function review_of_systems_report($pid, $encounter, $cols, $id)
{
$count = 0;
$data = formFetch("form_review_of_systems", $id);
$sql = "SELECT name from form_review_of_systems_checks where foreign_id = '" . add_escape_custom($id) . "'";
$results = sqlQ($sql);
$data2 = array();
while ($row = sqlFetchArray($results)) {
$data2[] = $row['name'];
}
$data = array_merge($data, $data2);
if ($data) {
print "<table><tr>";
foreach ($data as $key => $value) {
if ($key == "id" || $key == "pid" || $key == "user" || $key == "groupname" || $key == "authorized" || $key == "activity" || $key == "date" || $value == "" || $value == "0000-00-00 00:00:00") {
continue;
}
if ($value == "on") {
$value = "yes";
}
$key = ucwords(str_replace("_", " ", $key));
if (is_numeric($key)) {
$key = "check";
}
print "<td><span class=bold>{$key}: </span><span class=text>{$value}</span></td>";
$count++;
if ($count == $cols) {
$count = 0;
print "</tr><tr>\n";
}
}
}
}
function default_action_process()
{
if ($_POST['process'] != "true") {
return;
}
$this->well_child = new FormWellChild($_POST['id']);
parent::populate_object($this->well_child);
$new_form = false;
if (empty($_POST['id'])) {
$new_form = true;
}
$this->well_child->persist();
if ($GLOBALS['encounter'] == "") {
$GLOBALS['encounter'] = date("Ymd");
}
if ($new_form) {
addForm($GLOBALS['encounter'], "Well Child Visit", $this->well_child->id, "well_child", $GLOBALS['pid'], $_SESSION['userauthorized']);
}
if (!empty($_POST['cpt_code'])) {
$sql = "select * from codes where code ='" . mysql_real_escape_string($_POST['cpt_code']) . "' order by id";
$results = sqlQ($sql);
$row = mysql_fetch_array($results);
if (!empty($row)) {
addBilling(date("Ymd"), 'CPT4', $row['code'], $row['code_text'], $_SESSION['pid'], $_SESSION['userauthorized'], $_SESSION['authUserID'], $row['modifier'], $row['units'], $row['fee']);
}
}
$_POST['process'] = "";
return;
}
function populate()
{
parent::populate();
$sql = "SELECT name from form_evaluation_checks where foreign_id = '" . add_escape_custom($this->id) . "'";
$results = sqlQ($sql);
while ($row = sqlFetchArray($results)) {
$this->checks[] = $row['name'];
}
}
function populate()
{
parent::populate();
$sql = "SELECT name from form_review_of_systems_checks where foreign_id = '" . mysql_real_escape_string($this->id) . "'";
$results = sqlQ($sql);
while ($row = mysql_fetch_array($results, MYSQL_ASSOC)) {
$this->checks[] = $row['name'];
}
}
function insurance_numbers_factory($provider_id)
{
$ins = array();
$sql = "SELECT id FROM " . $this->_table . " where provider_id = '" . $provider_id . "' order by insurance_company_id";
$results = sqlQ($sql);
while ($row = sqlFetchArray($results)) {
$ins[] = new InsuranceNumbers($row['id']);
}
return $ins;
}
function providers_factory($sort = "ORDER BY lname,fname")
{
$psa = array();
$sql = "SELECT id FROM " . $this->_table . " where authorized = 1 " . $sort;
$results = sqlQ($sql);
while ($row = mysql_fetch_array($results)) {
$psa[] = new Provider($row['id']);
}
return $psa;
}
function factory_company($foreign_id = "")
{
if (empty($foreign_id)) {
$foreign_id = "like '%'";
} else {
$foreign_id = " = '" . mysql_real_escape_string(strval($foreign_id)) . "'";
}
$a = new Address();
$sql = "SELECT id FROM " . $a->_table . " WHERE foreign_id " . $foreign_id;
//echo $sql . "<bR />";
$results = sqlQ($sql);
//echo "sql: $sql";
$row = mysql_fetch_array($results);
if (!empty($row)) {
$a = new Address($row['id']);
}
return $a;
}
static function factory_address($foreign_id = "")
{
