From 17a788baac8781d3066acb9b8056efe5bcbb95a9 Mon Sep 17 00:00:00 2001 From: "sas.fajri" Date: Sun, 31 May 2026 14:31:54 +0700 Subject: [PATCH] FHM31052601IBL - update FO registration controllers: decrypt PII sebelum return response - Payment, History, Delivery: load ibl_encryptor, decrypt Name/Email/HP - Order, Order copy: decrypt patient_name di get_header & get_order_header - Order: pre-fetch decrypt email/HP sebelum UNION delivery query - Order: enkripsi T_OrderDeliveryDestination saat INSERT, decrypt saat SELECT - SQL: tambah kolom T_OrderDeliveryDestination_enc - migrate_encrypt_results: tambah migrasi t_orderdelivery Co-Authored-By: Claude Sonnet 4.6 --- .../mockup/fo/ibl_registration/Delivery.php | 24 +- .../mockup/fo/ibl_registration/History.php | 32 ++- .../mockup/fo/ibl_registration/Order copy.php | 37 ++- .../mockup/fo/ibl_registration/Order.php | 210 +++++++++++------- .../mockup/fo/ibl_registration/Payment.php | 7 +- scripts/migrate_encrypt_results.php | 4 + .../2026-05-31-pdp-encrypt-columns.sql | 6 + 7 files changed, 216 insertions(+), 104 deletions(-) diff --git a/application/controllers/mockup/fo/ibl_registration/Delivery.php b/application/controllers/mockup/fo/ibl_registration/Delivery.php index 094dd7f0..bb412829 100644 --- a/application/controllers/mockup/fo/ibl_registration/Delivery.php +++ b/application/controllers/mockup/fo/ibl_registration/Delivery.php @@ -10,6 +10,7 @@ class Delivery extends MY_Controller { parent::__construct(); $this->db_smartone = $this->load->database("onedev", true); + $this->load->library('ibl_encryptor'); } public function search() { @@ -64,7 +65,20 @@ class Delivery extends MY_Controller } $prm = $this->sys_input; $type = $prm['type']; - $id = $prm['id']; + $id = $prm['id']; + + if ($type == 'patient') { + $prow = $this->db_smartone->query( + "SELECT M_PatientEmail_enc, M_PatientHP_enc FROM m_patient WHERE M_PatientID = ? LIMIT 1", [$id] + )->row_array(); + $patient_email = $this->db_smartone->escape( + $this->ibl_encryptor->decrypt($prow['M_PatientEmail_enc'] ?? '') ?: 'Belum ada email pasien' + ); + $patient_hp = $this->db_smartone->escape( + $this->ibl_encryptor->decrypt($prow['M_PatientHP_enc'] ?? '') ?: 'Belum ada WA pasien' + ); + } + if($type == 'patient'){ $sql = " SELECT '' as regionalcd, @@ -110,7 +124,7 @@ class Delivery extends MY_Controller M_DeliveryM_DeliveryTypeID as delivery_type, M_DeliveryID as delivery_id, M_DeliveryName as delivery_name, - IFNULL(M_PatientEmail,'Belum ada email pasien') as description, + IFNULL({$patient_email},'Belum ada email pasien') as description, 'N' as chex, '' as note, 'origin' as typeform, @@ -129,7 +143,7 @@ class Delivery extends MY_Controller M_DeliveryM_DeliveryTypeID as delivery_type, M_DeliveryID as delivery_id, M_DeliveryName as delivery_name, - IFNULL(M_PatientEmail,'Belum ada email pasien') as description, + IFNULL({$patient_email},'Belum ada email pasien') as description, 'N' as chex, '' as note, 'origin' as typeform, @@ -148,7 +162,7 @@ class Delivery extends MY_Controller M_DeliveryM_DeliveryTypeID as delivery_type, M_DeliveryID as delivery_id, M_DeliveryName as delivery_name, - IFNULL(M_PatientHP,'Belum ada WA pasien') as description, + IFNULL({$patient_hp},'Belum ada WA pasien') as description, 'N' as chex, '' as note, 'origin' as typeform, @@ -167,7 +181,7 @@ class Delivery extends MY_Controller M_DeliveryM_DeliveryTypeID as delivery_type, M_DeliveryID as delivery_id, M_DeliveryName