/**
* library to simplify processing code_types
*
* Copyright (C) 2013 Kevin Yeh <*****@*****.**> and OEMR <www.oemr.org>
*
* LICENSE: This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 3
* of the License, or (at your option) any later version.
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://opensource.org/licenses/gpl-license.php>;.
*
* @package OpenEMR
* @author Kevin Yeh <*****@*****.**>
* @link http://www.open-emr.org
*/
function diag_code_types($format = 'json', $sqlEscape = false)
{
global $code_types;
$diagCodes = array();
foreach ($code_types as $key => $ct) {
if ($ct['active'] && $ct['diag']) {
if ($format == 'json') {
$entry = array("key" => $key, "id" => $ct['id']);
} else {
if ($format == 'keylist') {
$entry = "'";
$entry .= $sqlEscape ? add_escape_custom($key) : $key;
$entry .= "'";
}
}
array_push($diagCodes, $entry);
}
}
if ($format == 'json') {
return json_encode($diagCodes);
}
if ($format == 'keylist') {
return implode(",", $diagCodes);
}
}
function review_of_systems_report($pid, $encounter, $cols, $id)
{
$count = 0;
$data = formFetch("form_review_of_systems", $id);
$sql = "SELECT name from form_review_of_systems_checks where foreign_id = '" . add_escape_custom($id) . "'";
$results = sqlQ($sql);
$data2 = array();
while ($row = sqlFetchArray($results)) {
$data2[] = $row['name'];
}
$data = array_merge($data, $data2);
if ($data) {
print "<table><tr>";
foreach ($data as $key => $value) {
if ($key == "id" || $key == "pid" || $key == "user" || $key == "groupname" || $key == "authorized" || $key == "activity" || $key == "date" || $value == "" || $value == "0000-00-00 00:00:00") {
continue;
}
if ($value == "on") {
$value = "yes";
}
$key = ucwords(str_replace("_", " ", $key));
if (is_numeric($key)) {
$key = "check";
}
print "<td><span class=bold>{$key}: </span><span class=text>{$value}</span></td>";
$count++;
if ($count == $cols) {
$count = 0;
print "</tr><tr>\n";
}
}
}
}
function Tree($root, $root_type = ROOT_TYPE_ID)
{
$this->_db = $GLOBALS['adodb']['db'];
$this->_root = add_escape_custom($root);
$this->_root_type = add_escape_custom($root_type);
$this->load_tree();
}
function QuotedOrNull($fld)
{
if ($fld) {
return "'" . add_escape_custom($fld) . "'";
}
return "NULL";
}
function invalue($name)
{
if (!$_POST[$name]) {
return "''";
}
$fld = add_escape_custom(trim($_POST[$name]));
return "'{$fld}'";
}
function addwhere($where, $colname, $value)
{
if ($value) {
$where .= " AND ";
$where .= "{$colname} LIKE '%" . add_escape_custom($value) . "%'";
}
return $where;
}
function updateInvoiceRefNumber()
{
$irnumber = getInvoiceRefNumber();
// Here "?" specifies a minimal match, to get the most digits possible:
if (preg_match('/^(.*?)(\\d+)(\\D*)$/', $irnumber, $matches)) {
$newdigs = sprintf('%0' . strlen($matches[2]) . 'd', $matches[2] + 1);
$newnumber = add_escape_custom($matches[1] . $newdigs . $matches[3]);
sqlStatement("UPDATE users AS u, list_options AS lo " . "SET lo.notes = '{$newnumber}' WHERE " . "u.username = '******'authUser'] . "' AND " . "lo.list_id = 'irnpool' AND lo.option_id = u.irnpool");
}
return $irnumber;
}
function formDataCore($s, $isTrim = false)
{
//trim if selected
if ($isTrim) {
$s = trim($s);
}
//strip escapes
$s = strip_escape_custom($s);
//add escapes for safe database insertion
$s = add_escape_custom($s);
return $s;
}
function populate()
{
if (!empty($this->id)) {
$res = sqlQuery("SELECT providerID,fname,lname,mname " . ", DATE_FORMAT(DOB,'%m/%d/%Y') as date_of_birth " . ", pubpid " . " from " . $this->_table . " where pid =" . add_escape_custom($this->id));
if (is_array($res)) {
$this->pubpid = $res['pubpid'];
$this->lname = $res['lname'];
$this->mname = $res['mname'];
$this->fname = $res['fname'];
$this->provider = new Provider($res['providerID']);
$this->date_of_birth = $res['date_of_birth'];
}
}
}
function populate()
{
$res = sqlQuery("SELECT fname,lname,federaldrugid, specialty, npi, state_license_number FROM users where id =" . add_escape_custom($this->id));
if (is_array($res)) {
$this->lname = $res['lname'];
$this->fname = $res['fname'];
$this->federal_drug_id = $res['federaldrugid'];
$this->specialty = $res['specialty'];
$this->npi = $res['npi'];
$this->state_license_number = $res['state_license_number'];
}
$ins = new InsuranceNumbers();
$this->insurance_numbers = $ins->insurance_numbers_factory($this->id);
}
function persist()
{
parent::persist();
if (is_numeric($this->id) and !empty($this->checks)) {
$sql = "delete FROM form_review_of_systems_checks where foreign_id = '" . $this->id . "'";
sqlQuery($sql);
foreach ($this->checks as $check) {
if (!empty($check)) {
$sql = "INSERT INTO form_review_of_systems_checks set foreign_id='" . add_escape_custom($this->id) . "', name = '" . add_escape_custom($check) . "'";
sqlQuery($sql);
//echo "$sql<br>";
}
}
}
}
function populate()
{
