fajri/BE_IBL
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

FHM31052601IBL - update FO registration controllers: decrypt PII sebelum return response

Browse Source 
- Payment, History, Delivery: load ibl_encryptor, decrypt Name/Email/HP
- Order, Order copy: decrypt patient_name di get_header & get_order_header
- Order: pre-fetch decrypt email/HP sebelum UNION delivery query
- Order: enkripsi T_OrderDeliveryDestination saat INSERT, decrypt saat SELECT
- SQL: tambah kolom T_OrderDeliveryDestination_enc
- migrate_encrypt_results: tambah migrasi t_orderdelivery

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
sas.fajri
2026-05-31 14:31:54 +07:00
parent c63afddaa0
commit 17a788baac
7 changed files with 216 additions and 104 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
application/controllers/mockup/fo/ibl_registration/Delivery.php
View File

@@ -10,6 +10,7 @@ class Delivery extends MY_Controller
{
parent::__construct();
$this->db_smartone = $this->load->database("onedev", true);
$this->load->library('ibl_encryptor');
}
public function search()
{
@@ -64,7 +65,20 @@ class Delivery extends MY_Controller
}
$prm = $this->sys_input;
$type = $prm['type'];
$id = $prm['id'];
$id = $prm['id'];
if ($type == 'patient') {
$prow = $this->db_smartone->query(
"SELECT M_PatientEmail_enc, M_PatientHP_enc FROM m_patient WHERE M_PatientID = ? LIMIT 1", [$id]
)->row_array();
$patient_email = $this->db_smartone->escape(
$this->ibl_encryptor->decrypt($prow['M_PatientEmail_enc'] ?? '') ?: 'Belum ada email pasien'
);
$patient_hp = $this->db_smartone->escape(
$this->ibl_encryptor->decrypt($prow['M_PatientHP_enc'] ?? '') ?: 'Belum ada WA pasien'
);
}
if($type == 'patient'){
$sql = "
SELECT '' as regionalcd,
@@ -110,7 +124,7 @@ class Delivery extends MY_Controller
M_DeliveryM_DeliveryTypeID as delivery_type,
M_DeliveryID as delivery_id,
M_DeliveryName as delivery_name,
IFNULL(M_PatientEmail,'Belum ada email pasien') as description,
IFNULL({$patient_email},'Belum ada email pasien') as description,
'N' as chex,
'' as note,
'origin' as typeform,
@@ -129,7 +143,7 @@ class Delivery extends MY_Controller
M_DeliveryM_DeliveryTypeID as delivery_type,
M_DeliveryID as delivery_id,
M_DeliveryName as delivery_name,
IFNULL(M_PatientEmail,'Belum ada email pasien') as description,
IFNULL({$patient_email},'Belum ada email pasien') as description,
'N' as chex,
'' as note,
'origin' as typeform,
@@ -148,7 +162,7 @@ class Delivery extends MY_Controller
M_DeliveryM_DeliveryTypeID as delivery_type,
M_DeliveryID as delivery_id,
M_DeliveryName as delivery_name,
IFNULL(M_PatientHP,'Belum ada WA pasien') as description,
IFNULL({$patient_hp},'Belum ada WA pasien') as description,
'N' as chex,
'' as note,
'origin' as typeform,
@@ -167,7 +181,7 @@ class Delivery extends MY_Controller
M_DeliveryM_DeliveryTypeID as delivery_type,
M_DeliveryID as delivery_id,
M_DeliveryName as delivery_name,
IFNULL(M_PatientHP,'Belum ada telegram pasien') as description,
IFNULL({$patient_hp},'Belum ada telegram pasien') as description,
'N' as chex,
'' as note,
'origin' as typeform,