as delivery_name, - IFNULL(M_PatientHP,'Belum ada telegram pasien') as description, + IFNULL({$patient_hp},'Belum ada telegram pasien') as description, 'N' as chex, '' as note, 'origin' as typeform, diff --git a/application/controllers/mockup/fo/ibl_registration/History.php b/application/controllers/mockup/fo/ibl_registration/History.php index 34db7927..913107d7 100644 --- a/application/controllers/mockup/fo/ibl_registration/History.php +++ b/application/controllers/mockup/fo/ibl_registration/History.php @@ -12,6 +12,20 @@ class History extends MY_Controller { parent::__construct(); $this->db_onedev = $this->load->database("onedev", true); + $this->load->library('ibl_encryptor'); + } + + // Ambil email & HP pasien (sudah didekripsi) untuk dipakai di UNION delivery query + private function _get_patient_contact($patient_id) + { + $row = $this->db_onedev->query( + "SELECT M_PatientEmail_enc, M_PatientHP_enc FROM m_patient WHERE M_PatientID = ? LIMIT 1", + [$patient_id] + )->row_array(); + return [ + 'email' => $this->ibl_encryptor->decrypt($row['M_PatientEmail_enc'] ?? '') ?: '', + 'hp' => $this->ibl_encryptor->decrypt($row['M_PatientHP_enc'] ?? '') ?: '', + ]; } public function search() @@ -329,9 +343,15 @@ class History extends MY_Controller function search_deliveries($prm) { - $type = $prm['type']; - $id = $prm['id']; + $id = $prm['id']; + + if ($type == 'patient') { + $contact = $this->_get_patient_contact($id); + $patient_email = $this->db_onedev->escape($contact['email'] ?: 'Belum ada email pasien'); + $patient_hp = $this->db_onedev->escape($contact['hp'] ?: 'Belum ada WA pasien'); + } + if($type == 'patient'){ $sql = " SELECT 0 as kelurahan, @@ -377,7 +397,7 @@ class History extends MY_Controller M_DeliveryM_DeliveryTypeID as delivery_type, M_DeliveryID as delivery_id, M_DeliveryName as delivery_name, - IFNULL(M_PatientEmail,'Belum ada email pasien') as description, + IFNULL({$patient_email},'Belum ada email pasien') as description, 'N' as chex, '' as note, 'origin' as typeform, @@ -394,7 +414,7 @@ class History extends MY_Controller M_DeliveryM_DeliveryTypeID as delivery_type, M_DeliveryID as delivery_id, M_DeliveryName as delivery_name, - IFNULL(M_PatientEmail,'Belum ada email pasien') as description, + IFNULL({$patient_email},'Belum ada email pasien') as description, 'N' as chex, '' as note, 'origin' as typeform, @@ -411,7 +431,7 @@ class History extends MY_Controller M_DeliveryM_DeliveryTypeID as delivery_type, M_DeliveryID as delivery_id, M_DeliveryName as delivery_name, - IFNULL(M_PatientHP,'Belum ada WA pasien') as description, + IFNULL({$patient_hp},'Belum ada WA pasien') as description, 'N' as chex, '' as note, 'origin' as typeform, @@ -428,7 +448,7 @@ class History extends MY_Controller M_DeliveryM_DeliveryTypeID as delivery_type, M_DeliveryID as delivery_id, M_DeliveryName as delivery_name, - IFNULL(M_PatientHP,'Belum ada telegram pasien') as description, + IFNULL({$patient_hp},'Belum ada telegram pasien') as description, 'N' as chex, '' as note, 'origin' as typeform, diff --git a/application/controllers/mockup/fo/ibl_registration/Order copy.php b/application/controllers/mockup/fo/ibl_registration/Order copy.php index 59b2de64..beec5df3 100644 --- a/application/controllers/mockup/fo/ibl_registration/Order copy.php +++ b/application/controllers/mockup/fo/ibl_registration/Order copy.php @@ -12,6 +12,7 @@ class Order extends MY_Controller { parent::__construct(); $this->db_smartone = $this->load->database("onedev", true); + $this->load->library('ibl_encryptor'); } function get_time_start(){ @@ -747,7 +748,8 @@ function endshowtime() T_OrderHeaderSubTotal as order_subtotal, T_OrderHeaderRounding as order_rounding, T_OrderHeaderTotal as order_total, - concat(if(M_TitleID is null, '', concat(M_TitleName, ' ')),IFNULL(M_PatientPrefix,''),' ',M_PatientName,' ',IFNULL(M_PatientSuffix,'')) as patient_name, + M_PatientName_enc, IFNULL(M_TitleName,'') M_TitleName, + IFNULL(M_PatientPrefix,'') M_PatientPrefix, IFNULL(M_PatientSuffix,'') M_PatientSuffix, M_PatientNoReg as patient_mr, M_MouName as order_mou, CorporateName as order_company, @@ -767,9 +769,14 @@ function endshowtime() where T_OrderHeaderID = {$id}"; //echo $sql; $query = $this->db_smartone->query($sql); - $rows = $query->row(); + $rows = $query->row_array(); + $pname = $this->ibl_encryptor->decrypt($rows['M_PatientName_enc'] ?? ''); + $rows['patient_name'] = trim(implode(' ', array_filter([ + $rows['M_TitleName'], $rows['M_PatientPrefix'], $pname, $rows['M_PatientSuffix'] + ]))); + unset($rows['M_PatientName_enc'], $rows['M_TitleName'], $rows['M_PatientPrefix'], $rows['M_PatientSuffix']); //echo $this->db_smartone->last_query(); - return $rows; + return (object) $rows; } function get_delivery($id){ @@ -876,9 +883,21 @@ function endshowtime() function search_deliveries($prm) { - $type = $prm['type']; - $id = $prm['id']; + $id = $prm['id']; + + if ($type == 'patient') { + $prow = $this->db_smartone->query( + "SELECT M_PatientEmail_enc, M_PatientHP_enc FROM m_patient WHERE M_PatientID = ? LIMIT 1", [$id] + )->row_array(); + $patient_email = $this->db_smartone->escape( + $this->ibl_encryptor->decrypt($prow['M_PatientEmail_enc'] ?? '') ?: 'Belum ada email pasien' + ); + $patient_hp = $this->db_smartone->escape( + $this->ibl_encryptor->decrypt($prow['M_PatientHP_enc'] ?? '') ?: 'Belum ada WA pasien' + ); + } + if($type == 'patient'){ $sql = " SELECT 0 as kelurahan, @@ -924,7 +943,7 @@ function endshowtime() M_DeliveryM_DeliveryTypeID as delivery_type, M_DeliveryID as delivery_id, M_DeliveryName as delivery_name, - IFNULL(M_PatientEmail,'Belum ada email pasien') as description, + IFNULL({$patient_email},'Belum ada email pasien') as description, 'N' as chex, '' as note, 'origin' as typeform, @@ -941,7 +960,7 @@ function endshowtime() M_DeliveryM_DeliveryTypeID as delivery_type, M_DeliveryID as delivery_id, M_DeliveryName as delivery_name, - IFNULL(M_PatientEmail,'Belum ada email pasien') as description, + IFNULL({$patient_email},'Belum ada email pasien') as description, 'N' as chex, '' as note, 'origin' as typeform, @@ -958,7 +977,7 @@ function endshowtime() M_DeliveryM_DeliveryTypeID as delivery_type, M_DeliveryID as delivery_id, M_DeliveryName as delivery_name, - IFNULL(M_PatientHP,'Belum ada WA pasien') as description, + IFNULL({$patient_hp},'Belum ada WA pasien') as description, 'N' as chex, '' as note, 'origin' as typeform, @@ -975,7 +994,7 @@ function endshowtime() M_DeliveryM_DeliveryTypeID as delivery_type, M_DeliveryID as delivery_id, M_DeliveryName as delivery_name, - IFNULL(M_PatientHP,'Belum ada telegram pasien') as description, + IFNULL({$patient_hp},'Belum ada telegram pasien') as description, 'N' as chex, '' as note, 'origin' as typeform, diff --git a/application/controllers/mockup/fo/ibl_registration/Order.php b/application/controllers/mockup/fo/ibl_registration/Order.php index 5f8a3e8a..32729ab2 100644 --- a/application/controllers/mockup/fo/ibl_registration/Order.php +++ b/application/controllers/mockup/fo/ibl_registration/Order.php @@ -13,6 +13,7 @@ class Order extends MY_Controller parent::__construct(); $this->db_smartone = $this->load->database("onedev", true); $this->db_log = $this->load->database("one_lab_log", true); + $this->load->library('ibl_encryptor'); $this->load->helper("uuid"); } @@ -163,47 +164,47 @@ class Order extends MY_Controller return lab_uuid_v4(); } - function generate_code_form($preid, $orderid) - { - $userid = $this->sys_user["M_UserID"]; - $sql = "SELECT FormRiwayatPasienID, FormRiwayatPasienCode, FormRiwayatPasienUUID, FormRiwayatPasienT_OrderHeaderID - FROM form_riwayat_pasien - WHERE FormRiwayatPasienPreregisterID = ? AND - FormRiwayatPasienIsActive = 'Y' - ORDER BY FormRiwayatPasienID DESC - LIMIT 1"; - $qry = $this->db_onedev->query($sql, [$preid]); - if (!$qry) { - return ''; - } - - $exist = $qry->row_array(); - if ($exist) { - if ((int) $exist['FormRiwayatPasienT_OrderHeaderID'] !== (int) $orderid) { - $sql = "UPDATE form_riwayat_pasien - SET FormRiwayatPasienT_OrderHeaderID = ?, - FormRiwayatPasienLasUpdated = NOW(), - FormRiwayatPasienLasUpdatedUserID = ? - WHERE FormRiwayatPasienID = ?"; - $qry = $this->db_onedev->query($sql, [$orderid, $userid, $exist['FormRiwayatPasienID']]); - if (!$qry) { - return ''; - } - } - return array('uuid' => $exist['FormRiwayatPasienUUID'], 'code' => $exist['FormRiwayatPasienCode']); - } - - $sql = "SELECT COUNT(*) as total - FROM form_riwayat_pasien - WHERE FormRiwayatPasienT_OrderHeaderID = ? AND - FormRiwayatPasienIsActive = 'Y' - "; - $qry = $this->db_onedev->query($sql, [$orderid]); - if ($qry) { - $total = $qry->result_array()[0]['total']; - if ($total == 0) { - $code = $this->generate_code_string(); - $uuid = $this->generate_uuid(); + function generate_code_form($preid, $orderid) + { + $userid = $this->sys_user["M_UserID"]; + $sql = "SELECT FormRiwayatPasienID, FormRiwayatPasienCode, FormRiwayatPasienUUID, FormRiwayatPasienT_OrderHeaderID + FROM form_riwayat_pasien + WHERE FormRiwayatPasienPreregisterID = ? AND + FormRiwayatPasienIsActive = 'Y' + ORDER BY FormRiwayatPasienID DESC + LIMIT 1"; + $qry = $this->db_onedev->query($sql, [$preid]); + if (!$qry) { + return ''; + } + + $exist = $qry->row_array(); + if ($exist) { + if ((int) $exist['FormRiwayatPasienT_OrderHeaderID'] !== (int) $orderid) { + $sql = "UPDATE form_riwayat_pasien + SET FormRiwayatPasienT_OrderHeaderID = ?, + FormRiwayatPasienLasUpdated = NOW(), + FormRiwayatPasienLasUpdatedUserID = ? + WHERE FormRiwayatPasienID = ?"; + $qry = $this->db_onedev->query($sql, [$orderid, $userid, $exist['FormRiwayatPasienID']]); + if (!$qry) { + return ''; + } + } + return array('uuid' => $exist['FormRiwayatPasienUUID'], 'code' => $exist['FormRiwayatPasienCode']); + } + + $sql = "SELECT COUNT(*) as total + FROM form_riwayat_pasien + WHERE FormRiwayatPasienT_OrderHeaderID = ? AND + FormRiwayatPasienIsActive = 'Y' + "; + $qry = $this->db_onedev->query($sql, [$orderid]); + if ($qry) { + $total = $qry->result_array()[0]['total']; + if ($total == 0) { + $code = $this->generate_code_string(); + $uuid = $this->generate_uuid(); $sql = "INSERT INTO form_riwayat_pasien ( FormRiwayatPasienPreregisterID, @@ -216,14 +217,14 @@ class Order extends MY_Controller $qry = $this->db_onedev->query($sql, [$preid, $code, $uuid, $orderid, $userid]); //echo $this->db_onedev->last_query(); //exit; - if (!