messages for all returns here... // Root has all access... if ($user == 1) { return true; } // Grab auth information from db $f_user = $GLOBALS['sql']->get_link('user', $user); // Get data records in question for the user $f_fac = $f_user["userfac"]; $f_phy = $f_user["userphy"]; $f_phygrp = $f_user["userphygrp"]; // Retrieve patient record $f_pat = $GLOBALS['sql']->get_link('patient', $patient_number); // check for universal access if (fm_value_in_string($f_fac, "-1") or fm_value_in_string($f_phy, "-1") or fm_value_in_string($f_phygrp, "-1")) { return true; } // Check for physician in any physician fields if ($f_pat["ptpcp"] > 0 and fm_value_in_string($f_phy, $f_pat["ptpcp"])) { return true; } if ($f_pat["ptphy1"] > 0 and fm_value_in_string($f_phy, $f_pat["ptphy1"])) { return true; } if ($f_pat["ptphy2"] > 0 and fm_value_in_string($f_phy, $f_pat["ptphy2"])) { return true; } if ($f_pat["ptphy3"] > 0 and fm_value_in_string($f_phy, $f_pat["ptphy3"])) { return true; } if ($f_pat["ptdoc"] > 0 and fm_value_in_string($f_phy, $f_pat["ptdoc"])) { return true; } // Default to false return false; }
public function SessionPopulate() { syslog(LOG_INFO, "SessionPopulate called"); if (!$this->LoggedIn()) { return false; } syslog(LOG_INFO, "SessionPopulate called, proceeding"); $u = freemed::user_cache(); // Pull user options $r = $u->local_record; $s = unserialize($r['usermanageopt']); if ($s) { $r['usermanageopt'] = $s; } $authdata = HTTP_Session2::get('authdata'); $authdata['user_record'] = $r; HTTP_Session2::set('authdata', $authdata); return true; }
/** * Replicate session data to specified target * * @param string $target The target (table) to replicate to. * @param string $id Id of record to replicate, * if not specified current session id will be used * * @return boolean * @throws HTTP_Session2_Exception To carry any MDB2 related error out. */ public function replicate($target, $id = null) { if ($id === null) { $id = HTTP_Session2::id(); } // Check if table row already exists $query = "SELECT COUNT(id) FROM {$target}"; $query .= " WHERE id = " . $this->db->quote(md5($id), 'text'); $result = $this->db->queryOne($query); if (MDB2::isError($result)) { throw new HTTP_Session2_Exception($result->getDebugInfo(), $result->getCode()); } // Insert new row into dest table if (0 == intval($result)) { $query = sprintf("INSERT INTO %s SELECT * FROM %s WHERE id = %s", $target, $this->options['table'], $this->db->quote(md5($id), 'text')); } else { // Update existing row $query = "UPDATE {$target} dst, " . $this->options['table']; $query .= " src SET dst.expiry = src.expiry,"; $query .= " dst.data = src.data"; $query .= " WHERE dst.id = src.id"; $query .= " AND src.id = " . $this->db->quote(md5($id), 'text'); } $result = $this->db->query($query); if (MDB2::isError($result)) { throw new HTTP_Session2_Exception($result->getDebugInfo(), $result->getCode()); } return true; }
protected function mod_pre(&$data) { $data['user'] = freemed::user_cache()->user_number; $data['facility'] = HTTP_Session2::get('facility_id'); }
/** * セッション破棄 * * @return void */ public function destroy() { HTTP_Session2::destroy(); }
/** * Logout the current user * * Performs the logout option for the current user. The row data of the * user to login must be present in the '_row' internal property. * * @return bool true on success or false on errors */ protected function logout() { require_once 'HTTP/Session2.php'; HTTP_Session2::destroy(); $this->_row = null; $this->_updateCookie(); $this->_refreshUser(); return true; }
/** * Start the session */ public static function startSession() { require_once 'HTTP/Session2.php'; $user_id = TIP::getUserId(); if ($user_id) { // For a logged in user, use the special TIP container HTTP_Session2::useCookies(false); HTTP_Session2::setContainer('TIP'); HTTP_Session2::start('TIP_Session', $user_id); } else { // For anonymous users, cookie with an automatic session id is used HTTP_Session2::useCookies(true); HTTP_Session2::start('TIP_Session'); } HTTP_Session2::setExpire(time() + 3600 * 4); if (HTTP_Session2::isExpired()) { HTTP_Session2::destroy(); TIP::notifyInfo('session'); } }
private function _startSession() { // Start the session TIP::startSession(); $this->_session_started = true; // Set $_referer $request = HTTP_Session2::get('request'); $referer = HTTP_Session2::get('referer'); if (is_null($request)) { // Entry page or new session: the referer is the main page $this->_referer = null; } elseif ($this->_request['uri'] == $referer['uri']) { // Current URI equals to the old referer URI: probably a back action $this->_referer = null; } elseif ($this->_request['module'] != $request['module'] || $this->_request['action'] != $request['action']) { // New action: the referer is the previous request $this->_referer = $request; } else { // Same action: leave the old referer $this->_referer = $referer; } if (!is_array($this->_referer)) { $this->_referer = array('uri' => TIP::getHome(), 'module' => null, 'action' => null); $this->_referer['action'] = null; } $this->keys['REFERER'] = $this->_referer['uri']; // Store request and referer HTTP_Session2::set('referer', $this->_referer); HTTP_Session2::set('request', $this->_request); // Profiler initialization in "admin" mode if ($this->keys['IS_ADMIN']) { require_once 'Benchmark/Profiler.php'; $GLOBALS['_tip_profiler'] = new Benchmark_Profiler(); $GLOBALS['_tip_profiler']->start(); } }
} //----- Gettext and language settings if (isset($_REQUEST['_l'])) { // Handle template language changes HTTP_Session2::set('language', $_REQUEST['_l']); } elseif (HTTP_Session2::get('language')) { // Pull from cookie (do nothing) } else { // Use the default HTTP_Session2::set('language', DEFAULT_LANGUAGE); } $GLOBALS['freemed']['__language'] = HTTP_Session2::get('language'); // Set default facility from parameter if it exists if (isset($_REQUEST['_f'])) { // Handle template language changes HTTP_Session2::set('default_facility', $_REQUEST['_f'] + 0); } // Load ACL routines if (!defined('SKIP_SQL_INIT')) { include_once dirname(__FILE__) . "/acl.php"; } } // *************************************************************** // Load Gettext routines include_once dirname(__FILE__) . "/i18n.php"; include_once dirname(__FILE__) . "/API.php"; // API functions include_once dirname(__FILE__) . "/macros.php"; // macros/contants //----- Create Log target openlog("freemed", LOG_PID | LOG_PERROR, LOG_LOCAL0);