32
application/controllers/mockup/fo/ibl_registration/History.php
View File

@@ -12,6 +12,20 @@ class History extends MY_Controller
{
parent::__construct();
$this->db_onedev = $this->load->database("onedev", true);
$this->load->library('ibl_encryptor');
}
// Ambil email & HP pasien (sudah didekripsi) untuk dipakai di UNION delivery query
private function _get_patient_contact($patient_id)
{
$row = $this->db_onedev->query(
"SELECT M_PatientEmail_enc, M_PatientHP_enc FROM m_patient WHERE M_PatientID = ? LIMIT 1",
[$patient_id]
)->row_array();
return [
'email' => $this->ibl_encryptor->decrypt($row['M_PatientEmail_enc'] ?? '') ?: '',
'hp' => $this->ibl_encryptor->decrypt($row['M_PatientHP_enc'] ?? '') ?: '',
];
}
public function search()
@@ -329,9 +343,15 @@ class History extends MY_Controller
function search_deliveries($prm)
{
$type = $prm['type'];
$id = $prm['id'];
$id = $prm['id'];
if ($type == 'patient') {
$contact = $this->_get_patient_contact($id);
$patient_email = $this->db_onedev->escape($contact['email'] ?: 'Belum ada email pasien');
$patient_hp = $this->db_onedev->escape($contact['hp'] ?: 'Belum ada WA pasien');
}
if($type == 'patient'){
$sql = "
SELECT 0 as kelurahan,
@@ -377,7 +397,7 @@ class History extends MY_Controller
M_DeliveryM_DeliveryTypeID as delivery_type,
M_DeliveryID as delivery_id,
M_DeliveryName as delivery_name,
IFNULL(M_PatientEmail,'Belum ada email pasien') as description,
IFNULL({$patient_email},'Belum ada email pasien') as description,
'N' as chex,
'' as note,
'origin' as typeform,
@@ -394,7 +414,7 @@ class History extends MY_Controller
M_DeliveryM_DeliveryTypeID as delivery_type,
M_DeliveryID as delivery_id,
M_DeliveryName as delivery_name,
IFNULL(M_PatientEmail,'Belum ada email pasien') as description,
IFNULL({$patient_email},'Belum ada email pasien') as description,
'N' as chex,
'' as note,
'origin' as typeform,
@@ -411,7 +431,7 @@ class History extends MY_Controller
M_DeliveryM_DeliveryTypeID as delivery_type,
M_DeliveryID as delivery_id,
M_DeliveryName as delivery_name,
IFNULL(M_PatientHP,'Belum ada WA pasien') as description,
IFNULL({$patient_hp},'Belum ada WA pasien') as description,
'N' as chex,
'' as note,
'origin' as typeform,
@@ -428,7 +448,7 @@ class History extends MY_Controller
M_DeliveryM_DeliveryTypeID as delivery_type,
M_DeliveryID as delivery_id,
M_DeliveryName as delivery_name,
IFNULL(M_PatientHP,'Belum ada telegram pasien') as description,
IFNULL({$patient_hp},'Belum ada telegram pasien') as description,
'N' as chex,
'' as note,
'origin' as typeform,

