interface/billing/get_claim_file.php

   1 <?php
   2
   3 /**
   4  * get_claim_file.php
   5  *
   6  * @package   OpenEMR
   7  * @link      http://www.open-emr.org
   8  * @author    Brady Miller <brady.g.miller@gmail.com>
   9  * @author    Ken Chapple <ken@mi-squared.com>
  10  * @copyright Copyright (c) 2018 Brady Miller <brady.g.miller@gmail.com>
  11  * @copyright Copyright (c) 2021 Ken Chapple <ken@mi-squared.com>
  12  * @license   https://github.com/openemr/openemr/blob/master/LICENSE GNU General Public License 3
  13  */
  14
  15 require_once(dirname(__FILE__) . "/../globals.php");
  16 require_once $GLOBALS['OE_SITE_DIR'] . "/config.php";
  17
  18 use OpenEMR\Common\Csrf\CsrfUtils;
  19
  20 if (!CsrfUtils::verifyCsrfToken($_GET["csrf_token_form"])) {
  21     CsrfUtils::csrfNotVerified();
  22 }
  23
  24 $content_type = "text/plain";
  25
  26 // The key contains the filename
  27 $fname = convert_safe_file_dir_name($_GET['key']);
  28
  29 // Because of the way the billing tables are constructed (as of 2021)
  30 // We may not know exactly where the file is, so we need to try a couple
  31 // different places. This is mainly because the full path is not stored
  32 // in the database. Also, the file could have been generated with the
  33 // 'gen_x12_based_on_ins_co' global set to 'on' but if it was turned off,
  34 // we still want to be able to download the file. So, we have to do a bit
  35 // of searching.
  36 // The edi directory is the default location.
  37
  38 // the loc, if set, may tell us where the file is
  39 $location = $_GET['location'] ?? '';
  40 $claim_file_found = false;
  41 if ($location === 'tmp') {
  42     $claim_file_dir = rtrim($GLOBALS['temporary_files_dir'], DIRECTORY_SEPARATOR) . DIRECTORY_SEPARATOR;
  43     if (file_exists($claim_file_dir . $fname)) {
  44         $claim_file_found = true;
  45     }
  46 }
  47
  48 // See if the file exists in the x-12 partner's SFTP directory
  49 // If it's not there, try the edi directory
  50 if (
  51     false === $claim_file_found &&
  52     isset($_GET['partner'])
  53 ) {
  54     $x12_partner_id = $_GET['partner'];
  55     // First look in the database for the file so we know
  56     // which partner directory to check
  57     $sql = "SELECT `X`.`id`, `X`.`x12_sftp_local_dir`
  58         FROM `x12_partners` `X`
  59         WHERE `X`.`id` = ?
  60         LIMIT 1";
  61     $row = sqlQuery($sql, [$x12_partner_id]);
  62     if ($row) {
  63         $claim_file_dir = $row['x12_sftp_local_dir'];
  64     }
  65
  66     if (file_exists($claim_file_dir . $fname)) {
  67         $claim_file_found = true;
  68     }
  69 }
  70
  71 if ($claim_file_found === false) {
  72     $claim_file_dir = $GLOBALS['OE_SITE_DIR'] . "/documents/edi/";
  73 }
  74
  75 $fname = $claim_file_dir . $fname;
  76
  77 if (strtolower(substr($fname, (strlen($fname) - 4))) == ".pdf") {
  78     $content_type = "application/pdf";
  79 }
  80
  81 if (!file_exists($fname)) {
  82     echo xlt("The claim file: ") . text($_GET['key']) . xlt(" could not be accessed.");
  83 } else {
  84     $fp = fopen($fname, 'r');
  85
  86     header("Pragma: public");
  87     header("Expires: 0");
  88     header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
  89     header("Content-Type: $content_type");
  90     header("Content-Length: " . filesize($fname));
  91     header("Content-Disposition: attachment; filename=" . basename($fname));
  92
  93     // dump the picture and stop the script
  94     fpassthru($fp);
  95
  96     // If the caller sets the delete flag, delete the file when we're done serving it
  97     // This is the common case of a temporary file when validation-only is performed
  98     // by the BillingProcessor
  99     if (
 100         isset($_GET['delete']) &&
 101         $_GET['delete'] == 1
 102     ) {
 103         unlink($fname);
 104     }
 105 }
 106
 107 exit;