fajri/BE_IBL
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
17a788baac8781d3066acb9b8056efe5bcbb95a9
BE_IBL/application/controllers/mockup/fo/ibl_registration/Payment.php
sas.fajri 17a788baac FHM31052601IBL - update FO registration controllers: decrypt PII sebelum return response 
- Payment, History, Delivery: load ibl_encryptor, decrypt Name/Email/HP
- Order, Order copy: decrypt patient_name di get_header & get_order_header
- Order: pre-fetch decrypt email/HP sebelum UNION delivery query
- Order: enkripsi T_OrderDeliveryDestination saat INSERT, decrypt saat SELECT
- SQL: tambah kolom T_OrderDeliveryDestination_enc
- migrate_encrypt_results: tambah migrasi t_orderdelivery

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-31 14:31:54 +07:00

434 lines
15 KiB
PHP
Raw Blame History

<?php
class Payment extends MY_Controller
{
var $db_smartone;
public function index()
{
echo "Doctor API";
}
public function __construct()
{
parent::__construct();
$this->db_smartone = $this->load->database("onedev", true);
$this->load->library('ibl_encryptor');
}
public function get_order() {
$prm = $this->sys_input;
$rst = ["order_header"=>[], "order_detail"=>[], "order_delivery"=>[]];
$sql = "
select T_OrderHeaderID as order_id,
T_OrderHeaderLabNumber as order_no,
T_OrderHeaderDate as order_date,
T_OrderHeaderSubTotal as order_subtotal,
T_OrderHeaderRounding as order_rounding,
T_OrderHeaderTotal as order_total,
M_PatientName_enc, M_TitleName,
M_PatientNoReg as patient_mr,
M_MouName as order_mou,
M_CompanyName as order_company,
fn_global_doctor_name(da.M_DoctorID) doctor_sender,
fn_global_doctor_name(db.M_DoctorID) doctor_pj,
fn_global_doctor_address(aa.M_DoctorAddressID, 1) doctor_sender_address,
M_MouIsBill M_CompanyIsBill, M_MouMinDP M_CompanyMinDP,
M_MouIsAgingOnHold M_CompanyIsAgingOnHold, M_MouIsAgingOnHoldNote M_CompanyIsAgingOnHoldNote
from t_orderheader
join m_patient on T_OrderHeaderM_PatientID = M_PatientID
join m_company on T_OrderHeaderM_CompanyID = M_CompanyID
join m_mou on T_OrderHeaderM_MouID = M_MouID
join m_doctor da on T_OrderHeaderSenderM_DoctorID = da.M_DoctorID
join m_doctoraddress aa on T_OrderHeaderSenderM_DoctorAddressID = aa.M_DoctorAddressID
join m_doctor db on T_OrderHeaderSenderM_DoctorID = db.M_DoctorID
left join m_title on m_patientm_titleid = m_titleid
where T_OrderHeaderID = ?";
$query = $this->db_smartone->query($sql, array($prm['id']));
if ($query) {
$rows = (array) $query->row();
$name = $this->ibl_encryptor->decrypt($rows['M_PatientName_enc']);
$title = !empty($rows['M_TitleName']) ? $rows['M_TitleName'] . ' ' : '';
$rows['patient_name'] = $title . ($name ?? '');
unset($rows['M_PatientName_enc'], $rows['M_TitleName']);
$rst['order_header'] = $rows;
// $result = array("status" => "OK" , "data" => $rst);
// $this->sys_ok($result);
// exit;
} else {
$this->sys_error_db("m_doctoraddress ", $this->db_smartone);
exit;
}
$sql = "CALL sp_fo_payment_get_delivery('{$prm['id']}')";
$query = $this->db_smartone->query($sql);
$this->clean_mysqli_connection($this->db_smartone->conn_id);
if ($query) {
$rows = $query->row();
$rst['order_delivery'] = json_decode($rows->delivery);
// $result = array("status" => "OK" , "data" => $rst);
// $this->sys_ok($result);
