public function setSessionByToken($token)
{
$s = json_decode(Crypt::decrypt($token));
$this->db->setSQL("SELECT s.id AS sid, s.uid AS uid, u.title, u.lname, u.fname, u.mname, u.email\n\t\t\t\t\t\t\t FROM users_sessions AS s\n\t\t\t\t\t\tLEFT JOIN users AS u ON s.uid = u.id\n\t\t\t\t\t\t\tWHERE s.id = '{$s->sid}' AND s.logout IS NULL");
$r = $this->db->fetchRecord(PDO::FETCH_ASSOC);
if (!empty($r)) {
$_SESSION['user']['name'] = $r['title'] . " " . $r['lname'] . ", " . $r['fname'] . " " . $r['mname'];
$_SESSION['user']['id'] = $r['uid'];
$_SESSION['user']['email'] = $r['email'];
$_SESSION['user']['site'] = $s->site;
$_SESSION['user']['auth'] = true;
return true;
} else {
return false;
}
}
/**
* Function: getPatientBalanceByPid
*/
public function getPatientBalanceByPid($pid)
{
// Declare all the variables that we are gone to use.
(array) ($balance_total = '');
$this->db->setSQL("SELECT SUM(amount) as balance FROM payment_transactions WHERE payer_id = '{$pid}'");
$balance_total = $this->db->fetchRecord();
return $balance_total['balance'];
}
public function deleteCptCode(stdClass $params)
{
$this->db->setSQL("SELECT status FROM encounter_codes_cpt WHERE id = '{$params->id}'");
$cpt = $this->db->fetchRecord();
if ($cpt['status'] == 0) {
$this->db->setSQL("DELETE FROM encounter_codes_cpt WHERE id ='{$params->id}'");
$this->db->execLog();
}
return array('totals' => 1, 'rows' => $params);
}
public function isPatientChartOutByPid($pid)
{
$this->db->setSQL("SELECT id, uid, pool_area_id FROM patient_out_chart WHERE pid = '{$pid}' AND chart_in_time IS NULL");
$chart = $this->db->fetchRecord();
if (empty($chart)) {
return false;
} else {
return $chart;
}
}
/**
* @param $newpassword
* @return mixed
*/
public function changePassword($newpassword)
{
$aes = $this->getAES();
$aesPwd = $aes->encrypt($newpassword);
$this->db->setSQL("SELECT password, pwd_history1 FROM users WHERE id='{$this->user_id}'");
$pwds = $this->db->fetchRecord();
$row['password'] = $aesPwd;
$row['pwd_history1'] = $pwds['password'];
$row['pwd_history2'] = $pwds['pwd_history1'];
$sql = $this->db->sqlBind($row, 'users', 'U', array('id' => $this->user_id));
$this->db->setSQL($sql);
$this->db->execLog();
return;
}
/**
* @param $item_id
* @return array
*/
private function getItemsOptions($item_id)
{
$foo = array();
$this->db->setSQL("Select options FROM forms_field_options WHERE field_id = '{$item_id}'");
$options = $this->db->fetchRecord();
$options = json_decode($options['options'], true);
foreach ($options as $option => $value) {
if ($option == 'allowBlank') {
$value = $value ? false : true;
}
$foo[$option] = $value;
}
return $foo;
}
function getItemsOptions($item_id)
{
$foo = array();
$this->db->setSQL("Select options FROM forms_field_options WHERE field_id = '{$item_id}'");
$options = $this->db->fetchRecord();
$options = json_decode($options['options'], true);
foreach ($options as $option => $value) {
$foo[$option] = $value;
if ($value == 'temp_f' || $value == 'temp_c' || $value == 'weight_lbs' || $value == 'weight_kg' || $value == 'height_cm' || $value == 'height_in' || $value == 'head_circumference_cm' || $value == 'head_circumference_in' || $value == 'waist_circumference_cm' || $value == 'waist_circumference_in') {
$foo['enableKeyEvents'] = true;
}
}
return $foo;
}
/**
* @param $role_key
* @return mixed
*/
private function getRoleNameByRoleKey($role_key)
{
$this->conn->setSQL("SELECT role_name FROM acl_roles WHERE role_key = '{$role_key}' LIMIT 1");
$row = $this->conn->fetchRecord(PDO::FETCH_ASSOC);
return $row['role_name'];
}
public function getEncounterReviewByEid($eid)
{
$this->db->setSQL("SELECT review_alcohol,\n review_smoke,\n review_pregnant\n \t FROM encounters\n \tWHERE eid = '{$eid}'");
return $this->db->fetchRecord();
}
public function getAllPatientData($pid)
{
$this->db->setSQL("SELECT * FROM patient_demographics WHERE pid = '{$pid}'");
return $this->db->fetchRecord(PDO::FETCH_ASSOC);
}
public function getMedicationNameByRXCUI($RXCUI)
{
$this->db->setSQL("SELECT STR\n\t\t FROM rxnconso\n\t\t WHERE RXCUI = '{$RXCUI}'\n\t\t GROUP BY RXCUI");
$rec = $this->db->fetchRecord(PDO::FETCH_ASSOC);
return $rec['STR'];
}
public function getBillingFacilities()
{
$this->db->setSQL("SELECT * FROM facility WHERE active = '1' AND billing_location = '1'");
return $this->db->fetchRecord(PDO::FETCH_ASSOC);
}
/**
* @param stdClass $params
* @return int
*/
public function login(stdClass $params)
{
//-------------------------------------------
// Check that the username do not pass
// the maximum limit of the field.