$sql = "SELECT * from " . $this->_prefix . $this->_table . " WHERE id = '" . add_escape_custom(strval($this->id)) . "'";
$results = sqlQuery($sql);
if (is_array($results)) {
foreach ($results as $field_name => $field) {
$func = "set_" . $field_name;
//echo "f: $field m: $func status: " . (is_callable(array($this,$func))? "yes" : "no") . "<br>";
if (is_callable(array($this, $func))) {
if (!empty($field)) {
//echo "s: $field_name to: $field <br>";
call_user_func(array(&$this, $func), $field);
}
}
}
}
}
function PrepareSearchItem($SearchItem)
{
$SplitArray = explode(' like ', $SearchItem);
if (isset($SplitArray[1])) {
$SplitArray[1] = substr($SplitArray[1], 0, -1);
$SplitArray[1] = substr($SplitArray[1], 1);
$SearchItem = $SplitArray[0] . ' like ' . "'" . add_escape_custom($SplitArray[1]) . "'";
} else {
$SplitArray = explode(' = ', $SearchItem);
if (isset($SplitArray[1])) {
$SplitArray[1] = substr($SplitArray[1], 0, -1);
$SplitArray[1] = substr($SplitArray[1], 1);
$SearchItem = $SplitArray[0] . ' = ' . "'" . add_escape_custom($SplitArray[1]) . "'";
}
}
return $SearchItem;
}
function fetchAppointments($from_date, $to_date, $patient_id = null, $provider_id = null, $facility_id = null, $pc_appstatus = null, $with_out_provider = null, $with_out_facility = null, $pc_catid = null)
{
$where = "";
if ($provider_id) {
$where .= " AND e.pc_aid = '{$provider_id}'";
}
if ($patient_id) {
$where .= " AND e.pc_pid = '{$patient_id}'";
} else {
$where .= " AND e.pc_pid != ''";
}
$facility_filter = '';
if ($facility_id) {
$event_facility_filter = " AND e.pc_facility = '" . add_escape_custom($facility_id) . "'";
// escape $facility_id
$provider_facility_filter = " AND u.facility_id = '" . add_escape_custom($facility_id) . "'";
// escape $facility_id
$facility_filter = $event_facility_filter . $provider_facility_filter;
}
$where .= $facility_filter;
//Appointment Status Checking
$filter_appstatus = '';
if ($pc_appstatus != '') {
$filter_appstatus = " AND e.pc_apptstatus = '" . $pc_appstatus . "'";
}
$where .= $filter_appstatus;
if ($pc_catid != null) {
$where .= " AND e.pc_catid=" . intval($pc_catid);
// using intval to escape this parameter
}
//Without Provider checking
$filter_woprovider = '';
if ($with_out_provider != '') {
$filter_woprovider = " AND e.pc_aid = ''";
}
$where .= $filter_woprovider;
//Without Facility checking
$filter_wofacility = '';
if ($with_out_facility != '') {
$filter_wofacility = " AND e.pc_facility = 0";
}
$where .= $filter_wofacility;
$appointments = fetchEvents($from_date, $to_date, $where);
return $appointments;
}
function PrepareSearchItem($SearchItem)
{
//Parses the search value part of the criteria and prepares for sql.
$SplitArray = split(' like ', $SearchItem);
if (isset($SplitArray[1])) {
$SplitArray[1] = substr($SplitArray[1], 0, -1);
$SplitArray[1] = substr($SplitArray[1], 1);
$SearchItem = $SplitArray[0] . ' like ' . "'" . add_escape_custom($SplitArray[1]) . "'";
} else {
$SplitArray = split(' = ', $SearchItem);
if (isset($SplitArray[1])) {
$SplitArray[1] = substr($SplitArray[1], 0, -1);
$SplitArray[1] = substr($SplitArray[1], 1);
$SearchItem = $SplitArray[0] . ' = ' . "'" . add_escape_custom($SplitArray[1]) . "'";
}
}
return $SearchItem;
}
static function factory_phone_numbers($foreign_id = "")
{
if (empty($foreign_id)) {
$foreign_id = "like '%'";
} else {
$foreign_id = " = '" . add_escape_custom(strval($foreign_id)) . "'";
}
$phone_numbers = array();
$p = new PhoneNumber();
$sql = "SELECT id FROM " . $p->_table . " WHERE foreign_id " . $foreign_id . " ORDER BY type";
//echo $sql . "<bR />";
$results = sqlQ($sql);
//echo "sql: $sql";
while ($row = sqlFetchArray($results)) {
$phone_numbers[] = new PhoneNumber($row['id']);
}
return $phone_numbers;
}
/**
* Convenience function to get an array of many document objects
* For really large numbers of documents there is a way more efficient way to do this by overwriting the populate method
* @param int $foreign_id optional id use to limit array on to a specific relation, otherwise every document object is returned
*/
function notes_factory($foreign_id = "")
{
$notes = array();
if (empty($foreign_id)) {
$foreign_id = "like '%'";
} else {
$foreign_id = " = '" . add_escape_custom(strval($foreign_id)) . "'";
}
$d = new note();
$sql = "SELECT id FROM " . $d->_table . " WHERE foreign_id " . $foreign_id . " ORDER BY DATE DESC";
//echo $sql;
$result = $d->_db->Execute($sql);
while ($result && !$result->EOF) {
$notes[] = new Note($result->fields['id']);
$result->MoveNext();
}
return $notes;
}
static function factory_address($foreign_id = "")
{
if (empty($foreign_id)) {
$foreign_id = "like '%'";
} else {
$foreign_id = " = '" . add_escape_custom(strval($foreign_id)) . "'";
}
$a = new Address();
$sql = "SELECT id FROM " . $a->_table . " WHERE foreign_id " . $foreign_id;
//echo $sql . "<bR />";
$results = sqlQ($sql);
