reappearPnote($id);
} else {
disappearPnote($id);
}
if ($docid) {
setGpRelation(1, $docid, 6, $id, !empty($_POST["lnk{$id}"]));
}
if ($orderid) {
setGpRelation(2, $orderid, 6, $id, !empty($_POST["lnk{$id}"]));
}
}
}
} elseif ($mode == "new") {
$note = $_POST['note'];
if ($noteid) {
updatePnote($noteid, $note, $_POST['form_note_type'], $_POST['assigned_to']);
} else {
$noteid = addPnote($patient_id, $note, $userauthorized, '1', $_POST['form_note_type'], $_POST['assigned_to']);
}
if ($docid) {
setGpRelation(1, $docid, 6, $noteid);
}
if ($orderid) {
setGpRelation(2, $orderid, 6, $noteid);
}
$noteid = '';
} elseif ($mode == "delete") {
if ($noteid) {
deletePnote($noteid);
newEvent("delete", $_SESSION['authUser'], $_SESSION['authProvider'], 1, "pnotes: id " . $noteid);
}
?>
<?php
switch ($task) {
case "add":
// Add a new message for a specific patient; the message is documented in Patient Notes.
// Add a new message; it's treated as a new note in Patient Notes.
$note = $_POST['note'];
$noteid = $_POST['noteid'];
$form_note_type = $_POST['form_note_type'];
$form_message_status = $_POST['form_message_status'];
$reply_to = $_POST['reply_to'];
$assigned_to_list = explode(';', $_POST['assigned_to']);
foreach ($assigned_to_list as $assigned_to) {
if ($noteid && $assigned_to != '-patient-') {
updatePnote($noteid, $note, $form_note_type, $assigned_to, $form_message_status);
$noteid = '';
} else {
if ($noteid && $assigned_to == '-patient-') {
// When $assigned_to == '-patient-' we don't update the current note, but
// instead create a new one with the current note's body prepended and
// attributed to the patient. This seems to be all for the patient portal.
$row = getPnoteById($noteid);
if (!$row) {
die("getPnoteById() did not find id '" . text($noteid) . "'");
}
$pres = sqlQuery("SELECT lname, fname " . "FROM patient_data WHERE pid = ?", array($reply_to));
$patientname = $pres['lname'] . ", " . $pres['fname'];
$note .= "\n\n{$patientname} on " . $row['date'] . " wrote:\n\n";
$note .= $row['body'];
}
* @link http://www.open-emr.org
*/
header("Content-Type:text/xml");
$ignoreAuth = true;
require_once 'classes.php';
$xml_array = array();
$token = $_POST['token'];
$noteId = $_POST['noteId'];
$notes = $_POST['notes'];
$title = $_POST['title'];
$assigned_to = $_POST['assigned_to'];
if ($userId = validateToken($token)) {
$username = getUsername($userId);
$acl_allow = acl_check('patients', 'notes', $username);
if ($acl_allow) {
$result = updatePnote($noteId, $notes, $title, $assigned_to);
$xml_array['status'] = 0;
$xml_array['reason'] = 'The Patient notes has been updated';
} else {
$xml_string .= "<status>-2</status>\n";
$xml_string .= "<reason>You are not Authorized to perform this action</reason>\n";
}
} else {
$xml_array['status'] = -2;
$xml_array['reason'] = 'Invalid Token';
}
$xml = ArrayToXML::toXml($xml_array, 'PatientNotes');
echo $xml;
?>
if (!eventMatchesDay($erow, $date)) {
continue;
}
$eid = 0 + $erow['pc_eid'];
$duration = (int) ($erow['pc_duration'] / 60);
$form_mins = formData("form_mins_{$eid}") + 0;
$form_fitrel = empty($_POST["form_fitrel_{$eid}"]) ? 0 : 1;
sqlStatement("DELETE FROM player_event WHERE pid = '{$plid}' AND " . "date = '{$date}' AND pc_eid = '{$eid}'");
if ($form_mins < $duration) {
sqlStatement("INSERT INTO player_event SET " . "pid = '{$plid}', " . "date = '{$date}', " . "pc_eid = '{$eid}', " . "minutes = '{$form_mins}', " . "fitness_related = '{$form_fitrel}'");
}
}
// Add or append to the roster note.
if ($form_note !== '') {
if ($noteid) {
updatePnote($noteid, $form_note, 'Roster', $form_to);
} else {
addPnote($plid, $form_note, $userauthorized, '1', 'Roster', $form_to, "{$date} 00:00:00");
}
}
// Close this window and refresh the roster display.
echo "<html>\n<body>\n<script language='JavaScript'>\n";
if ($alertmsg) {
echo " alert('{$alertmsg}');\n";
}
echo " if (!opener.closed && opener.refreshme) opener.refreshme();\n";
echo " window.close();\n";
echo "</script>\n</body>\n</html>\n";
exit;
}
?>
?>
</a></td></tr></table><br>
<?php
switch ($task) {
case "add":
// Add a new message for a specific patient; the message is documented in Patient Notes.
// Add a new message; it's treated as a new note in Patient Notes.
$note = strip_escape_custom($_POST['note']);
$noteid = formData("noteid");
$form_note_type = formData("form_note_type");
$assigned_to = formData("assigned_to");
$form_message_status = formData("form_message_status");
$reply_to = formData("reply_to");
$userauthorized = formData("userauthorized");
if ($noteid) {
updatePnote($noteid, $note, $form_note_type, $assigned_to);
sqlQuery("update pnotes set message_status='" . $form_message_status . "' where id = '" . $noteid . "'");
$noteid = '';
} else {
$noteid = addPnote($reply_to, $note, $userauthorized, '1', $form_note_type, $assigned_to);
sqlQuery("update pnotes set message_status='" . $form_message_status . "' where id = '{$noteid}'");
}
break;
case "save":
// Update alert.
$noteid = formData("noteid");
$form_message_status = formData("form_message_status");
sqlQuery("update pnotes set message_status='" . $form_message_status . "' where id = '" . $noteid . "'");
$task = "edit";
$note = formData("note");
$title = formData("form_note_type");