//
// NOTE:
// If this condition is met, the user did not
// use the logon form. Possible hack.
//-------------------------------------------
if (strlen($params->authUser) >= 26) {
return array('success' => false, 'type' => 'error', 'message' => 'Possible hack, please use the Logon Screen.');
}
//-------------------------------------------
// Check that the username do not pass
// the maximum limit of the field.
//
// NOTE:
// If this condition is met, the user did not
// use the logon form. Possible hack.
//-------------------------------------------
if (strlen($params->authPass) >= 11) {
return array('success' => false, 'type' => 'error', 'message' => 'Possible hack, please use the Logon Screen.');
}
//-------------------------------------------
// Simple check username
//-------------------------------------------
if (!$params->authUser) {
return array('success' => false, 'type' => 'error', 'message' => 'The username field can not be in blank. Try again.');
}
//-------------------------------------------
// Simple check password
//-------------------------------------------
if (!$params->authPass) {
return array('success' => false, 'type' => 'error', 'message' => 'The password field can not be in blank. Try again.');
}
//-------------------------------------------
// Find the AES key in the selected site
// And include the rest of the remaining
// variables to connect to the database.
//-------------------------------------------
define('_GaiaEXEC', 1);
chdir($_SESSION['root']);
include_once 'registry.php';
include_once 'classes/AES.php';
include_once 'classes/dbHelper.php';
$fileConf = 'sites/' . $params->site . '/conf.php';
if (file_exists($fileConf)) {
/** @noinspection PhpIncludeInspection */
include_once $fileConf;
$db = new dbHelper();
$err = $db->getError();
if (!is_array($err)) {
return array('success' => false, 'type' => 'error', 'message' => 'For some reason, I can\'t connect to the database.');
}
// Do not stop here!, continue with the rest of the code.
} else {
return array('success' => false, 'type' => 'error', 'message' => 'No configuration file found for site <span style="font-weight:bold">' . $params->site . '</span>.<br>Please double check URL or contact support desk.');
}
//-------------------------------------------
// remove empty space from username and password
//-------------------------------------------
$params->authUser = str_replace(' ', '', $params->authUser);
$params->authPass = str_replace(' ', '', $params->authPass);
//-------------------------------------------
// Convert the password to AES and validate
//-------------------------------------------
$aes = new AES($_SESSION['site']['AESkey']);
//-------------------------------------------
// Username & password match
//-------------------------------------------
$db->setSQL("SELECT id, username, title, fname, mname, lname, email, password\n FROM users\n \t\t WHERE username = '******'\n \t\t AND authorized = '1'\n \t\t LIMIT 1");
$user = $db->fetchRecord();
if ($params->authPass != $aes->decrypt($user['password'])) {
return array('success' => false, 'type' => 'error', 'message' => 'The username or password you provided is invalid.');
} else {
//-------------------------------------------
// Change some User related variables and go
//-------------------------------------------
$_SESSION['user']['name'] = $user['title'] . " " . $user['lname'] . ", " . $user['fname'] . " " . $user['mname'];
$_SESSION['user']['id'] = $user['id'];
$_SESSION['user']['email'] = $user['email'];
$_SESSION['user']['site'] = $params->site;
$_SESSION['user']['auth'] = true;
//-------------------------------------------
// Also fetch the current version of the
// Application & Database
//-------------------------------------------
$sql = "SELECT * FROM version LIMIT 1";
$db->setSQL($sql);
$version = $db->fetchRecord();
$_SESSION['ver']['codeName'] = $version['v_tag'];
$_SESSION['ver']['major'] = $version['v_major'];
$_SESSION['ver']['rev'] = $version['v_patch'];
$_SESSION['ver']['minor'] = $version['v_minor'];
$_SESSION['ver']['database'] = $version['v_database'];
$_SESSION['site']['localization'] = $params->lang;
$_SESSION['site']['checkInMode'] = $params->checkInMode;
$_SESSION['timeout'] = time();
$session = new Sessions();
$token = Crypt::encrypt('{"uid":' . $user['id'] . ',"sid":' . $session->loginSession() . ',"site":"' . $params->site . '"}');
$_SESSION['inactive']['timeout'] = time();
return array('success' => true, 'token' => $token, 'user' => array('id' => $_SESSION['user']['id'], 'name' => $_SESSION['user']['name'], 'email' => $_SESSION['user']['email']));
}
}
public function getPatientCurrentZoneInfoByPid($pid)
{
$this->db->setSQL("SELECT id AS patientZoneId,\n\t\t\t\t\t\t\t\t zone_id AS zoneId,\n\t\t\t\t\t\t\t\t time_in AS zoneTimeIn\n\t\t FROM patient_zone\n\t\t WHERE pid = '{$pid}' AND time_out IS NULL\n\t\t ORDER BY id DESC");
return $this->db->fetchRecord(PDO::FETCH_ASSOC);
}
public function getEncounterMessageByEid($eid)
{
$this->db->setSQL("SELECT message FROM encounters WHERE eid = '{$eid}'");
return $this->db->fetchRecord(PDO::FETCH_ASSOC);
}
public function getpreventiveCareById($id)
{
$this->db->setSQL("SELECT * FROM preventive_care_guidelines WHERE id = '{$id}'");
return $this->db->fetchRecord();
}
