diff --git a/application/controllers/klinik/Registrationv3.php b/application/controllers/klinik/Registrationv3.php index d7f81b8e..f7f69b8a 100644 --- a/application/controllers/klinik/Registrationv3.php +++ b/application/controllers/klinik/Registrationv3.php @@ -20,6 +20,30 @@ class Registrationv3 extends MY_Controller //$one_db = "one_aditya"; } + private function _mask_name($v) { + if (!$v) return $v; + $v = trim($v); + $words = preg_split('/\s+/', $v); + if (count($words) === 1) { + $l = mb_strlen($v, 'UTF-8'); + if ($l <= 2) return $v; + return mb_substr($v, 0, 2, 'UTF-8') . str_repeat('*', $l - 2); + } + $first = $words[0]; + $rest = array_slice($words, 1); + $masked = array_map(function($w) { + if (!$w) return ''; + $init = mb_substr($w, 0, 1, 'UTF-8'); + return $init . str_repeat('*', max(3, mb_strlen($w, 'UTF-8') - 1)); + }, $rest); + return $first . ' ' . implode(' ', $masked); + } + private function _mask_phone($v) { if (!$v) return $v; $d=preg_replace('/[^0-9]/','',trim($v)); $l=strlen($d); if($l<=4) return '****'; if($l<=8) return substr($d,0,4).str_repeat('*',$l-4); return substr($d,0,4).str_repeat('*',$l-7).substr($d,-3); } + private function _mask_email($v) { if (!$v||strpos($v,'@')===false) return $v; [$loc,$dom]=explode('@',$v,2); return mb_substr($loc,0,min(2,mb_strlen($loc,'UTF-8')),'UTF-8').'***@'.$dom; } + private function _mask_short($v) { if (!$v) return $v; $v=trim($v); $l=mb_strlen($v,'UTF-8'); if($l<=2) return '***'; return mb_substr($v,0,2,'UTF-8').'***'; } + private function _mask_id($v) { if (!$v) return $v; $v=trim($v); $l=strlen($v); if($l<=4) return '****'; return substr($v,0,4).str_repeat('*',max(3,$l-6)).($l>6?substr($v,-2):''); } + private function _mask_address($v) { if (!$v) return $v; $v=trim($v); $l=mb_strlen($v,'UTF-8'); if($l<=5) return '***'; return mb_substr($v,0,5,'UTF-8').'***'; } + public function search_x() { $prm = $this->sys_input; @@ -410,52 +434,61 @@ class Registrationv3 extends MY_Controller $sql = "SELECT * FROM m_patient WHERE M_PatientID = {$prm['M_PatientID']}"; $rows_before = $this->db_onedev->query($sql)->row_array(); - $pdob = date('Y-m-d', strtotime($prm['M_PatientDOB'])); - $prm['M_PatientName'] = str_replace("'", "\\'", $prm['M_PatientName']); - $prm['M_PatientPOB'] = str_replace("'", "\\'", $prm['M_PatientPOB']); - $query = "UPDATE m_patient SET - M_PatientM_TitleID = '{$prm['M_PatientM_TitleID']}', - M_PatientPrefix = '{$prm['M_PatientPrefix']}', - M_PatientName = '{$prm['M_PatientName']}', - M_PatientSuffix = '{$prm['M_PatientSuffix']}', - M_PatientDOB = '{$pdob}', - M_PatientM_SexID = '{$prm['M_PatientM_SexID']}', - M_PatientM_ReligionID = '{$prm['M_PatientM_ReligionID']}', - M_PatientEmail = '{$prm['M_PatientEmail']}', - M_PatientPOB = '{$prm['M_PatientPOB']}', - M_PatientHP = '{$prm['M_PatientHP']}', - M_PatientPhone = '{$prm['M_PatientPhone']}', - M_PatientM_IdTypeID = '{$prm['M_PatientM_IdTypeID']}', - M_PatientIDNumber = '{$prm['M_PatientIDNumber']}', - M_PatientNote = '{$prm['M_PatientNote']}', - M_PatientNIK = '{$prm['M_PatientNIK']}', - M_PatientJabatan = '{$prm['M_PatientJabatan']}', - M_PatientKedudukan = '{$prm['M_PatientKedudukan']}', - M_PatientPJ = '{$prm['M_PatientPJ']}', - M_PatientLocation = '{$prm['M_PatientLocation']}', - M_PatientJob = '{$prm['M_PatientJob']}', - M_PatientUserID = '{$userid}' - WHERE - M_PatientID = '{$prm['M_PatientID']}' - "; - //echo $query; - $rows = $this->db_onedev->query($query); + $pdob = date('Y-m-d', strtotime($prm['M_PatientDOB'])); + $dob_str = date('d-m-Y', strtotime($prm['M_PatientDOB'])); + $patient_name = $prm['M_PatientName']; + $enc = $this->ibl_encryptor; + $this->db_onedev + ->set('M_PatientName', $this->_mask_name($patient_name)) + ->set('M_PatientName_enc', $enc->encrypt($patient_name)) + ->set('M_PatientName_bidx', $enc->search_bidx($patient_name)) + ->set('M_PatientM_TitleID', $prm['M_PatientM_TitleID']) + ->set('M_PatientPrefix', $prm['M_PatientPrefix']) + ->set('M_PatientSuffix', $prm['M_PatientSuffix']) + ->set('M_PatientDOB', $pdob) + ->set('M_PatientDOB_enc', $enc->encrypt($dob_str)) + ->set('M_PatientDOB_bidx', $enc->search_bidx($dob_str)) + ->set('M_PatientM_SexID', $prm['M_PatientM_SexID']) + ->set('M_PatientM_ReligionID', $prm['M_PatientM_ReligionID']) + ->set('M_PatientEmail', $this->_mask_email($prm['M_PatientEmail'])) + ->set('M_PatientEmail_enc', $enc->encrypt($prm['M_PatientEmail'])) + ->set('M_PatientPOB', $this->_mask_short($prm['M_PatientPOB'])) + ->set('M_PatientPOB_enc', $enc->encrypt($prm['M_PatientPOB'])) + ->set('M_PatientHP', $this->_mask_phone($prm['M_PatientHP'])) + ->set('M_PatientHP_enc', $enc->encrypt($prm['M_PatientHP'])) + ->set('M_PatientHP_bidx', $enc->search_bidx($prm['M_PatientHP'])) + ->set('M_PatientPhone', $this->_mask_phone($prm['M_PatientPhone'])) + ->set('M_PatientPhone_enc', $enc->encrypt($prm['M_PatientPhone'])) + ->set('M_PatientM_IdTypeID', $prm['M_PatientM_IdTypeID']) + ->set('M_PatientIDNumber', $this->_mask_id($prm['M_PatientIDNumber'])) + ->set('M_PatientIDNumber_enc', $enc->encrypt($prm['M_PatientIDNumber'])) + ->set('M_PatientNIK', $prm['M_PatientNIK']) + ->set('M_PatientNIK_bidx', $enc->search_bidx($prm['M_PatientNIK'] ?? '')) + ->set('M_PatientNote', $prm['M_PatientNote']) + ->set('M_PatientJabatan', $prm['M_PatientJabatan']) + ->set('M_PatientKedudukan', $prm['M_PatientKedudukan']) + ->set('M_PatientPJ', $prm['M_PatientPJ']) + ->set('M_PatientLocation', $prm['M_PatientLocation']) + ->set('M_PatientJob', $prm['M_PatientJob']) + ->set('M_PatientUserID', $userid) + ->where('M_PatientID', $prm['M_PatientID']) + ->update('m_patient'); - $sql = "SELECT * - FROM m_patientaddress + $sql = "SELECT * + FROM m_patientaddress WHERE M_PatientAddressM_PatientID = {$prm['M_PatientID']} AND M_PatientAddressIsActive = 'Y' ORDER BY M_PatientAddressID ASC LIMIT 1"; - $d_address = $this->db_onedev->query($sql)->row_array(); + $d_address = $this->db_onedev->query($sql)->row_array(); + $address_desc = $prm['M_PatientAddressDescription']; - $sql = "UPDATE m_patientaddress SET - M_PatientAddressM_KelurahanID = '{$prm['M_PatientAddressM_KelurahanID']}', - M_PatientAddressDescription = '{$prm['M_PatientAddressDescription']}' - WHERE - M_PatientAddressID = {$d_address['M_PatientAddressID']} - "; - $this->db_onedev->query($sql); + $this->db_onedev + ->set('M_PatientAddressM_KelurahanID', $prm['M_PatientAddressM_KelurahanID']) + ->set('M_PatientAddressDescription', $this->_mask_address($address_desc)) + ->set('M_PatientAddressDescription_enc', $enc->encrypt($address_desc)) + ->where('M_PatientAddressID', $d_address['M_PatientAddressID']) + ->update('m_patientaddress'); $result = array( "total" => 1, @@ -491,57 +524,46 @@ class Registrationv3 extends MY_Controller $prm = $this->sys_input; $userid = $this->sys_user["M_UserID"]; - $pdob = date('Y-m-d', strtotime($prm['M_PatientDOB'])); - $prm['M_PatientName'] = str_replace("'", "\\'", $prm['M_PatientName']); - $query = "INSERT INTO m_patient ( - M_PatientM_TitleID, - M_PatientPrefix, - M_PatientName, - M_PatientSuffix, - M_PatientDOB, - M_PatientM_SexID, - M_PatientM_ReligionID, - M_PatientEmail, - M_PatientPOB, - M_PatientHP, - M_PatientPhone, - M_PatientM_IdTypeID, - M_PatientIDNumber, - M_PatientNote, - M_PatientNIK, - M_PatientJabatan, - M_PatientKedudukan, - M_PatientPJ, - M_PatientLocation, - M_PatientJob, - M_PatientUserID - ) - VALUES( - '{$prm['M_PatientM_TitleID']}', - '{$prm['M_PatientPrefix']}', - '{$prm['M_PatientName']}', - '{$prm['M_PatientSuffix']}', - '{$pdob}', - '{$prm['M_PatientM_SexID']}', - '{$prm['M_PatientM_ReligionID']}', - '{$prm['M_PatientEmail']}', - '{$prm['M_PatientPOB']}', - '{$prm['M_PatientHP']}', - '{$prm['M_PatientPhone']}', - '{$prm['M_PatientM_IdTypeID']}', - '{$prm['M_PatientIDNumber']}', - '{$prm['M_PatientNote']}', - '{$prm['M_PatientNIK']}', - '{$prm['M_PatientJabatan']}', - '{$prm['M_PatientKedudukan']}', - '{$prm['M_PatientPJ']}', - '{$prm['M_PatientLocation']}', - '{$prm['M_PatientJob']}', - $userid - ) - "; - //echo $query; - $rows = $this->db_onedev->query($query); + $pdob = date('Y-m-d', strtotime($prm['M_PatientDOB'])); + $dob_str = date('d-m-Y', strtotime($prm['M_PatientDOB'])); + $patient_name = $prm['M_PatientName']; + $enc = $this->ibl_encryptor; + + $ptn = [ + 'M_PatientName' => $this->_mask_name($patient_name), + 