function formDataCore($s, $isTrim = false)
{
//trim if selected
if ($isTrim) {
$s = trim($s);
}
//strip escapes
$s = strip_escape_custom($s);
//add escapes for safe database insertion
$s = add_escape_custom($s);
return $s;
}
/**
* Function that will display a patient finder widged, allowing
* the user to input search parameters to find a patient id.
*/
function find_action($form_id, $form_name, $pid)
{
$isPid = false;
//fix any magic quotes meddling
$form_id = strip_escape_custom($form_id);
$form_name = strip_escape_custom($form_name);
$pid = strip_escape_custom($pid);
//prevent javascript injection, whitespace and semi-colons are the worry
$form_id = preg_replace("/[^A-Za-z0-9\\[\\]\\_\\']/iS", "", urldecode($form_id));
$form_name = preg_replace("/[^A-Za-z0-9\\[\\]\\_\\']/iS", "", urldecode($form_name));
$this->assign('form_id', $form_id);
$this->assign('form_name', $form_name);
if (!empty($pid)) {
$isPid = true;
}
$this->assign('hidden_ispid', $isPid);
return $this->fetch($GLOBALS['template_dir'] . "patient_finder/" . $this->template_mod . "_find.html");
}
function persist()
{
$sql = "REPLACE INTO " . $_prefix . $this->_table . " SET ";
//echo "<br><br>";
$fields = sqlListFields($this->_table);
$db = get_db();
$pkeys = $db->MetaPrimaryKeys($this->_table);
foreach ($fields as $field) {
$func = "get_" . $field;
//echo "f: $field m: $func status: " . (is_callable(array($this,$func))? "yes" : "no") . "<br>";
if (is_callable(array($this, $func))) {
$val = call_user_func(array($this, $func));
//modified 01-2010 by BGM to centralize to formdata.inc.php
// have place several debug statements to allow standardized testing over next several months
if (!is_array($val)) {
//DEBUG LINE - error_log("ORDataObject persist before strip: ".$val, 0);
$val = strip_escape_custom($val);
//DEBUG LINE - error_log("ORDataObject persist after strip: ".$val, 0);
}
if (in_array($field, $pkeys) && empty($val)) {
$last_id = generate_id();
call_user_func(array(&$this, "set_" . $field), $last_id);
$val = $last_id;
}
if (!empty($val)) {
//echo "s: $field to: $val <br>";
//modified 01-2010 by BGM to centralize to formdata.inc.php
// have place several debug statements to allow standardized testing over next several months
$sql .= " `" . $field . "` = '" . add_escape_custom(strval($val)) . "',";
//DEBUG LINE - error_log("ORDataObject persist after escape: ".add_escape_custom(strval($val)), 0);
//DEBUG LINE - error_log("ORDataObject persist after escape and then stripslashes test: ".stripslashes(add_escape_custom(strval($val))), 0);
//DEBUG LINE - error_log("ORDataObject original before the escape and then stripslashes test: ".strval($val), 0);
}
}
}
if (strrpos($sql, ",") == strlen($sql) - 1) {
$sql = substr($sql, 0, strlen($sql) - 1);
}
//echo "<br>sql is: " . $sql . "<br /><br>";
sqlQuery($sql);
return true;
}
function populate_object(&$obj)
{
if (!is_object($obj)) {
$this->function_argument_error();
}
foreach ($_POST as $varname => $var) {
$varname = preg_replace("/[^A-Za-z0-9_]/", "", $varname);
$func = "set_" . $varname;
if (!(strpos("_", $varname) === 0) && is_callable(array($obj, $func))) {
//echo "c: $func on w: " . $var . "<br />";
//modified 01-2010 by BGM to centralize to formdata.inc.php
// have place several debug statements to allow standardized testing over next several months
if (!is_array($var)) {
//DEBUG LINE - error_log("Controller populate before strip: ".$var, 0);
$var = strip_escape_custom($var);
//DEBUG LINE - error_log("Controller populate after strip: ".$var, 0);
}
call_user_func_array(array(&$obj, $func), array($var, $_POST));
}
}
return true;
}
$plid = $_REQUEST['plid'] + 0;
// pid
$ymd = $_REQUEST['date'];
if (empty($ymd)) {
die("Internal error: date parameter is missing");
}
$date = substr($ymd, 0, 4) . '-' . substr($ymd, 4, 2) . '-' . substr($ymd, 6, 2);
$form_fitness = formData('form_fitness');
$form_issue = formData('form_issue') + 0;
$form_to = formData('form_to');
$form_note = empty($_POST['form_note']) ? '' : $_POST['form_note'];
$form_note = strip_escape_custom($form_note);
$form_am = empty($_POST['form_am']) ? '' : $_POST['form_am'];
$form_am = strip_escape_custom($form_am);
$form_pm = empty($_POST['form_pm']) ? '' : $_POST['form_pm'];
$form_pm = strip_escape_custom($form_pm);
function gen_list_options($list_id, $default = '')
{
$res = sqlStatement("SELECT * FROM list_options WHERE " . "list_id = '{$list_id}' ORDER BY seq");
while ($row = sqlFetchArray($res)) {
$key = $row['option_id'];
echo " <option value='{$key}'";
if ($key == $default) {
echo " selected";
}
echo ">" . $row['title'] . "</option>\n";
}
}
$alertmsg = '';
// anything here pops up in an alert box
// Get player info.