//echo "sql: $sql";
$row = sqlFetchArray($results);
if (!empty($row)) {
$a = new Address($row['id']);
}
return $a;
}
function xl($constant, $mode = 'r', $prepend = '', $append = '')
{
// set language id
if (!empty($_SESSION['language_choice'])) {
$lang_id = $_SESSION['language_choice'];
} else {
$lang_id = 1;
}
if ($lang_id == 1 && !empty($GLOBALS['skip_english_translation'])) {
// language id = 1, so no need to translate
// -- remove comments
$string = preg_replace('/\\{\\{.*\\}\\}/', '', $constant);
} else {
// TRANSLATE
// first, clean lines
// convert new lines to spaces and remove windows end of lines
$patterns = array('/\\n/', '/\\r/');
$replace = array(' ', '');
$constant = preg_replace($patterns, $replace, $constant);
// second, attempt translation
$sql = "SELECT * FROM lang_definitions JOIN lang_constants ON " . "lang_definitions.cons_id = lang_constants.cons_id WHERE " . "lang_id='{$lang_id}' AND constant_name = '" . add_escape_custom($constant) . "' LIMIT 1";
$res = sqlStatementNoLog($sql);
$row = SqlFetchArray($res);
$string = $row['definition'];
if ($string == '') {
$string = "{$constant}";
}
// remove dangerous characters and remove comments
$patterns = array('/\\n/', '/\\r/', '/"/', "/'/", '/\\{\\{.*\\}\\}/');
$replace = array(' ', '', '`', '`', '');
$string = preg_replace($patterns, $replace, $string);
}
$string = "{$prepend}" . "{$string}" . "{$append}";
if ($mode == 'e') {
echo $string;
} else {
return $string;
}
}
function default_action_process()
{
if ($_POST['process'] != "true") {
return;
}
$this->evaluation = new FormEvaluation($_POST['id']);
parent::populate_object($this->evaluation);
$this->evaluation->persist();
if ($GLOBALS['encounter'] == "") {
$GLOBALS['encounter'] = date("Ymd");
}
addForm($GLOBALS['encounter'], "Evaluation Form", $this->evaluation->id, "evaluation", $GLOBALS['pid'], $_SESSION['userauthorized']);
if (!empty($_POST['cpt_code'])) {
$sql = "select * from codes where code ='" . add_escape_custom($_POST['cpt_code']) . "' order by id";
$results = sqlQ($sql);
$row = sqlFetchArray($results);
if (!empty($row)) {
addBilling(date("Ymd"), 'CPT4', $row['code'], $row['code_text'], $_SESSION['pid'], $_SESSION['userauthorized'], $_SESSION['authUserID'], $row['modifier'], $row['units'], $row['fee']);
}
}
$_POST['process'] = "";
return;
}
//Do something with result, ie put in DB
//echo $resultCode . ":" .$value . " " . $unit. "\n";
$check_type2 = sqlQuery("SELECT COUNT(*) AS count FROM procedure_type WHERE procedure_type_id = '" . add_escape_custom($resultCode) . "'");
if ($check_type2['count'] <= 0) {
$sql_type_data = "procedure_type_id = '" . add_escape_custom($resultCode) . "', " . "parent = '" . add_escape_custom($observationCode) . "', " . "name = '" . add_escape_custom($resultCodeTex) . "', " . "procedure_type = 'res'";
$type_id = sqlInsert("INSERT INTO procedure_type SET {$sql_type_data}");
}
$result_status = mapResultStatus($resultStatus);
$abnormalFlag = mapAbnormalStatus($abnormalFlag);
$check_result = sqlQuery("SELECT COUNT(*) AS count, procedure_result_id FROM procedure_result WHERE procedure_report_id = '" . add_escape_custom($report_id) . "' AND procedure_type_id = '" . add_escape_custom($resultCode) . "'");
if ($check_result['count'] <= 0) {
$sql_result_data = "procedure_report_id = '" . add_escape_custom($report_id) . "', " . "procedure_type_id = '" . add_escape_custom($resultCode) . "', " . "date = DATE_FORMAT('" . add_escape_custom($resultDateTime . '00') . "', '%Y%m%d%H%i%s'), " . "facility = '" . add_escape_custom($str_facilityId) . "', " . "units = '" . add_escape_custom($unit) . "', " . "result = '" . add_escape_custom($value) . "', " . "`range` = '" . add_escape_custom($referenceRange) . "', " . "abnormal = '" . add_escape_custom($abnormalFlag) . "', " . "comments = '" . add_escape_custom($comment) . "', " . "result_status = '" . add_escape_custom($result_status) . "'";
sqlInsert("INSERT INTO procedure_result SET {$sql_result_data}");
} else {
$sql_result_data = "date = DATE_FORMAT('" . add_escape_custom($resultDateTime . '00') . "', '%Y%m%d%H%i%s'), " . "facility = '" . add_escape_custom($str_facilityId) . "', " . "units = '" . add_escape_custom($unit) . "', " . "result = '" . add_escape_custom($value) . "', " . "`range` = '" . add_escape_custom($referenceRange) . "', " . "abnormal = '" . add_escape_custom($abnormalFlag) . "', " . "comments = '" . add_escape_custom($comment) . "', " . "result_status = '" . add_escape_custom($result_status) . "'";
sqlStatement("UPDATE procedure_result SET {$sql_result_data} WHERE procedure_result_id = '" . add_escape_custom($check_result['procedure_result_id']) . "'");
}
}
// Send a message regarding a report with pending review status.
lab_results_messages($patient_id, $report_id, $user_id);
}
// Need to confirm that the lab result message has been received.