37
application/controllers/mockup/fo/ibl_registration/Order copy.php
View File

@@ -12,6 +12,7 @@ class Order extends MY_Controller
{
parent::__construct();
$this->db_smartone = $this->load->database("onedev", true);
$this->load->library('ibl_encryptor');
}
function get_time_start(){
@@ -747,7 +748,8 @@ function endshowtime()
T_OrderHeaderSubTotal as order_subtotal,
T_OrderHeaderRounding as order_rounding,
T_OrderHeaderTotal as order_total,
concat(if(M_TitleID is null, '', concat(M_TitleName, ' ')),IFNULL(M_PatientPrefix,''),' ',M_PatientName,' ',IFNULL(M_PatientSuffix,'')) as patient_name,
M_PatientName_enc, IFNULL(M_TitleName,'') M_TitleName,
IFNULL(M_PatientPrefix,'') M_PatientPrefix, IFNULL(M_PatientSuffix,'') M_PatientSuffix,
M_PatientNoReg as patient_mr,
M_MouName as order_mou,
CorporateName as order_company,
@@ -767,9 +769,14 @@ function endshowtime()
where T_OrderHeaderID = {$id}";
//echo $sql;
$query = $this->db_smartone->query($sql);
$rows = $query->row();
$rows = $query->row_array();
$pname = $this->ibl_encryptor->decrypt($rows['M_PatientName_enc'] ?? '');
$rows['patient_name'] = trim(implode(' ', array_filter([
$rows['M_TitleName'], $rows['M_PatientPrefix'], $pname, $rows['M_PatientSuffix']
])));
unset($rows['M_PatientName_enc'], $rows['M_TitleName'], $rows['M_PatientPrefix'], $rows['M_PatientSuffix']);
//echo $this->db_smartone->last_query();
return $rows;
return (object) $rows;
}
function get_delivery($id){
@@ -876,9 +883,21 @@ function endshowtime()
function search_deliveries($prm)
{
$type = $prm['type'];
$id = $prm['id'];
$id = $prm['id'];
if ($type == 'patient') {
$prow = $this->db_smartone->query(
"SELECT M_PatientEmail_enc, M_PatientHP_enc FROM m_patient WHERE M_PatientID = ? LIMIT 1", [$id]
)->row_array();
$patient_email = $this->db_smartone->escape(
$this->ibl_encryptor->decrypt($prow['M_PatientEmail_enc'] ?? '') ?: 'Belum ada email pasien'
);
$patient_hp = $this->db_smartone->escape(
$this->ibl_encryptor->decrypt($prow['M_PatientHP_enc'] ?? '') ?: 'Belum ada WA pasien'
);
}
if($type == 'patient'){
$sql = "
SELECT 0 as kelurahan,
@@ -924,7 +943,7 @@ function endshowtime()
M_DeliveryM_DeliveryTypeID as delivery_type,
M_DeliveryID as delivery_id,
M_DeliveryName as delivery_name,
IFNULL(M_PatientEmail,'Belum ada email pasien') as description,
IFNULL({$patient_email},'Belum ada email pasien') as description,
'N' as chex,
'' as note,
'origin' as typeform,
@@ -941,7 +960,7 @@ function endshowtime()
M_DeliveryM_DeliveryTypeID as delivery_type,
M_DeliveryID as delivery_id,
M_DeliveryName as delivery_name,
IFNULL(M_PatientEmail,'Belum ada email pasien') as description,
IFNULL({$patient_email},'Belum ada email pasien') as description,
'N' as chex,
'' as note,
'origin' as typeform,
@@ -958,7 +977,7 @@ function endshowtime()
M_DeliveryM_DeliveryTypeID as delivery_type,
M_DeliveryID as delivery_id,
M_DeliveryName as delivery_name,
IFNULL(M_PatientHP,'Belum ada WA pasien') as description,
IFNULL({$patient_hp},'Belum ada WA pasien') as description,
'N' as chex,
'' as note,
'origin' as typeform,
@@ -975,7 +994,7 @@ function endshowtime()
M_DeliveryM_DeliveryTypeID as delivery_type,
M_DeliveryID as delivery_id,
M_DeliveryName as delivery_name,
IFNULL(M_PatientHP,'Belum ada telegram pasien') as description,
IFNULL({$patient_hp},'Belum ada telegram pasien') as description,
'N' as chex,
'' as note,
'origin' as typeform,

