"; $mainDirTest = ""; $outputs = array(); foreach ($resultsNegative as $failedDir) { if (basename($failedDir) == basename($dir)) { // need to reorder output so the main directory is at the top of the list $mainDirTest = "UNABLE to open directory '" . text(realpath($failedDir)) . "' for writing by web server.
\r\n"; } else { $outputs[] = "UNABLE to open subdirectory '" . text(realpath($failedDir)) . "' for writing by web server.
\r\n"; } } if ($mainDirTest) { // need to reorder output so the main directory is at the top of the list array_unshift($outputs, $mainDirTest); } foreach ($outputs as $output) { echo $output; } echo "(configure directory permissions; see below for further instructions)

\r\n"; return 1; } else { echo "" . text(realpath($dir)) . " directory and its subdirectories are ready.

\r\n"; return 0; } } // Include standard libraries/classes require_once dirname(__FILE__) . "/vendor/autoload.php"; use OpenEMR\Common\Utils\RandomGenUtils; $COMMAND_LINE = php_sapi_name() == 'cli'; $state = isset($_POST["state"]) ? ($_POST["state"]) : ''; $installer = new Installer($_REQUEST); // Make this true for IPPF. $ippf_specific = false; $error_page_end = << EPE; // If this script was invoked with no site ID, then ask for one. if (!$COMMAND_LINE && empty($_REQUEST['site'])) { $site_id = << OpenEMR Setup Tool

Optional Site ID Selection

Most OpenEMR installations support only one site. If that is true for you then ignore the rest of this text and just click Continue.

If you are using the multisite setup module for the first time please read the 'Multi Site Installation' section of the help file before proceeding.

Otherwise please enter a unique Site ID here.

A Site ID is a short identifier with no spaces or special characters other than periods or dashes. It is case-sensitive and we suggest sticking to lower case letters for ease of use.

If each site will have its own host/domain name, then use that name as the Site ID (e.g. www.example.com).

The site ID is used to identify which site you will log in to. If it is a hostname then it is taken from the hostname in the URL. Otherwise you must append "?site=siteid" to the URL used for logging in.

It is OK for one of the sites to have "default" as its ID. This is the ID that will be used if it cannot otherwise be determined.

Site ID:
SITEID; echo $site_id . "\r\n"; $installer->setupHelpModal(); echo "" . "\r\n"; echo "" . "\r\n"; exit(); } // Support "?site=siteid" in the URL, otherwise assume "default". $site_id = 'default'; if (!$COMMAND_LINE && !empty($_REQUEST['site'])) { $site_id = trim($_REQUEST['site']); } // Die if site ID is empty or has invalid characters. if (empty($site_id) || preg_match('/[^A-Za-z0-9\\-.]/', $site_id)) { die("Site ID '" . text($site_id) . "' contains invalid characters."); } // If multisite is turned off, then only allow default for site. if (!$allow_multisite_setup && $site_id != 'default') { die("To turn on support for multisite setup, need to edit this script and change \$allow_multisite_setup to true. After you are done setting up the cloning, ensure you change \$allow_multisite_setup back to false or remove this script altogether"); } // Disable file and directory permissions check by setting to false $checkPermissions = true; global $OE_SITE_DIR; // The Installer sets this $docsDirectory = "$OE_SITE_DIR/documents"; //These are files and dir checked before install for // correct permissions. if (is_dir($OE_SITE_DIR)) { $writableFileList = array($installer->conffile); $writableDirList = array($docsDirectory); } else { $writableFileList = array(); $writableDirList = array($OE_SITES_BASE); } // Include the sqlconf file if it exists yet. $config = 0; if (file_exists($OE_SITE_DIR)) { include_once($installer->conffile); } elseif ($state > 3) { // State 3 should have created the site directory if it is missing. die("Internal error, site directory is missing."); } ?> OpenEMR Setup Tool
ERROR"; $caution = "CAUTION"; $ok = "OK"; $note = "NOTE"; if (strtolower(ini_get('register_globals')) != 'off' && (bool) ini_get('register_globals')) { echo "$caution: It appears that you have register_globals enabled in your php.ini\n" . "configuration file. This causes unacceptable security risks. You must\n" . "turn it off before continuing with installation.\n"; exit(1); } if (!extension_loaded("xml")) { echo "$error: PHP XML extension missing. To continue, install PHP XML extension, then restart web server."; exit(1); } if (!(extension_loaded("mysql") || extension_loaded("mysqlnd") || extension_loaded("mysqli"))) { echo "$error: PHP MySQL extension missing. To continue, install and enable MySQL extension, then restart web server."; exit(1); } if (!(extension_loaded("mbstring") )) { echo "$error: PHP mb_string extension missing. To continue, install and enable mb_string extension, then restart web server."; exit(1); } if (!(extension_loaded("openssl") )) { echo "$error: PHP openssl extension missing. To continue, install PHP openssl extension, then restart web server."; exit(1); } ?>

