$hipaa = array(xl('NO'), xl('YES'));
$sort_by = array(xl('Zip Code') => 'patient_data.postal_code', xl('Last Name') => 'patient_data.lname', xl('Appointment Date') => 'last_ap');
// process form
if ($_POST['form_action'] == 'Process') {
//validation uses the functions in batchcom.inc.php
//validate dates
if (!check_date_format($_POST['app_s'])) {
$form_err .= xl('Date format for "appointment start" is not valid', '', '<br>');
}
if (!check_date_format($_POST['app_e'])) {
$form_err .= xl('Date format for "appointment end" is not valid', '', '<br>');
}
if (!check_date_format($_POST['seen_since'])) {
$form_err .= xl('Date format for "seen since" is not valid', '', '<br>');
}
if (!check_date_format($_POST['not_seen_since'])) {
$form_err .= xl('Date format for "not seen since" is not valid', '', '<br>');
}
// validate numbers
if (!check_age($_POST['age_from'])) {
$form_err .= xl('Age format for "age from" is not valid', '', '<br>');
}
if (!check_age($_POST['age_upto'])) {
$form_err .= xl('Age format for "age up to" is not valid', '', '<br>');
}
// validate selections
if (!check_select($_POST['gender'], $gender)) {
$form_err .= xl('Error in "Gender" selection', '', '<br>');
}
if (!check_select($_POST['process_type'], $choices)) {
$form_err .= xl('Error in "Process" selection', '', '<br>');
$provider_name = "EMR Group";
$message = "Welcome to EMR Group";
$type = "Email";
$email_sender = "EMR Group";
$email_subject = "Welcome to EMR Group";
// process form
if ($_POST['form_action'] == 'Save') {
//validation uses the functions in notification.inc.php
if ($_POST['email_sender'] == "") {
$form_err .= xl('Empty value in "Email Sender"', '', '<br>');
}
if ($_POST['email_subject'] == "") {
$form_err .= xl('Empty value in "Email Subject"', '', '<br>');
}
//validate dates
if (!check_date_format($_POST['next_app_date'])) {
$form_err .= xl('Date format for "Next Appointment" is not valid', '', '<br>');
}
// validates and or
if ($_POST['provider_name'] == "") {
$form_err .= xl('Empty value in "Name of Provider"', '', '<br>');
}
if ($_POST['message'] == "") {
$form_err .= xl('Empty value in "Email Text"', '', '<br>');
}
//process sql
if (!$form_err) {
$next_app_time = $_POST[hour] . ":" . $_POST['min'];
$sql_text = " ( `notification_id` , `sms_gateway_type` , `next_app_date` , `next_app_time` , `provider_name` , `message` , `email_sender` , `email_subject` , `type` ) ";
$sql_value = " ( '" . $_POST[notification_id] . "' , '" . $_POST[sms_gateway_type] . "' , '" . $_POST[next_app_date] . "' , '" . $next_app_time . "' , '" . $_POST[provider_name] . "' , '" . $_POST[message] . "' , '" . $_POST[email_sender] . "' , '" . $_POST[email_subject] . "' , '" . $type . "' ) ";
$query = "REPLACE INTO `automatic_notification` {$sql_text} VALUES {$sql_value}";
<?php
require_once "./header.php";
logged_in_only();
$message = '';
if (isset($_POST['settings_apply'])) {
$settings = array('root_folder_name' => set_post_foldername("settings_root_folder_name"), 'column_width_folder' => check_num_var("settings_column_width_folder"), 'column_width_bookmark' => check_num_var("settings_column_width_bookmark"), 'table_height' => check_num_var("settings_table_height"), 'confirm_delete' => set_post_bool_var("settings_confirm_delete", false), 'open_new_window' => set_post_bool_var("settings_open_new_window", false), 'show_bookmark_description' => set_post_bool_var("settings_show_bookmark_description", false), 'show_bookmark_icon' => set_post_bool_var("settings_show_bookmark_icon", false), 'show_column_date' => set_post_bool_var("settings_show_column_date", false), 'date_format' => check_date_format(), 'show_column_edit' => set_post_bool_var("settings_show_column_edit", false), 'show_column_move' => set_post_bool_var("settings_show_column_move", false), 'show_column_delete' => set_post_bool_var("settings_show_column_delete", false), 'fast_folder_minus' => set_post_bool_var("settings_fast_folder_minus", false), 'fast_folder_plus' => set_post_bool_var("settings_fast_folder_plus", false), 'fast_symbol' => set_post_bool_var("settings_fast_symbol", false), 'simple_tree_mode' => set_post_bool_var("settings_simple_tree_mode", false), 'show_public' => set_post_bool_var("settings_show_public", false), 'theme' => set_post_string_var("settings_theme", ''));
$query = sprintf("UPDATE user SET\n\t\troot_folder_name\t\t\t='%s',\n\t\tcolumn_width_folder\t\t\t='%d',\n\t\tcolumn_width_bookmark\t\t='%d',\n\t\ttable_height\t\t\t\t='%d',\n\t\tconfirm_delete\t\t\t\t='%d',\n\t\topen_new_window\t\t\t\t='%d',\n\t\tshow_bookmark_description\t='%d',\n\t\tshow_bookmark_icon\t\t\t='%d',\n\t\tshow_column_date\t\t\t='%d',\n\t\tdate_format\t\t\t\t\t='%s',\n\t\tshow_column_edit\t\t\t='%d',\n\t\tshow_column_move\t\t\t='%d',\n\t\tshow_column_delete\t\t\t='%d',\n\t\tfast_folder_minus\t\t\t='%d',\n\t\tfast_folder_plus\t\t\t='%d',\n\t\tfast_symbol\t\t\t\t\t='%d',\n\t\tsimple_tree_mode\t\t\t='%d',\n\t\tshow_public\t\t\t\t\t='%d',\n\t\ttheme\t\t\t\t\t\t='%s'\n\t\tWHERE username='******'", $mysql->escape($settings['root_folder_name']), $settings['column_width_folder'], $settings['column_width_bookmark'], $settings['table_height'], $settings['confirm_delete'], $settings['open_new_window'], $settings['show_bookmark_description'], $settings['show_bookmark_icon'], $settings['show_column_date'], $mysql->escape($settings['date_format']), $settings['show_column_edit'], $settings['show_column_move'], $settings['show_column_delete'], $settings['fast_folder_minus'], $settings['fast_folder_plus'], $settings['fast_symbol'], $settings['simple_tree_mode'], $settings['show_public'], $mysql->escape($settings['theme']), $mysql->escape($username));
if ($mysql->query($query)) {
$message = "Settings applied.";
} else {
message($mysql->error);
}
}
# I really don't feel like putting these very specific function into lib.php...
function check_num_var($varname)
{
if (!is_numeric($_POST[$varname])) {
return 280;
} else {
if ($_POST[$varname] == 0 && $varname == "settings_column_width_bookmark") {
return 0;
} else {
if ($_POST[$varname] < 0) {
return 0;
} else {
if ($_POST[$varname] > 800) {
return 800;
} else {
return $_POST[$varname];
}
