/** * postcalendar_userapi_pcQueryEvents * INPUT * $args = Array of values possibly containing: * $provider_id = array of provider ID numbers * * Returns an array containing the event's information * @params array(key=>value) * @params string key eventstatus * @params int value -1 == hidden ; 0 == queued ; 1 == approved * @return array $events[][] */ function &postcalendar_userapi_pcQueryEvents($args) { $end = '0000-00-00'; extract($args); // echo "<!-- args = "; print_r($args); echo " -->\n"; // debugging // $pc_username = pnVarCleanFromInput('pc_username'); $pc_username = $_SESSION['pc_username']; // from Michael Brinson 2006-09-19 if (empty($pc_username) || is_array($pc_username)) { $pc_username = "******"; } //echo "DEBUG pc_username: $pc_username \n"; // debugging $topic = pnVarCleanFromInput('pc_topic'); $category = pnVarCleanFromInput('pc_category'); if (!empty($pc_username) && strtolower($pc_username) != 'anonymous') { if ($pc_username == '__PC_ALL__' || $pc_username == -1) { $ruserid = -1; } else { $ruserid = getIDfromUser($pc_username); } } if (!isset($eventstatus)) { $eventstatus = 1; } // sanity check on eventstatus if ((int) $eventstatus < -1 || (int) $eventstatus > 1) { $eventstatus = 1; } if (!isset($start)) { $start = Date_Calc::dateNow('%Y-%m-%d'); } list($sy, $sm, $sd) = explode('-', $start); list($dbconn) = pnDBGetConn(); $pntable = pnDBGetTables(); // link to the events tables $table = $pntable['postcalendar_events']; $cattable = $pntable['postcalendar_categories']; $topictable = $pntable['postcalendar_topics']; $sql = "SELECT DISTINCT a.pc_eid, a.pc_informant, a.pc_catid, " . "a.pc_title, a.pc_time, a.pc_hometext, a.pc_eventDate, a.pc_duration, " . "a.pc_endDate, a.pc_startTime, a.pc_recurrtype, a.pc_recurrfreq, " . "a.pc_recurrspec, a.pc_topic, a.pc_alldayevent, a.pc_location, " . "a.pc_conttel, a.pc_contname, a.pc_contemail, a.pc_website, a.pc_fee, " . "a.pc_sharing, a.pc_prefcatid, b.pc_catcolor, b.pc_catname, " . "b.pc_catdesc, a.pc_pid, a.pc_apptstatus, a.pc_aid, " . "concat(u.fname,' ',u.lname) as provider_name, " . "concat(pd.lname,', ',pd.fname) as patient_name, " . "concat(u2.fname, ' ', u2.lname) as owner_name, " . "DOB as patient_dob, a.pc_facility, pd.pubpid " . "FROM ( {$table} AS a ) " . "LEFT JOIN {$cattable} AS b ON b.pc_catid = a.pc_catid " . "LEFT JOIN users as u ON a.pc_aid = u.id " . "LEFT JOIN users as u2 ON a.pc_aid = u2.id " . "LEFT JOIN patient_data as pd ON a.pc_pid = pd.pid " . "WHERE a.pc_eventstatus = {$eventstatus} " . "AND ((a.pc_endDate >= '{$start}' AND a.pc_eventDate <= '{$end}') OR " . "(a.pc_endDate = '0000-00-00' AND a.pc_eventDate >= '{$start}' AND " . "a.pc_eventDate <= '{$end}')) "; //================================== //FACILITY FILTERING (lemonsoftware)(CHEMED) if ($_SESSION['pc_facility']) { $pc_facility = $_SESSION['pc_facility']; $sql .= " AND a.pc_facility = {$pc_facility} "; /* AND u.facility_id = $pc_facility AND u2.facility_id = $pc_facility "; */ } else { if ($pc_facility) { // pc_facility could be provided in the search arguments -- JRM March 2008 $sql .