// This is the url of the confirm request.
$url = "confirm/" . $id;
// Make the confirmation request.
$response = $client->sendRequest($url, "POST");
// Check response for success or error.
if ($response->IsError) {
echo xl("Error confirming receipt of lab results") . ": {$response->ErrorMessage}\n";
} else {
echo xl("Success confirming receipt of lab result") . " \n";
require_once "portal.inc.php";
// Consider this a step towards converting the insurance form to layout-based.
// Faking it here makes things easier.
// Also note that some fields like SSN and most of the subscriber employer
// items have been omitted because they are not relevant for claims.
//
$insurance_layout = array(array('field_id' => 'type', 'title' => 'Type', 'uor' => '2', 'data_type' => '1', 'list_id' => 'insurance_types', 'edit_options' => ''), array('field_id' => 'date', 'title' => 'Effective Date', 'uor' => '2', 'data_type' => '4', 'list_id' => '', 'edit_options' => ''), array('field_id' => 'provider', 'title' => 'Provider', 'uor' => '2', 'data_type' => '16', 'list_id' => '', 'edit_options' => ''), array('field_id' => 'plan_name', 'title' => 'Plan Name', 'uor' => '1', 'data_type' => '2', 'list_id' => '', 'edit_options' => ''), array('field_id' => 'policy_number', 'title' => 'Policy Number', 'uor' => '1', 'data_type' => '2', 'list_id' => '', 'edit_options' => ''), array('field_id' => 'group_number', 'title' => 'Group Number', 'uor' => '1', 'data_type' => '2', 'list_id' => '', 'edit_options' => ''), array('field_id' => 'subscriber_employer', 'title' => 'Group Name', 'uor' => '1', 'data_type' => '2', 'list_id' => '', 'edit_options' => ''), array('field_id' => 'subscriber_lname', 'title' => 'Subscriber Last Name', 'uor' => '2', 'data_type' => '2', 'list_id' => '', 'edit_options' => ''), array('field_id' => 'subscriber_fname', 'title' => 'Subscriber First Name', 'uor' => '1', 'data_type' => '2', 'list_id' => '', 'edit_options' => ''), array('field_id' => 'subscriber_mname', 'title' => 'Subscriber Middle Name', 'uor' => '1', 'data_type' => '2', 'list_id' => '', 'edit_options' => ''), array('field_id' => 'subscriber_DOB', 'title' => 'Subscriber DOB', 'uor' => '2', 'data_type' => '4', 'list_id' => '', 'edit_options' => ''), array('field_id' => 'subscriber_sex', 'title' => 'Subscriber Sex', 'uor' => '2', 'data_type' => '1', 'list_id' => 'sex', 'edit_options' => ''), array('field_id' => 'subscriber_relationship', 'title' => 'Subscriber Relationship', 'uor' => '2', 'data_type' => '1', 'list_id' => 'sub_relation', 'edit_options' => ''), array('field_id' => 'subscriber_street', 'title' => 'Subscriber Street', 'uor' => '1', 'data_type' => '2', 'list_id' => '', 'edit_options' => ''), array('field_id' => 'subscriber_city', 'title' => 'Subscriber City', 'uor' => '1', 'data_type' => '2', 'list_id' => '', 'edit_options' => ''), array('field_id' => 'subscriber_state', 'title' => 'Subscriber State', 'uor' => '1', 'data_type' => '1', 'list_id' => 'state', 'edit_options' => ''), array('field_id' => 'subscriber_postal_code', 'title' => 'Subscriber Zip', 'uor' => '1', 'data_type' => '2', 'list_id' => '', 'edit_options' => ''), array('field_id' => 'subscriber_phone', 'title' => 'Subscriber Phone', 'uor' => '1', 'data_type' => '2', 'list_id' => '', 'edit_options' => ''));
$postid = intval($_REQUEST['postid']);
if ($_POST['bn_save']) {
$newdata = array();
$ptid = intval($_POST['ptid']);
foreach ($insurance_layout as $frow) {
$data_type = $frow['data_type'];
$field_id = $frow['field_id'];
// newInsuranceData() does not escape for mysql so we have to do it here.
$newdata[$field_id] = add_escape_custom(get_layout_form_value($frow));
}
newInsuranceData($ptid, $newdata['type'], $newdata['provider'], $newdata['policy_number'], $newdata['group_number'], $newdata['plan_name'], $newdata['subscriber_lname'], $newdata['subscriber_mname'], $newdata['subscriber_fname'], $newdata['subscriber_relationship'], '', fixDate($newdata['subscriber_DOB']), $newdata['subscriber_street'], $newdata['subscriber_postal_code'], $newdata['subscriber_city'], $newdata['subscriber_state'], '', $newdata['subscriber_phone'], $newdata['subscriber_employer'], '', '', '', '', '', '', $newdata['subscriber_sex'], fixDate($newdata['date']), 'TRUE', '');
// Finally, delete the request from the portal.