210
application/controllers/mockup/fo/ibl_registration/Order.php
View File

@@ -13,6 +13,7 @@ class Order extends MY_Controller
parent::__construct();
$this->db_smartone = $this->load->database("onedev", true);
$this->db_log = $this->load->database("one_lab_log", true);
$this->load->library('ibl_encryptor');
$this->load->helper("uuid");
}
@@ -163,47 +164,47 @@ class Order extends MY_Controller
return lab_uuid_v4();
}
function generate_code_form($preid, $orderid)
{
$userid = $this->sys_user["M_UserID"];
$sql = "SELECT FormRiwayatPasienID, FormRiwayatPasienCode, FormRiwayatPasienUUID, FormRiwayatPasienT_OrderHeaderID
FROM form_riwayat_pasien
WHERE FormRiwayatPasienPreregisterID = ? AND
FormRiwayatPasienIsActive = 'Y'
ORDER BY FormRiwayatPasienID DESC
LIMIT 1";
$qry = $this->db_onedev->query($sql, [$preid]);
if (!$qry) {
return '';
}
$exist = $qry->row_array();
if ($exist) {
if ((int) $exist['FormRiwayatPasienT_OrderHeaderID'] !== (int) $orderid) {
$sql = "UPDATE form_riwayat_pasien
SET FormRiwayatPasienT_OrderHeaderID = ?,
FormRiwayatPasienLasUpdated = NOW(),
FormRiwayatPasienLasUpdatedUserID = ?
WHERE FormRiwayatPasienID = ?";
$qry = $this->db_onedev->query($sql, [$orderid, $userid, $exist['FormRiwayatPasienID']]);
if (!$qry) {
return '';
}
}
return array('uuid' => $exist['FormRiwayatPasienUUID'], 'code' => $exist['FormRiwayatPasienCode']);
}
$sql = "SELECT COUNT(*) as total
FROM form_riwayat_pasien
WHERE FormRiwayatPasienT_OrderHeaderID = ? AND
FormRiwayatPasienIsActive = 'Y'
";
$qry = $this->db_onedev->query($sql, [$orderid]);
if ($qry) {
$total = $qry->result_array()[0]['total'];
if ($total == 0) {
$code = $this->generate_code_string();
$uuid = $this->generate_uuid();
function generate_code_form($preid, $orderid)
{
$userid = $this->sys_user["M_UserID"];
$sql = "SELECT FormRiwayatPasienID, FormRiwayatPasienCode, FormRiwayatPasienUUID, FormRiwayatPasienT_OrderHeaderID
FROM form_riwayat_pasien
WHERE FormRiwayatPasienPreregisterID = ? AND
FormRiwayatPasienIsActive = 'Y'
ORDER BY FormRiwayatPasienID DESC
LIMIT 1";
$qry = $this->db_onedev->query($sql, [$preid]);
if (!$qry) {
return '';
}
$exist = $qry->row_array();
if ($exist) {
if ((int) $exist['FormRiwayatPasienT_OrderHeaderID'] !== (int) $orderid) {
$sql = "UPDATE form_riwayat_pasien
SET FormRiwayatPasienT_OrderHeaderID = ?,
FormRiwayatPasienLasUpdated = NOW(),
FormRiwayatPasienLasUpdatedUserID = ?
WHERE FormRiwayatPasienID = ?";
$qry = $this->db_onedev->query($sql, [$orderid, $userid, $exist['FormRiwayatPasienID']]);
if (!$qry) {
return '';
}
}
return array('uuid' => $exist['FormRiwayatPasienUUID'], 'code' => $exist['FormRiwayatPasienCode']);
}
$sql = "SELECT COUNT(*) as total
FROM form_riwayat_pasien
WHERE FormRiwayatPasienT_OrderHeaderID = ? AND
FormRiwayatPasienIsActive = 'Y'
";
$qry = $this->db_onedev->query($sql, [$orderid]);
if ($qry) {
$total = $qry->result_array()[0]['total'];
if ($total == 0) {
$code = $this->generate_code_string();
$uuid = $this->generate_uuid();
$sql = "INSERT INTO form_riwayat_pasien (
FormRiwayatPasienPreregisterID,
@@ -216,14 +217,14 @@ class Order extends MY_Controller
$qry = $this->db_onedev->query($sql, [$preid, $code, $uuid, $orderid, $userid]);
//echo $this->db_onedev->last_query();
//exit;
if (!$qry) {
return '';
}
return array('uuid' => $uuid, 'code' => $code);
}
}
return '';
}
if (!$qry) {
return '';
}
return array('uuid' => $uuid, 'code' => $code);
}
}
return '';
}
