db_onedev = $this->load->database("onedev", true); $this->load->library('ibl_encryptor'); } private function _mask_name($v) { if (!$v) return $v; $v = trim($v); $words = preg_split('/\s+/', $v); if (count($words) === 1) { $l = mb_strlen($v, 'UTF-8'); return $l <= 6 ? $v : mb_substr($v, 0, 6, 'UTF-8') . '***'; } $first = $words[0]; $rest = array_slice($words, 1); $masked = array_map(function($w) { if (!$w) return ''; $init = mb_substr($w, 0, 1, 'UTF-8'); return $init . str_repeat('*', max(3, mb_strlen($w, 'UTF-8') - 1)); }, $rest); return $first . ' ' . implode(' ', $masked); } private function _mask_phone($v) { if (!$v) return $v; $d=preg_replace('/[^0-9]/','',trim($v)); $l=strlen($d); if($l<=4) return '****'; if($l<=8) return substr($d,0,4).str_repeat('*',$l-4); return substr($d,0,4).str_repeat('*',$l-7).substr($d,-3); } private function _mask_email($v) { if (!$v||strpos($v,'@')===false) return $v; [$loc,$dom]=explode('@',$v,2); return mb_substr($loc,0,min(2,mb_strlen($loc,'UTF-8')),'UTF-8').'***@'.$dom; } private function _mask_short($v) { if (!$v) return $v; $v=trim($v); $l=mb_strlen($v,'UTF-8'); if($l<=2) return '***'; return mb_substr($v,0,2,'UTF-8').'***'; } private function _mask_id($v) { if (!$v) return $v; $v=trim($v); $l=strlen($v); if($l<=4) return '****'; return substr($v,0,4).str_repeat('*',max(3,$l-6)).($l>6?substr($v,-2):''); } private function _mask_address($v) { if (!$v) return $v; $v=trim($v); $l=mb_strlen($v,'UTF-8'); if($l<=5) return '***'; return mb_substr($v,0,5,'UTF-8').'***'; } private function _decrypt_row(array $row): array { $enc = $this->ibl_encryptor; if (!empty($row['M_PatientName_enc'])) $row['M_PatientName'] = $enc->decrypt($row['M_PatientName_enc']) ?? $row['M_PatientName']; if (!empty($row['M_PatientHP_enc'])) $row['M_PatientHP'] = $enc->decrypt($row['M_PatientHP_enc']) ?? ''; if (!empty($row['M_PatientEmail_enc'])) $row['M_PatientEmail'] = $enc->decrypt($row['M_PatientEmail_enc']) ?? ''; if (!empty($row['M_PatientPhone_enc'])) $row['M_PatientPhone'] = $enc->decrypt($row['M_PatientPhone_enc']) ?? ''; if (!empty($row['M_PatientPOB_enc'])) $row['M_PatientPOB'] = $enc->decrypt($row['M_PatientPOB_enc']) ?? ''; if (!empty($row['M_PatientIDNumber_enc'])) $row['M_PatientIDNumber'] = $enc->decrypt($row['M_PatientIDNumber_enc']) ?? ''; if (!empty($row['M_PatientNIK_enc'])) $row['M_PatientNIK'] = $enc->decrypt($row['M_PatientNIK_enc']) ?? ''; if (!empty($row['M_PatientDOB_enc'])) $row['M_PatientDOB'] = $enc->decrypt($row['M_PatientDOB_enc']) ?? $row['M_PatientDOB']; foreach (array_keys($row) as $k) { if (substr($k,-4)==='_enc'||substr($k,-5)==='_bidx') unset($row[$k]); } return $row; } private function _decrypt_addr_row(array $row): array { $enc = $this->ibl_encryptor; if (!empty($row['M_PatientAddressDescription_enc'])) $row['M_PatientAddressDescription'] = $enc->decrypt($row['M_PatientAddressDescription_enc']) ?? $row['M_PatientAddressDescription']; if (!empty($row['M_PatientAddressEmail_enc'])) $row['M_PatientAddressEmail'] = $enc->decrypt($row['M_PatientAddressEmail_enc']) ?? ''; if (!empty($row['M_PatientAddressPhone_enc'])) $row['M_PatientAddressPhone'] = $enc->decrypt($row['M_PatientAddressPhone_enc']) ?? ''; foreach (array_keys($row) as $k) { if (substr($k,-4)==='_enc'||substr($k,-5)==='_bidx') unset($row[$k]); } return $row; } public function search() { $prm = $this->sys_input; if (! $this->isLogin) { $this->sys_error("Invalid Token"); exit; } $norm = $prm["snorm"]; $nama = str_replace("'", "\\'", $prm["name"]); // echo $norm; $sql_where = "WHERE M_PatientIsActive = 'Y'"; $sql_param = array(); $number_limit = 100; $number_offset = max(0, ($prm['current_page'] - 1)) * $number_limit; // Search nama via trigram blind index (kolom plaintext sudah dimasking) if ($nama != "") { $toks = $this->ibl_encryptor->query_tokens($nama); foreach ($toks as $tok) { $tok_esc = $this->db_onedev->escape_str($tok); $sql_where .= " AND JSON_CONTAINS(M_PatientName_bidx, '\"$tok_esc\"')"; } } if ($norm != "") { $sql_where .= " AND M_PatientNoReg LIKE ?"; $sql_param[] = "%$norm%"; } $sql = "SELECT M_PatientID, M_PatientNoReg, M_PatientPrefix, M_PatientSuffix, M_PatientNote, M_PatientJabatan, M_PatientKedudukan, M_PatientPJ, M_PatientLocation, M_PatientJob, M_PatientM_SexID, M_SexName, M_PatientM_TitleID, M_TitleName, M_PatientM_ReligionID, M_ReligionName, M_PatientM_IdTypeID, M_IdTypeName, IF(ISNULL(M_PatientSuspendID),'active','suspend') as status, M_PatientName_enc, M_PatientHP_enc, M_PatientEmail_enc, M_PatientPhone_enc, M_PatientPOB_enc, M_PatientIDNumber_enc, M_PatientNIK_enc, M_PatientDOB_enc FROM m_patient LEFT JOIN m_title ON M_PatientM_TitleID = M_TitleID LEFT JOIN m_sex ON M_PatientM_SexID = M_SexID LEFT JOIN m_religion ON M_PatientM_ReligionID = M_ReligionID LEFT JOIN m_idtype ON M_PatientM_IdTypeID = M_IdTypeID LEFT JOIN m_patientsuspend ON M_PatientSuspendM_PatientID = M_PatientID AND M_PatientSuspendIsActive = 'Y' {$sql_where} ORDER BY M_PatientID DESC LIMIT {$number_limit} OFFSET {$number_offset}"; $query = $this->db_onedev->query($sql, $sql_param); $rows = $query->result_array(); foreach ($rows as $k => $v) { $rows[$k] = $this->_decrypt_row($v); } $result = array("total" => count($rows), "records" => $rows); $this->sys_ok($result); exit; } function getsexreg(){ if (! $this->isLogin) { $this->sys_error("Invalid Token"); exit; } $rows = []; $query =" SELECT * FROM m_title WHERE M_TitleIsActive = 'Y' "; //echo $query; $rows['titles'] = $this->db_onedev->query($query)->result_array(); $query =" SELECT * FROM m_sex WHERE M_SexIsActive = 'Y' "; //echo $query; $rows['sexes'] = $this->db_onedev->query($query)->result_array(); $query =" SELECT * FROM m_religion WHERE M_ReligionIsActive = 'Y' "; //echo $query; $rows['religions'] = $this->db_onedev->query($query)->result_array(); $query =" SELECT * FROM m_idtype WHERE M_IdTypeIsActive = 'Y' "; //echo $query; $rows['kartuidentitass'] = $this->db_onedev->query($query)->result_array(); $result = array( "total" => count($rows) , "records" => $rows, ); $this->sys_ok($result); exit; } function searchcity(){ if (! $this->isLogin) { $this->sys_error("Invalid Token"); exit; } $prm = $this->sys_input; $max_rst = 12; $tot_count =0; $q = [ 'search' => '%' ]; if ($prm['search'] != '') { $q['search'] = "%{$prm['search']}%"; } // QUERY TOTAL $sql = "SELECT count(*) as total FROM m_city WHERE M_CityName like ? AND M_CityIsActive = 'Y'"; $query = $this->db_onedev->query($sql,$q['search']); //echo $query; if ($query) { $tot_count = $query->result_array()[0]["total"]; } else { $this->sys_error_db("m_city count",$this->db_onedev); exit; } $sql = " SELECT * FROM m_city WHERE M_CityName like ? AND M_CityIsActive = 'Y' ORDER BY M_CityName DESC "; $query = $this->db_onedev->query($sql, array($q['search'])); if ($query) { $rows = $query->result_array(); //echo $this->db_onedev->last_query(); $result = array("total" => $tot_count, "records" => $rows, "total_display" => sizeof($rows)); $this->sys_ok($result); } else { $this->sys_error_db("m_city rows",$this->db_onedev); exit; } } function getdistrict(){ $prm = $this->sys_input; $query =" SELECT * FROM m_district WHERE M_DistrictIsActive = 'Y' AND M_DistrictM_CityID = ? "; //echo $query; $rows = $this->db_onedev->query($query,array($prm['id']))->result_array(); $result = array( "total" => count($rows) , "records" => $rows, ); $this->sys_ok($result); exit; } function getkelurahan(){ $prm = $this->sys_input; $query =" SELECT * FROM m_kelurahan WHERE M_KelurahanIsActive = 'Y' AND M_KelurahanM_DistrictID = ? "; //echo $query; $rows = $this->db_onedev->query($query,array($prm['id']))->result_array(); $result = array( "total" => count($rows) , "records" => $rows, ); $this->sys_ok($result); exit; } function search_country(){ if (! $this->isLogin) { $this->sys_error("Invalid Token"); exit; } $prm = $this->sys_input; $search = $prm['search']; if($search == ''){ $search = 'Indonesia'; } $sql = "SELECT * FROM terminology WHERE attribute_path = 'Address.country' AND display LIKE '%$search%' ORDER BY display ASC LIMIT 20 "; $qry = $this->db_onedev->query($sql); $rows = $qry->result_array(); $result = array( "records" => $rows, "sql" => $this->db_onedev->last_query() ); $this->sys_ok($result); exit; } function searchregion(){ if (! $this->isLogin) { $this->sys_error("Invalid Token"); exit; } $prm = $this->sys_input; $search = $prm['search']; $sql = "SELECT r.regional_cd, r.regional_cd AS id, r.regional_nm, r.full_name AS text_nm, r.pro_cd, IFNULL(pro.regional_nm,'') AS pro_nm, r.kab_cd, IFNULL(kab.regional_nm,'') AS kab_nm, r.kec_cd, IFNULL(kec.regional_nm,'') AS kec_nm, r.kel_cd, IFNULL(kel.regional_nm,'') AS kel_nm, r.status_cd, r.old_nm FROM regional r LEFT JOIN regional pro ON CONCAT(r.pro_cd, REPEAT('0', 8)) = pro.regional_cd LEFT JOIN regional kab ON CONCAT(r.pro_cd, r.kab_cd, REPEAT('0', 6)) = kab.regional_cd LEFT JOIN regional kec ON CONCAT(r.pro_cd, r.kab_cd, r.kec_cd, REPEAT('0', 3)) = kec.regional_cd LEFT JOIN regional kel ON CONCAT(r.pro_cd, r.kab_cd, r.kec_cd, r.kel_cd) = kel.regional_cd WHERE (MATCH(r.full_name) AGAINST('%$search%' IN BOOLEAN MODE) OR r.full_name LIKE '%$search%' OR r.regional_nm LIKE '%$search%' OR r.full_name REGEXP '$search' OR r.regional_nm REGEXP '$search' OR LOWER(r.full_name) LIKE LOWER('%$search%') OR LOWER(r.regional_nm) LIKE LOWER('%$search%')) LIMIT 100 "; $qry = $this->db_onedev->query($sql); if (!