$result = cms_portal_call(array('action' => 'delpost', 'postid' => $postid));
if ($result['errmsg']) {
die(text($result['errmsg']));
}
echo "<html><body><script language='JavaScript'>\n";
echo "if (top.restoreSession) top.restoreSession(); else opener.top.restoreSession();\n";
echo "document.location.href = 'list_requests.php';\n";
echo "</script></body></html>\n";
exit;
}
// Get the portal request data.
if (!$postid) {
/**
* Function to return part of sql query to deal with interval
*
* @param string $table selected mysql table (or EXCEPTION(s))
* @param string $intervalType type of interval (ie. year)
* @param string $intervalValue searched for within this many times of the interval type
* @param string $dateTarget target date(format Y-m-d H:i:s).
* @return string contains pertinent date interval filter for mysql query
*/
function sql_interval_string($table, $intervalType, $intervalValue, $dateTarget)
{
$dateSql = "";
// Collect the correct column label for date in the table
$date_label = collect_database_label('date', $table);
// Deal with interval
if (!empty($intervalType)) {
switch ($intervalType) {
case "year":
$dateSql = "AND (" . add_escape_custom($date_label) . " BETWEEN DATE_SUB('" . add_escape_custom($dateTarget) . "', INTERVAL " . add_escape_custom($intervalValue) . " YEAR) AND '" . add_escape_custom($dateTarget) . "') ";
break;
case "month":
$dateSql = "AND (" . add_escape_custom($date_label) . " BETWEEN DATE_SUB('" . add_escape_custom($dateTarget) . "', INTERVAL " . add_escape_custom($intervalValue) . " MONTH) AND '" . add_escape_custom($dateTarget) . "') ";
break;
case "week":
$dateSql = "AND (" . add_escape_custom($date_label) . " BETWEEN DATE_SUB('" . add_escape_custom($dateTarget) . "', INTERVAL " . add_escape_custom($intervalValue) . " WEEK) AND '" . add_escape_custom($dateTarget) . "') ";
break;
case "day":
$dateSql = "AND (" . add_escape_custom($date_label) . " BETWEEN DATE_SUB('" . add_escape_custom($dateTarget) . "', INTERVAL " . add_escape_custom($intervalValue) . " DAY) AND '" . add_escape_custom($dateTarget) . "') ";
break;
case "hour":
$dateSql = "AND (" . add_escape_custom($date_label) . " BETWEEN DATE_SUB('" . add_escape_custom($dateTarget) . "', INTERVAL " . add_escape_custom($intervalValue) . " HOUR) AND '" . add_escape_custom($dateTarget) . "') ";
break;
case "minute":
$dateSql = "AND (" . add_escape_custom($date_label) . " BETWEEN DATE_SUB('" . add_escape_custom($dateTarget) . "', INTERVAL " . add_escape_custom($intervalValue) . " MINUTE) AND '" . add_escape_custom($dateTarget) . "') ";
break;
case "second":
$dateSql = "AND (" . add_escape_custom($date_label) . " BETWEEN DATE_SUB('" . add_escape_custom($dateTarget) . "', INTERVAL " . add_escape_custom($intervalValue) . " SECOND) AND '" . add_escape_custom($dateTarget) . "') ";
break;
case "flu_season":
// Flu season to be hard-coded as September thru February
// (Should make this modifiable in the future)
// ($intervalValue is not used)
$dateArray = explode("-", $dateTarget);
$Year = $dateArray[0];
$dateThisYear = $Year . "-09-01";
$dateLastYear = $Year - 1 . "-09-01";
$dateSql = " " . "AND ((" . "MONTH('" . add_escape_custom($dateTarget) . "') < 9 " . "AND " . add_escape_custom($date_label) . " >= '" . $dateLastYear . "' ) " . "OR (" . "MONTH('" . add_escape_custom($dateTarget) . "') >= 9 " . "AND " . add_escape_custom($date_label) . " >= '" . $dateThisYear . "' ))" . "AND " . add_escape_custom($date_label) . " <= '" . add_escape_custom($dateTarget) . "' ";
break;
}
} else {
$dateSql = "AND " . add_escape_custom($date_label) . " <= '" . add_escape_custom($dateTarget) . "' ";
}
// return the sql interval string
return $dateSql;
}
echo "</div></td></tr>";
}
}
++$ix;
}
?>
</table> <!-- end patient_stats_issues -->
<table id="patient_stats_spreadsheets">
<?php
// Show spreadsheet forms if any are present.
