diff --git a/application/controllers/mockup/mcuofflineapp/Preregisterapp.php b/application/controllers/mockup/mcuofflineapp/Preregisterapp.php index e839c646..3dbc84f8 100644 --- a/application/controllers/mockup/mcuofflineapp/Preregisterapp.php +++ b/application/controllers/mockup/mcuofflineapp/Preregisterapp.php @@ -12,8 +12,26 @@ class Preregisterapp extends MY_Controller { parent::__construct(); $this->db_onedev = $this->load->database("onedev", true); + $this->load->library('ibl_encryptor'); } + private function _mask_name($v) { + if (!$v) return $v; + $v = trim($v); + $words = preg_split('/\s+/', $v); + $out = []; + foreach ($words as $w) { + $l = mb_strlen($w, 'UTF-8'); + if ($l <= 2) { $out[] = '***'; continue; } + $out[] = mb_substr($w, 0, 2, 'UTF-8') . str_repeat('*', max(3, $l - 2)); + } + return implode(' ', $out); + } + private function _mask_phone($v) { if (!$v) return $v; $d=preg_replace('/[^0-9]/','',trim($v)); $l=strlen($d); if($l<=4) return '****'; if($l<=8) return substr($d,0,4).str_repeat('*',$l-4); return substr($d,0,4).str_repeat('*',$l-7).substr($d,-3); } + private function _mask_email($v) { if (!$v||strpos($v,'@')===false) return $v; [$loc,$dom]=explode('@',$v,2); return mb_substr($loc,0,min(2,mb_strlen($loc,'UTF-8')),'UTF-8').'***@'.$dom; } + private function _mask_id($v) { if (!$v) return $v; $v=trim($v); $l=strlen($v); if($l<=4) return '****'; return substr($v,0,4).str_repeat('*',max(3,$l-6)).($l>6?substr($v,-2):''); } + private function _mask_dob($v) { if (!$v) return $v; $p=explode('-',$v); return (count($p)===3) ? '**-**-'.$p[2] : '****-**-**'; } + public function get_setup_by_id() { try { @@ -270,8 +288,8 @@ class Preregisterapp extends MY_Controller Mcu_PreregisterPatientsPatientName, ' ', IFNULL(Mcu_PreregisterPatientsPatientSuffix,'')) as patient_fullname, - DATE_FORMAT(Mcu_PreregisterPatientsDOB,'%d-%m-%Y') as dob, - DATE_FORMAT(Mcu_PreregisterPatientsDOB,'%d-%m-%Y') as Mcu_PreregisterPatientsDOB, + Mcu_PreregisterPatientsDOB as dob, + Mcu_PreregisterPatientsDOB, IFNULL(M_PatientAddressDescription, '') as M_PatientAddress, M_PatientAddressCity, IFNULL(M_PatientAddressCountry, 'ID') as M_PatientAddressCountry, @@ -440,11 +458,25 @@ class Preregisterapp extends MY_Controller if ($prm['search'] != '') { $e = explode('+', $prm['search']); - if (isset($e[0])) - $q['name'] = "AND M_PatientName LIKE '%{$e[0]}%'"; - if (isset($e[1])) - $q['dob'] = "AND ((DATE_FORMAT(M_PatientDOB, '%d-%m-%Y') LIKE '%{$e[1]}%' and M_PatientDOB IS NOT NULL) OR (M_PatientDOB IS NULL AND '{$e[1]}' = ''))"; - if (isset($e[2])) + if (isset($e[0]) && $e[0] != '') { + $name_toks = $this->ibl_encryptor->query_tokens($e[0]); + $name_conds = []; + foreach ($name_toks as $tok) { + $tok_esc = $this->db_onedev->escape_str($tok); + $name_conds[] = "JSON_CONTAINS(M_PatientName_bidx, '\"$tok_esc\"')"; + } + if ($name_conds) $q['name'] = "AND " . implode(' AND ', $name_conds); + } + if (isset($e[1]) && $e[1] != '') { + $dob_toks = $this->ibl_encryptor->query_tokens($e[1]); + $dob_conds = []; + foreach ($dob_toks as $tok) { + $tok_esc = $this->db_onedev->escape_str($tok); + $dob_conds[] = "JSON_CONTAINS(M_PatientDOB_bidx, '\"$tok_esc\"')"; + } + if ($dob_conds) $q['dob'] = "AND " . implode(' AND ', $dob_conds); + } + if (isset($e[2]) && $e[2] != '') $q['nik'] = "AND M_PatientNIP LIKE '%{$e[2]}%'"; } @@ -453,7 +485,7 @@ class Preregisterapp extends MY_Controller 'N' divider, concat(IFNULL(M_TitleName,''),' ',IFNULL(M_PatientPrefix,''),' ',M_PatientName,' ',IFNULL(M_PatientSuffix,'')) M_PatientName, M_PatientName M_PatientRealName, M_TitleID, M_TitleName, M_PatientM_SexID, - DATE_FORMAT(M_PatientDOB,'%d-%m-%Y') as dob_ina, + M_PatientDOB as dob_ina, IFNULL(M_PatientReligionCode, '-') M_PatientReligionCode, M_PatientNoReg as Mcu_PreregisterPatientsPID, M_PatientIdentifierValue as Mcu_PreregisterPatientsKTP, @@ -601,20 +633,21 @@ class Preregisterapp extends MY_Controller ? )"; //echo $query; + $m_dob_ptp = $this->_mask_dob(date('d-m-Y', strtotime($pdob))); $rows = $this->db_onedev->query($query, [ $setup['Mgm_McuID'], $v['Mcu_PreregisterPatientsPID'], $v['M_PatientID'], - $v['Mcu_PreregisterPatientsKTP'], + $v['Mcu_PreregisterPatientsKTP'] ? $this->_mask_id($v['Mcu_PreregisterPatientsKTP']) : '', $v['M_PatientPrefix'], - $v['M_PatientRealName'], + $this->_mask_name($v['M_PatientRealName']), $v['M_PatientSuffix'], $v['M_PatientM_SexID'], - $pdob, + $m_dob_ptp, $v['M_PatientReligionCode'], $v['Mcu_PreregisterPatientsJob'], - $v['Mcu_PreregisterPatientsEmail'], - $v['Mcu_PreregisterPatientsHp'], + $this->_mask_email($v['Mcu_PreregisterPatientsEmail']), + $this->_mask_phone($v['Mcu_PreregisterPatientsHp']), $v['Mcu_PreregisterPatientsPosisi'], $v['Mcu_PreregisterPatientsDivisi'], $v['Mcu_PreregisterPatientsLocation'], @@ -660,22 +693,39 @@ class Preregisterapp extends MY_Controller $IdentifierSystem = 'http://terminology.hl7.org/CodeSystem/v2-0203'; } + $enc_new = $this->ibl_encryptor; + $plain_name_new = $v['Mcu_PreregisterPatientsPatientName']; + $plain_ktp_new = $v['Mcu_PreregisterPatientsKTP']; + $plain_email_new = $v['Mcu_PreregisterPatientsEmail']; + $plain_hp_new = $v['Mcu_PreregisterPatientsHp']; + $dob_str_new = date('d-m-Y', strtotime($pdob)); + $sql = "INSERT INTO m_patient ( M_PatientPrefix, M_PatientName, + M_PatientName_enc, + M_PatientName_bidx, M_PatientSuffix, M_PatientM_TitleID, M_PatientM_SexID, M_PatientDOB, + M_PatientDOB_enc, + M_PatientDOB_bidx, M_PatientIdentifierCode, M_PatientIdentifierSystem, M_PatientIdentifierValue, + M_PatientIDNumber, + M_PatientIDNumber_enc, + M_PatientNIK_bidx, M_PatientPosisi, M_PatientDivisi, M_PatientLocation, M_PatientJob, M_PatientEmail, + M_PatientEmail_enc, M_PatientHP, + M_PatientHP_enc, + M_PatientHP_bidx, M_PatientCreatedUserID, M_PatientNIP, M_PatientDepartement, @@ -683,31 +733,39 @@ class Preregisterapp extends MY_Controller M_PatientCreated, M_PatientRegisteredByCompanyID ) - VALUES( - '{$v["Mcu_PreregisterPatientsPatientPrefix"]}', - '{$nameNewPn}', - '{$v["Mcu_PreregisterPatientsPatientSuffix"]}', - '{$title_id}', - '{$v["M_PatientM_SexID"]}', - '{$pdob}', - '{$typeIdentifier}', - '{$IdentifierSystem}', - '{$v["Mcu_PreregisterPatientsKTP"]}', - '{$v['Mcu_PreregisterPatientsPosisi']}', - '{$v['Mcu_PreregisterPatientsDivisi']}', - '{$v['Mcu_PreregisterPatientsLocation']}', - '{$v['Mcu_PreregisterPatientsJob']}', - '{$v['Mcu_PreregisterPatientsEmail']}', - '{$v['Mcu_PreregisterPatientsHp']}', - '{$userid}', - '{$v['Mcu_PreregisterPatientsNIK']}', - '{$v['Mcu_PreregisterPatientsDepartment']}', - '{$number}', - NOW(), - '{$setup['Mgm_McuM_CompanyID']}' - )"; - //echo $sql; - $rows = $this->db_onedev->query($sql); + VALUES(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,NOW(),?)"; + $rows = $this->db_onedev->query($sql, [ + $v['Mcu_PreregisterPatientsPatientPrefix'], + $this->_mask_name($plain_name_new), + $enc_new->encrypt($plain_name_new), + $enc_new->search_bidx($plain_name_new), + $v['Mcu_PreregisterPatientsPatientSuffix'], + $title_id, + $v['M_PatientM_SexID'], + $this->_mask_dob($dob_str_new), + $enc_new->encrypt($dob_str_new), + $enc_new->search_bidx($dob_str_new), + $typeIdentifier, + $IdentifierSystem, + $plain_ktp_new ? $this->_mask_id($plain_ktp_new) : '', + $plain_ktp_new ? $this->_mask_id($plain_ktp_new) : null, + $plain_ktp_new ? $enc_new->encrypt($plain_ktp_new) : null, + $enc_new->search_bidx($plain_ktp_new ?? ''), + $v['Mcu_PreregisterPatientsPosisi'], + $v['Mcu_PreregisterPatientsDivisi'], + $v['Mcu_PreregisterPatientsLocation'], + $v['Mcu_PreregisterPatientsJob'], + $plain_email_new ? $this->_mask_email($plain_email_new) : '', + $plain_email_new ? $enc_new->encrypt($plain_email_new) : null, + $plain_hp_new ? $this->_mask_phone($plain_hp_new) : '', + $plain_hp_new ? $enc_new->encrypt($plain_hp_new) : null, + $enc_new->search_bidx($plain_hp_new ?? ''), + $userid, + $v['Mcu_PreregisterPatientsNIK'], + $v['Mcu_PreregisterPatientsDepartment'], + $number, + $setup['Mgm_McuM_CompanyID'] + ]); if (!$rows) { $message = $this->db_onedev->error(); $message['qry'] = $this->db_onedev->last_query(); @@ -1039,7 +1097,7 @@ class Preregisterapp extends MY_Controller } - $pdob = date('Y-m-d', strtotime($v['Mcu_PreregisterPatientsDOB'])); + $pdob_input = $v['Mcu_PreregisterPatientsDOB']; $Mcu_PreregisterPatientsTests = ''; $packettests = array(); @@ -1069,9 +1127,23 @@ class Preregisterapp extends MY_Controller } $dataPatientBefore = $rows->row_array(); + $enc_upd = $this->ibl_encryptor; + $pdob_ts = strtotime($pdob_input); + if ($pdob_ts && $pdob_ts > 0 && strpos($pdob_input, '*') === false) { + $dob_str_upd = date('d-m-Y', $pdob_ts); + $pdob = date('Y-m-d', $pdob_ts); + } else { + $dob_str_upd = $enc_upd->decrypt($dataPatientBefore['M_PatientDOB_enc'] ?? '') ?: ''; + $pdob = $dob_str_upd ? date('Y-m-d', strtotime($dob_str_upd)) : ''; + } + $plain_name_upd = $v['Mcu_PreregisterPatientsPatientName']; + $plain_ktp_upd = $v['Mcu_PreregisterPatientsKTP']; + $plain_email_upd = $v['Mcu_PreregisterPatientsEmail']; + $plain_hp_upd = $v['Mcu_PreregisterPatientsHp']; + $this->db_onedev->trans_begin(); - $query = " UPDATE mcu_preregister_patients SET + $query = " UPDATE mcu_preregister_patients SET Mcu_PreregisterPatientsM_PatientID = ?, Mcu_PreregisterPatientsKTP = ?, Mcu_PreregisterPatientsNIP = ?, @@ -1099,14 +1171,14 @@ class Preregisterapp extends MY_Controller //echo $query; $rows = $this->db_onedev->query($query, [ $v['Mcu_PreregisterPatientsM_PatientID'], - $v['Mcu_PreregisterPatientsKTP'], + $plain_ktp_upd ? $this->_mask_id($plain_ktp_upd) : '', $v['Mcu_PreregisterPatientsNIP'], $v['Mcu_PreregisterPatientsPatientPrefix'], - $v['Mcu_PreregisterPatientsPatientName'], + $this->_mask_name($plain_name_upd), $v['Mcu_PreregisterPatientsPatientSuffix'], - $v['Mcu_PreregisterPatientsEmail'], - $v['Mcu_PreregisterPatientsHp'], - $pdob, + $plain_email_upd ? $this->_mask_email($plain_email_upd) : '', + $plain_hp_upd ? $this->_mask_phone($plain_hp_upd) : '', + $this->_mask_dob($dob_str_upd), $v['Mcu_PreregisterPatientsPosisi'], $v['Mcu_PreregisterPatientsDivisi'], $v['Mcu_PreregisterPatientsJob'], @@ -1129,24 +1201,30 @@ class Preregisterapp extends MY_Controller exit; } - $sql_ktp = ''; - if (isset($v['Mcu_PreregisterPatientsKTP']) && $v['Mcu_PreregisterPatientsKTP'] != '') { - $sql_ktp = "M_PatientIdentifierCode = 'NNIDN', M_PatientIdentifierSystem='http://terminology.hl7.org/CodeSystem/v2-0203', M_PatientIdentifierValue = '{$v['Mcu_PreregisterPatientsKTP']}',"; - //echo $sql_ktp; - } else { - $sql_ktp = "M_PatientIdentifierCode = '', M_PatientIdentifierSystem='', M_PatientIdentifierValue = '',"; - } + $ktp_mask_upd = $plain_ktp_upd ? $this->_mask_id($plain_ktp_upd) : ''; $sql = "UPDATE m_patient SET - $sql_ktp + M_PatientIdentifierCode = ?, + M_PatientIdentifierSystem = ?, + M_PatientIdentifierValue = ?, + M_PatientIDNumber = ?, + M_PatientIDNumber_enc = ?, + M_PatientNIK_bidx = ?, M_PatientDOB = ?, + M_PatientDOB_enc = ?, + M_PatientDOB_bidx = ?, M_PatientM_TitleID = ?, M_PatientNIP = ?, M_PatientM_SexID = ?, M_PatientPrefix = ?, M_PatientName = ?, + M_PatientName_enc = ?, + M_PatientName_bidx = ?, M_PatientSuffix = ?, M_PatientEmail = ?, + M_PatientEmail_enc = ?, M_PatientHP = ?, + M_PatientHP_enc = ?, + M_PatientHP_bidx = ?, M_PatientDivisi = ?, M_PatientPosisi = ?, M_PatientLocation = ?, @@ -1159,17 +1237,29 @@ class Preregisterapp extends MY_Controller WHERE M_PatientID = ? "; - //echo $sql; $qry = $this->db_onedev->query($sql, [ - $pdob, + $plain_ktp_upd ? 'NNIDN' : '', + $plain_ktp_upd ? 'http://terminology.hl7.org/CodeSystem/v2-0203' : '', + $ktp_mask_upd, + $ktp_mask_upd, + $plain_ktp_upd ? $enc_upd->encrypt($plain_ktp_upd) : null, + $enc_upd->search_bidx($plain_ktp_upd ?? ''), + $this->_mask_dob($dob_str_upd), + $enc_upd->encrypt($dob_str_upd), + $enc_upd->search_bidx($dob_str_upd), $v['Mcu_PreregisterPatientsM_TitleID'], $v['Mcu_PreregisterPatientsNIP'], $v['Mcu_PreregisterPatientsM_SexID'], $v['Mcu_PreregisterPatientsPatientPrefix'], - $v['Mcu_PreregisterPatientsPatientName'], + $this->_mask_name($plain_name_upd), + $enc_upd->encrypt($plain_name_upd), + $enc_upd->search_bidx($plain_name_upd), $v['Mcu_PreregisterPatientsPatientSuffix'], - $v['Mcu_PreregisterPatientsEmail'], - $v['Mcu_PreregisterPatientsHp'], + $plain_email_upd ? $this->_mask_email($plain_email_upd) : '', + $plain_email_upd ? $enc_upd->encrypt($plain_email_upd) : null, + $plain_hp_upd ? $this->_mask_phone($plain_hp_upd) : '', + $plain_hp_upd ? $enc_upd->encrypt($plain_hp_upd) : null, + $enc_upd->search_bidx($plain_hp_upd ?? ''), $v['Mcu_PreregisterPatientsDivisi'], $v['Mcu_PreregisterPatientsPosisi'], $v['Mcu_PreregisterPatientsLocation'], @@ -1725,16 +1815,41 @@ class Preregisterapp extends MY_Controller $add_where .