function xl($constant,$mode='r',$prepend='',$append='') { // set language id if (!empty($_SESSION['language_choice'])) { $lang_id = $_SESSION['language_choice']; } else { $lang_id = 1; } if ($lang_id == 1 && !empty($GLOBALS['skip_english_translation'])) { // language id = 1, so no need to translate // -- remove comments $string = preg_replace('/\{\{.*\}\}/', '', $constant); } else { // TRANSLATE // first, clean lines // convert new lines to spaces and remove windows end of lines $patterns = array ('/\n/','/\r/'); $replace = array (' ',''); $constant = preg_replace($patterns, $replace, $constant); // second, attempt translation $sql="SELECT * FROM lang_definitions JOIN lang_constants ON " . "lang_definitions.cons_id = lang_constants.cons_id WHERE " . "lang_id=? AND constant_name = ? LIMIT 1"; $res = sqlStatementNoLog($sql,array($lang_id,$constant)); $row = SqlFetchArray($res); $string = $row['definition']; if ($string == '') { $string = "$constant"; } // remove dangerous characters and remove comments $patterns = array ('/\n/','/\r/','/"/',"/'/",'/\{\{.*\}\}/'); $replace = array (' ','','`','`',''); $string = preg_replace($patterns, $replace, $string); } $string = "$prepend" . "$string" . "$append"; if ($mode=='e') { echo $string; } else { return $string; } }
/** * Escape/sanitize a table name for a sql query.. * * This will escape/sanitize the table name for a sql query. It is done by whitelisting * all of the current tables in the openemr database. Note that if there is no match, then * it will die() and a error message will be sent to the screen and the error log. This * function should not be used for escaping tables outside the openemr database (should * use escape_identifier() function below for that scenario) * * @param string $s sql table name variable to be escaped/sanitized. * @return string Escaped table name variable. */ function escape_table_name($s) { $res = sqlStatementNoLog("SHOW TABLES"); $tables_array = array(); while ($row = sqlFetchArray($res)) { $keys_return = array_keys($row); $tables_array[] = $row[$keys_return[0]]; } // Now can escape(via whitelisting) the sql table name return escape_identifier($s, $tables_array, TRUE); }
function transmitCCD($ccd, $recipient, $requested_by, $xml_type = "CCD") { global $pid; //get patient name in Last_First format (used for CCDA filename) and //First Last for the message text. $patientData = getPatientPID(array("pid" => $pid)); if (empty($patientData[0]['lname'])) { $att_filename = ""; $patientName2 = ""; } else { //spaces are the argument delimiter for the phiMail API calls and must be removed $att_filename = " " . str_replace(" ", "_", $xml_type . "_" . $patientData[0]['lname'] . "_" . $patientData[0]['fname']) . ".xml"; $patientName2 = $patientData[0]['fname'] . " " . $patientData[0]['lname']; } $config_err = xl("Direct messaging is currently unavailable.") . " EC:"; if ($GLOBALS['phimail_enable'] == false) { return "{$config_err} 1"; } $fp = phimail_connect($err); if ($fp === false) { return "{$config_err} {$err}"; } $phimail_username = $GLOBALS['phimail_username']; $phimail_password = $GLOBALS['phimail_password']; $ret = phimail_write_expect_OK($fp, "AUTH {$phimail_username} {$phimail_password}\n"); if ($ret !== TRUE) { return "{$config_err} 4"; } $ret = phimail_write_expect_OK($fp, "TO {$recipient}\n"); if ($ret !