if (empty($foreign_id)) {
$foreign_id = "like '%'";
} else {
$foreign_id = " = '" . add_escape_custom(strval($foreign_id)) . "'";
}
$a = new Address();
$sql = "SELECT id FROM " . $a->_table . " WHERE foreign_id " . $foreign_id;
//echo $sql . "<bR />";
$results = sqlQ($sql);
//echo "sql: $sql";
$row = sqlFetchArray($results);
if (!empty($row)) {
$a = new Address($row['id']);
}
return $a;
}
static function factory_phone_numbers($foreign_id = "")
{
if (empty($foreign_id)) {
$foreign_id = "like '%'";
} else {
$foreign_id = " = '" . add_escape_custom(strval($foreign_id)) . "'";
}
$phone_numbers = array();
$p = new PhoneNumber();
$sql = "SELECT id FROM " . $p->_table . " WHERE foreign_id " . $foreign_id . " ORDER BY type";
//echo $sql . "<bR />";
$results = sqlQ($sql);
//echo "sql: $sql";
while ($row = sqlFetchArray($results)) {
$phone_numbers[] = new PhoneNumber($row['id']);
}
return $phone_numbers;
}
function populate()
{
parent::populate();
$sql = "SELECT name from form_hp_tje_checks where foreign_id = '" . add_escape_custom($this->id) . "'";
$results = sqlQ($sql);
while ($row = sqlFetchArray($results)) {
$this->checks[] = $row['name'];
}
$sql = "SELECT doctor,specialty,tx_rendered,effectiveness,date from form_hp_tje_history where foreign_id = '" . add_escape_custom($this->id) . "'";
$results = sqlQ($sql);
while ($row = sqlFetchArray($results)) {
$this->history[] = $row;
}
$sql = "SELECT nature_of_accident,injuries,date from form_hp_tje_previous_accidents where foreign_id = '" . add_escape_custom($this->id) . "'";
$results = sqlQ($sql);
while ($row = sqlFetchArray($results)) {
$this->previous_accidents[] = $row;
}
}
function default_action_process()
{
if ($_POST['process'] != "true") {
return;
}
$this->prosthesis = new FormProsthesis($_POST['id']);
parent::populate_object($this->prosthesis);
$this->prosthesis->persist();
if ($GLOBALS['encounter'] == "") {
$GLOBALS['encounter'] = date("Ymd");
}
addForm($GLOBALS['encounter'], "Prosthesis & Orthotics Form", $this->prosthesis->id, "prosthesis", $GLOBALS['pid'], $_SESSION['userauthorized']);
if (!empty($_POST['cpt_code'])) {
$sql = "select * from codes where code ='" . mysql_real_escape_string($_POST['cpt_code']) . "' order by id";
$results = sqlQ($sql);
$row = mysql_fetch_array($results);
if (!empty($row)) {
addBilling(date("Ymd"), 'CPT4', $row['code'], $row['code_text'], $_SESSION['pid'], $_SESSION['userauthorized'], $_SESSION['authUserID'], $row['modifier'], $row['units'], $row['fee']);
}
}
$_POST['process'] = "";
return;
}
function default_action_process()
{
if ($_POST['process'] != "true") {
return;
}
$this->evaluation = new FormEvaluation($_POST['id']);
parent::populate_object($this->evaluation);
$this->evaluation->persist();
if ($GLOBALS['encounter'] == "") {
$GLOBALS['encounter'] = date("Ymd");
}
addForm($GLOBALS['encounter'], "Evaluation Form", $this->evaluation->id, "evaluation", $GLOBALS['pid'], $_SESSION['userauthorized']);
if (!empty($_POST['cpt_code'])) {
$sql = "select * from codes where code ='" . add_escape_custom($_POST['cpt_code']) . "' order by id";
$results = sqlQ($sql);
$row = sqlFetchArray($results);
if (!empty($row)) {
addBilling(date("Ymd"), 'CPT4', $row['code'], $row['code_text'], $_SESSION['pid'], $_SESSION['userauthorized'], $_SESSION['authUserID'], $row['modifier'], $row['units'], $row['fee']);
}
}
$_POST['process'] = "";
return;
}
function lab_results_messages($set_pid, $rid, $provider_id = "")
{
if ($provider_id != "") {
$where = "AND id = '" . $provider_id . "'";
}
// Get all active users.