function form2real($fldval)
{
$fldval = trim($fldval);
$fldval = strip_escape_custom($fldval);
return $fldval;
}
} else {
echo "<a href='" . $GLOBALS['webroot'] . "/interface/main/main.php' target='Main' class='menu' onclick='top.restoreSession()'>";
}
xl('Return to calendar', 'e');
?>
</a>
<div id="calsearch_params">
<form name="theform" id="theform" action="<?php
echo $this->_tpl_vars['FORM_ACTION'];
?>
" method="POST"> <!-- onsubmit="return top.restoreSession()"> -->
<?php
xl('Keywords', 'e');
?>
: <input type="text" name="pc_keywords" id="pc_keywords" value="<?php
echo htmlspecialchars(strip_escape_custom($_POST['pc_keywords']), ENT_QUOTES);
?>
" />
<select name="pc_keywords_andor">
<option value="AND"><?php
xl('AND', 'e');
?>
</option>
<option value="OR"><?php
xl('OR', 'e');
?>
</option>
</select>
<?php
xl('IN', 'e');
?>
// Tag style for stuff to hide if not an LBF layout. Currently just for the Source column.
$lbfonly = substr($layout_id, 0, 3) == 'LBF' ? "" : "style='display:none;'";
// Handle the Form actions
if ($_POST['formaction'] == "save" && $layout_id) {
// If we are saving, then save.
$fld = $_POST['fld'];
for ($lino = 1; isset($fld[$lino]['id']); ++$lino) {
$iter = $fld[$lino];
$field_id = formTrim($iter['id']);
$data_type = formTrim($iter['data_type']);
$listval = $data_type == 34 ? formTrim($iter['contextName']) : formTrim($iter['list_id']);
// Skip conditions for the line are stored as a serialized array.
