Medmasterpro API Review

From OpenEMR Project Wiki

Overview

This is too review the Medmasterpro api code at http://github.com/medmasterpro/openemr . It gets it's own wiki page because it is an extensive and exciting ongoing project.

Functions

Overview

These are all in the api directory.

Global Issues

  • Change the 'push_notification' global to something more specific like 'device_push_notification_service'
  • One thing we need to consider is being populated in the fields that are mapped to items in the list_options table. For example, when you create a prescription, can you provide me a sample of what you are populating the POST data fields with?

Core functions/scripts in the includes directory

functions.php

  • add_escape_custom($userId) in the 2nd query of createToken() function is not wrapped with single quotes.
  • query in validateToken() function should use binding
  • the getUserData() function looks like it should be removed (since it is just returning results of getUsername() function)

addappointment.php

  • Surround the entire $device_token_badge with the 'push_notification' global switch. Also need to skip the $notification_res logic when not using the 'push_notification'.
  • In $strQuery suery, need single quotes around the add_escape_custom($patientId)
  • All the getUserData() function does is return two separate but identical variables with the getUsername() function. Clean this up, since it appears all you need is a $user = getUsername($userId) and no need for the other variables (emr/password/username).
  • Setting $_SESSION['authGroup'] incorrectly. Check out how it is set in library/auth.inc and set it that way. (note I don't even see where this is used in your script)
  • Use the InsertEvent() function in library/encounter_events.inc.php to create the appointment.

addcheckout.php

  • Strip add_escape_custom() from $units = add_escape_custom($_POST['units']);
  • Note that to protect against sql injection the items that are in the sql queries with the add_escape_custom() function need to be surrounded by quotes. For example, the following is needed: $strQuery1 .= " WHERE encounter = '" . add_escape_custom($visit_id) . "' AND pid = '" . add_escape_custom($patientId)."'";. Note I placed single quotes around the variables. Make sure you do that for the rest of the sql queries here.
  • Note that copays are no longer stored in the billing table, but are now stored in the ar_activity and ar_session tables. This was a new change in OpenEMR 4.1.1 . Look in the OpenEMR codebase and you'll find some good examples, which you can then mimick in this script.
  • Setting $_SESSION['authGroup'] incorrectly. Check out how it is set in library/auth.inc and set it that way. (note I don't even see where this is used in your script).

addcontactgeneral.php

  • Setting $_SESSION['authGroup'] incorrectly. Check out how it is set in library/auth.inc and set it that way. (note I don't even see where this is used in your script).
  • The userdata imagedata is not a feature included within OpenEMR, so unable to even see these within the main OpenEMR. Would need to discuss this feature on the forums at some point to ensure this strategy makes sense; although it seems to make sense to store them where you are and name them via timestamp to avoid overwrites.
  • Storing the id/label information in list_options is definitely not the right way to go, though (would be much better to store it in the users table entry).
  • Also, since you know where these files are, seems like all you need to store is the name (ie. not the path, which could change, if OpenEMR instance is placed on another server).

addfacility.php

  • Setting $_SESSION['authGroup'] incorrectly. Check out how it is set in library/auth.inc and set it that way. (note I don't even see where this is used in your script).
  • You have $user = getUsername($userId); twice.

addfeesheet.php

  • Setting $_SESSION['authGroup'] incorrectly. Check out how it is set in library/auth.inc and set it that way. (note I don't even see where this is used in your script).

addinsurancecompany.php

  • Setting $_SESSION['authGroup'] incorrectly. Check out how it is set in library/auth.inc and set it that way. (note I don't even see where this is used in your script).

addlist.php

  • Setting $_SESSION['authGroup'] incorrectly. Check out how it is set in library/auth.inc and set it that way. (note I don't even see where this is used in your script).
  • There is a new sql column in the lists table (I just committed it to codebase on sourceforge 1 minute ago), called 'modifydate' that should be set to NOW() when create a new item and set to NOW() whenever modify the item.

addonotes.php

  • Setting $_SESSION['authGroup'] incorrectly. Check out how it is set in library/auth.inc and set it that way. (note I don't even see where this is used in your script).

addpatientdocument.php

  • Setting $_SESSION['authGroup'] incorrectly. Check out how it is set in library/auth.inc and set it that way. (note I don't even see where this is used in your script).
  • Should be using the documents class, which is rather simple(then you will support all the document related functionality, such as couchdb support, automatically). See the phimail_store() function in the library/direct_message_check.inc script for a nice example of how to do this.
  • Use the notify_push global to ignore the device_token_badge and notification_res code elements.
  • It also appears you are hard-coding the id_cat of 2 to be labs. Note it is better to hard-code the name of the folder that holds them rather than the id. For an example of this check out the Advanced Directives widget in the demographics.php script.