'M_PatientName_enc' => $enc->encrypt($patient_name), + 'M_PatientName_bidx' => $enc->search_bidx($patient_name), + 'M_PatientM_TitleID' => $prm['M_PatientM_TitleID'], + 'M_PatientPrefix' => $prm['M_PatientPrefix'], + 'M_PatientSuffix' => $prm['M_PatientSuffix'], + 'M_PatientDOB' => $pdob, + 'M_PatientDOB_enc' => $enc->encrypt($dob_str), + 'M_PatientDOB_bidx' => $enc->search_bidx($dob_str), + 'M_PatientM_SexID' => $prm['M_PatientM_SexID'], + 'M_PatientM_ReligionID' => $prm['M_PatientM_ReligionID'], + 'M_PatientEmail' => $this->_mask_email($prm['M_PatientEmail']), + 'M_PatientEmail_enc' => $enc->encrypt($prm['M_PatientEmail']), + 'M_PatientPOB' => $this->_mask_short($prm['M_PatientPOB']), + 'M_PatientPOB_enc' => $enc->encrypt($prm['M_PatientPOB']), + 'M_PatientHP' => $this->_mask_phone($prm['M_PatientHP']), + 'M_PatientHP_enc' => $enc->encrypt($prm['M_PatientHP']), + 'M_PatientHP_bidx' => $enc->search_bidx($prm['M_PatientHP']), + 'M_PatientPhone' => $this->_mask_phone($prm['M_PatientPhone']), + 'M_PatientPhone_enc' => $enc->encrypt($prm['M_PatientPhone']), + 'M_PatientM_IdTypeID' => $prm['M_PatientM_IdTypeID'], + 'M_PatientIDNumber' => $this->_mask_id($prm['M_PatientIDNumber']), + 'M_PatientIDNumber_enc' => $enc->encrypt($prm['M_PatientIDNumber']), + 'M_PatientNIK' => $prm['M_PatientNIK'], + 'M_PatientNIK_bidx' => $enc->search_bidx($prm['M_PatientNIK'] ?? ''), + 'M_PatientNote' => $prm['M_PatientNote'], + 'M_PatientJabatan' => $prm['M_PatientJabatan'], + 'M_PatientKedudukan' => $prm['M_PatientKedudukan'], + 'M_PatientPJ' => $prm['M_PatientPJ'], + 'M_PatientLocation' => $prm['M_PatientLocation'], + 'M_PatientJob' => $prm['M_PatientJob'], + 'M_PatientUserID' => $userid, + ]; + $this->db_onedev->insert('m_patient', $ptn); $last_id = $this->db_onedev->insert_id(); if ($last_id) { $sql = "SELECT * FROM m_patient @@ -559,13 +581,14 @@ class Registrationv3 extends MY_Controller } } - $address_description = str_replace("'", "\\'", $prm['M_PatientAddressDescription']); + $address_description = $prm['M_PatientAddressDescription']; // save address $add = [ - 'M_PatientAddressM_PatientID' => $last_id, - 'M_PatientAddressDescription' => $address_description, - 'M_PatientAddressUserID' => $userid, - 'M_PatientAddressM_KelurahanID' => $prm['M_PatientAddressM_KelurahanID'] + 'M_PatientAddressM_PatientID' => $last_id, + 'M_PatientAddressDescription' => $this->_mask_address($address_description), + 'M_PatientAddressDescription_enc' => $enc->encrypt($address_description), + 'M_PatientAddressUserID' => $userid, + 'M_PatientAddressM_KelurahanID' => $prm['M_PatientAddressM_KelurahanID'], ]; $this->db_onedev->insert('m_patientaddress', $add); //echo $this->db_onedev->last_query(); diff --git a/application/controllers/mockup/fo/ibl_registration/Patient.php b/application/controllers/mockup/fo/ibl_registration/Patient.php index cb2bf869..b8e882f7 100644 --- a/application/controllers/mockup/fo/ibl_registration/Patient.php +++ b/application/controllers/mockup/fo/ibl_registration/Patient.php @@ -37,9 +37,9 @@ class Patient extends MY_Controller $v = trim($v); $words = preg_split('/\s+/', $v); if (count($words) === 1) { - // Satu kata: tampilkan penuh jika ≤6 huruf, atau 6 huruf + *** $l = mb_strlen($v, 'UTF-8'); - return $l <= 6 ? $v : mb_substr($v, 0, 6, 'UTF-8') . '***'; + if ($l <= 2) return $v; + return mb_substr($v, 0, 2, 'UTF-8') . str_repeat('*', $l - 2); } // Multi kata: kata pertama penuh + inisial kata berikutnya + * $first = $words[0]; diff --git a/application/controllers/mockup/masterdata/Patientv4.php b/application/controllers/mockup/masterdata/Patientv4.php index 0efb35ad..8e99a774 100644 --- a/application/controllers/mockup/masterdata/Patientv4.php +++ b/application/controllers/mockup/masterdata/Patientv4.php @@ -20,7 +20,8 @@ class Patientv4 extends MY_Controller $words = preg_split('/\s+/', $v); if (count($words) === 1) { $l = mb_strlen($v, 'UTF-8'); - return $l <= 6 ? $v : mb_substr($v, 0, 6, 'UTF-8') . '***'; + if ($l <= 2) return $v; + return mb_substr($v, 0, 2, 'UTF-8') . str_repeat('*', $l - 2); } $first = $words[0]; $rest = array_slice($words, 1); diff --git a/application/controllers/mockup/mcuoffline/Preregisterapp.php b/application/controllers/mockup/mcuoffline/Preregisterapp.php index 7f8b18f3..66220678 100644 --- a/application/controllers/mockup/mcuoffline/Preregisterapp.php +++ b/application/controllers/mockup/mcuoffline/Preregisterapp.php @@ -11,8 +11,33 @@ class Preregisterapp extends MY_Controller { parent::__construct(); $this->db_onedev = $this->load->database("onedev", true); + $this->load->library('ibl_encryptor'); } + private function _mask_name($v) { + if (!$v) return $v; + $v = trim($v); + $words = preg_split('/\s+/', $v); + if (count($words) === 1) { + $l = mb_strlen($v, 'UTF-8'); + if ($l <= 2) return $v; + return mb_substr($v, 0, 2, 'UTF-8') . str_repeat('*', $l - 2); + } + $first = $words[0]; + $rest = array_slice($words, 1); + $masked = array_map(function($w) { + if (!$w) return ''; + $init = mb_substr($w, 0, 1, 'UTF-8'); + return $init . str_repeat('*', max(3, mb_strlen($w, 'UTF-8') - 1)); + }, $rest); + return $first . ' ' . implode(' ', $masked); + } + private function _mask_phone($v) { if (!$v) return $v; $d=preg_replace('/[^0-9]/','',trim($v)); $l=strlen($d); if($l<=4) return '****'; if($l<=8) return substr($d,0,4).str_repeat('*',$l-4); return substr($d,0,4).str_repeat('*',$l-7).substr($d,-3); } + private function _mask_email($v) { if (!$v||strpos($v,'@')===false) return $v; [$loc,$dom]=explode('@',$v,2); return mb_substr($loc,0,min(2,mb_strlen($loc,'UTF-8')),'UTF-8').'***@'.$dom; } + private function _mask_short($v) { if (!$v) return $v; $v=trim($v); $l=mb_strlen($v,'UTF-8'); if($l<=2) return '***'; return mb_substr($v,0,2,'UTF-8').'***'; } + private function _mask_id($v) { if (!$v) return $v; $v=trim($v); $l=strlen($v); if($l<=4) return '****'; return substr($v,0,4).str_repeat('*',max(3,$l-6)).($l>6?substr($v,-2):''); } + private function _mask_address($v) { if (!$v) return $v; $v=trim($v); $l=mb_strlen($v,'UTF-8'); if($l<=5) return '***'; return mb_substr($v,0,5,'UTF-8').'***'; } + function searchcompany(){ @@ -477,59 +502,78 @@ class Preregisterapp extends MY_Controller + $enc = $this->ibl_encryptor; if ($prm['search'] != '') { $e = explode('+', $prm['search']); - if (isset($e[0])) - $q['name'] = "AND M_PatientName LIKE '%{$e[0]}%'"; + if (isset($e[0]) && strlen($e[0]) >= 3) { + $toks = $enc->query_tokens($e[0]); + $conds = []; + foreach ($toks as $tok) { $tok_esc = $this->db_onedev->escape_str($tok); $conds[] = "JSON_CONTAINS(M_PatientName_bidx, '\"$tok_esc\"')"; } + if ($conds) $q['name'] = "AND (" . implode(' AND ', $conds) . ")"; + } if (isset($e[1])) $q['dob'] = "AND ((DATE_FORMAT(M_PatientDOB, '%d-%m-%Y') LIKE '%{$e[1]}%' and M_PatientDOB IS NOT NULL) OR (M_PatientDOB IS NULL AND '{$e[1]}' = ''))"; - if (isset($e[2])) - $q['nik'] = "AND M_PatientNIK LIKE '%{$e[2]}%'"; + if (isset($e[2]) && strlen($e[2]) >= 3) { + $toks = $enc->query_tokens($e[2]); + $conds = []; + foreach ($toks as $tok) { $tok_esc = $this->db_onedev->escape_str($tok); $conds[] = "JSON_CONTAINS(M_PatientNIK_bidx, '\"$tok_esc\"')"; } + if ($conds) $q['nik'] = "AND (" . implode(' AND ', $conds) . ")"; + } } - $sql = "SELECT m_patient.*, + $sql = "SELECT m_patient.