$rez = sqlStatement("select id, username from users where username != '' AND active = '1' {$where}");
for ($iter = 0; $row = sqlFetchArray($rez); $iter++) {
$result[$iter] = $row;
}
if (!empty($result)) {
foreach ($result as $user_detail) {
unset($thisauth);
// Make sure it is empty.
// Check user authorization. Only send the panding review message to authorised user.
// $thisauth = acl_check('patients', 'sign', $user_detail['username']);
// Route message to administrators if there is no provider match.
if ($provider_id == "") {
$thisauth = acl_check('admin', 'super', $user_detail['username']);
} else {
$thisauth = true;
}
if ($thisauth) {
// Send lab result message to the ordering provider when there is a new lab report.
$userauthorized = formData("userauthorized");
$pname = getPatientName($set_pid);
$link = "<a href='../../orders/orders_results.php?review=1&set_pid={$set_pid}'" . " onclick='return top.restoreSession()'>here</a>";
$note = "Patient {$pname}'s lab results have arrived. Please click {$link} to review them.<br/>";
$note_type = "Lab Results";
$message_status = "New";
// Add pnote.
$noteid = addPnote($set_pid, $note, $userauthorized, '1', $note_type, $user_detail['username']);
sqlQ("update pnotes set message_status='" . $message_status . "' where id = '{$noteid}'");
}
}
}
}
function UpdateTable($tablename, $pid_col, $oldvalue, $newvalue)
{
global $commitchanges, $oemrdb;
$sqlstmt = "select count(*) as numrows from " . $tablename . " where " . $pid_col . "='" . $oldvalue . "'";
$qResults = sqlQ($sqlstmt);
if ($qResults) {
$row = sqlFetchArray($qResults);
if ($row['numrows'] > 0) {
$sqlstmt = "update " . $tablename . " set " . $pid_col . "='" . $newvalue . "' where " . $pid_col . "='" . $oldvalue . "'";
if ($commitchanges == true) {
$qResults = sqlQ($sqlstmt);
}
$rowsupdated = $GLOBALS['adodb']['db']->_affectedrows();
echo "<li>";
echo "" . $tablename . ": " . $rowsupdated . " row(s) updated<br>";
echo "</li>";
}
}
}
function insurance_companies_factory($city = "", $sort = "ORDER BY name, id")
{
if (empty($city)) {
$city = "";
} else {
$city = " WHERE city = " . add_escape_custom($foreign_id);
}
$p = new InsuranceCompany();
$icompanies = array();
$sql = "SELECT p.id, a.city FROM " . $p->_table . " as p INNER JOIN addresses as a on p.id = a.foreign_id " . $city . " " . add_escape_custom($sort);
//echo $sql . "<bR />";
$results = sqlQ($sql);
//echo "sql: $sql";
//print_r($results);
while ($row = mysql_fetch_array($results)) {
$icompanies[] = new InsuranceCompany($row['id']);
}
return $icompanies;
}
function pharmacies_factory($city = "", $sort = "ORDER BY name")
{
if (empty($city)) {
$city = "";
} else {
$city = " WHERE city = " . mysql_real_escape_string($foreign_id);
}
$p = new Pharmacy();
$pharmacies = array();
$sql = "SELECT p.id, a.city FROM " . $p->_table . " as p INNER JOIN addresses as a on p.id = a.foreign_id " . $city . " " . mysql_real_escape_string($sort);
//echo $sql . "<bR />";
$results = sqlQ($sql);
//echo "sql: $sql";
//print_r($results);
while ($row = mysql_fetch_array($results)) {
$pharmacies[] = new Pharmacy($row['id']);
}
return $pharmacies;
}
function era_callback_check(&$out)
{
global $InsertionId;
//last inserted ID of
global $StringToEcho, $debug;
if ($_GET['original'] == 'original') {
$StringToEcho = "<br/><br/><br/><br/><br/><br/>";
$StringToEcho .= "<table border='1' cellpadding='0' cellspacing='0' width='750'>";
$StringToEcho .= "<tr bgcolor='#cccccc'><td width='50'></td><td class='dehead' width='150' align='center'>" . htmlspecialchars(xl('Check Number'), ENT_QUOTES) . "</td><td class='dehead' width='400' align='center'>" . htmlspecialchars(xl('Payee Name'), ENT_QUOTES) . "</td><td class='dehead' width='150' align='center'>" . htmlspecialchars(xl('Check Amount'), ENT_QUOTES) . "</td></tr>";
$WarningFlag = false;