addpatientdocumentwithlink.php

  • THIS APPEARS TO BE THE SAME EXACT FILE AS ABOVE???
  • Setting $_SESSION['authGroup'] incorrectly. Check out how it is set in library/auth.inc and set it that way. (note I don't even see where this is used in your script).
  • Should be using the documents class, which is rather simple(then you will support all the document related functionality, such as couchdb support, automatically). See the phimail_store() function in the library/direct_message_check.inc script for a nice example of how to do this.
  • Use the notify_push global to ignore the device_token_badge and notification_res code elements.
  • It also appears you are hard-coding the id_cat of 2 to be labs. Note it is better to hard-code the name of the folder that holds them rather than the id. For an example of this check out the Advanced Directives widget in the demographics.php script.

addpatientnotes.php

  • Setting $_SESSION['authGroup'] incorrectly. Check out how it is set in library/auth.inc and set it that way. (note I don't even see where this is used in your script).
  • Use the addPnote() function in library pnotes.inc script.
  • Also, I noted you only seem to have functionality to send messages to oneself regarding a patient; note you can also send messages to other users regarding patients.

addpatient.php

  • Setting $_SESSION['authGroup'] incorrectly. Check out how it is set in library/auth.inc and set it that way. (note I don't even see where this is used in your script).
  • Patient photo/images in OpenEMR are stored in the 'Patient Photograph' document category, which are shown in OpenEMR's patient summary screen. So, store your patient photos theres.
  • You are inserting categories very incorrectly, which will break OpenEMR's current document screen. If you really need to add categories (which you may not need to since 'Patient Photograph' category is there by default), check out some of the previous sql upgrade scripts in the sql directory where we added some categories (for example, the Advance Directive categories); note how complicated it is, although it can definitely be done.
  • For inserting the photes, which are essentially patient documents, use the documents class. Using it is rather simple(then you will support all the document related functionality, such as couchdb support, automatically). See the phimail_store() function in the library/direct_message_check.inc script for a nice example of how to do this.

addpayment.php

  • Setting $_SESSION['authGroup'] incorrectly. Check out how it is set in library/auth.inc and set it that way. (note I don't even see where this is used in your script).
  • My billing knowledge in OpenEMR is very strong, but this looks good. In future, I may have ZH Healthcare look at it since they have developed a lot of OpenEMR's billing code.

addprescription.php

addresource.php

addresourcewithlink.php

addreviewofsystems.php

addroschecks.php

addsoap.php

addvisit.php

addvisitvitals.php

classes.php

  • The site variable will need to be dealt with at some point. Can do this later int he review process after have a better idea of the code flow.

deleteappointment.php

deletecontactgeneral.php

deletefeesheet.php

deletemessage.php

deletepatientdocument.php

deleteprescription.php

deleteresource.php

deletesoap.php

deletevisit.php

forgetpassword.php

getallpatients.php

getappointmentcategories.php

getcontactgeneral.php

getfacility.php

getfeesheetoptions.php

getfeesheet.php

getinsurancecompanies.php

getinsurancecompany.php

getlistbyvisitid.php

getlist.php

getlocation.php

getmessages.php

getnotifications.php

getonotes.php

getpatientdocuments.php

getpatientrecord.php

getprescription.php

getproviders.php

getresources.php

getreviewofsystemsbyid.php

getreviewofsystemslist.php

getreviewofsystems.php

getreviewofsystemssummary.php

getroschecksbyid.php

getroscheckslist.php

getroschecks.php

getroscheckssummary.php

getsendmessages.php

getsoaplist.php

getsoap.php

getstatsoptions.php

getuserlist.php

getvisits.php

getvitals.php

login.php

loginwithpin.php

register.php

report_appointments.php

report_appt_visits.php

report_visits.php

resetpasswordpin.php

searchappointments.new.php

searchappointments.php

searchdiagnosiscode.php

searchdrug.php

searchpatient.php

searchrx.php

sendmessage.php

updateappointment.php

updatecontactgeneral.php

updatefacility.php

updatefeesheet.php

updateinsurancecompany.php

updatelist.php

updatelocation.php

updatenotificationbadge.php

updatepatientdocument.php

updatepatientnotes.php

updatepatient.php

updateprescription.php

updateprofileimage.php

updatereviewofsystems.php

updateroschecks.php

updatesoap.php

updatevisit.php

updatevisitvitals.php

version_openemr.php

version.php

visitsummery.php