Title: Referti IGEA
Author: S0ft.it
Published: <strong>14 Korrik, 2026</strong>
Last modified: 14 Korrik, 2026

---

Kërkoni te shtojca

![](https://ps.w.org/referti-igea/assets/banner-772x250.png?rev=3607792)

![](https://ps.w.org/referti-igea/assets/icon-256x256.png?rev=3607792)

# Referti IGEA

 Nga [S0ft.it](https://profiles.wordpress.org/apiganti/)

[Shkarkim](https://downloads.wordpress.org/plugin/referti-igea.1.0.0.zip)

 * [Hollësi](https://sq.wordpress.org/plugins/referti-igea/#description)
 * [Shqyrtime](https://sq.wordpress.org/plugins/referti-igea/#reviews)
 *  [Instalim](https://sq.wordpress.org/plugins/referti-igea/#installation)
 * [Zhvillim](https://sq.wordpress.org/plugins/referti-igea/#developers)

 [Asistencë](https://wordpress.org/support/plugin/referti-igea/)

## Përshkrim

**Referti IGEA** adds a private area to your WordPress site where registered patients
of a facility using the IGEA CRM by S0ft.it can download their medical reports (
referti).

Patients identify themselves with their Italian fiscal code (validated with check
digit and “omocodia” support) and verify their identity with a **one-time password
sent via SMS** or with a **personal password** issued in the “report ready” email—
optionally combined (two-step verification).

Reports are exported by the CRM to `docs/{PATIENT_ID}/referti/` and registered with
the `PUSHReferto()` helper, which updates the `referti` table and notifies the patient
by email and/or SMS according to the plugin settings.

#### Main features

 * Secure identification: fiscal code + SMS OTP, personal password, or both — with
   optional two-step verification (password + OTP)
 * Personal password automatically generated and delivered with the “report ready”
   email
 * Report list with date, type, specialty, description and “new” badge for reports
   never downloaded
 * One-click download; download tracking (first download date, counter)
 * Configurable notifications on new report: email (with password when first issued)
   and/or SMS (short text, no clinical details)
 * Configurable visibility: immediately, after approval from the CRM (`PubblicaReferto()`),
   or after N days
 * Access audit log on the CRM (logins and downloads, with IP) — reports are health
   data
 * Rate limiting, OTP expiry and attempt limits, password lockout after repeated
   failures
 * Temporary suspension of the service with a custom message
 * Customizable colors to match your theme; same look & feel as Prenotazioni IGEA
 * No external dependencies: all CSS and JavaScript is bundled with the plugin

#### Security

The API key never leaves the server: the patient’s browser only talks to WordPress,
which forwards requests to the CRM. Nonce on every call, field whitelisting, session
tokens issued only after identity verification, ownership check on every download,
path hardening on the CRM side, rate limiting per IP and per patient.

#### Requirements

This plugin is a connector: **it requires an installation of the IGEA CRM** by S0ft.
it, reachable over HTTPS, with the `referti_api.php` endpoint, the `referti_push.
php` helper, the SQL script (`referti.sql`) executed, and — for OTP and SMS notifications—
an SMS provider configured. Without the CRM the plugin has no standalone functionality.
More about the CRM: [www.s0ft.it](https://www.s0ft.it).

#### External services

This plugin sends data to the IGEA CRM server configured by the site administrator(
URL and API key in the plugin settings). The data transmitted is what the patient
enters in the form (fiscal code, verification codes or password) plus the visitor’s
IP address, used exclusively for anti-abuse rate limiting and access logging. Downloaded
reports travel from your CRM server to the patient’s browser through your WordPress
site. No data is ever sent to S0ft.it or to any third party by this plugin: the 
destination server is chosen and operated by the site owner.

## Foto ekrani

[⌊Step 1: fiscal code entry⌉⌊Step 1: fiscal code entry⌉[

Step 1: fiscal code entry

[⌊Identity verification: SMS code or personal password⌉⌊Identity verification: SMS
code or personal password⌉[

Identity verification: SMS code or personal password

[⌊Report list with "new" badge and download⌉⌊Report list with "new" badge and download⌉[

Report list with “new” badge and download

[⌊Plugin settings page⌉⌊Plugin settings page⌉[

Plugin settings page

## Instalim

 1. Install and activate the plugin from Plugins  Add New, or upload the `referti-igea`
    folder to `/wp-content/plugins/`.
 2. On the IGEA CRM server: copy `referti_api.php` and `referti_push.php` into the `
    ajax/` folder (next to `orari.php`), edit the API key, token secret and WordPress
    origin at the top of `referti_api.php`, and run the `referti.sql` script on the
    CRM database.
 3. Go to **Settings  Referti IGEA** and enter the API URL and key (the same key configured
    on the CRM).
 4. Choose the access method, notifications, visibility mode and the page that will
    contain the shortcode (its link is used in emails and SMS).
 5. Add the `[referti_crm]` shortcode to that page.
 6. In the CRM, call `PUSHReferto($patientId, $fileName, $meta)` after exporting each
    report file to `docs/{patientId}/referti/`. In “approval” visibility mode, call`
    PubblicaReferto($reportId)` to publish and notify.
 7. Optional: create the `SEND_REF` email template in the CRM `templates_email` table
    to customize the notification (placeholders: [nome] [cognome] [nominativo] [cf][
    email] [cellulare] [tiporeferto] [descrizione] [specialita] [datareferto] [datadisponibile][
    password] [linkreferti]).