function check_duplicate_nat_tests($data)
{
@@ -979,7 +980,8 @@ class Order extends MY_Controller
$sql = "SELECT M_DeliveryTypeCode as xtype,
M_DeliverySource as source,
M_DeliveryName as label,
IFNULL(T_OrderDeliveryNoteValue,T_OrderDeliveryDestination) as xdesc
T_OrderDeliveryDestination_enc,
IFNULL(T_OrderDeliveryNoteValue, T_OrderDeliveryDestination) as xdesc_fallback
FROM t_orderdelivery
JOIN m_deliverytype ON T_OrderDeliveryM_DeliveryTypeID = M_DeliveryTypeID
JOIN m_delivery ON T_OrderDeliveryM_DeliveryID = M_DeliveryID
@@ -1004,11 +1006,13 @@ class Order extends MY_Controller
$data = $query->result_array();
$rst = [];
foreach ($data as $key => $value) {
$dest_enc = $value['T_OrderDeliveryDestination_enc'] ?? '';
$dest = $dest_enc ? ($this->ibl_encryptor->decrypt($dest_enc) ?: $value['xdesc_fallback']) : $value['xdesc_fallback'];
$rst[] = array(
'type' => $value['xtype'],
'type' => $value['xtype'],
'source' => $value['source'],
'label' => $value['label'],
'desc' => $value['xdesc']
'label' => $value['label'],
'desc' => $dest
);
}
$return['data'] = $rst;
@@ -1039,15 +1043,13 @@ class Order extends MY_Controller
T_OrderHeaderSubTotal as order_subtotal,
T_OrderHeaderTotal as order_total,
M_PatientNoReg as patient_mr,
M_PatientName as patient_name,
CONCAT(M_PatientAddressDescription,'<br>',IF(M_PatientAddressVillage IS NULL,'',CONCAT(M_PatientAddressVillage,', ')),IF(M_PatientAddressDistrict IS NULL,'',CONCAT(M_PatientAddressDistrict,', ')),IF(M_PatientAddressCity IS NULL,'',M_PatientAddressCity)) as patient_address,
M_PatientPhone as patient_phone,
M_PatientEmail as patient_email,
M_PatientName_enc, M_PatientAddressDescription_enc,
M_PatientPhone_enc, M_PatientEmail_enc,
t_orderheader.*,
IFNULL(Nat_CitoName,'') as cito_name,
IFNULL(Mgm_McuNumber,'') as mcu_number,
IFNULL(Mgm_McuLabel,'') as mcu_label,
IFNULL(latest_sig.Patient_SignatureUrl,'') as image_signature
IFNULL(latest_sig.Patient_SignatureUrl,'') as image_signature
FROM `t_orderheader`
JOIN `t_orderheaderaddon` ON T_OrderHeaderAddOnT_OrderHeaderID = T_OrderHeaderID AND T_OrderHeaderAddOnIsActive = 'Y'
JOIN m_patient ON T_OrderHeaderM_PatientID = M_PatientID
@@ -1060,16 +1062,16 @@ class Order extends MY_Controller
LEFT JOIN m_doctoraddress sender_address ON T_OrderHeaderSenderM_DoctorAddressID = M_DoctorAddressID
LEFT JOIN nat_cito ON T_OrderHeaderNat_CitoID = Nat_CitoID
LEFT JOIN mgm_mcu ON T_OrderHeaderMgm_McuID = Mgm_McuID
LEFT JOIN (
SELECT ps.Patient_SignatureM_PatientID, ps.Patient_SignatureUrl
FROM patient_signature ps
JOIN (
SELECT Patient_SignatureM_PatientID, MAX(Patient_SignatureID) as Patient_SignatureID
FROM patient_signature
WHERE Patient_SignatureIsActive = 'Y'
GROUP BY Patient_SignatureM_PatientID
) latest_sig_id ON latest_sig_id.Patient_SignatureID = ps.Patient_SignatureID
) latest_sig ON latest_sig.Patient_SignatureM_PatientID = M_PatientID AND latest_sig.Patient_SignatureM_PatientID = T_OrderHeaderM_PatientID
LEFT JOIN (
SELECT ps.Patient_SignatureM_PatientID, ps.Patient_SignatureUrl
FROM patient_signature ps
JOIN (
SELECT Patient_SignatureM_PatientID, MAX(Patient_SignatureID) as Patient_SignatureID
FROM patient_signature
WHERE Patient_SignatureIsActive = 'Y'
GROUP BY Patient_SignatureM_PatientID
) latest_sig_id ON latest_sig_id.Patient_SignatureID = ps.Patient_SignatureID
) latest_sig ON latest_sig.Patient_SignatureM_PatientID = M_PatientID AND latest_sig.Patient_SignatureM_PatientID = T_OrderHeaderM_PatientID