Final step - Success

Congratulations! OpenEMR is now installed.

  • Access controls (php-GACL) are installed for fine-grained security, and can be administered in OpenEMR's admin->acl menu.
  • Reviewing /config.php is a good idea. This file contains some settings that you may want to change.
  • There's much information and many extra tools bundled within the OpenEMR installation directory. Please refer to openemr/Documentation. Many forms and other useful scripts can be found at openemr/contrib.
  • To ensure a consistent look and feel throughout the application, Firefox and Chrome are recommended. The OpenEMR development team exclusively tests with modern versions of these browsers.
  • The OpenEMR project home page, documentation, and forums can be found at https://www.open-emr.org
  • We pursue grants to help fund the future development of OpenEMR. To apply for these grants, we need to estimate how many times this program is installed and how many practices are evaluating or using this software. It would be awesome if you would email us at hello@open-emr.org if you have installed this software. The more details about your plans with this software, the better, but even just sending us an email stating you just installed it is very helpful.

We recommend you print these instructions for future reference.

The selected theme is :

"; $installer->displayNewThemeDiv(); if (empty($installer->clone_database)) { echo "

The initial OpenEMR user is '" . text($installer->iuser) . "' and the password is '" . text($installer->iuserpass) . "'

"; } else { echo "

The initial OpenEMR user name and password is the same as that of source site '" . text($installer->source_site_id) . "'

"; } echo "

If you edited the PHP or Apache configuration files during this installation process, then we recommend you restart your Apache server before following below OpenEMR link.

"; echo "

In Linux use the following command:

"; echo "

sudo apachectl -k restart

"; ?>

Click to start using OpenEMR.

setCurrentTheme(); $end_div = <<
ENDDIV; echo $end_div . "\r\n"; $installer->setupHelpModal(); echo "" . "\r\n"; echo "" . "\r\n"; exit(); } ?> conffile) . " (change the 'config' variable to 0), and re-run this script.
\n"; } else { switch ($state) { case 1: $state_esc = text($state); $site_id_esc = attr($site_id); $step1 = <<Step $state_esc - Select Database Setup

Now I need to know whether you want me to create the database on my own or if you have already created the database for me to use. For me to create the database, you will need to supply the MySQL root password.

$caution: clicking on Proceed to Step 2 may delete or cause damage to existing data on your system. Before you continue please backup your data.

STP1; echo $step1 . "\r\n"; break; case 2: $state_esc = text($state); $site_id_esc = attr($site_id); $inst_esc = attr($inst); $step2top = <<Step $state_esc - Database and OpenEMR Initial User Setup Details

Now you need to supply the MySQL server information and path information. Detailed instructions on each item can be found in the 'INSTALL' manual file.

STP2TOP; echo $step2top . "\r\n"; $step2tabletop1 = << MySQL Server Details

If you run MySQL and Apache/PHP on the same computer, then leave this as 'localhost'.

If they are on separate computers, then enter the IP address of the computer running MySQL.