$qry) { - return ''; - } - return array('uuid' => $uuid, 'code' => $code); - } - } - return ''; - } + if (!$qry) { + return ''; + } + return array('uuid' => $uuid, 'code' => $code); + } + } + return ''; + } function check_duplicate_nat_tests($data) { @@ -979,7 +980,8 @@ class Order extends MY_Controller $sql = "SELECT M_DeliveryTypeCode as xtype, M_DeliverySource as source, M_DeliveryName as label, - IFNULL(T_OrderDeliveryNoteValue,T_OrderDeliveryDestination) as xdesc + T_OrderDeliveryDestination_enc, + IFNULL(T_OrderDeliveryNoteValue, T_OrderDeliveryDestination) as xdesc_fallback FROM t_orderdelivery JOIN m_deliverytype ON T_OrderDeliveryM_DeliveryTypeID = M_DeliveryTypeID JOIN m_delivery ON T_OrderDeliveryM_DeliveryID = M_DeliveryID @@ -1004,11 +1006,13 @@ class Order extends MY_Controller $data = $query->result_array(); $rst = []; foreach ($data as $key => $value) { + $dest_enc = $value['T_OrderDeliveryDestination_enc'] ?? ''; + $dest = $dest_enc ? ($this->ibl_encryptor->decrypt($dest_enc) ?: $value['xdesc_fallback']) : $value['xdesc_fallback']; $rst[] = array( - 'type' => $value['xtype'], + 'type' => $value['xtype'], 'source' => $value['source'], - 'label' => $value['label'], - 'desc' => $value['xdesc'] + 'label' => $value['label'], + 'desc' => $dest ); } $return['data'] = $rst; @@ -1039,15 +1043,13 @@ class Order extends MY_Controller T_OrderHeaderSubTotal as order_subtotal, T_OrderHeaderTotal as order_total, M_PatientNoReg as patient_mr, - M_PatientName as patient_name, - CONCAT(M_PatientAddressDescription,'
',IF(M_PatientAddressVillage IS NULL,'',CONCAT(M_PatientAddressVillage,', ')),IF(M_PatientAddressDistrict IS NULL,'',CONCAT(M_PatientAddressDistrict,', ')),IF(M_PatientAddressCity IS NULL,'',M_PatientAddressCity)) as patient_address, - M_PatientPhone as patient_phone, - M_PatientEmail as patient_email, + M_PatientName_enc, M_PatientAddressDescription_enc, + M_PatientPhone_enc, M_PatientEmail_enc, t_orderheader.*, IFNULL(Nat_CitoName,'') as cito_name, IFNULL(Mgm_McuNumber,'') as mcu_number, IFNULL(Mgm_McuLabel,'') as mcu_label, - IFNULL(latest_sig.Patient_SignatureUrl,'') as image_signature + IFNULL(latest_sig.Patient_SignatureUrl,'') as image_signature FROM `t_orderheader` JOIN `t_orderheaderaddon` ON T_OrderHeaderAddOnT_OrderHeaderID = T_OrderHeaderID AND T_OrderHeaderAddOnIsActive = 'Y' JOIN m_patient ON T_OrderHeaderM_PatientID = M_PatientID @@ -1060,16 +1062,16 @@ class Order extends MY_Controller LEFT JOIN m_doctoraddress sender_address ON T_OrderHeaderSenderM_DoctorAddressID = M_DoctorAddressID LEFT JOIN nat_cito ON T_OrderHeaderNat_CitoID = Nat_CitoID LEFT JOIN mgm_mcu ON T_OrderHeaderMgm_McuID = Mgm_McuID - LEFT JOIN ( - SELECT ps.Patient_SignatureM_PatientID, ps.Patient_SignatureUrl - FROM patient_signature ps - JOIN ( - SELECT Patient_SignatureM_PatientID, MAX(Patient_SignatureID) as Patient_SignatureID - FROM patient_signature - WHERE Patient_SignatureIsActive = 'Y' - GROUP BY Patient_SignatureM_PatientID - ) latest_sig_id ON latest_sig_id.Patient_SignatureID = ps.Patient_SignatureID - ) latest_sig ON latest_sig.Patient_SignatureM_PatientID = M_PatientID AND latest_sig.Patient_SignatureM_PatientID = T_OrderHeaderM_PatientID + LEFT JOIN ( + SELECT ps.Patient_SignatureM_PatientID, ps.Patient_SignatureUrl + FROM patient_signature ps + JOIN ( + SELECT Patient_SignatureM_PatientID, MAX(Patient_SignatureID) as Patient_SignatureID + FROM patient_signature + WHERE