for ($check_count = 1; $check_count <= $out['check_count']; $check_count++) {
if ($check_count % 2 == 1) {
$bgcolor = '#ddddff';
} else {
$bgcolor = '#ffdddd';
}
$rs = sqlQ("select reference from ar_session where reference='" . $out['check_number' . $check_count] . "'");
if (sqlNumRows($rs) > 0) {
$bgcolor = '#ff0000';
$WarningFlag = true;
}
$StringToEcho .= "<tr bgcolor='{$bgcolor}'>";
$StringToEcho .= "<td><input type='checkbox' name='chk" . $out['check_number' . $check_count] . "' value='" . $out['check_number' . $check_count] . "'/></td>";
$StringToEcho .= "<td>" . htmlspecialchars($out['check_number' . $check_count]) . "</td>";
$StringToEcho .= "<td>" . htmlspecialchars($out['payee_name' . $check_count]) . "</td>";
$StringToEcho .= "<td align='right'>" . htmlspecialchars(number_format($out['check_amount' . $check_count], 2)) . "</td>";
$StringToEcho .= "</tr>";
}
$StringToEcho .= "<tr bgcolor='#cccccc'><td colspan='4' align='center'><input type='submit' name='CheckSubmit' value='Submit'/></td></tr>";
if ($WarningFlag == true) {
$StringToEcho .= "<tr bgcolor='#ff0000'><td colspan='4' align='center'>" . htmlspecialchars(xl('Warning, Check Number already exist in the database'), ENT_QUOTES) . "</td></tr>";
}
$StringToEcho .= "</table>";
} else {
for ($check_count = 1; $check_count <= $out['check_count']; $check_count++) {
$chk_num = $out['check_number' . $check_count];
$chk_num = str_replace(' ', '_', $chk_num);
if (isset($_REQUEST['chk' . $chk_num])) {
$check_date = $out['check_date' . $check_count] ? $out['check_date' . $check_count] : $_REQUEST['paydate'];
$post_to_date = $_REQUEST['post_to_date'] != '' ? $_REQUEST['post_to_date'] : date('Y-m-d');
$deposit_date = $_REQUEST['deposit_date'] != '' ? $_REQUEST['deposit_date'] : date('Y-m-d');
$InsertionId[$out['check_number' . $check_count]] = arPostSession($_REQUEST['InsId'], $out['check_number' . $check_count], $out['check_date' . $check_count], $out['check_amount' . $check_count], $post_to_date, $deposit_date, $debug);
}
}
}
}
if (isset($mode)) {
if ($mode == "add") {
$sql = "REPLACE INTO immunizations set \n id = '" . mysql_real_escape_string($id) . "',\n administered_date = if('" . mysql_real_escape_string($administered_date) . "','" . mysql_real_escape_string($administered_date) . "',NULL), \n immunization_id = '" . mysql_real_escape_string($form_immunization_id) . "',\n manufacturer = '" . mysql_real_escape_string($manufacturer) . "',\n lot_number = '" . mysql_real_escape_string($lot_number) . "',\n administered_by_id = if(" . mysql_real_escape_string($administered_by_id) . "," . mysql_real_escape_string($administered_by_id) . ",NULL),\n administered_by = if('" . mysql_real_escape_string($administered_by) . "','" . mysql_real_escape_string($administered_by) . "',NULL),\n education_date = if('" . mysql_real_escape_string($education_date) . "','" . mysql_real_escape_string($education_date) . "',NULL), \n vis_date = if('" . mysql_real_escape_string($vis_date) . "','" . mysql_real_escape_string($vis_date) . "',NULL), \n note = '" . mysql_real_escape_string($note) . "',\n patient_id = '" . mysql_real_escape_string($pid) . "',\n created_by = '" . mysql_real_escape_string($_SESSION['authId']) . "',\n updated_by = '" . mysql_real_escape_string($_SESSION['authId']) . "',\n create_date = now() ";
sqlStatement($sql);
$administered_date = $education_date = date('Y-m-d');
$immunization_id = $manufacturer = $lot_number = $administered_by_id = $note = $id = "";
$administered_by = $vis_date = "";
} elseif ($mode == "delete") {
// log the event
newEvent("delete", $_SESSION['authUser'], $_SESSION['authProvider'], 1, "Immunization id " . $_POST['id'] . " deleted from pid " . $_POST['pid']);
// delete the immunization
$sql = "DELETE FROM immunizations WHERE id =" . mysql_real_escape_string($id) . " LIMIT 1";