// exit;
} else {
$this->sys_error_db("m_doctoraddress delivery ", $this->db_smartone);
exit;
}
// { n:1, d_id:1, t_id:1, t_name:'SGOT', t_price:80000, t_disctotal:7000, t_total:73000 },
// { n:2, d_id:2, t_id:2, t_name:'SGPT', t_price:75000, t_disctotal:8000, t_total:67000 }
// T_OrderDetailPrice double [0]
// T_OrderDetailPriceForDisc double [0]
// T_OrderDetailDisc double [0]
// T_OrderDetailDiscAmount double [0]
// T_OrderDetailTotal
$sql = "
select T_OrderDetailID as d_id,
T_OrderDetailT_TestID as t_id,
IFNULL(T_OrderDetailT_TestName, T_PacketName) as t_name,
T_OrderDetailPrice as t_price,
T_OrderDetailDiscTotal as t_disctotal,
T_OrderDetailTotal as t_total
from t_orderdetail
join t_orderdetailaddon on T_OrderDetailAddOnT_OrderDetailID = T_OrderDetailID
left join t_test on t_orderdetailt_testid = t_testid
left join t_packet on t_orderdetailaddonispacket = 'Y' and t_orderdetailaddont_packetid = t_packetid
where T_OrderDetailT_OrderHeaderID = ?
and T_ORderDetailIsActive = 'Y'
and ((T_ORderDetailAddOnIsPacket = 'N' AND T_TestIsPrintNota = 'Y' AND T_OrderDetailT_TestIsPanelChildren = 'N')
OR (T_OrderDetailT_TestIsPanelChildren = 'Y' AND T_OrderDetailT_TestIsPanelChildrenPrintNota = 'Y')
OR (T_ORderDetailAddOnIsPacket = 'Y' AND T_PacketIsNOta = 'Y'))";
$query = $this->db_smartone->query($sql, array($prm['id']));
if ($query) {
$rows = $query->result_array();
$rst['order_detail'] = $rows;
$result = array("status" => "OK" , "data" => $rst);
$this->sys_ok($result);
exit;
} else {
$this->sys_error_db("m_doctoraddress ", $this->db_smartone);
exit;
}
}
public function search()
{
$prm = $this->sys_input;
$max_rst = 100;
$tot_count =0;
$q = [
'search' => '%'
];
if ($prm['search'] != '')
{
$q['search'] = "%{$prm['search']}%";
}
// QUERY TOTAL
$sql = "select count(*) total
from
m_paymenttype
where M_PaymentTypeIsActive = 'Y'
and M_PaymentTypeName like ?";
$query = $this->db_smartone->query($sql, array($q['search']));
if ($query) {
$tot_count = $query->result_array()[0]["total"];
}
else {
$this->sys_error_db("m_paymenttype count",$this->db_smartone);
exit;
}
$sql = "select M_PaymentTypeID payment_type_id, M_PaymentTypeName payment_type_name, M_PaymentTypeCode payment_type_code,
0 payment_amount, '' payment_note, 'Nomor Kartu' payment_note_label, 'N' payment_enable,
0 payment_change, 0 payment_actual, 0 payment_card_id, 0 payment_edc_id, 0 payment_account_id
from m_paymenttype
where M_PaymentTypeIsActive = 'Y'
and M_PaymentTypeName like ?";
$query = $this->db_smartone->query($sql, array($q['search']));
if ($query) {
$rows = $query->result_array();
foreach($rows as $k => $v) {
if ($v['payment_type_code'] == 'CASH')
$v['payment_note_label'] = 'Kembali';
if ($v['payment_type_code'] == 'VOUCHER')
$v['payment_note_label'] = 'Nomor Voucher';
$rows[$k] = $v;
}
$result = $rows;
$this->sys_ok($result);
}
else {
$this->sys_error_db("m_paymenttype rows",$this->db_smartone);
exit;
}
}
function save()
{
$prm = $this->sys_input;
$payment_json = json_encode($prm['payments']);
$sql = "CALL sp_fo_payment('{$prm['order_id']}', '{$payment_json}', '{$this->sys_user['M_UserID']}');";
$query = $this->db_smartone->query($sql);
if ($query)
{
$rst = $query->row();