$qry) { $this->sys_error_db("search wilayah select error", $this->db_onedev); exit; } $rows = $qry->result_array(); $result = array( "records" => $rows, "sql" => $this->db_onedev->last_query() ); $this->sys_ok($result); exit; } function save(){ if (! $this->isLogin) { $this->sys_error("Invalid Token"); exit; } $prm = $this->sys_input; $userid = $this->sys_user["M_UserID"]; $sql = "SELECT * FROM m_patient WHERE M_PatientID = {$prm['M_PatientID']}"; $rows_before = $this->db_onedev->query($sql)->row_array(); $pdob = date('Y-m-d', strtotime($prm['M_PatientDOB'])); $dob_str = date('d-m-Y', strtotime($prm['M_PatientDOB'])); $name = $prm['M_PatientName']; $enc = $this->ibl_encryptor; $sql = "UPDATE m_patient SET M_PatientM_TitleID = ?, M_PatientPrefix = ?, M_PatientName = ?, M_PatientName_enc = ?, M_PatientName_bidx = ?, M_PatientSuffix = ?, M_PatientDOB = ?, M_PatientDOB_enc = ?, M_PatientDOB_bidx = ?, M_PatientM_SexID = ?, M_PatientM_ReligionID = ?, M_PatientEmail = ?, M_PatientEmail_enc = ?, M_PatientPOB = ?, M_PatientPOB_enc = ?, M_PatientHP = ?, M_PatientHP_enc = ?, M_PatientHP_bidx = ?, M_PatientPhone = ?, M_PatientPhone_enc = ?, M_PatientM_IdTypeID = ?, M_PatientIDNumber = ?, M_PatientIDNumber_enc = ?, M_PatientNote = ?, M_PatientNIK = ?, M_PatientNIK_enc = ?, M_PatientJabatan = ?, M_PatientKedudukan = ?, M_PatientPJ = ?, M_PatientLocation = ?, M_PatientJob = ?, M_PatientUserID = ?, M_PatientLastUpdatedUserID = ?, M_PatientLastUpdated = NOW() WHERE M_PatientID = ?"; $query = $this->db_onedev->query($sql, array( $prm['M_PatientM_TitleID'], $prm['M_PatientPrefix'], $this->_mask_name($name), $enc->encrypt($name), $enc->search_bidx($name), $prm['M_PatientSuffix'], $pdob, $enc->encrypt($dob_str), $enc->search_bidx($dob_str), $prm['M_PatientM_SexID'], $prm['M_PatientM_ReligionID'], $this->_mask_email($prm['M_PatientEmail']), $enc->encrypt($prm['M_PatientEmail']), $this->_mask_short($prm['M_PatientPOB']), $enc->encrypt($prm['M_PatientPOB']), $this->_mask_phone($prm['M_PatientHP']), $enc->encrypt($prm['M_PatientHP']), $enc->search_bidx($prm['M_PatientHP']), $this->_mask_phone($prm['M_PatientPhone']), $enc->encrypt($prm['M_PatientPhone']), $prm['M_PatientM_IdTypeID'], $this->_mask_id($prm['M_PatientIDNumber']), $enc->encrypt($prm['M_PatientIDNumber']), $prm['M_PatientNote'], $this->_mask_id($prm['M_PatientNIK']), $enc->encrypt($prm['M_PatientNIK']), $prm['M_PatientJabatan'], $prm['M_PatientKedudukan'], $prm['M_PatientPJ'], $prm['M_PatientLocation'], $prm['M_PatientJob'], $userid, $userid, $prm['M_PatientID'] )); if(!$query){ echo $this->db_onedev->last_query(); $this->sys_error_db("save patient error", $this->db_onedev); exit; } $result = array( "total" => 1 , "records" => array('status'=>'OK') ); $this->sys_ok($result); exit; } function newpatient(){ if (! $this->isLogin) { $this->sys_error("Invalid Token"); exit; } $prm = $this->sys_input; $userid = $this->sys_user["M_UserID"]; $pdob = date('Y-m-d', strtotime($prm['M_PatientDOB'])); $dob_str = date('d-m-Y', strtotime($prm['M_PatientDOB'])); $name = $prm['M_PatientName']; $enc = $this->ibl_encryptor; $query = "INSERT INTO m_patient ( M_PatientM_TitleID, M_PatientPrefix, M_PatientName, M_PatientName_enc, M_PatientName_bidx, M_PatientSuffix, M_PatientDOB, M_PatientDOB_enc, M_PatientDOB_bidx, M_PatientM_SexID, M_PatientM_ReligionID, M_PatientEmail, M_PatientEmail_enc, M_PatientPOB, M_PatientPOB_enc, M_PatientHP, M_PatientHP_enc, M_PatientHP_bidx, M_PatientPhone, M_PatientPhone_enc, M_PatientM_IdTypeID, M_PatientIDNumber, M_PatientIDNumber_enc, M_PatientNote, M_PatientNIK, M_PatientNIK_enc, M_PatientJabatan, M_PatientKedudukan, M_PatientPJ, M_PatientLocation, M_PatientJob, M_PatientUserID, M_PatientCreatedUserID, M_PatientCreated ) VALUES ( ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, NOW() )"; $rows = $this->db_onedev->query($query, array( $prm['M_PatientM_TitleID'], $prm['M_PatientPrefix'], $this->_mask_name($name), $enc->encrypt($name), $enc->search_bidx($name), $prm['M_PatientSuffix'], $pdob, $enc->encrypt($dob_str), $enc->search_bidx($dob_str), $prm['M_PatientM_SexID'], $prm['M_PatientM_ReligionID'], $this->_mask_email($prm['M_PatientEmail']), $enc->encrypt($prm['M_PatientEmail']), $this->_mask_short($prm['M_PatientPOB']), $enc->encrypt($prm['M_PatientPOB']), $this->_mask_phone($prm['M_PatientHP']), $enc->encrypt($prm['M_PatientHP']), $enc->search_bidx($prm['M_PatientHP']), $this->_mask_phone($prm['M_PatientPhone']), $enc->encrypt($prm['M_PatientPhone']), $prm['M_PatientM_IdTypeID'], $this->_mask_id($prm['M_PatientIDNumber']), $enc->encrypt($prm['M_PatientIDNumber']), $prm['M_PatientNote'], $this->_mask_id($prm['M_PatientNIK']), $enc->encrypt($prm['M_PatientNIK']), $prm['M_PatientJabatan'], $prm['M_PatientKedudukan'], $prm['M_PatientPJ'], $prm['M_PatientLocation'], $prm['M_PatientJob'], $userid, $userid )); $last_id = $this->db_onedev->insert_id(); $result = array( "total" => 1 , "records" => array('status'=>'OK'), "id" => $last_id ); $this->sys_ok($result); exit; } function deletepatient(){ if (! $this->isLogin) { $this->sys_error("Invalid Token"); exit; } $userid = $this->sys_user["M_UserID"]; $prm = $this->sys_input; $query ="UPDATE m_patient SET M_PatientIsActive = 'N', M_PatientUserID = {$userid} WHERE M_PatientID = '{$prm['M_PatientID']}' "; //echo $query; $rows = $this->db_onedev->query($query); $result = array( "total" => 1 , "records" => array('status'=>'OK') ); $this->sys_ok($result); exit; } function getaddress(){ if (! $this->isLogin) { $this->sys_error("Invalid Token"); exit; } $prm = $this->sys_input; $query =" SELECT m_patientaddress.*, M_PatientAddressRegionalCd, M_PatientAddressState, M_PatientAddressCity, M_PatientAddressDistrict, M_PatientAddressVillage, '' as action FROM m_patientaddress WHERE M_PatientAddressIsActive = 'Y' AND M_PatientAddressM_PatientID = ? "; //echo $query; $rows = $this->db_onedev->query($query, array($prm['id']))->result_array(); foreach ($rows as $k => $v) { $rows[$k] = $this->_decrypt_addr_row($v); $rows[$k]['action'] = 'delete'; $rows[$k]['action'] .= 'edit'; } $result = array("total" => count($rows), "records" => $rows); $this->sys_ok($result); exit; } function savenewaddress(){ if (! $this->isLogin) { $this->sys_error("Invalid Token"); exit; } $userid = $this->sys_user["M_UserID"]; $prm = $this->sys_input; $count_addrs = $this->db_onedev->query("SELECT COUNT(*) as countx FROM m_patientaddress WHERE M_PatientAddressM_PatientID = '{$prm['M_PatientAddressM_PatientID']}' AND M_PatientAddressIsActive = 'Y'")->row()->countx; if($count_addrs == 0){ $prm['M_PatientAddressNote'] = 'Utama'; } else{ $count_addrs_utama = $this->db_onedev->query("SELECT COUNT(*) as countx FROM m_patientaddress WHERE M_PatientAddressM_PatientID = '{$prm['M_PatientAddressM_PatientID']}' AND M_PatientAddressNote = 'Utama' AND M_PatientAddressIsActive = 'Y'")->row()->countx; if($count_addrs_utama > 0 && strtolower($prm['M_PatientAddressNote']) == 'utama'){ $rx = date('YmdHis'); $prm['M_PatientAddressNote'] = 'Utama_'.