sqlStatement($sql);
} elseif ($mode == "edit") {
$sql = "select * from immunizations where id = " . mysql_real_escape_string($id);
$results = sqlQ($sql);
while ($row = mysql_fetch_assoc($results)) {
$administered_date = $row['administered_date'];
$immunization_id = $row['immunization_id'];
$manufacturer = $row['manufacturer'];
$lot_number = $row['lot_number'];
$administered_by_id = $row['administered_by_id'] ? $row['administered_by_id'] : 0;
$administered_by = $row['administered_by'];
$education_date = $row['education_date'];
$vis_date = $row['vis_date'];
$note = stripslashes($row['note']);
}
}
}
// set the default sort method for the list of past immunizations
if (!$sortby) {
$sqland = " AND ";
$sqlstmt .= $sqland . " lname='" . $row['lname'] . "'";
}
if ($parameters['match_sex']) {
$sqlstmt .= $sqland . " sex='" . $row['sex'] . "'";
$sqland = " AND ";
}
if ($parameters['match_ssn']) {
$sqlstmt .= $sqland . " ss='" . $row['ss'] . "'";
$sqland = " AND ";
}
if ($parameters['match_dob']) {
$sqlstmt .= $sqland . " dob='" . $row['dob'] . "'";
$sqland = " AND ";
}
$mResults = sqlQ($sqlstmt);
if (!$mResults) {
continue;
}
if (sqlNumRows($mResults) <= 1) {
continue;
}
echo "<div class='match_block' style='padding: 5px 0px 5px 0px;' id='dupediv" . $dupecount . "'>";
echo "<table>";
echo "<tr class='onerow' id='" . $row['id'] . "' oemrid='" . $row['id'] . "' dupecount='" . $dupecount . "' title='Merge duplicates into this record'>";
echo "<td>" . $row['lname'] . ", " . $row['fname'] . "</td>";
echo "<td>" . $row['dob'] . "</td>";
echo "<td>" . $row['sex'] . "</td>";
echo "<td>" . $row['ss'] . "</td>";
echo "<td><input type='button' value=' ? ' class='moreinfo' oemrid='" . $row['pid'] . "' title='More info'></td>";
echo "</tr>";
static function prescriptions_factory($patient_id, $order_by = "active DESC, date_modified DESC, date_added DESC")
{
$prescriptions = array();
require_once dirname(__FILE__) . "/../translation.inc.php";
$p = new Prescription();
$sql = "SELECT id FROM " . $p->_table . " WHERE patient_id = " . add_escape_custom($patient_id) . " ORDER BY " . add_escape_custom($order_by);
$results = sqlQ($sql);
while ($row = sqlFetchArray($results)) {
$prescriptions[] = new Prescription($row['id']);
}
return $prescriptions;
}
<br>
</center>
<?php
if (!empty($_POST['form_submit'])) {
upgradeFromSqlFile_de("database_de_identification.sql");
// grant file privilege to user
$dbh = $GLOBALS['dbh'];
if ($dbh == FALSE) {
echo "\n";
echo "<p>" . getSqlLastError() . " (#" . getSqlLastErrorNo() . ")\n";
break;
}
$login = $sqlconf["login"];
$loginhost = $sqlconf["host"];
// mysql_select_db($sqlconf['dbase']) or die(getSqlLastError());
if (sqlQ("GRANT FILE ON *.* TO '{$login}'@'{$loginhost}'", $dbh) == FALSE) {
echo xl("Error when granting file privilege to the OpenEMR user.");
echo "\n";
echo "<p>" . getSqlLastError() . " (#" . getSqlLastErrorNo() . ")\n";
echo xl("Error");
echo "\n";
break;
} else {
echo "<font color='green'>";
}
echo xl("File privilege granted to OpenEMR user.");
echo "<br></font>\n";
echo "<p><font color='green'>";
echo xl("Database upgrade finished.");
echo "</font></p>\n";
echo "<p><font color='red'>";
$diags = $_POST['code']['diag'];
$procs = $_POST['code']['proc'];
$sql = array();
if (!empty($procs) && !empty($diags)) {
$sql = array();
foreach ($procs as $proc) {
$justify_string = "";
foreach ($diags as $diag) {
$justify_string .= $diag . ":";
}
$sql[] = "UPDATE billing set justify = concat(justify,'" . add_escape_custom($justify_string) . "') where encounter = '" . add_escape_custom($_POST['encounter_id']) . "' and pid = '" . add_escape_custom($_POST['patient_id']) . "' and code = '" . add_escape_custom($proc) . "'";
}
}
if (!empty($sql)) {
foreach ($sql as $q) {
$results = sqlQ($q);
}
}
// Save NDC fields, if present.