*, 'N' divider, - concat(M_TitleName,' ',IFNULL(M_PatientPrefix,''),' ',M_PatientName,' ',IFNULL(M_PatientSuffix,'')) M_PatientName, - M_PatientName M_PatientRealName, M_TitleID, M_TitleName, M_SexID, M_SexName, + concat(M_TitleName,' ',IFNULL(M_PatientPrefix,''),' ',M_PatientName,' ',IFNULL(M_PatientSuffix,'')) M_PatientNameDisplay, + M_TitleID, M_TitleName, M_SexID, M_SexName, DATE_FORMAT(M_PatientDOB,'%d-%m-%Y') as dob_ina, IFNULL(M_ReligionName, '-') M_ReligionName, M_PatientNoReg as Mcu_PreregisterDetailsPID, - M_PatientNIK as Mcu_PreregisterDetailsNIK, M_PatientID as Mcu_PreregisterDetailsM_PatientID, M_TitleID as Mcu_PreregisterDetailsM_TitleID, - M_PatientName as Mcu_PreregisterDetailsPatientName, M_SexCode as Mcu_PreregisterDetailsM_SexCode, M_PatientDOB as Mcu_PreregisterDetailsDOB, IFNULL(M_ReligionID,0) as Mcu_PreregisterDetailsM_ReligionID, M_PatientJabatan as Mcu_PreregisterDetailsJabatan, - M_PatientEmail as Mcu_PreregisterDetailsEmail, - M_PatientHP as Mcu_PreregisterDetailsHp, M_PatientKedudukan as Mcu_PreregisterDetailsKedudukan, M_PatientLocation as Mcu_PreregisterDetailsLocation, M_PatientJob as Mcu_PreregisterDetailsJob - from - m_patient + from + m_patient $join_company join m_title on M_PatientM_TitleID = M_TitleID join m_sex on M_PatientM_SexID = M_SexID left join m_religion on m_patientm_religionid = m_religionid - where M_PatientIsActive = 'Y' + where M_PatientIsActive = 'Y' {$q['name']} {$q['dob']} {$q['nik']} - group by M_PatientID limit $number_limit offset $number_offset"; //echo $sql; $query = $this->db_onedev->query($sql); - if ($query) { + if ($query) { $rows = $query->result_array(); if($rows){ $per_divider = 1; foreach($rows as $k => $v){ + $name = $enc->decrypt($v['M_PatientName_enc'] ?? '') ?? $v['M_PatientName']; + $hp = $enc->decrypt($v['M_PatientHP_enc'] ?? '') ?? $v['M_PatientHP']; + $email = $enc->decrypt($v['M_PatientEmail_enc'] ?? '') ?? $v['M_PatientEmail']; + $nik = $enc->decrypt($v['M_PatientNIK_enc'] ?? '') ?? $v['M_PatientNIK']; + $rows[$k]['M_PatientName'] = $name; + $rows[$k]['M_PatientHP'] = $hp; + $rows[$k]['M_PatientEmail'] = $email; + $rows[$k]['M_PatientNIK'] = $nik; + $rows[$k]['Mcu_PreregisterDetailsPatientName'] = $name; + $rows[$k]['Mcu_PreregisterDetailsNIK'] = $nik; + $rows[$k]['Mcu_PreregisterDetailsEmail'] = $email; + $rows[$k]['Mcu_PreregisterDetailsHp'] = $hp; + foreach (array_keys($rows[$k]) as $col) { + if (substr($col, -4) === '_enc' || substr($col, -5) === '_bidx') unset($rows[$k][$col]); + } if($per_divider == 10){ $rows[$k]['divider'] = 'Y'; } @@ -569,71 +613,86 @@ class Preregisterapp extends MY_Controller $name = $prm['name']; $dob = $prm['dob']; $nik = $prm['nik']; - $add_where = ''; - if($nik != ''){ - $add_where = " AND M_PatientNIK = '{$nik}'"; + $enc = $this->ibl_encryptor; + + $name_where = '1=1'; + if (strlen($name) >= 3) { + $toks = $enc->query_tokens($name); + $conds = []; + foreach ($toks as $tok) { $tok_esc = $this->db_onedev->escape_str($tok); $conds[] = "JSON_CONTAINS(M_PatientName_bidx, '\"$tok_esc\"')"; } + if ($conds) $name_where = implode(' AND ', $conds); + } + $nik_where = ''; + if ($nik != '' && strlen($nik) >= 3) { + $toks = $enc->query_tokens($nik); + $conds = []; + foreach ($toks as $tok) { $tok_esc = $this->db_onedev->escape_str($tok); $conds[] = "JSON_CONTAINS(M_PatientNIK_bidx, '\"$tok_esc\"')"; } + if ($conds) $nik_where = "AND (" . implode(' AND ', $conds) . ")"; } $setup = $prm['setup']; $join_company = ""; if(isset($prm['company']) && intval($prm['company']) > 0){ - $join_company = "JOIN t_orderheader ON T_OrderHeaderM_PatientID = M_PatientID AND - T_OrderHeaderIsActive = 'Y' AND + $join_company = "JOIN t_orderheader ON T_OrderHeaderM_PatientID = M_PatientID AND + T_OrderHeaderIsActive = 'Y' AND T_OrderHeaderM_CompanyID = {$prm['company']}"; } - + $sql = "SELECT COUNT(*) as total FROM ( - SELECT * + SELECT M_PatientID FROM m_patient $join_company - LEFT JOIN m_title ON M_PatientM_TitleID = M_TitleID - LEFT JOIN m_sex ON M_PatientM_SexID = M_SexID WHERE - M_PatientIsActive = 'Y' AND - M_PatientName LIKE CONCAT('%','{$name}','%') AND - (DATE_FORMAT(M_PatientDOB, '%d-%m-%Y') LIKE '%{$dob}%' and M_PatientDOB IS NOT NULL) - {$add_where} + M_PatientIsActive = 'Y' AND ({$name_where}) + AND (DATE_FORMAT(M_PatientDOB, '%d-%m-%Y') LIKE '%{$dob}%' and M_PatientDOB IS NOT NULL) + {$nik_where} GROUP BY M_PatientID - ) x - "; - //echo $sql; + ) x"; $countx = $this->db_onedev->query($sql)->row()->total; - $sql = "SELECT *, DATE_FORMAT(M_PatientDOB, '%d-%m-%Y') as dob_ina, + + $sql = "SELECT m_patient.*, DATE_FORMAT(M_PatientDOB, '%d-%m-%Y') as dob_ina, M_PatientNoReg as Mcu_PreregisterDetailsPID, - M_PatientNIK as Mcu_PreregisterDetailsNIK, M_PatientID as Mcu_PreregisterDetailsM_PatientID, M_TitleID as Mcu_PreregisterDetailsM_TitleID, - M_PatientName as Mcu_PreregisterDetailsPatientName, M_SexCode as Mcu_PreregisterDetailsM_SexCode, M_PatientDOB as Mcu_PreregisterDetailsDOB, IFNULL(M_ReligionID,0) as Mcu_PreregisterDetailsM_ReligionID, M_PatientJabatan as Mcu_PreregisterDetailsJabatan, - M_PatientEmail as Mcu_PreregisterDetailsEmail, - M_PatientHP as Mcu_PreregisterDetailsHp, M_PatientKedudukan as Mcu_PreregisterDetailsKedudukan, M_PatientLocation as Mcu_PreregisterDetailsLocation, M_PatientJob as Mcu_PreregisterDetailsJob FROM m_patient $join_company LEFT join m_title on M_PatientM_TitleID = M_TitleID - LEFT join m_sex on M_PatientM_SexID = M_SexID - left join m_religion on m_patientm_religionid = m_religionid + LEFT join m_sex on M_PatientM_SexID = M_SexID + left join m_religion on m_patientm_religionid = m_religionid WHERE - M_PatientIsActive = 'Y' AND - M_PatientName LIKE CONCAT('%','{$name}','%') AND - (DATE_FORMAT(M_PatientDOB, '%d-%m-%Y') LIKE '%{$dob}%' and M_PatientDOB IS NOT NULL) - {$add_where} + M_PatientIsActive = 'Y' AND ({$name_where}) + AND (DATE_FORMAT(M_PatientDOB, '%d-%m-%Y') LIKE '%{$dob}%' and M_PatientDOB IS NOT NULL) + {$nik_where} GROUP BY M_PatientID - LIMIT 10 OFFSET 0 - "; - - //echo $sql; + LIMIT 10 OFFSET 0"; + $rows = $this->db_onedev->query($sql)->result_array(); - - $result = array( - "total" => $countx , - "records" => $rows - ); + foreach ($rows as $k => $v) { + $name_dec = $enc->decrypt($v['M_PatientName_enc'] ?? '') ?? $v['M_PatientName']; + $hp_dec = $enc->decrypt($v['M_PatientHP_enc'] ?? '') ?? $v['M_PatientHP']; + $email_dec = $enc->decrypt($v['M_PatientEmail_enc'] ?? '') ?? $v['M_PatientEmail']; + $nik_dec = $enc->decrypt($v['M_PatientNIK_enc'] ?? '') ?? $v['M_PatientNIK']; + $rows[$k]['M_PatientName'] = $name_dec; + $rows[$k]['M_PatientHP'] = $hp_dec; + $rows[$k]['M_PatientEmail'] = $email_dec; + $rows[$k]['M_PatientNIK'] = $nik_dec; + $rows[$k]['Mcu_PreregisterDetailsPatientName'] = $name_dec; + $rows[$k]['Mcu_PreregisterDetailsNIK'] = $nik_dec; + $rows[$k]['Mcu_PreregisterDetailsEmail'] = $email_dec; + $rows[$k]['Mcu_PreregisterDetailsHp'] = $hp_dec; + foreach (array_keys($rows[$k]) as $col) { + if (substr($col, -4) === '_enc' || substr($col, -5) === '_bidx') unset($rows[$k][$col]); + } + } + + $result = array("total" => $countx, "records" => $rows); $this->sys_ok($result); exit; } @@ -1014,6 +1073,11 @@ class Preregisterapp extends MY_Controller unset($datas[0]); foreach($datas as $k => $v){ $pdob = date('Y-m-d',strtotime($v['TANGGAL_LAHIR'])); + $m_nama = $this->db_onedev->escape_str($this->_mask_name($v['NAMA'])); + $m_ktp = $this->_mask_id($v['KTP']); + $m_nik = $this->_mask_id($v['NIK']); + $m_email = $this->_mask_email($v['EMAIL']); + $m_hp = $this->_mask_phone($v['HP']); $query = " INSERT INTO mcu_preregister_patients ( Mcu_PreregisterDetailsMcuOfflinePrepareID, Mcu_PreregisterDetailsPID, @@ -1036,11 +1100,11 @@ class Preregisterapp extends MY_Controller VALUES( '{$prm['xid']}', '{$v['PID']}', - '{$v['NIK']}', - '{$v['KTP']}', - '{$v['NAMA']}', - '{$v['EMAIL']}', - '{$v['HP']}', + '{$m_nik}', + '{$m_ktp}', + '{$m_nama}', + '{$m_email}', + '{$m_hp}', '{$pdob}', '{$v['KEDUDUKAN']}', '{$v['JABATAN']}', @@ -1071,31 +1135,29 @@ class Preregisterapp extends MY_Controller } } + $enc = $this->ibl_encryptor; if($v['KTP'] != ''){ - $sql = "SELECT * - FROM m_patient - WHERE - M_PatientM_IdTypeID = 1 AND - M_PatientIDNumber = '{$v['KTP']}' AND - M_PatientIsActive = 'Y' - LIMIT 1"; - $exist_r = $this->db_onedev->query($sql)->row_array(); - if($exist_r){ - $patient_id = $exist_r["M_PatientID"]; + $ktp_toks = $enc->query_tokens($v['KTP']); + $ktp_conds = []; + foreach ($ktp_toks as $tok) { $tok_esc = $this->db_onedev->escape_str($tok); $ktp_conds[] = "JSON_CONTAINS(M_PatientNIK_bidx, '\"$tok_esc\"')"; } + if ($ktp_conds) { + $sql = "SELECT M_PatientID FROM m_patient + WHERE M_PatientIsActive = 'Y' AND (" . implode(' AND ', $ktp_conds) . ") + LIMIT 1"; + $exist_r = $this->db_onedev->query($sql)->row_array(); + if($exist_r) $patient_id = $exist_r["M_PatientID"]; } } - + if($patient_id == 0){ - $sql = "SELECT * - FROM m_patient - WHERE - M_PatientName = '{$v['NAMA']}' AND - M_PatientDOB = '{$pdob}' AND - M_PatientIsActive = 'Y' LIMIT 1"; + $name_toks = $enc->query_tokens($v['NAMA']); + $name_conds = []; + foreach ($name_toks as $tok) { $tok_esc = $this->db_onedev->escape_str($tok); $name_conds[] = "JSON_CONTAINS(M_PatientName_bidx, '\"$tok_esc\"')"; } + $name_where = $name_conds ? implode(' AND ', $name_conds) : '0'; + $sql = "SELECT M_PatientID FROM m_patient + WHERE ({$name_where}) AND M_PatientDOB = '{$pdob}' AND M_PatientIsActive = 'Y' LIMIT 1"; $exist_r = $this->db_onedev->query($sql)->row_array(); - if($exist_r){ - $patient_id = $exist_r["M_PatientID"]; - } + if($exist_r) $patient_id = $exist_r["M_PatientID"]; } @@ -1148,28 +1210,40 @@ class Preregisterapp extends MY_Controller )"; //echo $sql; $this->db_onedev->query($sql);*/ - $data_insert_patient = array( - 'M_PatientName' => $v["NAMA"] , - 'M_PatientM_TitleID' => $title_id , - 'M_PatientM_SexID' => $sex_id, - 'M_PatientM_ReligionID' => $religion_id , - 'M_PatientPOB' => '-', - 'M_PatientDOB' => $pdob, - 'M_PatientNIK' => $v["NIK"] , - 'M_PatientJabatan' => $v['JABATAN'], - 'M_PatientLocation' => $v['LOKASI'], - 'M_PatientKedudukan' => $v['KEDUDUKAN'] , - 'M_PatientJob' => $v['JOB'], - 'M_PatientEmail' => $v['EMAIL'], - 'M_PatientHP' => $v['HP'], - 'M_PatientUserID' => $userid - ); + $enc = $this->ibl_encryptor; + $dob_str = date('d-m-Y', strtotime($pdob)); + $data_insert_patient = [ + 'M_PatientName' => $this->_mask_name($v["NAMA"]), + 'M_PatientName_enc' => $enc->encrypt($v["NAMA"]), + 'M_PatientName_bidx' => $enc->search_bidx($v["NAMA"]), + 'M_PatientM_TitleID' => $title_id, + 'M_PatientM_SexID' => $sex_id, + 'M_PatientM_ReligionID' => $religion_id, + 'M_PatientPOB' => '***', + 'M_PatientPOB_enc' => $enc->encrypt('-'), + 'M_PatientDOB' => $pdob, + 'M_PatientDOB_enc' => $enc->encrypt($dob_str), + 'M_PatientDOB_bidx' => $enc->search_bidx($dob_str), + 'M_PatientNIK' => $v["NIK"], + 'M_PatientNIK_bidx' => $enc->search_bidx($v["NIK"] ?? ''), + 'M_PatientJabatan' => $v['JABATAN'], + 'M_PatientLocation' => $v['LOKASI'], + 'M_PatientKedudukan' => $v['KEDUDUKAN'], + 'M_PatientJob' => $v['JOB'], + 'M_PatientEmail' => $this->_mask_email($v['EMAIL']), + 'M_PatientEmail_enc' => $enc->encrypt($v['EMAIL']), + 'M_PatientHP' => $this->_mask_phone($v['HP']), + 'M_PatientHP_enc' => $enc->encrypt($v['HP']), + 'M_PatientHP_bidx' => $enc->search_bidx($v['HP']), + 'M_PatientUserID' => $userid, + ]; if(isset($v["KTP"]) && $v["KTP"] != ''){ - $data_insert_patient['M_PatientM_IdTypeID'] = 1; - $data_insert_patient['M_PatientIDNumber'] = $v["KTP"]; + $data_insert_patient['M_PatientM_IdTypeID'] = 1; + $data_insert_patient['M_PatientIDNumber'] = $this->_mask_id($v["KTP"]); + $data_insert_patient['M_PatientIDNumber_enc'] = $enc->encrypt($v["KTP"]); } - $this->db->insert('m_patient', $data_insert_patient); + $this->db_onedev->insert('m_patient', $data_insert_patient); $patient_id = $this->db_onedev->insert_id(); $sql = "SELECT * FROM m_patient WHERE M_PatientID = {$patient_id}"; $ptn = $this->db_onedev->query($sql)->row_array(); @@ -1244,56 +1318,46 @@ class Preregisterapp extends MY_Controller $prm = $this->sys_input; $userid = $this->sys_user["M_UserID"]; - $pdob = date('Y-m-d',strtotime($prm['M_PatientDOB'])); - $query ="INSERT INTO m_patient ( - M_PatientM_TitleID, - M_PatientPrefix, - M_PatientName, - M_PatientSuffix, - M_PatientDOB, - M_PatientM_SexID, - M_PatientM_ReligionID, - M_PatientEmail, - M_PatientPOB, - M_PatientHP, - M_PatientPhone, - M_PatientM_IdTypeID, - M_PatientIDNumber, - M_PatientNote, - M_PatientNIK, - M_PatientJabatan, - M_PatientKedudukan, - M_PatientPJ, - M_PatientLocation, - M_PatientJob, - M_PatientUserID - ) - VALUES( - '{$prm['M_PatientM_TitleID']}', - '{$prm['M_PatientPrefix']}', - '{$prm['M_PatientName']}', - '{$prm['M_PatientSuffix']}', - '{$pdob}', - '{$prm['M_PatientM_SexID']}', - '{$prm['M_PatientM_ReligionID']}', - '{$prm['M_PatientEmail']}', - '{$prm['M_PatientPOB']}', - '{$prm['M_PatientHP']}', - '{$prm['M_PatientPhone']}', - '{$prm['M_PatientM_IdTypeID']}', - '{$prm['M_PatientIDNumber']}', - '{$prm['M_PatientNote']}', - '{$prm['M_PatientNIK']}', - '{$prm['M_PatientJabatan']}', - '{$prm['M_PatientKedudukan']}', - '{$prm['M_PatientPJ']}', - '{$prm['M_PatientLocation']}', - '{$prm['M_PatientJob']}', - $userid - ) - "; - //echo $query; - $rows = $this->db_onedev->query($query); + $pdob = date('Y-m-d', strtotime($prm['M_PatientDOB'])); + $dob_str = date('d-m-Y', strtotime($prm['M_PatientDOB'])); + $patient_name = $prm['M_PatientName']; + $enc = $this->ibl_encryptor; + + $ptn = [ + 'M_PatientName' => $this->_mask_name($patient_name), + 'M_PatientName_enc' => $enc->encrypt($patient_name), + 'M_PatientName_bidx' => $enc->search_bidx($patient_name), + 'M_PatientM_TitleID' => $prm['M_PatientM_TitleID'], + 'M_PatientPrefix' => $prm['M_PatientPrefix'], + 'M_PatientSuffix' => $prm['M_PatientSuffix'], + 'M_PatientDOB' => $pdob, + 'M_PatientDOB_enc' => $enc->encrypt($dob_str), + 'M_PatientDOB_bidx' => $enc->search_bidx($dob_str), + 'M_PatientM_SexID' => $prm['M_PatientM_SexID'], + 'M_PatientM_ReligionID' => $prm['M_PatientM_ReligionID'], + 'M_PatientEmail' => $this->_mask_email($prm['M_PatientEmail']), + 'M_PatientEmail_enc' => $enc->encrypt($prm['M_PatientEmail']), + 'M_PatientPOB' => $this->_mask_short($prm['M_PatientPOB']), + 'M_PatientPOB_enc' => $enc->encrypt($prm['M_PatientPOB']), + 'M_PatientHP' => $this->_mask_phone($prm['M_PatientHP']), + 'M_PatientHP_enc' => $enc->encrypt($prm['M_PatientHP']), + 'M_PatientHP_bidx' => $enc->search_bidx($prm['M_PatientHP']), + 'M_PatientPhone' => $this->_mask_phone($prm['M_PatientPhone']), + 'M_PatientPhone_enc' => $enc->encrypt($prm['M_PatientPhone']), + 'M_PatientM_IdTypeID' => $prm['M_PatientM_IdTypeID'], + 'M_PatientIDNumber' => $this->_mask_id($prm['M_PatientIDNumber']), + 'M_PatientIDNumber_enc' => $enc->encrypt($prm['M_PatientIDNumber']), + 'M_PatientNIK' => $prm['M_PatientNIK'], + 'M_PatientNIK_bidx' => $enc->search_bidx($prm['M_PatientNIK'] ?? ''), + 'M_PatientNote' => $prm['M_PatientNote'], + 'M_PatientJabatan' => $prm['M_PatientJabatan'], + 'M_PatientKedudukan' => $prm['M_PatientKedudukan'], + 'M_PatientPJ' => $prm['M_PatientPJ'], + 'M_PatientLocation' => $prm['M_PatientLocation'], + 'M_PatientJob' => $prm['M_PatientJob'], + 'M_PatientUserID' => $userid, + ]; + $this->db_onedev->insert('m_patient', $ptn); $last_id = $this->db_onedev->insert_id(); $result = array( "total" => 1 , @@ -1502,6 +1566,10 @@ class Preregisterapp extends MY_Controller $default_tests = $data_prepare['McuOfflinePrepareTests']; $v['Mcu_PreregisterDetailsPatientName'] = str_replace("'", "\\'", $v['Mcu_PreregisterDetailsPatientName']); $pdob = date('Y-m-d',strtotime($v['Mcu_PreregisterDetailsDOB'])); + $m_nama = $this->db_onedev->escape_str($this->_mask_name($v['Mcu_PreregisterDetailsPatientName'])); + $m_nik = $this->_mask_id($v['Mcu_PreregisterDetailsNIK']); + $m_email = $this->_mask_email($v['Mcu_PreregisterDetailsEmail']); + $m_hp = $this->_mask_phone($v['Mcu_PreregisterDetailsHp']); $query = " INSERT INTO mcu_preregister_patients ( Mcu_PreregisterDetailsMcuOfflinePrepareID, Mcu_PreregisterDetailsM_PatientID, @@ -1527,12 +1595,12 @@ class Preregisterapp extends MY_Controller VALUES( '{$setup['McuOfflinePrepareID']}', '{$v['Mcu_PreregisterDetailsM_PatientID']}', - '{$v['Mcu_PreregisterDetailsNIK']}', + '{$m_nik}', '{$v['Mcu_PreregisterDetailsPatientPrefix']}', - '{$v['Mcu_PreregisterDetailsPatientName']}', + '{$m_nama}', '{$v['Mcu_PreregisterDetailsPatientSuffix']}', - '{$v['Mcu_PreregisterDetailsEmail']}', - '{$v['Mcu_PreregisterDetailsHp']}', + '{$m_email}', + '{$m_hp}', '{$pdob}', '{$v['Mcu_PreregisterDetailsKedudukan']}', '{$v['Mcu_PreregisterDetailsJabatan']}', diff --git a/application/controllers/mockup/setupmcuoffline-ibl/Preregister.php b/application/controllers/mockup/setupmcuoffline-ibl/Preregister.php index b5b05b4a..528799ee 100644 --- a/application/controllers/mockup/setupmcuoffline-ibl/Preregister.php +++ b/application/controllers/mockup/setupmcuoffline-ibl/Preregister.php @@ -8,9 +8,34 @@ class Preregister extends MY_Controller public function __construct() { parent::__construct(); + $this->load->library('ibl_encryptor'); // $this->db = $this->load->database("cpone", true); } + private function _mask_name($v) { + if (!$v) return $v; + $v = trim($v); + $words = preg_split('/\s+/', $v); + if (count($words) === 1) { + $l = mb_strlen($v, 'UTF-8'); + if ($l <= 2) return $v; + return mb_substr($v, 0, 2, 'UTF-8') . str_repeat('*', $l - 2); + } + $first = $words[0]; + $rest = array_slice($words, 1); + $masked = array_map(function($w) { + if (!