* @author Karl Englund <*****@*****.**> * @link http://www.open-emr.org */ header("Content-Type:text/xml"); $ignoreAuth = true; require_once 'classes.php'; include_once "{$srcdir}/onotes.inc"; $xml_string = ""; $xml_string .= "<officenote>"; $token = $_POST['token']; $body = $_POST['body']; if ($userId = validateToken($token)) { $user = getUsername($userId); $acl_allow = acl_check('admin', 'super', $user); // $_SESSION['authUser'] used in addOnote() function. $_SESSION['authUser'] = $user; $_SESSION['authProvider'] = getAuthGroup($user); if ($acl_allow) { addOnote($body); $xml_string .= "<status>0</status>\n"; $xml_string .= "<reason>Office Note Added Successfully</reason>\n"; } else { $xml_string .= "<status>-2</status>\n"; $xml_string .= "<reason>You are not Authorized to perform this action</reason>\n"; } } else { $xml_string .= "<status>-2</status>"; $xml_string .= "<reason>Invalid Token</reason>"; } $xml_string .= "</officenote>"; echo $xml_string;
$priceLevel = $_POST['priceLevel']; $justify = $_POST['justify']; $code_text = !empty($_POST['code_text']) ? $_POST['code_text'] : ''; $ct0 = ''; //takes the code type of the first fee type code type entry from the fee sheet, against which the copay is posted $cod0 = ''; //takes the code of the first fee type code type entry from the fee sheet, against which the copay is posted $mod0 = ''; //takes the modifier of the first fee type code type entry from the fee sheet, against which the copay is posted $ndc_info = !empty($_POST['ndc_info']) ? $_POST['ndc_info'] : ''; $noteCodes = !empty($_POST['noteCodes']) ? $_POST['noteCodes'] : ''; $fee = sprintf('%01.2f', (0 + trim($price)) * $units); if ($userId = validateToken($token)) { $user = getUsername($userId); $acl_allow = acl_check('acct', 'bill', $user); $provider = getAuthGroup($user); if ($authGroup = sqlQuery("select * from groups where user='******' and name='{$provider}'")) { $_SESSION['authProvider'] = $provider; $_SESSION['authId'] = $userId; $_SESSION['pid'] = $patientId; } if ($acl_allow) { if ($code_type == 'COPAY') { $strQuery3 = "SELECT pay_amount FROM ar_activity " . "WHERE pid=? AND encounter=? AND session_id=?"; $res_amount = sqlQuery($strQuery3, array($patientId, $visit_id, $id)); $getCode = "SELECT * FROM `billing` WHERE pid = ? AND encounter = ? ORDER BY `billing`.`encounter` ASC LIMIT 1"; $res = sqlQuery($getCode, array($patientId, $visit_id)); if ($fee != $res_amount['pay_amount']) { $cod0 = $res['code']; $ct0 = $res['code_type']; $mod0 = $res['modifier'];