//
$need_head = true;
foreach (array('treatment_protocols', 'injury_log') as $formname) {
if (sqlNumRows(sqlStatement("SHOW TABLES LIKE ?", array("form_" . $formname))) > 0) {
$dres = sqlStatement("SELECT tp.id, tp.value FROM forms, " . "form_" . add_escape_custom($formname) . " AS tp WHERE forms.pid = ? AND " . "forms.formdir = ? AND tp.id = forms.form_id AND " . "tp.rownbr = -1 AND tp.colnbr = -1 AND tp.value LIKE '0%' " . "ORDER BY tp.value DESC", array($pid, $formname));
if (sqlNumRows($dres) > 0 && $need_head) {
$need_head = false;
echo " <tr>\n";
echo " <td colspan='{$numcols}' valign='top'>\n";
echo " <span class='title'>Injury Log</span>\n";
echo " </td>\n";
echo " </tr>\n";
}
while ($row = sqlFetchArray($dres)) {
list($completed, $start_date, $template_name) = explode('|', $row['value'], 3);
echo " <tr>\n";
echo " <td colspan='{$numcols}'> ";
echo "<a class='link' href='javascript:;' ";
echo "onclick='load_location(\"../../forms/{$formname}/new.php?popup=1&id=";
echo htmlspecialchars($row['id'], ENT_QUOTES) . "\")'>" . htmlspecialchars($start_date, ENT_NOQUOTES) . " " . htmlspecialchars($template_name, ENT_NOQUOTES) . "</a></td>\n";
$height = $_POST['height'];
$temperature = $_POST['temperature'];
$temp_method = $_POST['temp_method'];
$pulse = $_POST['pulse'];
$respiration = $_POST['respiration'];
$note = $_POST['note'];
$BMI = $_POST['BMI'];
$BMI_status = $_POST['BMI_status'];
$waist_circ = $_POST['waist_circ'];
$head_circ = $_POST['head_circ'];
$oxygen_saturation = $_POST['oxygen_saturation'];
if ($userId = validateToken($token)) {
$user = getUsername($userId);
$acl_allow = acl_check('encounters', 'auth_a', $user);
if ($acl_allow) {
$strQuery = "UPDATE `form_vitals` SET \n `date`='" . add_escape_custom($date) . "',\n `pid`='" . add_escape_custom($patientId) . "',\n `user`='" . add_escape_custom($user) . "',\n `groupname`='" . add_escape_custom($groupname) . "',\n `authorized`='" . add_escape_custom($authorized) . "',\n `activity`='" . add_escape_custom($activity) . "',\n `bps`='" . add_escape_custom($bps) . "',\n `bpd`='" . add_escape_custom($bpd) . "',\n `weight`='" . add_escape_custom($weight) . "',\n `height`='" . add_escape_custom($height) . "',\n `temperature`='" . add_escape_custom($temperature) . "',\n `temp_method`='" . add_escape_custom($temp_method) . "',\n `pulse`='" . add_escape_custom($pulse) . "',\n `respiration`='" . add_escape_custom($respiration) . "',\n `note`='" . add_escape_custom($note) . "',\n `BMI`='" . add_escape_custom($BMI) . "',\n `BMI_status`='" . add_escape_custom($BMI_status) . "',\n `waist_circ`='" . add_escape_custom($waist_circ) . "',\n `head_circ`='" . add_escape_custom($head_circ) . "',\n `oxygen_saturation`='" . add_escape_custom($oxygen_saturation) . "' \n WHERE id = ?";
$result = sqlStatement($strQuery, array($vital_id));
if ($result !== FALSE) {
$xml_array['status'] = 0;
$xml_array['reason'] = 'Visit vital update successfully';
} else {
$xml_array['status'] = -1;
$xml_array['reason'] = 'Could not update isit vital';
}
} else {
$xml_string .= "<status>-2</status>\n";
$xml_string .= "<reason>You are not Authorized to perform this action</reason>\n";
}
} else {
$xml_array['status'] = -2;
$xml_array['reason'] = 'Invalid Token';
function lab_exchange_match_patient($externalId, $firstName, $middleName, $lastName, $dob, $gender, $ssn, $address)
{
$sql = "SELECT pid from patient_data WHERE ";
$where = "";
/*
// Search for pid and return if pid match with $externalId(from lab API)
if ($externalId != "") {
$where .= "pid = '".add_escape_custom($externalId)."' " ;
$res = sqlQuery($sql . $where);
if ($res['pid']) {
return $res['pid'];
}
else {
$where = "";
}
}
*/
// If empty $externalId or externalId no matched
if (preg_replace("/[:space:]/", "", $firstName) != "") {
$where .= "fname = '" . add_escape_custom($firstName) . "' ";
}
if (preg_replace("/[:space:]/", "", $lastName) != "") {
if ($where != "") {
$where .= "AND ";
}
$where .= "lname = '" . add_escape_custom($lastName) . "' ";
}
// if (ereg_replace("[:space:]", "", $middleName) != ""){
// if ($where != "") $where .= "AND ";
// $where .= "mname = '".add_escape_custom($middleName)."' " ;
// }
if (preg_replace("/[:space:]/", "", $dob) != "") {
if ($where != "") {
$where .= "AND ";
}
$where .= "DOB = DATE_FORMAT('" . add_escape_custom($dob) . "', '%Y-%m-%d') ";
}
if (preg_replace("/[:space:]/", "", $gender) != "") {
if ($gender == "F") {
$sex = "Female";
}
if ($gender == "M") {
$sex = "Male";
}
if (isset($sex)) {
if ($where != "") {
$where .= "AND ";
}
$where .= "(sex = '" . add_escape_custom($sex) . "' OR sex = '" . add_escape_custom($gender) . "')";
}
}
if (preg_replace("/[:space:]/", "", $ssn) != "") {
if ($where != "") {
$where .= "AND ";
}
// Change to xxx-xx-xxxx format.