= " AND a.pc_facility = {$pc_facility} "; /*. " AND u.facility_id = $pc_facility". " AND u2.facility_id = $pc_facility "; */ } } //EOS FACILITY FILTERING (lemonsoftware) //================================== // The above 3 lines replaced these: // AND (a.pc_endDate >= '$start' OR a.pc_endDate = '0000-00-00') // AND a.pc_eventDate <= '$end' "; if (!empty($providerID)) { $ruserid = $providerID; } // eliminate ruserid if we're trying to query by provider_id -- JRM if (!empty($provider_id)) { unset($ruserid); } if (isset($ruserid)) { // get all events for the specified username if ($ruserid == -1) { $sql .= "AND (a.pc_sharing = '" . SHARING_BUSY . "' "; $sql .= "OR a.pc_sharing = '" . SHARING_PUBLIC . "') "; } else { $sql .= "AND a.pc_aid IN (0, " . $ruserid . ") "; } } elseif (!pnUserLoggedIn()) { // get all events for anonymous users $sql .= "AND a.pc_sharing = '" . SHARING_GLOBAL . "' "; } elseif (!empty($provider_id)) { // get all events for a variety of provider IDs -- JRM if ($provider_id[0] != "_ALL_") { /**add all the events from the clinic provider id = 0*/ $sql .= "AND a.pc_aid in (0," . implode(",", $provider_id) . ") "; } } else { // get all events for logged in user plus global events $sql .= "AND (a.pc_aid IN (0," . $_SESSION['authUserID'] . ") OR a.pc_sharing = '" . SHARING_GLOBAL . "') "; } //====================================================================== // START SEARCH FUNCTIONALITY //====================================================================== if (!empty($s_keywords)) { $sql .= "AND ({$s_keywords}) "; } if (!empty($s_category)) { $sql .= "AND ({$s_category}) "; } if (!empty($s_topic)) { $sql .= "AND ({$s_topic}) "; } if (!empty($category)) { $sql .= "AND (a.pc_catid = '" . pnVarPrepForStore($category) . "') "; } if (!empty($topic)) { $sql .= "AND (a.pc_topic = '" . pnVarPrepForStore($topic) . "') "; } //====================================================================== // Search sort and limitation //====================================================================== if (empty($sort)) { $sql .= "GROUP BY a.pc_eid ORDER BY a.pc_time DESC"; } else { $sql .= "GROUP BY a.pc_eid ORDER BY a.{$sort}"; } //====================================================================== // END SEARCH FUNCTIONALITY //====================================================================== //echo "<br>sq: $sql<br />"; // echo "<!-- " . $sql . " -->\n"; // debugging $result = $dbconn->Execute($sql); if ($dbconn->ErrorNo() != 0) { die($dbconn->ErrorMsg()); } // put the information into an array for easy access $events = array(); // return an empty array if we don't have any results if (!isset($result)) { return $events; } for ($i = 0; !$result->EOF; $result->MoveNext()) { // WHY are we using an array for intermediate storage??? -- Rod // get the results from the query if (isset($tmp)) { unset($tmp); } $tmp = array(); list($tmp['eid'], $tmp['uname'], $tmp['catid'], $tmp['title'], $tmp['time'], $tmp['hometext'], $tmp['eventDate'], $tmp['duration'], $tmp['endDate'], $tmp['startTime'], $tmp['recurrtype'], $tmp['recurrfreq'], $tmp['recurrspec'], $tmp['topic'], $tmp['alldayevent'], $tmp['location'], $tmp['conttel'], $tmp['contname'], $tmp['contemail'], $tmp['website'], $tmp['fee'], $tmp['sharing'], $tmp['prefcatid'], $tmp['catcolor'], $tmp['catname'], $tmp['catdesc'], $tmp['pid'], $tmp['apptstatus'], $tmp['aid'], $tmp['provider_name'], $tmp['patient_name'], $tmp['owner_name'], $tmp['patient_dob'], $tmp['facility'], $tmp['pubpid']) = $result->fields; // grab the name of the topic $topicname = pcGetTopicName($tmp['topic']); // get