$rst->data = json_decode($rst->data);
echo json_encode($rst);
}
else
{
$this->sys_error_db("save payment", $this->db_smartone);
exit;
}
}
function endshowtime()
{
$prm = $this->sys_input;
$sql = "UPDATE t_orderheaderaddon SET
T_OrderHeaderAddonFoTimeStart = '{$prm['time_start']}',
T_OrderHeaderAddonFoTimeEnd = NOW()
WHERE
T_OrderHeaderAddOnT_OrderHeaderID = {$prm['order_id']}";
$query = $this->db_smartone->query($sql);
if ($query)
{
$result = array(
"total" => 1,
"records" => array()
);
$this->sys_ok($result);
exit;
}
else
{
$this->sys_error_db("save payment", $this->db_smartone);
exit;
}
}
public function search_bank()
{
$prm = $this->sys_input;
if (isset($prm['card']))
{
$sql = "SELECT Nat_BankID, Nat_BankName
FROM nat_bank WHERE Nat_BankIsCard = 'Y' ORDER BY Nat_BankName ASC";
$query = $this->db_smartone->query($sql);
}
else if (isset($prm['edc']))
{
$sql = "SELECT Nat_BankID, Nat_BankName
FROM nat_bank WHERE Nat_BankIsEDC = 'Y' ORDER BY Nat_BankName ASC";
$query = $this->db_smartone->query($sql);
}
else
{
$sql = "SELECT Nat_BankID, Nat_BankName
FROM nat_bank ORDER BY Nat_BankName ASC";
$query = $this->db_smartone->query($sql);
}
if ($query)
{
$rows = $query->result_array();
$this->sys_ok(["records"=>$rows, "total"=>sizeof($rows), "q"=>$this->db_smartone->last_query()]);
}
else
{
$this->sys_error_db("NAT BANK",$this->db_smartone);
exit;
}
}
function generate_random_string()
{
$length = 32;
$characters = '0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ';
$code = '';
for ($i = 0; $i < $length; $i++) {
$code .= $characters[rand(0, strlen($characters) - 1)];
}
return $code;
}
function save_signature()
{
if (! $this->isLogin) {
$this->sys_error("Invalid Token");
exit;
}
$prm = $this->sys_input;
$userid = $this->sys_user["M_UserID"];
$order_id = $prm['order_id'];
$m_patientid = 0;
$sql = "SELECT T_OrderHeaderM_PatientID FROM t_orderheader WHERE T_OrderHeaderID = ? LIMIT 1";
$query = $this->db_smartone->query($sql, array($order_id));
if ($query) {
$rows = $query->row();
$m_patientid = $rows->T_OrderHeaderM_PatientID;
} else {
$this->sys_error_db("M_PatientID NOT FOUND", $this->db_smartone);
exit;
}
$random_string = $this->generate_random_string();
$home_dir = "/home/one/project/one/";
$target_dir = $home_dir . "one-media/one-signature/" . date("Y") . "/";
if (!file_exists($target_dir)) {
mkdir($target_dir, 0755, true);
}
$target_path = $target_dir . "_" . $random_string . ".png";
$sql = "UPDATE patient_signature SET Patient_SignatureIsActive = 'N',
Patient_SignatureLastUpdated = NOW, Patient_SignatureLastUpdatedUserID = ?
WHERE Patient_SignatureM_PatientID = ? AND Patient_SignatureIsActive = 'Y'";
$delete_exist = $this->db_onedev->query($sql, array($userid, $m_patientid));
/*if (file_exists($target_path)) {
$random_string = $this->generate_random_string();
$new_path = $target_dir . "_" . $random_string . ".png";
$xsource = fopen($target_path, 'r');
$xdestination = fopen($new_path, 'w');
stream_copy_to_stream($xsource, $xdestination);
fclose($xsource);
fclose($xdestination);
$new_path = "/" . str_replace($home_dir, "", $new_path);
$sql = "UPDATE patient_signature SET Patient_SignatureIsActive = 'N',
Patient_SignatureLastUpdated = NOW, Patient_SignatureLastUpdatedUserID = ?