## PBR

### Does the plugin work without the IGEA CRM?

No. It is a connector for the IGEA CRM by S0ft.it: report files, patient records,
email and SMS sending all live on the CRM. The plugin provides the private area 
on the website and the secure connection.

### Where are the report files stored?

On the CRM server, in `docs/{PATIENT_ID}/referti/`. They are streamed to the patient
through WordPress only after identity verification and an ownership check; they 
are never copied to the WordPress server.

### How does the patient get their personal password?

It is generated by `PUSHReferto()` the first time a report is published for that
patient (when the access method includes the password) and delivered in the notification
email. Only a hash is stored. If lost, the patient can use the SMS code (when enabled)
or the secretary can regenerate it with the `rigenera_password` option of `PUSHReferto()`.

### Can new patients register from the website?

No. The reports area is reserved for patients already in the CRM archive: registration
happens at the facility (or through the Prenotazioni IGEA plugin).

### Is the plugin GDPR compliant?

Reports are health data: the plugin verifies the patient’s identity before any access,
never exposes clinical details in SMS, and logs every login and download with date
and IP on the CRM. Overall compliance depends on the site owner’s privacy policy
and processes.

### How do I customize the notification email?

Create the `SEND_REF` template in the CRM `templates_email` table (same mechanism
as Prenotazioni IGEA). If the template does not exist, a built-in fallback body 
is used which, for confidentiality, does not include the clinical description of
the report.

## Shqyrtime

Për këtë shtojcë s’ka shqyrtime.

## Kontribues & Zhvillues

“Referti IGEA” është software me burim të hapur. Në këtë shtojcë kanë dhënë ndihmesë
personat vijues.

Kontribues

 *   [ S0ft.it ](https://profiles.wordpress.org/apiganti/)

[Përkthejeni “Referti IGEA” në gjuhën tuaj.](https://translate.wordpress.org/projects/wp-plugins/referti-igea)

### Ju intereson zhvillimi?

[Shfletoni kodin](https://plugins.trac.wordpress.org/browser/referti-igea/), shkarkoni
[depon SVN](https://plugins.svn.wordpress.org/referti-igea/), ose pajtohuni përmes
[RSS-je](https://plugins.trac.wordpress.org/log/referti-igea/?limit=100&mode=stop_on_copy&format=rss)
te [regjistri i zhvillimeve](https://plugins.trac.wordpress.org/log/referti-igea/).

## Regjistër ndryshimesh

#### 1.0.0

 * First release: fiscal code + SMS OTP or personal password (optional two-step),
   report list and download, configurable notifications and visibility, access audit
   log, suspension mode, custom colors

## Të tjera

 *  Version **1.0.0**
 *  Përditësuar së fundi më **22 orë më parë**
 *  Instalime aktive **Më pak se 10**
 *  Version WordPress-i ** 6.0 ose më i madh **
 *  E provuar deri me **7.0.1**
 *  Version PHP-je ** 7.4 ose më i madh **
 *  Gjuhë
 * [English (US)](https://wordpress.org/plugins/referti-igea/)
 * Etiketa
 * [download](https://sq.wordpress.org/plugins/tags/download/)[healthcare](https://sq.wordpress.org/plugins/tags/healthcare/)
   [medical records](https://sq.wordpress.org/plugins/tags/medical-records/)
 *  [Pamje e Thelluar](https://sq.wordpress.org/plugins/referti-igea/advanced/)

## Vlerësime

S’është parashtruar ende ndonjë përshtypje.

[Your review](https://wordpress.org/support/plugin/referti-igea/reviews/#new-post)

[Shihni krejt shqyrtimet](https://wordpress.org/support/plugin/referti-igea/reviews/)

## Kontribues

 *   [ S0ft.it ](https://profiles.wordpress.org/apiganti/)

## Asistencë

Keni diçka për të thënë? Ju duhet ndihmë?

 [Shihni forum asistence](https://wordpress.org/support/plugin/referti-igea/)

## Dhuroni

Do të donit të përkrahnit shpënien më tej të kësaj shtojce?

 [ Dhuroni për këtë shtojcë ](https://www.s0ft.it)