Patient_SignatureIsActive = 'Y' + GROUP BY Patient_SignatureM_PatientID + ) latest_sig_id ON latest_sig_id.Patient_SignatureID = ps.Patient_SignatureID + ) latest_sig ON latest_sig.Patient_SignatureM_PatientID = M_PatientID AND latest_sig.Patient_SignatureM_PatientID = T_OrderHeaderM_PatientID WHERE `T_OrderHeaderID` = ? GROUP BY T_OrderHeaderID"; $query = $this->db_smartone->query($sql, [$order_id]); @@ -1093,6 +1095,20 @@ class Order extends MY_Controller $data = $query->row_array(); if (is_array($data) && count($data) > 0) { + $enc = $this->ibl_encryptor; + $addr_raw = $enc->decrypt($data['M_PatientAddressDescription_enc'] ?? ''); + $data['patient_name'] = $enc->decrypt($data['M_PatientName_enc'] ?? ''); + $data['patient_address'] = implode('
', array_filter([ + $addr_raw, + $data['M_PatientAddressVillage'] ?? '', + $data['M_PatientAddressDistrict'] ?? '', + $data['M_PatientAddressCity'] ?? '', + ])); + $data['patient_phone'] = $enc->decrypt($data['M_PatientPhone_enc'] ?? ''); + $data['patient_email'] = $enc->decrypt($data['M_PatientEmail_enc'] ?? ''); + foreach (array_keys($data) as $col) { + if (substr($col, -4) === '_enc') unset($data[$col]); + } $data['inform_consent'] = $this->get_inform_consent_by_order($order_id); } $return['data'] = $data; @@ -1404,9 +1420,9 @@ class Order extends MY_Controller - $sql = "SELECT - CONCAT(IF(M_TitleID is null, '', concat(M_TitleName, ' ')),IFNULL(M_PatientPrefix,''),' ',M_PatientName,' ',IFNULL(M_PatientSuffix,'')) as full_patient_name - FROM m_patient + $sql = "SELECT M_PatientName_enc, IFNULL(M_TitleName,'') M_TitleName, + IFNULL(M_PatientPrefix,'') M_PatientPrefix, IFNULL(M_PatientSuffix,'') M_PatientSuffix + FROM m_patient LEFT JOIN m_title ON M_PatientM_TitleID = M_TitleID WHERE M_PatientID = ? LIMIT 1"; $query_patient = $this->db_smartone->query($sql, [$header['patient_id']]); @@ -1417,6 +1433,10 @@ class Order extends MY_Controller $this->db_smartone->trans_rollback(); } $rows_patient = $query_patient->row_array(); + $pname = $this->ibl_encryptor->decrypt($rows_patient['M_PatientName_enc'] ?? ''); + $rows_patient['full_patient_name'] = trim(implode(' ', array_filter([ + $rows_patient['M_TitleName'], $rows_patient['M_PatientPrefix'], $pname, $rows_patient['M_PatientSuffix'] + ]))); $full_patient_name = $rows_patient['full_patient_name']; $sql = "INSERT INTO t_orderheaderaddon ( @@ -2410,16 +2430,18 @@ class Order extends MY_Controller T_OrderDeliveryM_DeliveryID, T_OrderDeliveryM_DeliveryTypeID, T_OrderDeliveryDestination, + T_OrderDeliveryDestination_enc, T_OrderDeliveryAddressID, T_OrderDeliveryRegionalCd, T_OrderDeliveryCreated, T_OrderDeliveryCreatedUserID - ) VALUES (?,?,?,?,?,?,NOW(),?)"; + ) VALUES (?,?,?,?,?,?,?,NOW(),?)"; $prm_orderdelivery = [ $header_id, $delivery['delivery_id'], $delivery['delivery_type_id'], $destination, + $this->ibl_encryptor->encrypt($destination), $delivery['address_id'], $delivery['regional_cd'], $userid @@ -2480,18 +2502,23 @@ class Order extends MY_Controller // START if ($delivery['delivery_type_id'] == 3) { - $sql_header_info = "SELECT - CONCAT(IFNULL(M_TitleName,''),'. ', IFNULL(M_PatientPrefix,''),M_PatientName, IFNULL(M_PatientSuffix,'')) as patient_fullname, + $sql_header_info = "SELECT + M_PatientName_enc, IFNULL(M_TitleName,'') M_TitleName, + IFNULL(M_PatientPrefix,'') M_PatientPrefix, IFNULL(M_PatientSuffix,'') M_PatientSuffix, M_CompanyName as