$w) return ''; + $init = mb_substr($w, 0, 1, 'UTF-8'); + return $init . str_repeat('*', max(3, mb_strlen($w, 'UTF-8') - 1)); + }, $rest); + return $first . ' ' . implode(' ', $masked); + } + private function _mask_phone($v) { if (!$v) return $v; $d=preg_replace('/[^0-9]/','',trim($v)); $l=strlen($d); if($l<=4) return '****'; if($l<=8) return substr($d,0,4).str_repeat('*',$l-4); return substr($d,0,4).str_repeat('*',$l-7).substr($d,-3); } + private function _mask_email($v) { if (!$v||strpos($v,'@')===false) return $v; [$loc,$dom]=explode('@',$v,2); return mb_substr($loc,0,min(2,mb_strlen($loc,'UTF-8')),'UTF-8').'***@'.$dom; } + private function _mask_short($v) { if (!$v) return $v; $v=trim($v); $l=mb_strlen($v,'UTF-8'); if($l<=2) return '***'; return mb_substr($v,0,2,'UTF-8').'***'; } + private function _mask_id($v) { if (!$v) return $v; $v=trim($v); $l=strlen($v); if($l<=4) return '****'; return substr($v,0,4).str_repeat('*',max(3,$l-6)).($l>6?substr($v,-2):''); } + private function _mask_address($v) { if (!$v) return $v; $v=trim($v); $l=mb_strlen($v,'UTF-8'); if($l<=5) return '***'; return mb_substr($v,0,5,'UTF-8').'***'; } + public function index() { // $cek = $this->db->query("select database() as current_db")->result(); @@ -59,8 +84,8 @@ class Preregister extends MY_Controller } } - function cekKTP($nik, $tanggal, $bulan, $tahun) - { + function cekKTP($nik, $tanggal, $bulan, $tahun) + { if (strlen($nik) != 16) { return false; } @@ -88,30 +113,30 @@ class Preregister extends MY_Controller return false; } //setelah berhasil melewati rintangan, berarti nomornya valid (tidak 100% valid) - return true; - } - - function normalize_schedule_date($rawDate) - { - $rawDate = trim((string) $rawDate); - if ($rawDate === '') { - return ''; - } - - $formats = array('d-m-Y', 'Y-m-d', 'd/m/Y', 'Y/m/d'); - foreach ($formats as $format) { - $dt = DateTime::createFromFormat($format, $rawDate); - if ($dt && $dt->format($format) === $rawDate) { - return $dt->format('Y-m-d'); - } - } - - $timestamp = strtotime($rawDate); - if ($timestamp === false) { - return ''; - } - return date('Y-m-d', $timestamp); - } + return true; + } + + function normalize_schedule_date($rawDate) + { + $rawDate = trim((string) $rawDate); + if ($rawDate === '') { + return ''; + } + + $formats = array('d-m-Y', 'Y-m-d', 'd/m/Y', 'Y/m/d'); + foreach ($formats as $format) { + $dt = DateTime::createFromFormat($format, $rawDate); + if ($dt && $dt->format($format) === $rawDate) { + return $dt->format('Y-m-d'); + } + } + + $timestamp = strtotime($rawDate); + if ($timestamp === false) { + return ''; + } + return date('Y-m-d', $timestamp); + } function savecsv() { @@ -149,7 +174,7 @@ class Preregister extends MY_Controller $exist_patients_arr = []; $exist_pat = []; - foreach ($datas as $k => $v) { + foreach ($datas as $k => $v) { $timestamp = strtotime($v['TANGGAL_LAHIR']); $pdob = date('Y-m-d', $timestamp); $v['NAMA'] = trim(str_replace("'", "\\'", $v['NAMA'])); @@ -302,11 +327,16 @@ class Preregister extends MY_Controller $this->sys_error("select mcu_preregister_patients : " . $last_qry); exit; } - $exist_r = $qry_pre->result_array(); - $preregister_patient_id = 0; - - if (count($exist_r) == 0) { - $query = " INSERT INTO mcu_preregister_patients ( + $exist_r = $qry_pre->result_array(); + $preregister_patient_id = 0; + + if (count($exist_r) == 0) { + $m_nama = $this->db->escape_str($this->_mask_name($v['NAMA'])); + $m_ktp = $this->_mask_id($v['KTP']); + $m_nip = $this->_mask_id($v['NIP']); + $m_email = $this->_mask_email($v['EMAIL']); + $m_hp = $this->_mask_phone($v['HP']); + $query = " INSERT INTO mcu_preregister_patients ( Mcu_PreregisterPatientsMgm_McuID, Mcu_PreregisterPatientsCompanyNumber, Mcu_PreregisterPatientsNIP, @@ -331,16 +361,16 @@ class Preregister extends MY_Controller VALUES( '{$prm['xid']}', '{$rowcor["M_CompanyNumber"]}', - '{$v['NIP']}', - '{$v['KTP']}', + '{$m_nip}', + '{$m_ktp}', '{$patient_id}', '{$title_id}', - '{$v['NAMA']}', + '{$m_nama}', {$sex_id}, '{$pdob}', '{$v['JOB']}', - '{$v['EMAIL']}', - '{$v['HP']}', + '{$m_email}', + '{$m_hp}', '{$v['POSISI']}', '{$v['DIVISI']}', '{$v['LOKASI']}', @@ -360,11 +390,11 @@ class Preregister extends MY_Controller $this->sys_error("insert mcu_preregister_patients : " . $last_qry); exit; } - if ($rows) { - $last_id_x = $this->db->insert_id(); - $preregister_patient_id = intval($last_id_x); - - if ($patient_id == 0) { + if ($rows) { + $last_id_x = $this->db->insert_id(); + $preregister_patient_id = intval($last_id_x); + + if ($patient_id == 0) { $sql = "SELECT * FROM m_patient WHERE @@ -543,50 +573,50 @@ class Preregister extends MY_Controller $sql = "UPDATE mcu_preregister_patients SET Mcu_PreregisterPatientsM_PatientID = {$patient_id} WHERE Mcu_PreregisterPatientsID = {$last_id_x}"; - $query = $this->db->query($sql); - if (!$query) { - $last_qry = $this->db->last_query(); - $this->db->trans_rollback(); - $this->sys_error("update mcu_preregister_patients : " . $last_qry); - exit; - } - } - } else { - $preregister_patient_id = intval($exist_r[0]['Mcu_PreregisterPatientsID']); - } - - // Simpan jadwal MCU per preregister patient jika parameter TANGGAL_MCU dikirim - $scheduleDate = isset($v['TANGGAL_MCU']) ? $this->normalize_schedule_date($v['TANGGAL_MCU']) : ''; - if ($preregister_patient_id > 0 && $scheduleDate !== '') { - $sqlSchedule = "INSERT INTO mcu_preregister_date ( - Mcu_PreregisterDateMcu_PreregisterPatientsID, - Mcu_PreregisterDateCheckinSchedule, - Mcu_PreregisterDateIsActive, - Mcu_PreregisterDateCreated, - Mcu_PreregisterDateCreatedUserID, - Mcu_PreregisterDateLastUpdated, - Mcu_PreregisterDateLastUpdatedUserID - ) VALUES ( - ?, ?, 'Y', NOW(), ?, NOW(), ? - ) - ON DUPLICATE KEY UPDATE - Mcu_PreregisterDateIsActive = 'Y', - Mcu_PreregisterDateLastUpdated = NOW(), - Mcu_PreregisterDateLastUpdatedUserID = VALUES(Mcu_PreregisterDateLastUpdatedUserID)"; - $qrySchedule = $this->db->query($sqlSchedule, array( - $preregister_patient_id, - $scheduleDate, - $userid, - $userid - )); - if (!$qrySchedule) { - $last_qry = $this->db->last_query(); - $this->db->trans_rollback(); - $this->sys_error("insert mcu_preregister_date : " . $last_qry); - exit; - } - } - } + $query = $this->db->query($sql); + if (!$query) { + $last_qry = $this->db->last_query(); + $this->db->trans_rollback(); + $this->sys_error("update mcu_preregister_patients : " . $last_qry); + exit; + } + } + } else { + $preregister_patient_id = intval($exist_r[0]['Mcu_PreregisterPatientsID']); + } + + // Simpan jadwal MCU per preregister patient jika parameter TANGGAL_MCU dikirim + $scheduleDate = isset($v['TANGGAL_MCU']) ? $this->normalize_schedule_date($v['TANGGAL_MCU']) : ''; + if ($preregister_patient_id > 0 && $scheduleDate !== '') { + $sqlSchedule = "INSERT INTO mcu_preregister_date ( + Mcu_PreregisterDateMcu_PreregisterPatientsID, + Mcu_PreregisterDateCheckinSchedule, + Mcu_PreregisterDateIsActive, + Mcu_PreregisterDateCreated, + Mcu_PreregisterDateCreatedUserID, + Mcu_PreregisterDateLastUpdated, + Mcu_PreregisterDateLastUpdatedUserID + ) VALUES ( + ?, ?, 'Y', NOW(), ?, NOW(), ? + ) + ON DUPLICATE KEY UPDATE + Mcu_PreregisterDateIsActive = 'Y', + Mcu_PreregisterDateLastUpdated = NOW(), + Mcu_PreregisterDateLastUpdatedUserID = VALUES(Mcu_PreregisterDateLastUpdatedUserID)"; + $qrySchedule = $this->db->query($sqlSchedule, array( + $preregister_patient_id, + $scheduleDate, + $userid, + $userid + )); + if (!$qrySchedule) { + $last_qry = $this->db->last_query(); + $this->db->trans_rollback(); + $this->sys_error("insert mcu_preregister_date : " . $last_qry); + exit; + } + } + } if ($this->db->trans_status() === FALSE) { $this->db->trans_rollback(); @@ -960,32 +990,36 @@ class Preregister extends MY_Controller } if ($v['KTP'] != '') { - $sql = "SELECT * - FROM m_patient + $enc = $this->ibl_encryptor; + $ktp_toks = $enc->query_tokens($v['KTP']); + $ktp_conds = []; + foreach ($ktp_toks as $tok) { + $tok_esc = $this->db_onedev->escape_str($tok); + $ktp_conds[] = "JSON_CONTAINS(M_PatientNIK_bidx, '\"$tok_esc\"')"; + } + $ktp_where = $ktp_conds ? implode(' AND ', $ktp_conds) : '0'; + $sql = "SELECT m_patient.