== TRUE) { return xl("Delivery is not allowed to the specified Direct Address."); } $ret = fgets($fp, 1024); //ignore extra server data if ($requested_by == "patient") { $text_out = xl("Delivery of the attached clinical document was requested by the patient") . ($patientName2 == "" ? "." : ", " . $patientName2 . "."); } else { $text_out = xl("A clinical document is attached") . ($patientName2 == "" ? "." : " " . xl("for patient") . " " . $patientName2 . "."); } $text_len = strlen($text_out); phimail_write($fp, "TEXT {$text_len}\n"); $ret = @fgets($fp, 256); if ($ret != "BEGIN\n") { phimail_close($fp); return "{$config_err} 5"; } $ret = phimail_write_expect_OK($fp, $text_out); if ($ret !== TRUE) { return "{$config_err} 6"; } $ccd_out = $ccd->saveXml(); $ccd_len = strlen($ccd_out); phimail_write($fp, "ADD " . ($xml_type == "CCR" ? "CCR " : "CDA ") . $ccd_len . $att_filename . "\n"); $ret = fgets($fp, 256); if ($ret != "BEGIN\n") { phimail_close($fp); return "{$config_err} 7"; } $ret = phimail_write_expect_OK($fp, $ccd_out); if ($ret !== TRUE) { return "{$config_err} 8"; } phimail_write($fp, "SEND\n"); $ret = fgets($fp, 256); phimail_close($fp); if ($requested_by == "patient") { $reqBy = "portal-user"; $sql = "SELECT id FROM users WHERE username='******'"; if (($r = sqlStatementNoLog($sql)) === FALSE || ($u = sqlFetchArray($r)) === FALSE) { $reqID = 1; //default if we don't have a service user } else { $reqID = $u['id']; } } else { $reqBy = $_SESSION['authUser']; $reqID = $_SESSION['authUserID']; } if (substr($ret, 5) == "ERROR") { //log the failure newEvent("transmit-ccd", $reqBy, $_SESSION['authProvider'], 0, $ret, $pid); return xl("The message could not be sent at this time."); } /** * If we get here, the message was successfully sent and the return * value $ret is of the form "QUEUED recipient message-id" which * is suitable for logging. */ $msg_id = explode(" ", trim($ret), 4); if ($msg_id[0] != "QUEUED" || !isset($msg_id[2])) { //unexpected response $ret = "UNEXPECTED RESPONSE: " . $ret; newEvent("transmit-ccd", $reqBy, $_SESSION['authProvider'], 0, $ret, $pid); return xl("There was a problem sending the message."); } newEvent("transmit-" . $xml_type, $reqBy, $_SESSION['authProvider'], 1, $ret, $pid); $adodb = $GLOBALS['adodb']['db']; $sql = "INSERT INTO direct_message_log (msg_type,msg_id,sender,recipient,status,status_ts,patient_id,user_id) " . "VALUES ('S', ?, ?, ?, 'S', NOW(), ?, ?)"; $res = @sqlStatementNoLog($sql, array($msg_id[2], $phimail_username, $recipient, $pid, $reqID)); return "SUCCESS"; }
/** * Catch unexpected failures. * * if the global $service_name is still set, then a die() or exit() occurred during the execution * of that service's function call, and we did not complete the foreach loop properly, * so we need to reset the is_running flag for that service before quitting */ function background_shutdown() { global $service_name; if (isset($service_name)) { $sql = 'UPDATE background_services SET running = 0 WHERE name = ?'; $res = sqlStatementNoLog($sql, array($service_name)); } }
if (!$form_replace) { $tmp = sqlQuery("SELECT id FROM codes WHERE code_type = ? AND code = ? LIMIT 1", array($code_type_id, $code)); if ($tmp['id']) { sqlStatementNoLog("UPDATE codes SET code_text = ? WHERE code_type = ? AND code = ?", array($a[14], $code_type_id, $code)); ++$repcount; continue; } } sqlStatementNoLog("INSERT INTO codes SET code_type = ?, code = ?, code_text = ?, " . "fee = 0, units = 0", array($code_type_id, $code, $a[14])); ++$inscount; } // TBD: Clone/adapt the above for each new code type. } // Settings to drastically speed up import with InnoDB sqlStatementNoLog("COMMIT"); sqlStatementNoLog("SET autocommit=1"); fclose($eres); $zipin->close(); } echo "<p style='color:green'>" . xlt('LOAD SUCCESSFUL. Codes inserted') . ": {$inscount}, " . xlt('replaced') . ": {$repcount}" . "</p>\n"; } ?> <form method='post' action='load_codes.php' enctype='multipart/form-data' onsubmit='return top.restoreSession()'> <center> <p class='text'> <table border='1' cellpadding='4'> <tr bgcolor='#dddddd' class='dehead'> <td align='center' colspan='2'>