$ss = substr($ssn, 0, 3) . "-" . substr($ssn, 3, 2) . "-" . substr($ssn, 5);
$where .= "(ss = '" . add_escape_custom($ssn) . "' OR ss = '" . add_escape_custom($ss) . "' OR ss = '')";
}
if ($where == "") {
return false;
} else {
$res = sqlQuery($sql . $where);
if ($res['pid']) {
return $res['pid'];
} else {
return false;
}
}
}
// $count = 0;
$sqlBindArray = array();
$from = "FROM form_encounter AS fe " . "JOIN forms AS f ON f.pid = fe.pid AND f.encounter = fe.encounter AND " . "f.formdir = 'newpatient' AND f.deleted = 0 ";
if ($issue) {
$from .= "JOIN issue_encounter AS ie ON ie.pid = ? AND " . "ie.list_id = ? AND ie.encounter = fe.encounter ";
array_push($sqlBindArray, $pid, $issue);
}
$from .= "LEFT JOIN users AS u ON u.id = fe.provider_id WHERE fe.pid = ? ";
$sqlBindArray[] = $pid;
$query = "SELECT fe.*, f.user, u.fname, u.mname, u.lname " . $from . "ORDER BY fe.date DESC, fe.id DESC";
$countQuery = "SELECT COUNT(*) as c " . $from;
$countRes = sqlStatement($countQuery, $sqlBindArray);
$count = sqlFetchArray($countRes);
$numRes = $count['c'];
if ($pagesize > 0) {
$query .= " LIMIT " . add_escape_custom($pagestart) . "," . add_escape_custom($pagesize);
}
$upper = $pagestart + $pagesize;
if ($upper > $numRes || $pagesize == 0) {
$upper = $numRes;
}
if ($pagesize > 0 && $pagestart > 0) {
generatePageElement($pagestart - $pagesize, $pagesize, $billing_view, $issue, "⇐" . htmlspecialchars(xl("Prev"), ENT_NOQUOTES) . " ");
}
echo $pagestart + 1 . "-" . $upper . " " . htmlspecialchars(xl('of'), ENT_NOQUOTES) . " " . $numRes;
if ($pagesize > 0 && $pagestart + $pagesize <= $numRes) {
generatePageElement($pagestart + $pagesize, $pagesize, $billing_view, $issue, " " . htmlspecialchars(xl("Next"), ENT_NOQUOTES) . "⇒");
}
$res4 = sqlStatement($query, $sqlBindArray);
if ($billing_view && $accounting_enabled && !$INTEGRATED_AR) {
SLConnect();
//setup for display of encounter date info
$encounter_count = 0;
$day_diff = '';
$last_date_seen = '';
$next_appt_date = '';
$pid = '';
// calculate date differences based on date of last encounter with billing entries
$query = "select DATE_FORMAT(max(form_encounter.date),'%m/%d/%y') as mydate," . " (to_days(current_date())-to_days(max(form_encounter.date))) as day_diff," . " DATE_FORMAT(max(form_encounter.date) + interval " . add_escape_custom($add_days) . " day,'%m/%d/%y') as next_appt, dayname(max(form_encounter.date) + interval " . add_escape_custom($add_days) . " day) as next_appt_day from form_encounter " . "join billing on billing.encounter = form_encounter.encounter and " . "billing.pid = form_encounter.pid and billing.activity = 1 and " . "billing.code_type not like 'COPAY' where " . "form_encounter.pid = ?";
$statement = sqlStatement($query, array($iter["pid"]));
if ($results = sqlFetchArray($statement)) {
$last_date_seen = $results['mydate'];
$day_diff = $results['day_diff'];
$next_appt_date = $results['next_appt_day'] . ', ' . $results['next_appt'];
}
// calculate date differences based on date of last encounter regardless of billing
$query = "select DATE_FORMAT(max(form_encounter.date),'%m/%d/%y') as mydate," . " (to_days(current_date())-to_days(max(form_encounter.date))) as day_diff," . " DATE_FORMAT(max(form_encounter.date) + interval " . add_escape_custom($add_days) . " day,'%m/%d/%y') as next_appt, dayname(max(form_encounter.date) + interval " . add_escape_custom($add_days) . " day) as next_appt_day from form_encounter " . " where form_encounter.pid = ?";
$statement = sqlStatement($query, array($iter["pid"]));
if ($results = sqlFetchArray($statement)) {
$last_date_seen = $results['mydate'];
$day_diff = $results['day_diff'];
$next_appt_date = $results['next_appt_day'] . ', ' . $results['next_appt'];
}
//calculate count of encounters by distinct billing dates with cpt4
//entries
$query = "select count(distinct date) as encounter_count " . " from billing " . " where code_type not like 'COPAY' and activity = 1 " . " and pid = ?";
$statement = sqlStatement($query, array($iter["pid"]));
if ($results = sqlFetchArray($statement)) {
$encounter_count_billed = $results['encounter_count'];
}
// calculate count of encounters, regardless of billing
$query = "select count(date) as encounter_count " . " from form_encounter where " . " pid = ?";
function getQRDAPatientNeedInfo($patArr)
{
//Defining Array elements
//Gender
$genderArr = array();
$genderArr['Male'] = 0;
$genderArr['Female'] = 0;
$genderArr['Unknown'] = 0;
//Race
$raceArr = array();
$raceArr['American Indian or Alaska Native'] = 0;
$raceArr['Asian'] = 0;
$raceArr['Black or African American'] = 0;
$raceArr['Native Hawaiian or Other Pacific Islander'] = 0;
$raceArr['White'] = 0;
$raceArr['Other'] = 0;
//Ethnicity
$ethincityArr = array();
$ethincityArr['Not Hispanic or Latino'] = 0;
$ethincityArr['Hispanic or Latino'] = 0;