the user id of event's author $cuserid = @$nuke_users[strtolower($tmp['uname'])]; // check the current event's permissions // the user does not have permission to view this event // if any of the following evaluate as false if (!pnSecAuthAction(0, 'PostCalendar::Event', "{$tmp['title']}::{$tmp['eid']}", ACCESS_OVERVIEW)) { continue; } elseif (!pnSecAuthAction(0, 'PostCalendar::Category', "{$tmp['catname']}::{$tmp['catid']}", ACCESS_OVERVIEW)) { continue; } elseif (!pnSecAuthAction(0, 'PostCalendar::User', "{$tmp['uname']}::{$cuserid}", ACCESS_OVERVIEW)) { continue; } elseif (!pnSecAuthAction(0, 'PostCalendar::Topic', "{$topicname}::{$tmp['topic']}", ACCESS_OVERVIEW)) { continue; } elseif ($tmp['sharing'] == SHARING_PRIVATE && $cuserid != $userid) { continue; } // add event to the array if we passed the permissions check // this is the common information $events[$i]['intervals'] = $tmp['duration'] / 60 / $GLOBALS['day_calandar_interval']; //sets the number of rows this event should span $events[$i]['eid'] = $tmp['eid']; $events[$i]['uname'] = $tmp['uname']; $events[$i]['uid'] = $cuserid; $events[$i]['catid'] = $tmp['catid']; $events[$i]['time'] = $tmp['time']; $events[$i]['eventDate'] = $tmp['eventDate']; $events[$i]['duration'] = $tmp['duration']; // there has to be a more intelligent way to do this @(list($events[$i]['duration_hours'], $dmin) = @explode('.', $tmp['duration'] / 60 / 60)); $events[$i]['duration_minutes'] = substr(sprintf('%.2f', '.' . 60 * ($dmin / 100)), 2, 2); //'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' $events[$i]['endDate'] = $tmp['endDate']; $events[$i]['startTime'] = $tmp['startTime']; $events[$i]['recurrtype'] = $tmp['recurrtype']; $events[$i]['recurrfreq'] = $tmp['recurrfreq']; $events[$i]['recurrspec'] = $tmp['recurrspec']; $events[$i]['topic'] = $tmp['topic']; $events[$i]['alldayevent'] = $tmp['alldayevent']; $events[$i]['catcolor'] = $tmp['catcolor']; // Modified 06-2009 by BM to translate the category if applicable $events[$i]['catname'] = xl_appt_category($tmp['catname']); $events[$i]['catdesc'] = $tmp['catdesc']; $events[$i]['pid'] = $tmp['pid']; $events[$i]['apptstatus'] = $tmp['apptstatus']; $events[$i]['pubpid'] = $tmp['pubpid']; $events[$i]['patient_name'] = $tmp['patient_name']; $events[$i]['provider_name'] = $tmp['provider_name']; $events[$i]['owner_name'] = $tmp['owner_name']; $events[$i]['patient_dob'] = $tmp['patient_dob']; $events[$i]['patient_age'] = getPatientAge($tmp['patient_dob']); $events[$i]['facility'] = getFacility($tmp['facility']); $events[$i]['sharing'] = $tmp['sharing']; $events[$i]['prefcatid'] = $tmp['prefcatid']; $events[$i]['aid'] = $tmp['aid']; $events[$i]['topictext'] = $topicname; $events[$i]['intervals'] = ceil($tmp['duration'] / 60 / $GLOBALS['calendar_interval']); if ($events[$i]['intervals'] == 0) { $events[$i]['intervals'] = 1; } // is this a public event to be shown as busy? if ($tmp['sharing'] == SHARING_BUSY && $cuserid != $userid) { // make it not display any information $events[$i]['title'] = _USER_BUSY_TITLE; $events[$i]['hometext'] = _USER_BUSY_MESSAGE; $events[$i]['desc'] = _USER_BUSY_MESSAGE; $events[$i]['conttel'] = ''; $events[$i]['contname'] = ''; $events[$i]['contemail'] = ''; $events[$i]['website'] = ''; $events[$i]['fee'] = ''; $events[$i]['location'] = ''; $events[$i]['street1'] = ''; $events[$i]['street2'] = ''; $events[$i]['city'] = ''; $events[$i]['state'] = ''; $events[$i]['postal'] = ''; } else { $display_type = substr($tmp['hometext'], 0, 6); if ($display_type == ':text:') { $prepFunction = 'pcVarPrepForDisplay'; $tmp['hometext'] = substr($tmp['hometext'], 6); } elseif ($display_type == ':html:') { $prepFunction = 'pcVarPrepHTMLDisplay'; $tmp['hometext'] = substr($tmp['hometext'], 6); } else { $prepFunction = 'pcVarPrepHTMLDisplay'; } unset($display_type); $events[$i]['title'] = $prepFunction($tmp['title']); $events[$i]['hometext'] = $prepFunction($tmp['hometext']); $events[$i]['desc'] = $events[$i]['hometext']; $events[$i]['conttel'] = $prepFunction($tmp['conttel']); $events[$i]['contname'] = $prepFunction($tmp['contname']); $events[$i]['contemail'] = $prepFunction($tmp['contemail']); $events[$i]['website'] = $prepFunction(postcalendar_makeValidURL($tmp['website'])); $events[$i]['fee'] = $prepFunction($tmp['fee']); $loc = unserialize($tmp['location']); $events[$i]['location'] = $prepFunction($loc['event_location']); $events[$i]['street1'] = $prepFunction($loc['event_street1']); $events[$i]['street2'] = $prepFunction($loc['event_street2']); $events[$i]['city'] = $prepFunction($loc['event_city']); $events[$i]['state'] = $prepFunction($loc['event_state']); $events[$i]['postal'] = $prepFunction($loc['event_postal']); } $i++; } unset($tmp); $result->Close(); return $events; }
echo '<form method="POST" action="map-i.php"> <DIV style="position:absolute; top : 480px ; left : 950px ; "> <button type="button" onclick="clickIcon(8)" data-toggle="modal" data-target="#myModal" name="TC3"><img src="doushisha_icon.png" width="30px" height="30px" border="0"></button> </DIV> </form>'; break; case 5: break; case 6: break; default: break; } } $event = getevent($db); $facility = getFacility($db); function getEventFromFacility($pdo, $fac_id) { $sql = "SELECT * FROM event WHERE `fac_id` = :fac_id"; $statement = $pdo->prepare($sql); $statement->bindValue(':fac_id', $fac_id, PDO::PARAM_INT); $statement->execute(); if ($rows = $statement->fetch(PDO::FETCH_ASSOC)) { return $rows; } else { return false; } } function getEventNum($pdo) { $sql = "SELECT id FROM event ORDER BY `id` DESC LIMIT 1";
} $frrow = sqlQuery("SELECT * FROM users WHERE id = ?", array($trow['refer_from'])); if (empty($frrow)) { $frrow = array(); } $torow = sqlQuery("SELECT * FROM users WHERE id = ?", array($trow['refer_to'])); if (empty($torow)) { $torow = array('organization' => '', 'street' => '', 'city' => '', 'state' => '', 'zip' => '', 'phone' => ''); } $vrow = sqlQuery("SELECT * FROM form_vitals WHERE " . "pid = ? AND date <= ? " . "ORDER BY date DESC LIMIT 1", array($patient_id, $refer_date . " 23:59:59")); if (empty($vrow)) { $vrow = array('bps' => '', 'bpd' => '', 'weight' => '', 'height' => ''); } // $facrow = sqlQuery("SELECT name, facility_npi FROM facility ORDER BY " . // "service_location DESC, billing_location DESC, id ASC LIMIT 1"); $facrow = getFacility(-1); // Make some items HTML-friendly if they are empty. if (empty($trow['id'])) { $trow['id'] = ' '; } if (empty($patient_id)) { $patient_id = ' '; } if (empty($facrow['facility_npi'])) { $facrow['facility_npi'] = ' '; } $s = ''; $fh = fopen($template_file, 'r'); while (!feof($fh)) { $s .= fread($fh, 8192); }