= " AND M_PatientNIP = '{$nik}'"; } if ($ktp != '') { - $add_where .= " AND M_PatientIdentifierValue = '{$nik}' AND M_PatientIdentifierCode = 'NNIDN'"; + $ktp_toks = $this->ibl_encryptor->query_tokens($ktp); + foreach ($ktp_toks as $ktok) { + $ktok_esc = $this->db_onedev->escape_str($ktok); + $add_where .= " AND JSON_CONTAINS(M_PatientNIK_bidx, '\"$ktok_esc\"')"; + } } $setup = $prm['setup']; $join_company = ""; if (isset($prm['company']) && intval($prm['company']) > 0) { - $join_company = "JOIN t_orderheader ON T_OrderHeaderM_PatientID = M_PatientID AND - T_OrderHeaderIsActive = 'Y' AND + $join_company = "JOIN t_orderheader ON T_OrderHeaderM_PatientID = M_PatientID AND + T_OrderHeaderIsActive = 'Y' AND T_OrderHeaderM_CompanyID = {$prm['company']}"; } + $name_where = '1=1'; + if ($name != '') { + $name_toks = $this->ibl_encryptor->query_tokens($name); + $nconds = []; + foreach ($name_toks as $ntok) { + $ntok_esc = $this->db_onedev->escape_str($ntok); + $nconds[] = "JSON_CONTAINS(M_PatientName_bidx, '\"$ntok_esc\"')"; + } + if ($nconds) $name_where = implode(' AND ', $nconds); + } + $dob_where = '1=1'; + if ($dob != '') { + $dob_toks = $this->ibl_encryptor->query_tokens($dob); + $dconds = []; + foreach ($dob_toks as $dtok) { + $dtok_esc = $this->db_onedev->escape_str($dtok); + $dconds[] = "JSON_CONTAINS(M_PatientDOB_bidx, '\"$dtok_esc\"')"; + } + if ($dconds) $dob_where = implode(' AND ', $dconds); + } + $sql = "SELECT COUNT(*) as total FROM ( SELECT * @@ -1742,16 +1857,15 @@ class Preregisterapp extends MY_Controller $join_company LEFT JOIN m_title ON M_PatientM_TitleID = M_TitleID WHERE - M_PatientIsActive = 'Y' + M_PatientIsActive = 'Y' AND M_PatientRegisteredByCompanyID = {$setup['Mgm_McuM_CompanyID']} - AND M_PatientName LIKE CONCAT('%',?,'%') AND - (DATE_FORMAT(M_PatientDOB, '%d-%m-%Y') LIKE '%{$dob}%' and M_PatientDOB IS NOT NULL) + AND ({$name_where}) + AND ({$dob_where}) {$add_where} GROUP BY M_PatientID ) x "; - //echo $sql; - $qry = $this->db_onedev->query($sql, [$name]); + $qry = $this->db_onedev->query($sql); if (!$qry) { $message = $this->db_onedev->error(); $message['qry'] = $this->db_onedev->last_query(); @@ -1759,7 +1873,7 @@ class Preregisterapp extends MY_Controller exit; } $countx = $qry->row()->total; - $sql = "SELECT *, DATE_FORMAT(M_PatientDOB, '%d-%m-%Y') as dob_ina, + $sql = "SELECT *, M_PatientDOB as dob_ina, M_PatientNoReg as Mcu_PreregisterPatientsPID, M_PatientIdentifierValue as Mcu_PreregisterPatientsKTP, M_PatientID as Mcu_PreregisterPatientsM_PatientID, @@ -1781,16 +1895,15 @@ class Preregisterapp extends MY_Controller LEFT join m_title on M_PatientM_TitleID = M_TitleID WHERE M_PatientRegisteredByCompanyID = {$setup['Mgm_McuM_CompanyID']} - AND M_PatientIsActive = 'Y' AND - M_PatientName LIKE CONCAT('%',?,'%') AND - (DATE_FORMAT(M_PatientDOB, '%d-%m-%Y') LIKE '%{$dob}%' and M_PatientDOB IS NOT NULL) + AND M_PatientIsActive = 'Y' + AND ({$name_where}) + AND ({$dob_where}) {$add_where} GROUP BY M_PatientID LIMIT 10 OFFSET 0 "; - //echo $sql; - $qry = $this->db_onedev->query($sql, [$name]); + $qry = $this->db_onedev->query($sql); if (!$qry) { $message = $this->db_onedev->error(); $message['qry'] = $this->db_onedev->last_query();