WHERE `T_OrderHeaderID` = ?
GROUP BY T_OrderHeaderID";
$query = $this->db_smartone->query($sql, [$order_id]);
@@ -1093,6 +1095,20 @@ class Order extends MY_Controller
$data = $query->row_array();
if (is_array($data) && count($data) > 0) {
$enc = $this->ibl_encryptor;
$addr_raw = $enc->decrypt($data['M_PatientAddressDescription_enc'] ?? '');
$data['patient_name'] = $enc->decrypt($data['M_PatientName_enc'] ?? '');
$data['patient_address'] = implode('<br>', array_filter([
$addr_raw,
$data['M_PatientAddressVillage'] ?? '',
$data['M_PatientAddressDistrict'] ?? '',
$data['M_PatientAddressCity'] ?? '',
]));
$data['patient_phone'] = $enc->decrypt($data['M_PatientPhone_enc'] ?? '');
$data['patient_email'] = $enc->decrypt($data['M_PatientEmail_enc'] ?? '');
foreach (array_keys($data) as $col) {
if (substr($col, -4) === '_enc') unset($data[$col]);
}
$data['inform_consent'] = $this->get_inform_consent_by_order($order_id);
}
$return['data'] = $data;
@@ -1404,9 +1420,9 @@ class Order extends MY_Controller
$sql = "SELECT
CONCAT(IF(M_TitleID is null, '', concat(M_TitleName, ' ')),IFNULL(M_PatientPrefix,''),' ',M_PatientName,' ',IFNULL(M_PatientSuffix,'')) as full_patient_name
FROM m_patient
$sql = "SELECT M_PatientName_enc, IFNULL(M_TitleName,'') M_TitleName,
IFNULL(M_PatientPrefix,'') M_PatientPrefix, IFNULL(M_PatientSuffix,'') M_PatientSuffix
FROM m_patient
LEFT JOIN m_title ON M_PatientM_TitleID = M_TitleID
WHERE M_PatientID = ? LIMIT 1";
$query_patient = $this->db_smartone->query($sql, [$header['patient_id']]);
@@ -1417,6 +1433,10 @@ class Order extends MY_Controller
$this->db_smartone->trans_rollback();
}
$rows_patient = $query_patient->row_array();
$pname = $this->ibl_encryptor->decrypt($rows_patient['M_PatientName_enc'] ?? '');
$rows_patient['full_patient_name'] = trim(implode(' ', array_filter([
$rows_patient['M_TitleName'], $rows_patient['M_PatientPrefix'], $pname, $rows_patient['M_PatientSuffix']
])));
$full_patient_name = $rows_patient['full_patient_name'];
$sql = "INSERT INTO t_orderheaderaddon (
@@ -2410,16 +2430,18 @@ class Order extends MY_Controller
T_OrderDeliveryM_DeliveryID,
T_OrderDeliveryM_DeliveryTypeID,
T_OrderDeliveryDestination,
T_OrderDeliveryDestination_enc,
T_OrderDeliveryAddressID,
T_OrderDeliveryRegionalCd,
T_OrderDeliveryCreated,
T_OrderDeliveryCreatedUserID
) VALUES (?,?,?,?,?,?,NOW(),?)";
) VALUES (?,?,?,?,?,?,?,NOW(),?)";
$prm_orderdelivery = [
$header_id,
$delivery['delivery_id'],
$delivery['delivery_type_id'],
$destination,
$this->ibl_encryptor->encrypt($destination),
$delivery['address_id'],
$delivery['regional_cd'],
$userid
@@ -2480,18 +2502,23 @@ class Order extends MY_Controller
// START
if ($delivery['delivery_type_id'] == 3) {
$sql_header_info = "SELECT
CONCAT(IFNULL(M_TitleName,''),'. ', IFNULL(M_PatientPrefix,''),M_PatientName, IFNULL(M_PatientSuffix,'')) as patient_fullname,
$sql_header_info = "SELECT
M_PatientName_enc, IFNULL(M_TitleName,'') M_TitleName,
IFNULL(M_PatientPrefix,'') M_PatientPrefix, IFNULL(M_PatientSuffix,'') M_PatientSuffix,
M_CompanyName as corporate_name,
CONCAT(IFNULL(M_DoctorPrefix,''),IFNULL(M_DoctorPrefix2,''),' ',M_DoctorName,IFNULL(M_DoctorSufix,''),IFNULL(M_DoctorSufix2,''),IFNULL(M_DoctorSufix3,'')) as doctor_fullname
FROM t_orderheader
JOIN m_patient ON T_OrderHeaderM_PatientID = M_PatientID
JOIN m_title ON M_PatientM_TitleID = M_TitleID
LEFT JOIN m_title ON M_PatientM_TitleID = M_TitleID