This is the MySQL port.

The default port for MySQL is 3306.

This will be the name of the OpenEMR database in MySQL.

'openemr' is the recommended name.

This database will contain patient data as well as data pertaining to the OpenEMR installation.

This is the name that OpenEMR will use to login to the MySQL database.

'openemr' is the recommended name.

This is the Login Password that OpenEMR will use to accesses the MySQL database.

It should be at least 12 characters long and composed of both numbers and letters.

STP2TBLTOP1; echo $step2tabletop1 . "\r\n"; if ($inst != 2) { $step2tabletop2 = <<

This is name for the MySQL root account.

For localhost, it is usually ok to leave it as 'root'.

This is your MySQL server root password.

If you run Apache/PHP and MySQL on the same computer, then leave this as 'localhost'.

If they are on separate computers, then enter the IP address of the computer running Apache/PHP.

This is the collation setting for MySQL.

Collation refers to a set of rules that determine how data is sorted and compared in a database.

Leave as 'General' if you are not sure.

If the language you are planning to use in OpenEMR is in the menu, then you can select it.

Otherwise, just select 'General'.

STP2TBLTOP2; echo $step2tabletop2 . "\r\n"; } // Include a "source" site ID drop-list and a checkbox to indicate // if cloning its database. When checked, do not display initial user // and group stuff below. $dh = opendir($OE_SITES_BASE); if (!$dh) { die("Cannot read directory '" . text($OE_SITES_BASE) . "'."); } $siteslist = array(); while (false !== ($sfname = readdir($dh))) { if (substr($sfname, 0, 1) == '.') { continue; } if ($sfname == 'CVS') { continue; } if ($sfname == $site_id) { continue; } $sitedir = "$OE_SITES_BASE/$sfname"; if (!is_dir($sitedir)) { continue; } if (!is_file("$sitedir/sqlconf.php")) { continue; } $siteslist[$sfname] = $sfname; } closedir($dh); // If this is not the first site... if (!empty($siteslist)) { ksort($siteslist); $source_site_top = <<

Clone the source site's database instead of creating a fresh one.

SOURCESITEBOT; echo $source_site_bot . "\r\n"; } $randomusernamepre = RandomGenUtils::produceRandomString(3, "ABCDEFGHIJKLMNOPQRSTUVWXYZ"); $randomusernamepost = RandomGenUtils::produceRandomString(2, "0123456789"); $randomusername = $randomusernamepre . "-admin-" . $randomusernamepost; // App Based TOTP secret // Shared key (per rfc6238 and rfc4226) should be 20 bytes (160 bits) and encoded in base32, which should // be 32 characters in base32 // Would be nice to use the OpenEMR\Common\Utils\RandomGenUtils\produceRandomBytes() function and then encode to base32, // but does not appear to be a standard way to encode binary to base32 in php. $randomsecret = RandomGenUtils::produceRandomString(32, "234567ABCDEFGHIJKLMNOPQRSTUVWXYZ"); if (empty($randomsecret) || empty($randomusernamepre) || empty($randomusernamepost)) { error_log('OpenEMR Error : Random String error - exiting'); die(); } $disableCheckbox = ""; if (empty($randomsecret)) { $randomsecret = ""; $disableCheckbox = "disabled"; } $randomsecret_esc = attr($randomsecret); $randomusername_esc = attr($randomusername); $step2tablebot = <<
OpenEMR Initial User Details

This is the login name of the first user that will be created for you.

Limit this to one word with at least 12 characters and composed of both numbers and letters.

This is the password for the initial user.

This is the First name of the 'initial user'.

This is the Last name of the 'initial user'.

This is the group that will be created for your users.

This should be the name of your practice.

Enable 2 Factor Authentication for Initial User (more secure - optional)
Enable 2FA

If selected will allow TOTP 2 factor authentication for the initial user.

Click on the help file for more information.


If enabled, you must have an authenticator app on your phone ready to scan the QR code displayed next.