$rx; } } $addr_desc = $prm['M_PatientAddressDescription']; $enc = $this->ibl_encryptor; $sql = "INSERT INTO m_patientaddress ( M_PatientAddressM_PatientID, M_PatientAddressNote, M_PatientAddressDescription, M_PatientAddressDescription_enc, M_PatientAddressDescription_bidx, M_PatientAddressRegionalCd, M_PatientAddressState, M_PatientAddressCity, M_PatientAddressDistrict, M_PatientAddressVillage, M_PatientAddressCreated, M_PatientAddressUserID, M_PatientAddressCreatedUserID ) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, NOW(), ?, ?)"; $query = $this->db_onedev->query($sql, array( $prm['M_PatientAddressM_PatientID'], $prm['M_PatientAddressNote'], $this->_mask_address($addr_desc), $enc->encrypt($addr_desc), $enc->search_bidx($addr_desc), $prm['region']['id'], $prm['region']['pro_nm'], $prm['region']['kab_nm'], $prm['region']['kec_nm'], $prm['region']['kel_nm'], $userid, $userid )); //echo $this->db_onedev->last_query(); if(!$query){ $this->sys_error_db("save new address error", $this->db_onedev); exit; } $result = array( "total" => 1 , "records" => array('status'=>'OK') ); $this->sys_ok($result); exit; } function saveeditaddress(){ if (! $this->isLogin) { $this->sys_error("Invalid Token"); exit; } $userid = $this->sys_user["M_UserID"]; $prm = $this->sys_input; $addr_desc = $prm['M_PatientAddressDescription']; $enc = $this->ibl_encryptor; $query = "UPDATE m_patientaddress SET M_PatientAddressM_PatientID = ?, M_PatientAddressNote = ?, M_PatientAddressDescription = ?, M_PatientAddressDescription_enc = ?, M_PatientAddressDescription_bidx = ?, M_PatientAddressRegionalCd = ?, M_PatientAddressState = ?, M_PatientAddressCity = ?, M_PatientAddressDistrict = ?, M_PatientAddressVillage = ?, M_PatientAddressUpdated = NOW(), M_PatientAddressUpdatedUserID = ?, M_PatientAddressUserID = ? WHERE M_PatientAddressID = ?"; $rows = $this->db_onedev->query($query, array( $prm['M_PatientAddressM_PatientID'], $prm['M_PatientAddressNote'], $this->_mask_address($addr_desc), $enc->encrypt($addr_desc), $enc->search_bidx($addr_desc), $prm['region']['id'], $prm['region']['pro_nm'], $prm['region']['kab_nm'], $prm['region']['kec_nm'], $prm['region']['kel_nm'], $userid, $userid, $prm['M_PatientAddressID'] )); $result = array( "total" => 1 , "records" => array('status'=>'OK') ); $this->sys_ok($result); exit; } function deleteaddress(){ if (! $this->isLogin) { $this->sys_error("Invalid Token"); exit; } $userid = $this->sys_user["M_UserID"]; $prm = $this->sys_input; $query ="UPDATE m_patientaddress SET M_PatientAddressIsActive = 'N', M_PatientAddressUserID = ?, M_PatientAddressDeletedUserID = ?, M_PatientAddressDeleted = NOW() WHERE M_PatientAddressID = ? "; //echo $query; $rows = $this->db_onedev->query($query,array( $userid, $userid, $prm['M_PatientAddressID'] )); $result = array( "total" => 1 , "records" => array('status'=>'OK') ); } }