JOIN m_company ON T_OrderHeaderM_CompanyID = M_CompanyID
JOIN m_doctor ON T_OrderHeaderSenderM_DoctorID = M_DoctorID
WHERE T_OrderHeaderID = ?";
$q_h = $this->db_smartone->query($sql_header_info, [$header_id]);
$d_h = $q_h->row_array();
$pname_del = $this->ibl_encryptor->decrypt($d_h['M_PatientName_enc'] ?? '');
$d_h['patient_fullname'] = trim(implode(' ', array_filter([
$d_h['M_TitleName'], $d_h['M_PatientPrefix'], $pname_del, $d_h['M_PatientSuffix']
])));
$sql_del_source = "SELECT M_DeliverySource FROM m_delivery WHERE M_DeliveryID = ?";
$q_d = $this->db_smartone->query($sql_del_source, [$delivery['delivery_id']]);
@@ -3490,7 +3517,8 @@ GROUP BY T_SampleStationID ";
T_OrderHeaderSubTotal as order_subtotal,
T_OrderHeaderRounding as order_rounding,
T_OrderHeaderTotal as order_total,
concat(if(M_TitleID is null, '', concat(M_TitleName, ' ')),IFNULL(M_PatientPrefix,''),' ',M_PatientName,' ',IFNULL(M_PatientSuffix,'')) as patient_name,
M_PatientName_enc, IFNULL(M_TitleName,'') M_TitleName,
IFNULL(M_PatientPrefix,'') M_PatientPrefix, IFNULL(M_PatientSuffix,'') M_PatientSuffix,
M_PatientNoReg as patient_mr,
M_MouName as order_mou,
CorporateName as order_company,
@@ -3510,9 +3538,13 @@ GROUP BY T_SampleStationID ";
where T_OrderHeaderID = {$id}";
//echo $sql;
$query = $this->db_smartone->query($sql);
$rows = $query->row();
//echo $this->db_smartone->last_query();
return $rows;
$rows = $query->row_array();
$pname = $this->ibl_encryptor->decrypt($rows['M_PatientName_enc'] ?? '');
$rows['patient_name'] = trim(implode(' ', array_filter([
$rows['M_TitleName'], $rows['M_PatientPrefix'], $pname, $rows['M_PatientSuffix']
])));
unset($rows['M_PatientName_enc'], $rows['M_TitleName'], $rows['M_PatientPrefix'], $rows['M_PatientSuffix']);
return (object) $rows;
}
function get_delivery($id)
@@ -3619,7 +3651,19 @@ GROUP BY T_SampleStationID ";
{
$type = $prm['type'];
$id = $prm['id'];
$id = $prm['id'];
if ($type == 'patient') {
$prow = $this->db_smartone->query(
"SELECT M_PatientEmail_enc, M_PatientHP_enc FROM m_patient WHERE M_PatientID = ? LIMIT 1", [$id]
)->row_array();
$patient_email = $this->db_smartone->escape(
$this->ibl_encryptor->decrypt($prow['M_PatientEmail_enc'] ?? '') ?: 'Belum ada email'
);
$patient_hp = $this->db_smartone->escape(
$this->ibl_encryptor->decrypt($prow['M_PatientHP_enc'] ?? '') ?: 'Belum ada WA pasien'
);
}
if ($type == 'patient') {
$sql = "SELECT 0 as kelurahan,
'' as regional_cd,
@@ -3664,7 +3708,7 @@ GROUP BY T_SampleStationID ";
M_DeliveryM_DeliveryTypeID as delivery_type,
M_DeliveryID as delivery_id,
M_DeliveryName as delivery_name,
IFNULL(M_PatientEmail,'Belum ada email') as description,
IFNULL({$patient_email},'Belum ada email') as description,
'N' as chex,
'' as note,
'origin' as typeform,
@@ -3682,7 +3726,7 @@ GROUP BY T_SampleStationID ";
M_DeliveryM_DeliveryTypeID as delivery_type,
M_DeliveryID as delivery_id,
M_DeliveryName as delivery_name,
IFNULL(M_PatientEmail,'Belum ada email') as description,
IFNULL({$patient_email},'Belum ada email') as description,
'N' as chex,
'' as note,
'origin' as typeform,
@@ -3700,7 +3744,7 @@ GROUP BY T_SampleStationID ";
M_DeliveryM_DeliveryTypeID as delivery_type,
M_DeliveryID as delivery_id,
M_DeliveryName as delivery_name,
IFNULL(M_PatientHP,'Belum ada WA pasien') as description,
IFNULL({$patient_hp},'Belum ada WA pasien') as description,
'N' as chex,
'' as note,
'origin' as typeform,