$mainArr = array();
if (count($patArr) > 0) {
$patRes = sqlStatement("SELECT pid, sex, race, ethnicity FROM patient_data WHERE pid IN (" . add_escape_custom(implode(",", $patArr)) . ")");
while ($patRow = sqlFetchArray($patRes)) {
//Gender Collection
if ($patRow['sex'] == "Male") {
$genderArr['Male']++;
} else {
if ($patRow['sex'] == "Female") {
$genderArr['Female']++;
} else {
$genderArr['Unknown']++;
}
}
//Race Section
if ($patRow['race'] == "amer_ind_or_alaska_native") {
$raceArr['American Indian or Alaska Native']++;
} else {
if ($patRow['race'] == "Asian") {
$raceArr['Asian']++;
} else {
if ($patRow['race'] == "black_or_afri_amer") {
$raceArr['Black or African American']++;
} else {
if ($patRow['race'] == "native_hawai_or_pac_island") {
$raceArr['Native Hawaiian or Other Pacific Islander']++;
} else {
if ($patRow['race'] == "white") {
$raceArr['White']++;
} else {
if ($patRow['race'] == "Asian_Pacific_Island") {
$raceArr['Other']++;
} else {
if ($patRow['race'] == "Black_not_of_Hispan") {
$raceArr['Other']++;
} else {
if ($patRow['race'] == "Hispanic") {
$raceArr['Other']++;
} else {
if ($patRow['race'] == "White_not_of_Hispan") {
$raceArr['Other']++;
} else {
$raceArr['Other']++;
}
}
}
}
}
}
}
}
}
if ($patRow['ethnicity'] == "hisp_or_latin") {
$ethincityArr['Hispanic or Latino']++;
} else {
if ($patRow['ethnicity'] == "not_hisp_or_latin") {
$ethincityArr['Not Hispanic or Latino']++;
}
}
}
}
$mainArr['gender'] = $genderArr;
$mainArr['race'] = $raceArr;
$mainArr['ethnicity'] = $ethincityArr;
return $mainArr;
}
/**
* Lookup Code Descriptions for one or more billing codes.
*
* Function is able to lookup code descriptions from a variety of code sets. See the 'external'
* items in the comments at top of this page for a listing of the code sets supported.
*
* @param string $codes Is of the form "type:code;type:code; etc.".
* @param string $desc_detail Can choose either the normal description('code_text') or the brief description('code_text_short').
* @return string Is of the form "description;description; etc.".
*/
function lookup_code_descriptions($codes, $desc_detail = "code_text")
{
global $code_types, $code_external_tables;
// ensure $desc_detail is set properly
if ($desc_detail != "code_text" && $desc_detail != "code_text_short") {
$desc_detail = "code_text";
}
$code_text = '';
if (!empty($codes)) {
$relcodes = explode(';', $codes);
foreach ($relcodes as $codestring) {
if ($codestring === '') {
continue;
}
list($codetype, $code) = explode(':', $codestring);
$table_id = $code_types[$codetype]['external'];
if (isset($code_external_tables[$table_id])) {
$table_info = $code_external_tables[$table_id];
$table_name = $table_info[EXT_TABLE_NAME];
$code_col = $table_info[EXT_COL_CODE];
$desc_col = $table_info[DISPLAY_DESCRIPTION] == "" ? $table_info[EXT_COL_DESCRIPTION] : $table_info[DISPLAY_DESCRIPTION];
$desc_col_short = $table_info[DISPLAY_DESCRIPTION] == "" ? $table_info[EXT_COL_DESCRIPTION_BRIEF] : $table_info[DISPLAY_DESCRIPTION];
$sqlArray = array();
$sql = "SELECT " . $desc_col . " as code_text," . $desc_col_short . " as code_text_short FROM " . $table_name;
// include the "JOINS" so that we get the preferred term instead of the FullySpecifiedName when appropriate.
foreach ($table_info[EXT_JOINS] as $join_info) {
$join_table = $join_info[JOIN_TABLE];
$check_table = sqlQuery("SHOW TABLES LIKE '" . $join_table . "'");
if (empty($check_table)) {
HelpfulDie("Missing join table in code set search:" . $join_table);
}
$sql .= " INNER JOIN " . $join_table;
$sql .= " ON ";
$not_first = false;
foreach ($join_info[JOIN_FIELDS] as $field) {
if ($not_first) {
$sql .= " AND ";
}
$sql .= $field;
$not_first = true;
}
}
$sql .= " WHERE ";
// Start building up the WHERE clause
// When using the external codes table, we have to filter by the code_type. (All the other tables only contain one type)
if ($table_id == 0) {
$sql .= " code_type = '" . add_escape_custom($code_types[$codetype]['id']) . "' AND ";
}
// Specify the code in the query.
$sql .= $table_name . "." . $code_col . "=? ";
array_push($sqlArray, $code);
// We need to include the filter clauses
// For SNOMED and SNOMED-CT this ensures that we get the Preferred Term or the Fully Specified Term as appropriate
// It also prevents returning "inactive" results
foreach ($table_info[EXT_FILTER_CLAUSES] as $filter_clause) {
$sql .= " AND " . $filter_clause;
}
// END building the WHERE CLAUSE
if ($table_info[EXT_VERSION_ORDER]) {
$sql .= " ORDER BY " . $table_info[EXT_VERSION_ORDER];
}
$sql .= " LIMIT 1";
$crow = sqlQuery($sql, $sqlArray);
if (!empty($crow[$desc_detail])) {
if ($code_text) {
$code_text .= '; ';
}
$code_text .= $crow[$desc_detail];
}
} else {
//using an external code that is not yet supported, so skip.
}
}
}
return $code_text;
}