Example authenticator apps include:

Click the Create DB and User button below to create the database and first user . $note: This process will take a few minutes.

STP2TBLBOT; echo $step2tablebot . "\r\n"; break; case 3: // Form Validation // (applicable if not cloning from another database) $pass_step2_validation = true; $error_step2_message = "$error - "; if (! $installer->char_is_valid($_REQUEST['server'])) { $pass_step2_validation = false; $error_step2_message .= "A database server host is required
\n"; } if (! $installer->char_is_valid($_REQUEST['port'])) { $pass_step2_validation = false; $error_step2_message .= "A database server port value is required
\n"; } if (! $installer->databaseNameIsValid($_REQUEST['dbname'])) { $pass_step2_validation = false; $error_step2_message .= "A database name is required
\n"; } if (! $installer->collateNameIsValid($_REQUEST['collate'])) { $pass_step2_validation = false; $error_step2_message .= "A collation name is required
\n"; } if (! $installer->char_is_valid($_REQUEST['login'])) { $pass_step2_validation = false; $error_step2_message .= "A database login name is required
\n"; } if (! $installer->char_is_valid($_REQUEST['pass'])) { $pass_step2_validation = false; $error_step2_message .= "A database login password is required
\n"; } if (!$pass_step2_validation) { $error_step2_message .= $error_page_end . "\r\n"; die($error_step2_message); } if (empty($installer->clone_database)) { if (! $installer->login_is_valid()) { echo "$error. Please pick a proper 'Login Name'.
\n"; echo "Click Back in browser to re-enter.
\n"; break; } if (! $installer->iuser_is_valid()) { echo "$error. The 'Initial User' field can only contain one word and no spaces.
\n"; echo "Click Back in browser to re-enter.
\n"; break; } if (! $installer->user_password_is_valid()) { echo "$error. Please pick a proper 'Initial User Password'.
\n"; echo "Click Back in browser to re-enter.
\n"; break; } } if (! $installer->password_is_valid()) { echo "$error. Please pick a proper 'Password'.
\n"; echo "Click Back in browser to re-enter.
\n"; break; } if (! $installer->iuname_is_valid()) { echo "$error. Please pick a proper 'Initial User Last Name'.
\n"; echo "Click Back in browser to re-enter.
\n"; break; } echo "