7
application/controllers/mockup/fo/ibl_registration/Payment.php
View File

@@ -12,6 +12,7 @@ class Payment extends MY_Controller
{
parent::__construct();
$this->db_smartone = $this->load->database("onedev", true);
$this->load->library('ibl_encryptor');
}
public function get_order() {
@@ -26,7 +27,7 @@ class Payment extends MY_Controller
T_OrderHeaderSubTotal as order_subtotal,
T_OrderHeaderRounding as order_rounding,
T_OrderHeaderTotal as order_total,
concat(if(M_TitleID is null, '', concat(M_TitleName, ' ')), M_PatientName) as patient_name,
M_PatientName_enc, M_TitleName,
M_PatientNoReg as patient_mr,
M_MouName as order_mou,
M_CompanyName as order_company,
@@ -47,6 +48,10 @@ class Payment extends MY_Controller
$query = $this->db_smartone->query($sql, array($prm['id']));
if ($query) {
$rows = (array) $query->row();
$name = $this->ibl_encryptor->decrypt($rows['M_PatientName_enc']);
$title = !empty($rows['M_TitleName']) ? $rows['M_TitleName'] . ' ' : '';
$rows['patient_name'] = $title . ($name ?? '');
unset($rows['M_PatientName_enc'], $rows['M_TitleName']);
$rst['order_header'] = $rows;
// $result = array("status" => "OK" , "data" => $rst);
// $this->sys_ok($result);

4
scripts/migrate_encrypt_results.php
View File

@@ -68,6 +68,10 @@ function migrate_simple(PDO $pdo, Ibl_encryptor $enc, $table, $pk, $fields, $che
// ============================================================
// one_lab tables
// ============================================================
migrate_simple($pdo, $enc, 't_orderdelivery', 'T_OrderDeliveryID',
['T_OrderDeliveryDestination'],
'T_OrderDeliveryDestination');
migrate_simple($pdo, $enc, 't_orderdetail', 'T_OrderDetailID',
['T_OrderDetailResult', 'T_OrderDetailNote'],
'T_OrderDetailResult');

6
sql/manual_changes/2026-05-31-pdp-encrypt-columns.sql
View File

@@ -28,6 +28,12 @@ ALTER TABLE one_lab.m_patientaddress
ADD COLUMN M_PatientAddressEmail_enc TEXT NULL AFTER M_PatientAddressEmail,
ADD COLUMN M_PatientAddressPhone_enc TEXT NULL AFTER M_PatientAddressPhone;
-- ============================================================
-- one_lab.t_orderdelivery: tujuan pengiriman hasil (email/HP)
-- ============================================================
ALTER TABLE one_lab.t_orderdelivery
ADD COLUMN T_OrderDeliveryDestination_enc TEXT NULL AFTER T_OrderDeliveryDestination;
-- ============================================================
-- one_lab.t_orderdetail: nilai hasil lab utama
-- ============================================================