function transmitCCD($ccd, $recipient, $requested_by) { global $pid; $config_err = xl("Direct messaging is currently unavailable.") . " EC:"; if ($GLOBALS['phimail_enable'] == false) { return "{$config_err} 1"; } $phimail_server = @parse_url($GLOBALS['phimail_server_address']); $phimail_username = $GLOBALS['phimail_username']; $phimail_password = $GLOBALS['phimail_password']; switch ($phimail_server['scheme']) { case "http": $server = "tcp://" . $phimail_server['host']; break; case "https": $server = "ssl://" . $phimail_server['host']; break; default: return "{$config_err} 2"; } $fp = @fsockopen($server, $phimail_server['port']); if ($fp === false) { return "{$config_err} 3"; } @fwrite($fp, "AUTH {$phimail_username} {$phimail_password}\n"); fflush($fp); $ret = fgets($fp, 256); if ($ret != "OK\n") { fwrite($fp, "BYE\n"); fclose($fp); return "{$config_err} 4"; } fwrite($fp, "TO {$recipient}\n"); fflush($fp); $ret = fgets($fp, 256); if ($ret != "OK\n") { fwrite($fp, "BYE\n"); fclose($fp); return xl("Delivery is not currently permitted to the specified Direct Address."); } $ret = fgets($fp, 1024); //ignore extra server data if ($requested_by == "patient") { $text_out = xl("Delivery of the attached clinical document was requested by the patient."); } else { $text_out = xl("A clinical document is attached."); } $text_len = strlen($text_out); fwrite($fp, "TEXT {$text_len}\n"); fflush($fp); $ret = @fgets($fp, 256); if ($ret != "BEGIN\n") { fwrite($fp, "BYE\n"); fclose($fp); return "{$config_err} 5"; } fwrite($fp, $text_out); fflush($fp); $ret = @fgets($fp, 256); if ($ret != "OK\n") { fwrite($fp, "BYE\n"); fclose($fp); return "{$config_err} 6"; } $ccd_out = $ccd->saveXml(); $ccd_len = strlen($ccd_out); fwrite($fp, "CDA {$ccd_len}\n"); fflush($fp); $ret = fgets($fp, 256); if ($ret != "BEGIN\n") { fwrite($fp, "BYE\n"); fclose($fp); return "{$config_err} 7"; } fwrite($fp, $ccd_out); fflush($fp); $ret = fgets($fp, 256); if ($ret != "OK\n") { fwrite($fp, "BYE\n"); fclose($fp); return "{$config_err} 8"; } fwrite($fp, "SEND\n"); fflush($fp); $ret = fgets($fp, 256); fwrite($fp, "BYE\n"); fclose($fp); if ($requested_by == "patient") { $reqBy = "portal-user"; $sql = "SELECT id FROM users WHERE username='******'"; if (($r = sqlStatementNoLog($sql)) === FALSE || ($u = sqlFetchArray($r)) === FALSE) { $reqID = 1; //default if we don't have a service user } else { $reqID = $u['id']; } } else { $reqBy = $_SESSION['authUser']; $reqID = $_SESSION['authUserID']; } if (substr($ret, 5) == "ERROR") { //log the failure newEvent("transmit-ccd", $reqBy, $_SESSION['authProvider'], 0, $ret, $pid); return xl("The message could not be sent at this time."); } /** * If we get here, the message was successfully sent and the return * value $ret is of the form "QUEUED recipient message-id" which * is suitable for logging. */ $msg_id = explode(" ", trim($ret), 4); if ($msg_id[0] != "QUEUED" || !isset($msg_id[2])) { //unexpected response $ret = "UNEXPECTED RESPONSE: " . $ret; newEvent("transmit-ccd", $reqBy, $_SESSION['authProvider'], 0, $ret, $pid); return xl("There was a problem sending the message."); } newEvent("transmit-ccd", $reqBy, $_SESSION['authProvider'], 1, $ret, $pid); $adodb = $GLOBALS['adodb']['db']; $sql = "INSERT INTO direct_message_log (msg_type,msg_id,sender,recipient,status,status_ts,patient_id,user_id) " . "VALUES ('S', ?, ?, ?, 'S', NOW(), ?, ?)"; $res = @sqlStatementNoLog($sql, array($msg_id[2], $phimail_username, $recipient, $pid, $reqID)); return "SUCCESS"; }