if ($result) { if ($title == "") { $title = $result['title']; } $body = $result['body']; if ($reply_to == "") { $reply_to = $result['pid']; } $form_message_status = $result['message_status']; } break; case "delete": // Delete selected message(s) from the Messages box (only). $delete_id = $_POST['delete_id']; for ($i = 0; $i < count($delete_id); $i++) { deletePnote($delete_id[$i]); newEvent("delete", $_SESSION['authUser'], $_SESSION['authProvider'], 1, "pnotes: id " . $delete_id[$i]); } break; } if ($task == "addnew" or $task == "edit") { // Display the Messages page layout. echo "\n<form name=new_note id=new_note action=\"messages.php?showall=" . attr($showall) . "&sortby=" . attr($sortby) . "&sortorder=" . attr($sortorder) . "&begin=" . attr($begin) . "&{$activity_string_html}\" method=post>\n<input type=hidden name=noteid id=noteid value='" . attr($noteid) . "'>\n<input type=hidden name=task id=task value=add>"; ?> <div id="pnotes"><center> <table border='0' cellspacing='8'> <tr> <td class='text'> <b><?php echo htmlspecialchars(xl('Type'), ENT_NOQUOTES); ?>
$note = $_POST['note']; if ($noteid) { updatePnote($noteid, $note, $_POST['form_note_type'], $_POST['assigned_to']); } else { $noteid = addPnote($patient_id, $note, $userauthorized, '1', $_POST['form_note_type'], $_POST['assigned_to']); } if ($docid) { setGpRelation(1, $docid, 6, $noteid); } if ($orderid) { setGpRelation(2, $orderid, 6, $noteid); } $noteid = ''; } elseif ($mode == "delete") { if ($noteid) { deletePnote($noteid); newEvent("delete", $_SESSION['authUser'], $_SESSION['authProvider'], 1, "pnotes: id " . $noteid); } $noteid = ''; } } $title = ''; $assigned_to = $_SESSION['authUser']; if ($noteid) { $prow = getPnoteById($noteid, 'title,assigned_to,body'); $title = $prow['title']; $assigned_to = $prow['assigned_to']; } // Get the users list. The "Inactive" test is a kludge, we should create // a separate column for this. $ures = sqlStatement("SELECT username, fname, lname FROM users " . "WHERE username != '' AND active = 1 AND " . "( info IS NULL OR info NOT LIKE '%Inactive%' ) " . "ORDER BY lname, fname");
* @package OpenEMR * @author Karl Englund <*****@*****.**> * @link http://www.open-emr.org */ header("Content-Type:text/xml"); $ignoreAuth = true; require_once 'classes.php'; $xml_string = ""; $xml_string = "<PatientNotes>"; $token = $_POST['token']; $id = $_POST['noteId']; if ($userId = validateToken($token)) { $user = getUsername($userId); $acl_allow = acl_check('patients', 'notes', $user); if ($acl_allow) { $result = deletePnote($id); if ($result) { $xml_string .= "<status>0</status>"; $xml_string .= "<reason>Patient Notes has been deleted</reason>"; } else { $xml_string .= "<status>-1</status>"; $xml_string .= "<reason>ERROR: Sorry, there was an error processing your data. Please re-submit the information again.</reason>"; } } else { $xml_string .= "<status>-2</status>\n"; $xml_string .= "<reason>You are not Authorized to perform this action</reason>\n"; } } else { $xml_string .= "<status>-2</status>"; $xml_string .= "<reason>Invalid Token</reason>"; }