*, M_SexCode + FROM m_patient JOIN m_sex ON M_PatientM_SexID = M_SexID - WHERE M_PatientM_IdTypeID = 1 AND - M_PatientIDNumber = '{$v['KTP']}' AND - M_PatientIsActive = 'Y' + WHERE M_PatientIsActive = 'Y' AND ({$ktp_where}) LIMIT 1"; $exist_r = $this->db_onedev->query($sql)->row_array(); if ($exist_r) { $patient_id = $exist_r["M_PatientID"]; - $v['NAMA'] = $exist_r["M_PatientName"]; - //$pdob = date('Y-m-d',strtotime($exist_r['M_PatientDOB'])); + $v['NAMA'] = $enc->decrypt($exist_r['M_PatientName_enc']) ?? $exist_r["M_PatientName"]; $title_id = $exist_r["M_PatientM_TitleID"]; $sex_id = $exist_r["M_PatientM_SexID"]; $religion_id = $exist_r["M_PatientM_ReligionID"]; - $v['NIK'] = $v['NIK'] ? $v['NIK'] : $exist_r["M_PatientNIK"]; - $v['EMAIL'] = $v['EMAIL'] ? $v['EMAIL'] : $exist_r["M_PatientEmail"]; - $v['HP'] = $v['HP'] ? $v['HP'] : $exist_r["M_PatientHP"]; + $v['NIK'] = $v['NIK'] ? $v['NIK'] : ($enc->decrypt($exist_r['M_PatientNIK_enc'] ?? '') ?? $exist_r["M_PatientNIK"]); + $v['EMAIL'] = $v['EMAIL'] ? $v['EMAIL'] : ($enc->decrypt($exist_r['M_PatientEmail_enc'] ?? '') ?? $exist_r["M_PatientEmail"]); + $v['HP'] = $v['HP'] ? $v['HP'] : ($enc->decrypt($exist_r['M_PatientHP_enc'] ?? '') ?? $exist_r["M_PatientHP"]); $v['KEDUDUKAN'] = $v['KEDUDUKAN'] ? $v['KEDUDUKAN'] : $exist_r["M_PatientKedudukan"]; $v['JABATAN'] = $v['JABATAN'] ? $v['JABATAN'] : $exist_r["M_PatientJabatan"]; $v['JOB'] = $v['JOB'] ? $v['JOB'] : $exist_r["M_PatientJob"]; $v['LOKASI'] = $v['LOKASI'] ? addslashes($v['LOKASI']) : addslashes($exist_r["M_PatientLocation"]); $v['JENIS_KELAMIN'] = $exist_r["M_SexCode"]; - $v['KTP'] = $v['KTP'] ? $v['KTP'] : $exist_r["M_PatientIDNumber"]; + $v['KTP'] = $v['KTP'] ? $v['KTP'] : ($enc->decrypt($exist_r['M_PatientIDNumber_enc'] ?? '') ?? $exist_r["M_PatientIDNumber"]); } - //echo $sql; } if ($patient_id == 0) { @@ -1005,6 +1039,11 @@ class Preregister extends MY_Controller $sql = "SELECT * FROM m_religion WHERE M_ReligionName = 'OTHERS' AND M_ReligionIsActive = 'Y' LIMIT 1"; $religion_id = $this->db_onedev->query($sql)->row()->M_ReligionID; } + $m_nama = $this->db_onedev->escape_str($this->_mask_name($v['NAMA'])); + $m_ktp = $this->_mask_id($v['KTP']); + $m_nik = $this->_mask_id($v['NIK']); + $m_email = $this->_mask_email($v['EMAIL']); + $m_hp = $this->_mask_phone($v['HP']); $query = " INSERT INTO mcu_preregister_patients ( Mcu_PreregisterDetailsMcuOfflinePrepareID, Mcu_PreregisterDetailsPID, @@ -1029,13 +1068,13 @@ class Preregister extends MY_Controller VALUES( '{$prm['xid']}', '{$v['PID']}', - '{$v['KTP']}', - '{$v['NIK']}', + '{$m_ktp}', + '{$m_nik}', '{$title_id}', - '{$v['NAMA']}', + '{$m_nama}', '{$religion_id}', - '{$v['EMAIL']}', - '{$v['HP']}', + '{$m_email}', + '{$m_hp}', '{$pdob}', '{$v['KEDUDUKAN']}', '{$v['JABATAN']}', @@ -1060,18 +1099,22 @@ class Preregister extends MY_Controller //print_r($row_header); if ($patient_id == 0) { - $sql = "SELECT * - FROM m_patient - WHERE - M_PatientName = '{$v['NAMA']}' AND - M_PatientDOB = '{$pdob}' AND - M_PatientNIP = '{$v['NIK']}' AND - M_PatientIsActive = 'Y' LIMIT 1"; + $enc = $this->ibl_encryptor; + $name_toks = $enc->query_tokens($v['NAMA']); + $name_conds = []; + foreach ($name_toks as $tok) { + $tok_esc = $this->db_onedev->escape_str($tok); + $name_conds[] = "JSON_CONTAINS(M_PatientName_bidx, '\"$tok_esc\"')"; + } + $name_where = $name_conds ? implode(' AND ', $name_conds) : '0'; + $sql = "SELECT M_PatientID FROM m_patient + WHERE ({$name_where}) + AND M_PatientDOB = '{$pdob}' + AND M_PatientIsActive = 'Y' LIMIT 1"; $exist_r = $this->db_onedev->query($sql)->row_array(); if ($exist_r) { - $patient_id = $exist_r["M_PatientID"]; + $patient_id = $exist_r["M_PatientID"]; } - //echo $sql; } //echo $patient_id; @@ -1084,85 +1127,53 @@ class Preregister extends MY_Controller $M_PatientM_IdTypeID = 1; $M_PatientIDNumber = $v["KTP"]; } - $sql = "INSERT INTO m_patient ( - M_PatientName, - M_PatientM_TitleID, - M_PatientM_SexID, - M_PatientM_ReligionID, - M_PatientPOB, - M_PatientDOB, - M_PatientNIK, - M_PatientM_IdTypeID, - M_PatientIDNumber, - M_PatientJabatan, - M_PatientLocation, - M_PatientKedudukan, - M_PatientJob, - M_PatientEmail, - M_PatientHP, - M_PatientUserID - ) - VALUES( - '{$v["NAMA"]}', - {$title_id}, - {$sex_id}, - {$religion_id}, - '-', - '{$pdob}', - '{$v["NIK"]}', - '{$M_PatientM_IdTypeID}', - '{$M_PatientIDNumber}', - '{$v['JABATAN']}', - '{$v['LOKASI']}', - '{$v['KEDUDUKAN']}', - '{$v['JOB']}', - '{$v['EMAIL']}', - '{$v['HP']}', - '{$userid}' - )"; - //echo $sql; - $this->db_onedev->query($sql); - $data_insert_patient = array( - 'M_PatientName' => $v["NAMA"], - 'M_PatientM_TitleID' => $title_id, - 'M_PatientM_SexID' => $sex_id, + $enc = $this->ibl_encryptor; + $dob_str = date('d-m-Y', strtotime($pdob)); + $data_insert_patient = [ + 'M_PatientName' => $this->_mask_name($v["NAMA"]), + 'M_PatientName_enc' => $enc->encrypt($v["NAMA"]), + 'M_PatientName_bidx' => $enc->search_bidx($v["NAMA"]), + 'M_PatientM_TitleID' => $title_id, + 'M_PatientM_SexID' => $sex_id, 'M_PatientM_ReligionID' => $religion_id, - 'M_PatientPOB' => '-', - 'M_PatientDOB' => $pdob, - 'M_PatientNIK' => $v["NIK"], - 'M_PatientJabatan' => $v['JABATAN'], - 'M_PatientLocation' => $v['LOKASI'], - 'M_PatientKedudukan' => $v['KEDUDUKAN'], - 'M_PatientJob' => $v['JOB'], - 'M_PatientEmail' => $v['EMAIL'], - 'M_PatientHP' => $v['HP'], - 'M_PatientUserID' => $userid - ); - - - //$this->db->insert('m_patient', $data_insert_patient); - //echo $this->db_onedev->last_query(); + 'M_PatientPOB' => '***', + 'M_PatientPOB_enc' => $enc->encrypt('-'), + 'M_PatientDOB' => $pdob, + 'M_PatientDOB_enc' => $enc->encrypt($dob_str), + 'M_PatientDOB_bidx' => $enc->search_bidx($dob_str), + 'M_PatientNIK' => $v["NIK"], + 'M_PatientNIK_bidx' => $enc->search_bidx($v["NIK"] ?? ''), + 'M_PatientM_IdTypeID' => $M_PatientM_IdTypeID, + 'M_PatientIDNumber' => $M_PatientIDNumber ? $this->_mask_id($M_PatientIDNumber) : null, + 'M_PatientIDNumber_enc' => $M_PatientIDNumber ? $enc->encrypt($M_PatientIDNumber) : null, + 'M_PatientJabatan' => $v['JABATAN'], + 'M_PatientLocation' => $v['LOKASI'], + 'M_PatientKedudukan' => $v['KEDUDUKAN'], + 'M_PatientJob' => $v['JOB'], + 'M_PatientEmail' => $this->_mask_email($v['EMAIL']), + 'M_PatientEmail_enc' => $enc->encrypt($v['EMAIL']), + 'M_PatientHP' => $this->_mask_phone($v['HP']), + 'M_PatientHP_enc' => $enc->encrypt($v['HP']), + 'M_PatientHP_bidx' => $enc->search_bidx($v['HP']), + 'M_PatientUserID' => $userid, + ]; + $this->db_onedev->insert('m_patient', $data_insert_patient); $patient_id = $this->db_onedev->insert_id(); //$sql = "SELECT LAST_INSERT_ID() as xid"; //$patient_id = $this->db_onedev->query($sql)->row()->xid; //echo $patient_id ; - $sql = "INSERT INTO m_patientaddress ( - M_PatientAddressM_PatientID, - M_PatientAddressDescription, - M_PatientAddressM_KelurahanID, - M_PatientAddressCreated, - M_PatientAddressUserID - ) - VALUES( - {$patient_id}, - '{$row_header['M_CompanyAddress']}', - '{$row_header['M_CompanyM_KelurahanID']}', - NOW(), - '{$userid}' - )"; - $this->db_onedev->query($sql); + $enc = $this->ibl_encryptor; + $addr_desc = $row_header['M_CompanyAddress']; + $this->db_onedev->insert('m_patientaddress', [ + 'M_PatientAddressM_PatientID' => $patient_id, + 'M_PatientAddressDescription' => $this->_mask_address($addr_desc), + 'M_PatientAddressDescription_enc' => $enc->encrypt($addr_desc), + 'M_PatientAddressM_KelurahanID' => $row_header['M_CompanyM_KelurahanID'], + 'M_PatientAddressCreated' => date('Y-m-d H:i:s'), + 'M_PatientAddressUserID' => $userid, + ]); //echo $sql; //$patient_addr_id = $this->db_onedev->insert_id(); //$sql = "SELECT * FROM m_patientaddress WHERE M_PatientAddressID = {$patient_addr_id}"; @@ -1174,20 +1185,31 @@ class Preregister extends MY_Controller } else { //echo 'masuk'; //$pdob = date('Y-m-d',strtotime($prm['Mcu_PreregisterDetailsDOB'])); - $data_update_patient = array( - 'M_PatientDOB' => $pdob - ); + $enc = $this->ibl_encryptor; + $dob_str2 = date('d-m-Y', strtotime($pdob)); + $data_update_patient = [ + 'M_PatientDOB' => $pdob, + 'M_PatientDOB_enc' => $enc->encrypt($dob_str2), + 'M_PatientDOB_bidx'=> $enc->search_bidx($dob_str2), + ]; if ($v['JENIS_KELAMIN'] == 'L') $data_update_patient['M_PatientM_TitleID'] = 2; else $data_update_patient['M_PatientM_TitleID'] = 4; - if ($v['EMAIL'] != '') - $data_update_patient['M_PatientEmail'] = $v['EMAIL']; - if ($v['HP'] != '') - $data_update_patient['M_PatientHP'] = $v['HP']; - if ($v['NIK'] != '') - $data_update_patient['M_PatientNIK'] = $v['NIK']; + if ($v['EMAIL'] != '') { + $data_update_patient['M_PatientEmail'] = $this->_mask_email($v['EMAIL']); + $data_update_patient['M_PatientEmail_enc'] = $enc->encrypt($v['EMAIL']); + } + if ($v['HP'] != '') { + $data_update_patient['M_PatientHP'] = $this->_mask_phone($v['HP']); + $data_update_patient['M_PatientHP_enc'] = $enc->encrypt($v['HP']); + $data_update_patient['M_PatientHP_bidx'] = $enc->search_bidx($v['HP']); + } + if ($v['NIK'] != '') { + $data_update_patient['M_PatientNIK'] = $v['NIK']; + $data_update_patient['M_PatientNIK_bidx'] = $enc->search_bidx($v['NIK']); + } if ($v['JABATAN'] != '') $data_update_patient['M_PatientJabatan'] = $v['JABATAN']; if ($v['KEDUDUKAN'] != '') @@ -1198,8 +1220,9 @@ class Preregister extends MY_Controller $data_update_patient['M_PatientJob'] = $v['JOB']; if (isset($v["KTP"]) && $v["KTP"] != '') { - $data_update_patient['M_PatientM_IdTypeID'] = 1; - $data_update_patient['M_PatientIDNumber'] = $v["KTP"]; + $data_update_patient['M_PatientM_IdTypeID'] = 1; + $data_update_patient['M_PatientIDNumber'] = $this->_mask_id($v["KTP"]); + $data_update_patient['M_PatientIDNumber_enc'] = $enc->encrypt($v["KTP"]); } $this->db_onedev->where('M_PatientID', $patient_id); @@ -1247,56 +1270,46 @@ class Preregister extends MY_Controller $prm = $this->sys_input; $userid = $this->sys_user["M_UserID"]; - $pdob = date('Y-m-d', strtotime($prm['M_PatientDOB'])); - $query = "INSERT INTO m_patient ( - M_PatientM_TitleID, - M_PatientPrefix, - M_PatientName, - M_PatientSuffix, - M_PatientDOB, - M_PatientM_SexID, - M_PatientM_ReligionID, - M_PatientEmail, - M_PatientPOB, - M_PatientHP, - M_PatientPhone, - M_PatientM_IdTypeID, - M_PatientIDNumber, - M_PatientNote, - M_PatientNIK, - M_PatientJabatan, - M_PatientKedudukan, - M_PatientPJ, - M_PatientLocation, - M_PatientJob, - M_PatientUserID - ) - VALUES( - '{$prm['M_PatientM_TitleID']}', - '{$prm['M_PatientPrefix']}', - '{$prm['M_PatientName']}', - '{$prm['M_PatientSuffix']}', - '{$pdob}', - '{$prm['M_PatientM_SexID']}', - '{$prm['M_PatientM_ReligionID']}', - '{$prm['M_PatientEmail']}', - '{$prm['M_PatientPOB']}', - '{$prm['M_PatientHP']}', - '{$prm['M_PatientPhone']}', - '{$prm['M_PatientM_IdTypeID']}', - '{$prm['M_PatientIDNumber']}', - '{$prm['M_PatientNote']}', - '{$prm['M_PatientNIK']}', - '{$prm['M_PatientJabatan']}', - '{$prm['M_PatientKedudukan']}', - '{$prm['M_PatientPJ']}', - '{$prm['M_PatientLocation']}', - '{$prm['M_PatientJob']}', - $userid - ) - "; - //echo $query; - $rows = $this->db_onedev->query($query); + $pdob = date('Y-m-d', strtotime($prm['M_PatientDOB'])); + $dob_str = date('d-m-Y', strtotime($prm['M_PatientDOB'])); + $patient_name = $prm['M_PatientName']; + $enc = $this->ibl_encryptor; + + $ptn = [ + 'M_PatientName' => $this->_mask_name($patient_name), + 'M_PatientName_enc' => $enc->encrypt($patient_name), + 'M_PatientName_bidx' => $enc->search_bidx($patient_name), + 'M_PatientM_TitleID' => $prm['M_PatientM_TitleID'], + 'M_PatientPrefix' => $prm['M_PatientPrefix'], + 'M_PatientSuffix' => $prm['M_PatientSuffix'], + 'M_PatientDOB' => $pdob, + 'M_PatientDOB_enc' => $enc->encrypt($dob_str), + 'M_PatientDOB_bidx' => $enc->search_bidx($dob_str), + 'M_PatientM_SexID' => $prm['M_PatientM_SexID'], + 'M_PatientM_ReligionID' => $prm['M_PatientM_ReligionID'], + 'M_PatientEmail' => $this->_mask_email($prm['M_PatientEmail']), + 'M_PatientEmail_enc' => $enc->encrypt($prm['M_PatientEmail']), + 'M_PatientPOB' => $this->_mask_short($prm['M_PatientPOB']), + 'M_PatientPOB_enc' => $enc->encrypt($prm['M_PatientPOB']), + 'M_PatientHP' => $this->_mask_phone($prm['M_PatientHP']), + 'M_PatientHP_enc' => $enc->encrypt($prm['M_PatientHP']), + 'M_PatientHP_bidx' => $enc->search_bidx($prm['M_PatientHP']), + 'M_PatientPhone' => $this->_mask_phone($prm['M_PatientPhone']), + 'M_PatientPhone_enc' => $enc->encrypt($prm['M_PatientPhone']), + 'M_PatientM_IdTypeID' => $prm['M_PatientM_IdTypeID'], + 'M_PatientIDNumber' => $this->_mask_id($prm['M_PatientIDNumber']), + 'M_PatientIDNumber_enc' => $enc->encrypt($prm['M_PatientIDNumber']), + 'M_PatientNIK' => $prm['M_PatientNIK'], + 'M_PatientNIK_bidx' => $enc->search_bidx($prm['M_PatientNIK'] ?? ''), + 'M_PatientNote' => $prm['M_PatientNote'], + 'M_PatientJabatan' => $prm['M_PatientJabatan'], + 'M_PatientKedudukan' => $prm['M_PatientKedudukan'], + 'M_PatientPJ' => $prm['M_PatientPJ'], + 'M_PatientLocation' => $prm['M_PatientLocation'], + 'M_PatientJob' => $prm['M_PatientJob'], + 'M_PatientUserID' => $userid, + ]; + $this->db_onedev->insert('m_patient', $ptn); $last_id = $this->db_onedev->insert_id(); $result = array( "total" => 1, diff --git a/scripts/mask_patient_plaintext.php b/scripts/mask_patient_plaintext.php index f6899c03..7eda0330 100644 --- a/scripts/mask_patient_plaintext.php +++ b/scripts/mask_patient_plaintext.php @@ -35,7 +35,8 @@ function mask_name($v) { $words = preg_split('/\s+/', $v); if (count($words) === 1) { $l = mb_strlen($v, 'UTF-8'); - return $l <= 6 ? $v : mb_substr($v, 0, 6, 'UTF-8') . '***'; + if ($l <= 2) return $v; + return mb_substr($v, 0, 2, 'UTF-8') . str_repeat('*', $l - 2); } $first = $words[0]; $rest = array_slice($words, 1); diff --git a/scripts/remask_patient_name.php b/scripts/remask_patient_name.php index e734e7a4..149e343c 100644 --- a/scripts/remask_patient_name.php +++ b/scripts/remask_patient_name.php @@ -29,7 +29,8 @@ function mask_name($v) { $words = preg_split('/\s+/', $v); if (count($words) === 1) { $l = mb_strlen($v, 'UTF-8'); - return $l <= 6 ? $v : mb_substr($v, 0, 6, 'UTF-8') . '***'; + if ($l <= 2) return $v; + return mb_substr($v, 0, 2, 'UTF-8') . str_repeat('*', $l - 2); } $first = $words[0]; $rest = array_slice($words, 1); diff --git a/sql/manual_changes/2026-05-31-pdp-mcu-patient-dashboard-enc-sp.sql b/sql/manual_changes/2026-05-31-pdp-mcu-patient-dashboard-enc-sp.sql new file mode 100644 index 00000000..bddf2295 --- /dev/null +++ b/sql/manual_changes/2026-05-31-pdp-mcu-patient-dashboard-enc-sp.sql @@ -0,0 +1,282 @@ +-- PDP: mcu_patient di one_lab_dashboard simpan versi _enc dari m_patient +-- Mcu_PatientName dan Mcu_PatientDOB diubah ke TEXT untuk muat ciphertext AES-256-GCM +-- SP JOIN ke one_lab.m_patient via Mcu_PreregisterPatientsM_PatientID + +-- ============================================================ +-- 1. Ubah tipe kolom mcu_patient +-- ============================================================ +ALTER TABLE one_lab_dashboard.mcu_patient + MODIFY COLUMN Mcu_PatientName TEXT NULL, + MODIFY COLUMN Mcu_PatientDOB TEXT NULL; + +-- ============================================================ +-- 2. sp_upsert_mcu_patient_by_preregister_id +-- ============================================================ +DROP PROCEDURE IF EXISTS one_lab.sp_upsert_mcu_patient_by_preregister_id; +DELIMITER $$ +CREATE DEFINER=`root`@`localhost` PROCEDURE `one_lab`.`sp_upsert_mcu_patient_by_preregister_id`(IN `p_preregister_id` int) +BEGIN + INSERT INTO one_lab_dashboard.mcu_patient ( + Mcu_PatientPreregisterID, + Mcu_PatientMcuID, + Mcu_PatientName, + Mcu_PatientNIP, + Mcu_PatientGender, + Mcu_PatientDOB, + Mcu_PatientDepartment, + Mcu_PatientDivision, + Mcu_PatientPosisi, + Mcu_PatientOrders, + Mcu_PatientIsRegistered, + Mcu_PatientOrderID, + Mcu_PatientIsActive, + Mcu_PatientSyncedAt + ) + SELECT + pp.Mcu_PreregisterPatientsID, + pp.Mcu_PreregisterPatientsMgm_McuID, + mp.M_PatientName_enc, + pp.Mcu_PreregisterPatientsNIP, + pp.Mcu_PreregisterPatientsGender, + mp.M_PatientDOB_enc, + pp.Mcu_PreregisterPatientsDepartment, + pp.Mcu_PreregisterPatientsDivisi, + pp.Mcu_PreregisterPatientsPosisi, + pp.Mcu_PreregisterPatientsOrders, + pp.Mcu_PreregisterPatientsIsRegistered, + CASE + WHEN pp.Mcu_PreregisterPatientsIsRegistered = 'Y' + AND IFNULL(pp.Mcu_PreregisterPatientsT_OrderHeaderID, 0) > 0 + THEN pp.Mcu_PreregisterPatientsT_OrderHeaderID + ELSE NULL + END AS Mcu_PatientOrderID, + pp.Mcu_PreregisterPatientsIsActive AS Mcu_PatientIsActive, + NOW() AS Mcu_PatientSyncedAt + FROM mcu_preregister_patients pp + LEFT JOIN one_lab.m_patient mp ON mp.M_PatientID = pp.Mcu_PreregisterPatientsM_PatientID + WHERE pp.Mcu_PreregisterPatientsID = p_preregister_id + ON DUPLICATE KEY UPDATE + Mcu_PatientMcuID = VALUES(Mcu_PatientMcuID), + Mcu_PatientName = VALUES(Mcu_PatientName), + Mcu_PatientNIP = VALUES(Mcu_PatientNIP), + Mcu_PatientGender = VALUES(Mcu_PatientGender), + Mcu_PatientDOB = VALUES(Mcu_PatientDOB), + Mcu_PatientDepartment = VALUES(Mcu_PatientDepartment), + Mcu_PatientDivision = VALUES(Mcu_PatientDivision), + Mcu_PatientPosisi = VALUES(Mcu_PatientPosisi), + Mcu_PatientOrders = VALUES(Mcu_PatientOrders), + Mcu_PatientIsRegistered = VALUES(Mcu_PatientIsRegistered), + Mcu_PatientOrderID = VALUES(Mcu_PatientOrderID), + Mcu_PatientIsActive = VALUES(Mcu_PatientIsActive), + Mcu_PatientSyncedAt = NOW(); + + DELETE FROM one_lab_dashboard.mcu_patient_packet + WHERE Mcu_PatientPacketPreregisterID = p_preregister_id; + + INSERT INTO one_lab_dashboard.mcu_patient_packet ( + Mcu_PatientPacketMcu_PatientID, + Mcu_PatientPacketPreregisterID, + Mcu_PatientPacketCode, + Mcu_PatientPacketName + ) + SELECT DISTINCT + mp2.Mcu_PatientID, + pp.Mcu_PreregisterPatientsID, + seqs.order_code AS Mcu_PatientPacketCode, + tp.T_PacketName AS Mcu_PatientPacketName + FROM mcu_preregister_patients pp + INNER JOIN one_lab_dashboard.mcu_patient mp2 + ON mp2.Mcu_PatientPreregisterID = pp.Mcu_PreregisterPatientsID + INNER JOIN ( + SELECT + src.Mcu_PreregisterPatientsID, + TRIM( + SUBSTRING_INDEX( + SUBSTRING_INDEX(src.clean_orders, ',', nums.seq), + ',', -1 + ) + ) AS order_code + FROM ( + SELECT p.Mcu_PreregisterPatientsID, + REPLACE(IFNULL(p.Mcu_PreregisterPatientsOrders, ''), ' ', '') AS clean_orders + FROM mcu_preregister_patients p + WHERE p.Mcu_PreregisterPatientsID = p_preregister_id + ) src + INNER JOIN ( + SELECT ones.n + tens.n * 10 + 1 AS seq + FROM + (SELECT 0 AS n UNION ALL SELECT 1 UNION ALL SELECT 2 UNION ALL SELECT 3 UNION ALL SELECT 4 + UNION ALL SELECT 5 UNION ALL SELECT 6 UNION ALL SELECT 7 UNION ALL SELECT 8 UNION ALL SELECT 9) ones + CROSS JOIN + (SELECT 0 AS n UNION ALL SELECT 1 UNION ALL SELECT 2 UNION ALL SELECT 3 UNION ALL SELECT 4 + UNION ALL SELECT 5 UNION ALL SELECT 6 UNION ALL SELECT 7 UNION ALL SELECT 8 UNION ALL SELECT 9) tens + ) nums ON nums.seq <= 1 + LENGTH(src.clean_orders) - LENGTH(REPLACE(src.clean_orders, ',', '')) + ) seqs ON seqs.Mcu_PreregisterPatientsID = pp.Mcu_PreregisterPatientsID + INNER JOIN t_packet tp + ON tp.T_PacketSasCode = seqs.order_code AND tp.T_PacketIsActive = 'Y' + WHERE pp.Mcu_PreregisterPatientsID = p_preregister_id + AND LEFT(seqs.order_code, 2) IN ('PN', 'PR') + AND seqs.order_code <> ''; + + SELECT ROW_COUNT() AS affected_rows; +END$$ +DELIMITER ; + +-- ============================================================ +-- 3. sp_upsert_mcu_patient_by_mgm_mcuid +-- ============================================================ +DROP PROCEDURE IF EXISTS one_lab.sp_upsert_mcu_patient_by_mgm_mcuid; +DELIMITER $$ +CREATE DEFINER=`root`@`localhost` PROCEDURE `one_lab`.`sp_upsert_mcu_patient_by_mgm_mcuid`(IN `p_mgm_mcuid` int) +BEGIN + INSERT INTO one_lab_dashboard.mcu_patient ( + Mcu_PatientPreregisterID, + Mcu_PatientMcuID, + Mcu_PatientName, + Mcu_PatientNIP, + Mcu_PatientGender, + Mcu_PatientDOB, + Mcu_PatientDepartment, + Mcu_PatientDivision, + Mcu_PatientPosisi, + Mcu_PatientOrders, + Mcu_PatientPemeriksaan, + Mcu_PatientIsRegistered, + Mcu_PatientOrderID, + Mcu_PatientIsActive, + Mcu_PatientSyncedAt + ) + SELECT + pp.Mcu_PreregisterPatientsID, + pp.Mcu_PreregisterPatientsMgm_McuID, + mp.M_PatientName_enc, + pp.Mcu_PreregisterPatientsNIP, + pp.Mcu_PreregisterPatientsGender, + mp.M_PatientDOB_enc, + pp.Mcu_PreregisterPatientsDepartment, + pp.Mcu_PreregisterPatientsDivisi, + pp.Mcu_PreregisterPatientsPosisi, + pp.Mcu_PreregisterPatientsOrders, + ( + SELECT GROUP_CONCAT(x.pemeriksaan_name ORDER BY x.seq SEPARATOR ', ') + FROM ( + SELECT + seqs.seq, + CASE + WHEN LEFT(seqs.order_code, 2) IN ('PN', 'PR') THEN tp.T_PacketName + ELSE tt.T_TestName + END AS pemeriksaan_name + FROM ( + SELECT + nums.seq, + TRIM( + SUBSTRING_INDEX( + SUBSTRING_INDEX(REPLACE(IFNULL(pp.Mcu_PreregisterPatientsOrders, ''), ' ', ''), ',', nums.seq), + ',', -1 + ) + ) AS order_code + FROM ( + SELECT ones.n + tens.n * 10 + 1 AS seq + FROM + (SELECT 0 AS n UNION ALL SELECT 1 UNION ALL SELECT 2 UNION ALL SELECT 3 UNION ALL SELECT 4 + UNION ALL SELECT 5 UNION ALL SELECT 6 UNION ALL SELECT 7 UNION ALL SELECT 8 UNION ALL SELECT 9) ones + CROSS JOIN + (SELECT 0 AS n UNION ALL SELECT 1 UNION ALL SELECT 2 UNION ALL SELECT 3 UNION ALL SELECT 4 + UNION ALL SELECT 5 UNION ALL SELECT 6 UNION ALL SELECT 7 UNION ALL SELECT 8 UNION ALL SELECT 9) tens + ) nums + WHERE nums.seq <= 1 + LENGTH(REPLACE(IFNULL(pp.Mcu_PreregisterPatientsOrders, ''), ' ', '')) + - LENGTH(REPLACE(REPLACE(IFNULL(pp.Mcu_PreregisterPatientsOrders, ''), ' ', ''), ',', '')) + ) seqs + LEFT JOIN t_packet tp + ON LEFT(seqs.order_code, 2) IN ('PN', 'PR') + AND tp.T_PacketSasCode = seqs.order_code AND tp.T_PacketIsActive = 'Y' + LEFT JOIN t_test tt + ON LEFT(seqs.order_code, 2) NOT IN ('PN', 'PR') + AND tt.T_TestSasCode = seqs.order_code AND tt.T_TestIsActive = 'Y' + WHERE seqs.order_code <> '' + ) x + WHERE x.pemeriksaan_name IS NOT NULL + ) AS Mcu_PatientPemeriksaan, + pp.Mcu_PreregisterPatientsIsRegistered, + CASE + WHEN pp.Mcu_PreregisterPatientsIsRegistered = 'Y' + AND IFNULL(pp.Mcu_PreregisterPatientsT_OrderHeaderID, 0) > 0 + THEN pp.Mcu_PreregisterPatientsT_OrderHeaderID + ELSE NULL + END AS Mcu_PatientOrderID, + pp.Mcu_PreregisterPatientsIsActive AS Mcu_PatientIsActive, + NOW() AS Mcu_PatientSyncedAt + FROM mcu_preregister_patients pp + LEFT JOIN one_lab.m_patient mp ON mp.M_PatientID = pp.Mcu_PreregisterPatientsM_PatientID + WHERE pp.Mcu_PreregisterPatientsMgm_McuID = p_mgm_mcuid + ON DUPLICATE KEY UPDATE + Mcu_PatientMcuID = VALUES(Mcu_PatientMcuID), + Mcu_PatientName = VALUES(Mcu_PatientName), + Mcu_PatientNIP = VALUES(Mcu_PatientNIP), + Mcu_PatientGender = VALUES(Mcu_PatientGender), + Mcu_PatientDOB = VALUES(Mcu_PatientDOB), + Mcu_PatientDepartment = VALUES(Mcu_PatientDepartment), + Mcu_PatientDivision = VALUES(Mcu_PatientDivision), + Mcu_PatientPosisi = VALUES(Mcu_PatientPosisi), + Mcu_PatientOrders = VALUES(Mcu_PatientOrders), + Mcu_PatientPemeriksaan = VALUES(Mcu_PatientPemeriksaan), + Mcu_PatientIsRegistered = VALUES(Mcu_PatientIsRegistered), + Mcu_PatientOrderID = VALUES(Mcu_PatientOrderID), + Mcu_PatientIsActive = VALUES(Mcu_PatientIsActive), + Mcu_PatientSyncedAt = NOW(); + + DELETE ppk + FROM one_lab_dashboard.mcu_patient_packet ppk + INNER JOIN one_lab_dashboard.mcu_patient mp2 + ON mp2.Mcu_PatientID = ppk.Mcu_PatientPacketMcu_PatientID + WHERE mp2.Mcu_PatientMcuID = p_mgm_mcuid; + + INSERT INTO one_lab_dashboard.mcu_patient_packet ( + Mcu_PatientPacketMcu_PatientID, + Mcu_PatientPacketPreregisterID, + Mcu_PatientPacketCode, + Mcu_PatientPacketName + ) + SELECT DISTINCT + mp2.Mcu_PatientID, + pp.Mcu_PreregisterPatientsID, + seqs.order_code AS Mcu_PatientPacketCode, + tp.T_PacketName AS Mcu_PatientPacketName + FROM mcu_preregister_patients pp + INNER JOIN one_lab_dashboard.mcu_patient mp2 + ON mp2.Mcu_PatientPreregisterID = pp.Mcu_PreregisterPatientsID + AND mp2.Mcu_PatientMcuID = pp.Mcu_PreregisterPatientsMgm_McuID + INNER JOIN ( + SELECT + src.Mcu_PreregisterPatientsID, + TRIM( + SUBSTRING_INDEX( + SUBSTRING_INDEX(src.clean_orders, ',', nums.seq), + ',', -1 + ) + ) AS order_code + FROM ( + SELECT p.Mcu_PreregisterPatientsID, + REPLACE(IFNULL(p.Mcu_PreregisterPatientsOrders, ''), ' ', '') AS clean_orders + FROM mcu_preregister_patients p + WHERE p.Mcu_PreregisterPatientsMgm_McuID = p_mgm_mcuid + ) src + INNER JOIN ( + SELECT ones.n + tens.n * 10 + 1 AS seq + FROM + (SELECT 0 AS n UNION ALL SELECT 1 UNION ALL SELECT 2 UNION ALL SELECT 3 UNION ALL SELECT 4 + UNION ALL SELECT 5 UNION ALL SELECT 6 UNION ALL SELECT 7 UNION ALL SELECT 8 UNION ALL SELECT 9) ones + CROSS JOIN + (SELECT 0 AS n UNION ALL SELECT 1 UNION ALL SELECT 2 UNION ALL SELECT 3 UNION ALL SELECT 4 + UNION ALL SELECT 5 UNION ALL SELECT 6 UNION ALL SELECT 7 UNION ALL SELECT 8 UNION ALL SELECT 9) tens + ) nums ON nums.seq <= 1 + LENGTH(src.clean_orders) - LENGTH(REPLACE(src.clean_orders, ',', '')) + ) seqs ON seqs.Mcu_PreregisterPatientsID = pp.Mcu_PreregisterPatientsID + INNER JOIN t_packet tp + ON tp.T_PacketSasCode = seqs.order_code AND tp.T_PacketIsActive = 'Y' + WHERE pp.Mcu_PreregisterPatientsMgm_McuID = p_mgm_mcuid + AND LEFT(seqs.order_code, 2) IN ('PN', 'PR') + AND seqs.order_code <> ''; + + SELECT ROW_COUNT() AS affected_rows; +END$$ +DELIMITER ;