Difference between revisions of "Medmasterpro API Review"
From OpenEMR Project Wiki
Bradymiller (talk | contribs) |
Bradymiller (talk | contribs) |
||
Line 28: | Line 28: | ||
==addfacility.php== | ==addfacility.php== | ||
:*Setting $_SESSION['authGroup'] incorrectly. Check out how it is set in library/auth.inc and set it that way. (note I don't even see where this is used in your script). | |||
:*You have $user = getUsername($userId); twice. | |||
==addfeesheet.php== | ==addfeesheet.php== | ||
==addinsurancecompany.php== | ==addinsurancecompany.php== |
Revision as of 00:35, 17 March 2013
Overview
- This is too review the Medmasterpro api code at http://github.com/medmasterpro/openemr . It gets it's own wiki page because it is an extensive and exciting ongoing project.
Functions
Overview
- These are all in the api directory.
Global Issues
- Change the 'push_notification' global to something more specific like 'device_push_notification_service'
Core functions/scripts in the includes directory
addappointment.php
- Surround the entire $device_token_badge with the 'push_notification' global switch. Also need to skip the $notification_res logic when not using the 'push_notification'.
- In $strQuery suery, need single quotes around the add_escape_custom($patientId)
- All the getUserData() function does is return two separate but identical variables with the getUsername() function. Clean this up, since it appears all you need is a $user = getUsername($userId) and no need for the other variables (emr/password/username).
- Setting $_SESSION['authGroup'] incorrectly. Check out how it is set in library/auth.inc and set it that way. (note I don't even see where this is used in your script)
- Use the InsertEvent() function in library/encounter_events.inc.php to create the appointment.
addcheckout.php
- Strip add_escape_custom() from $units = add_escape_custom($_POST['units']);
- Note that to protect against sql injection the items that are in the sql queries with the add_escape_custom() function need to be surrounded by quotes. For example, the following is needed: $strQuery1 .= " WHERE encounter = '" . add_escape_custom($visit_id) . "' AND pid = '" . add_escape_custom($patientId)."'";. Note I placed single quotes around the variables. Make sure you do that for the rest of the sql queries here.
- Note that copays are no longer stored in the billing table, but are now stored in the ar_activity and ar_session tables. This was a new change in OpenEMR 4.1.1 . Look in the OpenEMR codebase and you'll find some good examples, which you can then mimick in this script.
- Setting $_SESSION['authGroup'] incorrectly. Check out how it is set in library/auth.inc and set it that way. (note I don't even see where this is used in your script).
addcontactgeneral.php
- Setting $_SESSION['authGroup'] incorrectly. Check out how it is set in library/auth.inc and set it that way. (note I don't even see where this is used in your script).
- The userdata imagedata is not a feature included within OpenEMR, so unable to even see these within the main OpenEMR. Would need to discuss this feature on the forums at some point to ensure this strategy makes sense; although it seems to make sense to store them where you are and name them via timestamp to avoid overwrites.
- Storing the id/label information in list_options is definitely not the right way to go, though (would be much better to store it in the users table entry).
- Also, since you know where these files are, seems like all you need to store is the name (ie. not the path, which could change, if OpenEMR instance is placed on another server).
addfacility.php
- Setting $_SESSION['authGroup'] incorrectly. Check out how it is set in library/auth.inc and set it that way. (note I don't even see where this is used in your script).
- You have $user = getUsername($userId); twice.
addfeesheet.php
addinsurancecompany.php
addlist.php
addonotes.php
addpatientdocument.php
addpatientdocumentwithlink.php
addpatientnotes.php
addpatient.php
addpayment.php
addprescription.php
addresource.php
addresourcewithlink.php
addreviewofsystems.php
addroschecks.php
addsoap.php
addvisit.php
addvisitvitals.php
classes.php
- The site variable will need to be dealt with at some point. Can do this later int he review process after have a better idea of the code flow.