WHERE Patient_SignatureM_PatientID = ? AND Patient_SignatureIsActive = 'Y'";
$delete_exist = $this->db_onedev->query($sql, array($userid, $m_patientid));
$sql = "INSERT INTO patient_signature (
Patient_SignatureM_PatientID,
Patient_SignatureUrl,
Patient_SignatureCreated,
Patient_SignatureUserID
) VALUES (?, ?, NOW(), ?)";
$insert_new = $this->db_onedev->query($sql, array($m_patientid, $new_path, $userid));
}*/
//echo $target_path;
$file_png = $this->base64_to_jpeg($prm['data'], $target_path);
$xurl = "/" . str_replace($home_dir, "", $target_path);
if ($xurl) {
$sql = "UPDATE patient_signature SET Patient_SignatureIsActive = 'N',
Patient_SignatureLastUpdated = NOW(), Patient_SignatureLastUpdatedUserID = ?
WHERE Patient_SignatureM_PatientID = ? AND Patient_SignatureIsActive = 'Y'";
$delete_exist = $this->db_onedev->query($sql, array($userid, $m_patientid));
//echo $this->db_onedev->last_query();
if(!$delete_exist) {
echo $this->db_onedev->last_query();
$this->sys_error_db("DELETE PATIENT SIGNATURE", $this->db_onedev);
exit;
}
$sql = "INSERT INTO patient_signature (
Patient_SignatureM_PatientID,
Patient_SignatureUrl,
Patient_SignatureCreated,
Patient_SignatureCreatedUserID
) VALUES (?, ?, NOW(), ?)";
$insert_new = $this->db_onedev->query($sql, array($m_patientid, $xurl, $userid));
//echo $this->db_onedev->last_query();
if(!$insert_new) {
echo $this->db_onedev->last_query();
$this->sys_error_db("INSERT PATIENT SIGNATURE", $this->db_onedev);
exit;
}
}
$xurl = $xurl . "?=" . date('Ymdhhis');
$result = array(
"url_image" => $xurl
);
$this->sys_ok($result);
exit;
}
function base64_to_jpeg($base64_string, $output_file)
{
// open the output file for writing
$ifp = fopen($output_file, 'wb');
// split the string on commas
// $data[ 0 ] == "data:image/png;base64"
// $data[ 1 ] == <actual base64 string>
$data = explode(',', $base64_string);
// we could add validation here with ensuring count( $data ) > 1
fwrite($ifp, base64_decode($data[1]));
// clean up the file resource
fclose($ifp);
return $output_file;
}
function get_report_url_by_code()
{
if (! $this->isLogin) {
$this->sys_error("Invalid Token");
exit;
}
$prm = $this->sys_input;
$report_code = $prm['code_report'];
$params = $prm['params'];
$this->load->library("Reporturl");
$report_url = $this->reporturl->get_report_url_by_code($report_code, $params);
if($report_url[0]){
$result = array(
"url" => $report_url[1]
);
$this->sys_ok($result);
exit;
}
else{
$this->sys_error($report_url[1]);
exit;
}
}
/*function endshowtime()
{
$prm = $this->sys_input;
$sql = "UPDATE t_orderheaderaddon SET
T_OrderHeaderAddonFoTimeStart = {$prm['time_start']},
T_OrderHeaderAddonFoTimeEnd = NOW()
WHERE
T_OrderHeaderAddOnT_OrderHeaderID = {$prm['order_id']}";
$query = $this->db_smartone->query($sql);
if ($query)
{
$rows = $query->result_array();
$this->sys_ok(["records"=>array(), "total"=>sizeof($rows), "q"=>'');
}
else
{
$this->sys_error_db("NAT BANK",$this->db_smartone);
exit;
}
}*/
}
Reference in New Issue View Git Blame Copy Permalink