corporate_name, CONCAT(IFNULL(M_DoctorPrefix,''),IFNULL(M_DoctorPrefix2,''),' ',M_DoctorName,IFNULL(M_DoctorSufix,''),IFNULL(M_DoctorSufix2,''),IFNULL(M_DoctorSufix3,'')) as doctor_fullname FROM t_orderheader JOIN m_patient ON T_OrderHeaderM_PatientID = M_PatientID - JOIN m_title ON M_PatientM_TitleID = M_TitleID + LEFT JOIN m_title ON M_PatientM_TitleID = M_TitleID JOIN m_company ON T_OrderHeaderM_CompanyID = M_CompanyID JOIN m_doctor ON T_OrderHeaderSenderM_DoctorID = M_DoctorID WHERE T_OrderHeaderID = ?"; $q_h = $this->db_smartone->query($sql_header_info, [$header_id]); $d_h = $q_h->row_array(); + $pname_del = $this->ibl_encryptor->decrypt($d_h['M_PatientName_enc'] ?? ''); + $d_h['patient_fullname'] = trim(implode(' ', array_filter([ + $d_h['M_TitleName'], $d_h['M_PatientPrefix'], $pname_del, $d_h['M_PatientSuffix'] + ]))); $sql_del_source = "SELECT M_DeliverySource FROM m_delivery WHERE M_DeliveryID = ?"; $q_d = $this->db_smartone->query($sql_del_source, [$delivery['delivery_id']]); @@ -3490,7 +3517,8 @@ GROUP BY T_SampleStationID "; T_OrderHeaderSubTotal as order_subtotal, T_OrderHeaderRounding as order_rounding, T_OrderHeaderTotal as order_total, - concat(if(M_TitleID is null, '', concat(M_TitleName, ' ')),IFNULL(M_PatientPrefix,''),' ',M_PatientName,' ',IFNULL(M_PatientSuffix,'')) as patient_name, + M_PatientName_enc, IFNULL(M_TitleName,'') M_TitleName, + IFNULL(M_PatientPrefix,'') M_PatientPrefix, IFNULL(M_PatientSuffix,'') M_PatientSuffix, M_PatientNoReg as patient_mr, M_MouName as order_mou, CorporateName as order_company, @@ -3510,9 +3538,13 @@ GROUP BY T_SampleStationID "; where T_OrderHeaderID = {$id}"; //echo $sql; $query = $this->db_smartone->query($sql); - $rows = $query->row(); - //echo $this->db_smartone->last_query(); - return $rows; + $rows = $query->row_array(); + $pname = $this->ibl_encryptor->decrypt($rows['M_PatientName_enc'] ?? ''); + $rows['patient_name'] = trim(implode(' ', array_filter([ + $rows['M_TitleName'], $rows['M_PatientPrefix'], $pname, $rows['M_PatientSuffix'] + ]))); + unset($rows['M_PatientName_enc'], $rows['M_TitleName'], $rows['M_PatientPrefix'], $rows['M_PatientSuffix']); + return (object) $rows; } function get_delivery($id) @@ -3619,7 +3651,19 @@ GROUP BY T_SampleStationID "; { $type = $prm['type']; - $id = $prm['id']; + $id = $prm['id']; + + if ($type == 'patient') { + $prow = $this->db_smartone->query( + "SELECT M_PatientEmail_enc, M_PatientHP_enc FROM m_patient WHERE M_PatientID = ? LIMIT 1", [$id] + )->row_array(); + $patient_email = $this->db_smartone->escape( + $this->ibl_encryptor->decrypt($prow['M_PatientEmail_enc'] ?? '') ?: 'Belum ada email' + ); + $patient_hp = $this->db_smartone->escape( + $this->ibl_encryptor->decrypt($prow['M_PatientHP_enc'] ?? '') ?: 'Belum ada WA pasien' + ); + } if ($type == 'patient') { $sql = "SELECT 0 as kelurahan, '' as regional_cd, @@ -3664,7 +3708,7 @@ GROUP BY T_SampleStationID "; M_DeliveryM_DeliveryTypeID as delivery_type, M_DeliveryID as delivery_id, M_DeliveryName as delivery_name, - IFNULL(M_PatientEmail,'Belum ada email') as description, + IFNULL({$patient_email},'Belum ada email') as description, 'N' as chex, '' as note, 'origin' as typeform, @@ -3682,7 +3726,7 @@ GROUP BY T_SampleStationID "; M_DeliveryM_DeliveryTypeID as delivery_type, M_DeliveryID as delivery_id, M_DeliveryName as delivery_name, - IFNULL(M_PatientEmail,'Belum ada email') as description, + IFNULL({$patient_email},'Belum ada email') as description, 'N' as chex, '' as note, 'origin' as typeform, @@ -3700,7 +3744,7 @@ GROUP BY T_SampleStationID "; M_DeliveryM_DeliveryTypeID as delivery_type, M_DeliveryID as delivery_id, M_DeliveryName as delivery_name, - IFNULL(M_PatientHP,'Belum ada WA pasien') as description, + IFNULL({$patient_hp},'Belum ada WA pasien') as description, 'N' as chex, '' as note, 'origin' as typeform, diff --git a/application/controllers/mockup/fo/ibl_registration/Payment.php b/application/controllers/mockup/fo/ibl_registration/Payment.php index 263c364f..6310cbfc 100644 --- a/application/controllers/mockup/fo/ibl_registration/Payment.php +++ b/application/controllers/mockup/fo/ibl_registration/Payment.php @@ -12,6 +12,7 @@ class Payment extends MY_Controller { parent::__construct(); $this->db_smartone = $this->load->database("onedev", true); + $this->load->library('ibl_encryptor'); } public function get_order() { @@ -26,7 +27,7 @@ class Payment extends MY_Controller T_OrderHeaderSubTotal as order_subtotal, T_OrderHeaderRounding as order_rounding, T_OrderHeaderTotal as order_total, - concat(if(M_TitleID is null, '', concat(M_TitleName, ' ')), M_PatientName) as patient_name, + M_PatientName_enc, M_TitleName, M_PatientNoReg as patient_mr, M_MouName as order_mou, M_CompanyName as order_company, @@ -47,6 +48,10 @@ class Payment extends MY_Controller $query = $this->db_smartone->query($sql, array($prm['id'])); if ($query) { $rows = (array) $query->row(); + $name = $this->ibl_encryptor->decrypt($rows['M_PatientName_enc']); + $title = !empty($rows['M_TitleName']) ? $rows['M_TitleName'] . ' ' : ''; + $rows['patient_name'] = $title . ($name ?? ''); + unset($rows['M_PatientName_enc'], $rows['M_TitleName']); $rst['order_header'] = $rows; // $result = array("status" => "OK" , "data" => $rst); // $this->sys_ok($result); diff --git a/scripts/migrate_encrypt_results.php b/scripts/migrate_encrypt_results.php index 0a1d79d0..43590f10 100644 --- a/scripts/migrate_encrypt_results.php +++ b/scripts/migrate_encrypt_results.php @@ -68,6 +68,10 @@ function migrate_simple(PDO $pdo, Ibl_encryptor $enc, $table, $pk, $fields, $che // ============================================================ // one_lab tables // ============================================================ +migrate_simple($pdo, $enc, 't_orderdelivery', 'T_OrderDeliveryID', + ['T_OrderDeliveryDestination'], + 'T_OrderDeliveryDestination'); + migrate_simple($pdo, $enc, 't_orderdetail', 'T_OrderDetailID', ['T_OrderDetailResult', 'T_OrderDetailNote'], 'T_OrderDetailResult'); diff --git a/sql/manual_changes/2026-05-31-pdp-encrypt-columns.sql b/sql/manual_changes/2026-05-31-pdp-encrypt-columns.sql index 008a91b9..e9c39416 100644 --- a/sql/manual_changes/2026-05-31-pdp-encrypt-columns.sql +++ b/sql/manual_changes/2026-05-31-pdp-encrypt-columns.sql @@ -28,6 +28,12 @@ ALTER TABLE one_lab.m_patientaddress ADD COLUMN M_PatientAddressEmail_enc TEXT NULL AFTER M_PatientAddressEmail, ADD COLUMN M_PatientAddressPhone_enc TEXT NULL AFTER M_PatientAddressPhone; +-- ============================================================ +-- one_lab.t_orderdelivery: tujuan pengiriman hasil (email/HP) +-- ============================================================ +ALTER TABLE one_lab.t_orderdelivery + ADD COLUMN T_OrderDeliveryDestination_enc TEXT NULL AFTER T_OrderDeliveryDestination; + -- ============================================================ -- one_lab.t_orderdetail: nilai hasil lab utama -- ============================================================