$ndcarr = $_POST['ndc'];
for ($lino = 1; !empty($ndcarr["{$lino}"]['code']); ++$lino) {
$ndc = $ndcarr["{$lino}"];
$ndc_info = '';
if ($ndc['ndcnum']) {
$ndc_info = 'N4' . trim($ndc['ndcnum']) . ' ' . $ndc['ndcuom'] . trim($ndc['ndcqty']);
}
sqlStatement("UPDATE billing SET ndc_info = '{$ndc_info}' WHERE " . "encounter = '" . add_escape_custom($_POST['encounter_id']) . "' AND " . "pid = '" . add_escape_custom($_POST['patient_id']) . "' AND " . "code = '" . add_escape_custom($ndc['code']) . "'");
}
}
}
?>
if ($_GET['mode'] == "add") {
$sql = "REPLACE INTO immunizations set \n id = ?,\n administered_date = if(?,?,NULL), \n immunization_id = ?,\n cvx_code = ?, \n manufacturer = ?,\n lot_number = ?,\n administered_by_id = if(?,?,NULL),\n administered_by = if(?,?,NULL),\n education_date = if(?,?,NULL), \n vis_date = if(?,?,NULL), \n note = ?,\n patient_id = ?,\n created_by = ?,\n updated_by = ?,\n create_date = now() ";
$sqlBindArray = array(trim($_GET['id']), trim($_GET['administered_date']), trim($_GET['administered_date']), trim($_GET['form_immunization_id']), trim($_GET['cvx_code']), trim($_GET['manufacturer']), trim($_GET['lot_number']), trim($_GET['administered_by_id']), trim($_GET['administered_by_id']), trim($_GET['administered_by']), trim($_GET['administered_by']), trim($_GET['education_date']), trim($_GET['education_date']), trim($_GET['vis_date']), trim($_GET['vis_date']), trim($_GET['note']), $pid, $_SESSION['authId'], $_SESSION['authId']);
sqlStatement($sql, $sqlBindArray);
$administered_date = $education_date = date('Y-m-d');
$immunization_id = $cvx_code = $manufacturer = $lot_number = $administered_by_id = $note = $id = "";
$administered_by = $vis_date = "";
} elseif ($_GET['mode'] == "delete") {
// log the event
newEvent("delete", $_SESSION['authUser'], $_SESSION['authProvider'], 1, "Immunization id " . $_GET['id'] . " deleted from pid " . $pid);
// delete the immunization
$sql = "DELETE FROM immunizations WHERE id =? LIMIT 1";
sqlStatement($sql, array($_GET['id']));
} elseif ($_GET['mode'] == "edit") {
$sql = "select * from immunizations where id = ?";
$results = sqlQ($sql, array($_GET['id']));
while ($row = sqlFetchArray($results)) {
$administered_date = $row['administered_date'];
$immunization_id = $row['immunization_id'];
$cvx_code = $row['cvx_code'];
$code_text = '';
if (!empty($cvx_code)) {
$query = "SELECT codes.code_text as `code_text`, codes.code as `code` " . "FROM codes " . "LEFT JOIN code_types on codes.code_type = code_types.ct_id " . "WHERE code_types.ct_key = 'CVX' AND codes.code = ?";
$row = sqlQuery($query, array($cvx_code));
$code_text = $row['code_text'];
}
$manufacturer = $row['manufacturer'];
$lot_number = $row['lot_number'];
$administered_by_id = $row['administered_by_id'] ? $row['administered_by_id'] : 0;
$administered_by = $row['administered_by'];
$education_date = $row['education_date'];