Step " . text($state) . " - Creating Database and First User

"; echo "
"; // Skip below if database shell has already been created. if ($inst != 2) { echo "Connecting to MySQL Server...\n"; flush(); if (! $installer->root_database_connection()) { echo "$error. Check your login credentials.\n"; echo text($installer->error_message); break; } else { echo "$ok.
\n"; flush(); } } // Only pertinent if cloning another installation database if ($allow_cloning_setup && !empty($installer->clone_database)) { echo "Dumping source database..."; flush(); if (! $installer->create_dumpfiles()) { echo text($installer->error_message); break; } else { echo "$ok.
\n"; flush(); } } // Only pertinent if mirroring another installation directory if (! empty($installer->source_site_id)) { echo "Creating site directory..."; if (! $installer->create_site_directory()) { echo text($installer->error_message); break; } else { echo "$ok.
"; flush(); } } // Skip below if database shell has already been created. if ($inst != 2) { echo "Creating database...\n"; flush(); if (! $installer->create_database()) { echo "$error. Check your login credentials.\n"; echo text($installer->error_message); break; } else { echo "$ok.
\n"; flush(); } echo "Creating user with permissions for database...\n"; flush(); $user_mysql_error = true; if (! $installer->create_database_user()) { echo "$error when creating specified user.\n"; echo text($installer->error_message); break; } else { $user_mysql_error = false; } if (! $installer->grant_privileges()) { echo "$error when granting privileges to the specified user.\n"; echo text($installer->error_message); break; } else { $user_mysql_error = false; } if (!$user_mysql_error) { echo "$ok.
\n"; flush(); } echo "Reconnecting as new user...\n"; flush(); $installer->disconnect(); } else { echo "Connecting to MySQL Server...\n"; } if (! $installer->user_database_connection()) { echo "$error. Check your login credentials.\n"; echo text($installer->error_message); break; } else { echo "$ok.
\n"; flush(); } // Load the database files $dump_results = $installer->load_dumpfiles(); if (! $dump_results) { echo "$error.\n"; echo text($installer->error_message); break; } else { echo $dump_results; flush(); } echo "Writing SQL configuration...\n"; flush(); if (! $installer->write_configuration_file()) { echo "$error.\n"; echo text($installer->error_message); break; } else { echo "$ok.
\n"; flush(); } // Only pertinent if not cloning another installation database if (empty($installer->clone_database)) { echo "Setting version indicators...\n"; flush(); if (! $installer->add_version_info()) { echo "$error.\n"; echo text($installer->error_message); ; break; } else { echo "$ok
\n"; flush(); } echo "Writing global configuration defaults...\n"; flush(); if (! $installer->insert_globals()) { echo "$error.\n"; echo text($installer->error_message); ; break; } else { echo "$ok
\n"; flush(); } echo "Setting up Access Controls...\n"; require("$OE_SITE_DIR/sqlconf.php"); if (! $installer->install_gacl()) { echo "$error -.\n"; echo text($installer->error_message); break; } else { echo "$ok
\n"; flush(); } echo "Adding Initial User...\n"; flush(); if (! $installer->add_initial_user()) { echo "$error.\n"; echo text($installer->error_message); break; } echo "$ok
\n"; flush(); echo "Adding Additional Users...\n"; flush(); if (! $installer->install_additional_users()) { echo "$error.\n"; echo text($installer->error_message); break; } echo "$ok
\n"; flush(); echo "Configuring Care Coordination Module...\n"; flush(); if (! $installer->on_care_coordination()) { echo "$error.\n"; echo text($installer->error_message); break; } echo "$ok
\n"; flush(); } // If user has selected to set MFA App Based 2FA, display QR code to scan $qr = $installer->get_initial_user_2fa_qr(); $qr_esc = attr($qr); if ($qr) { $qrDisplay = <<

You must scan the following QR code with your preferred authenticator app.

Example authenticator apps include:
TOTP; echo $qrDisplay; } if ($allow_cloning_setup && !empty($installer->clone_database)) { // Database was cloned, skip ACL setup. $btn_text = 'Proceed to Select a Theme'; echo "
"; echo "

The database was cloned, access control list exists therefore skipping ACL setup

"; echo "

Click " . text($btn_text) . " for further instructions.

"; $next_state = 7; } else { $btn_text = 'Proceed to Step 4'; echo "
"; echo "

Granted user " . text($installer->iuser) . " administrator access control (password is " . text($installer->iuserpass) . ").

"; echo "

The next step will configure php.

"; echo "

Click " . text($btn_text) . " to continue.

"; $next_state = 4; } echo "
\r\n"; if ($allow_cloning_setup) { echo ""; echo ""; } $btn_text_esc = text($btn_text); $form_bottom = <<
FRMBOT; echo $form_bottom . "\r\n"; break; case 4: $state_esc = text($state); $step4_top = <<Step $state_esc - Configure PHP

Configuration of PHP...

We recommend making the following changes to your PHP installation, which can normally be done by editing the php.ini configuration file:

    STP4TOP; echo $step4_top . "\r\n"; $gotFileFlag = 0; $phpINIfile = php_ini_loaded_file(); if ($phpINIfile) { echo "
  • Your php.ini file can be found at " . text($phpINIfile) . "
  • \n"; $gotFileFlag = 1; } $short_tag = ini_get('short_open_tag') ? 'On' : 'Off'; $short_tag_style = (strcmp($short_tag, 'Off') === 0) ? '' : 'text-danger'; $display_errors = ini_get('display_errors') ? 'On' : 'Off'; $display_errors_style = (strcmp($display_errors, "Off") === 0) ? '' : 'text-danger'; $register_globals = ini_get('register_globals') ? 'On' : 'Off'; $register_globals_style = (strcmp($register_globals, 'Off') === 0) ? '' : 'text-danger'; $max_input_vars = ini_get('max_input_vars'); $max_input_vars_style = $max_input_vars < 3000 ? 'text-danger' : ''; $max_execution_time = (int)ini_get('max_execution_time'); $max_execution_time_style = $max_execution_time >= 60 || $max_execution_time === 0 ? '' : 'text-danger'; $max_input_time = ini_get('max_input_time'); $max_input_time_style = (strcmp($max_input_time, '-1') === 0) ? '' : 'text-danger'; $post_max_size = ini_get('post_max_size'); $post_max_size_style = $post_max_size < 30 ? 'text-danger' : ''; $memory_limit = ini_get('memory_limit'); $memory_limit_style = $memory_limit < 256 ? 'text-danger' : ''; $mysqli_allow_local_infile = ini_get('mysqli.allow_local_infile') ? 'On' : 'Off'; $mysqli_allow_local_infile_style = (strcmp($mysqli_allow_local_infile, 'On') === 0) ? '' : 'text-danger'; echo "
  • To ensure proper functioning of OpenEMR you must make sure that PHP settings include:
    Setting Required value Current value
    short_open_tag Off " . text($short_tag) . "
    display_errors Off " . text($display_errors) . "
    register_globals Off " . text($register_globals) . "
    max_input_vars at least 3000 " . text($max_input_vars) . "
    max_execution_time at least 60 " . text($max_execution_time) . "
    max_input_time -1 " . text($max_input_time) . "
    post_max_size at least 30M " . text($post_max_size) . "
    memory_limit at least 256M " . text($memory_limit) . "
    mysqli.allow_local_infile On " . text($mysqli_allow_local_infile) . "
  • In order to take full advantage of the patient documents capability you must make sure that settings in php.ini file include \"file_uploads = On\", that \"upload_max_filesize\" is appropriate for your use and that \"upload_tmp_dir\" is set to a correct value that will work on your system.
  • \r\n"; if (!$gotFileFlag) { echo "
  • If you are having difficulty finding your php.ini file, then refer to the 'INSTALL' manual for suggestions.
  • \n"; } $btn_text = 'Proceed to Step 5'; echo "

We recommend you print these instructions for future reference.

The next step will configure the Apache web server.

Click " . text($btn_text) . " to continue.

\r\n"; break; case 5: echo "

Step " . text($state) . " - Configure Apache Web Server

"; echo "
"; echo "

Configuration of Apache web server...

\n"; echo "The \"" . text(preg_replace("/${site_id}/", "*", realpath($docsDirectory))) . "\" directory contain patient information, and it is important to secure these directories. Additionally, some settings are required for the Zend Framework to work in OpenEMR. This can be done by pasting the below to end of your apache configuration file:

  <Directory \"" . text(realpath(dirname(__FILE__))) . "\">
      AllowOverride FileInfo
      Require all granted
  <Directory \"" . text(realpath(dirname(__FILE__))) . "/sites\">
      AllowOverride None

  <Directory \"" . text(preg_replace("/${site_id}/", "*", realpath($docsDirectory))) . "\">
      Require all denied

"; $btn_text = 'Proceed to Select a Theme'; echo "

If you are having difficulty finding your apache configuration file, then refer to the 'INSTALL' manual for suggestions.

We recommend you print these instructions for future reference.

Click '" . text($btn_text) . "' to select a theme.

\r\n"; break; case 6: echo "

Step " . text($state) . " - Select a Theme

"; echo "
"; echo "

Select a theme for OpenEMR...

\n"; $btn_text = "Proceed to Final Step"; $installer->displaySelectedThemeDiv(); echo "

Select One:

\r\n"; echo ' BOT; echo $bot . "\r\n"; ?>