$condarr = array();
for ($cix = 0; !empty($iter['condition_id'][$cix]); ++$cix) {
$andor = empty($iter['condition_andor'][$cix]) ? '' : $iter['condition_andor'][$cix];
$condarr[$cix] = array('id' => strip_escape_custom($iter['condition_id'][$cix]), 'itemid' => strip_escape_custom($iter['condition_itemid'][$cix]), 'operator' => strip_escape_custom($iter['condition_operator'][$cix]), 'value' => strip_escape_custom($iter['condition_value'][$cix]), 'andor' => strip_escape_custom($andor));
}
$conditions = empty($condarr) ? '' : serialize($condarr);
if ($field_id) {
sqlStatement("UPDATE layout_options SET " . "source = '" . formTrim($iter['source']) . "', " . "title = '" . formTrim($iter['title']) . "', " . "group_name = '" . formTrim($iter['group']) . "', " . "seq = '" . formTrim($iter['seq']) . "', " . "uor = '" . formTrim($iter['uor']) . "', " . "fld_length = '" . formTrim($iter['lengthWidth']) . "', " . "fld_rows = '" . formTrim($iter['lengthHeight']) . "', " . "max_length = '" . formTrim($iter['maxSize']) . "', " . "titlecols = '" . formTrim($iter['titlecols']) . "', " . "datacols = '" . formTrim($iter['datacols']) . "', " . "data_type= '{$data_type}', " . "list_id= '" . $listval . "', " . "list_backup_id= '" . formTrim($iter['list_backup_id']) . "', " . "edit_options = '" . formTrim($iter['edit_options']) . "', " . "default_value = '" . formTrim($iter['default']) . "', " . "description = '" . formTrim($iter['desc']) . "', " . "conditions = '" . add_escape_custom($conditions) . "', " . "validation = '" . formTrim($iter['validation']) . "' " . "WHERE form_id = '{$layout_id}' AND field_id = '{$field_id}'");
}
}
} else {
if ($_POST['formaction'] == "addfield" && $layout_id) {
// Add a new field to a specific group
$data_type = formTrim($_POST['newdatatype']);
$max_length = $data_type == 3 ? 3 : 255;
$listval = $data_type == 34 ? formTrim($_POST['contextName']) : formTrim($_POST['newlistid']);
sqlStatement("INSERT INTO layout_options (" . " form_id, source, field_id, title, group_name, seq, uor, fld_length, fld_rows" . ", titlecols, datacols, data_type, edit_options, default_value, description" . ", max_length, list_id, list_backup_id " . ") VALUES ( " . "'" . formTrim($_POST['layout_id']) . "'" . ",'" . formTrim($_POST['newsource']) . "'" . ",'" . formTrim($_POST['newid']) . "'" . ",'" . formTrim($_POST['newtitle']) . "'" . ",'" . formTrim($_POST['newfieldgroupid']) . "'" . ",'" . formTrim($_POST['newseq']) . "'" . ",'" . formTrim($_POST['newuor']) . "'" . ",'" . formTrim($_POST['newlengthWidth']) . "'" . ",'" . formTrim($_POST['newlengthHeight']) . "'" . ",'" . formTrim($_POST['newtitlecols']) . "'" . ",'" . formTrim($_POST['newdatacols']) . "'" . ",'{$data_type}'" . ",'" . formTrim($_POST['newedit_options']) . "'" . ",'" . formTrim($_POST['newdefault']) . "'" . ",'" . formTrim($_POST['newdesc']) . "'" . ",'" . formTrim($_POST['newmaxSize']) . "'" . ",'" . $listval . "'" . ",'" . formTrim($_POST['newbackuplistid']) . "'" . " )");
addOrDeleteColumn($layout_id, formTrim($_POST['newid']), TRUE);
} else {
echo "<script language='JavaScript'>\n";
if ($info_msg) {
echo " alert('{$info_msg}');\n";
}
echo " window.close();\n";
echo " if (opener.refreshme) opener.refreshme();\n";
echo "</script></body></html>\n";
exit;
}
if ($userid) {
$row = sqlQuery("SELECT * FROM users WHERE id = '{$userid}'");
}
if ($type) {
// note this only happens when its new
// Set up type
$row['abook_type'] = strip_escape_custom($type);
}
?>
<script language="JavaScript">
$(document).ready(function() {
// customize the form via the type options
typeSelect("<?php
echo $row['abook_type'];
?>
");
});
</script>
<form method='post' name='theform' action='addrbook_edit.php?userid=<?php
echo $userid;
}
}
}
// End if { character found.
return $s;
}
// if (!acl_check('admin', 'super')) die(htmlspecialchars(xl('Not authorized')));
// Get patient demographic info.
$ptrow = sqlQuery("SELECT pd.*, " . "ur.fname AS ur_fname, ur.mname AS ur_mname, ur.lname AS ur_lname " . "FROM patient_data AS pd " . "LEFT JOIN users AS ur ON ur.id = pd.ref_providerID " . "WHERE pd.pid = ?", array($pid));
$hisrow = sqlQuery("SELECT * FROM history_data WHERE pid = ? " . "ORDER BY date DESC LIMIT 1", array($pid));
$enrow = array();
// Get some info for the currently selected encounter.
if ($encounter) {
$enrow = sqlQuery("SELECT * FROM form_encounter WHERE pid = ? AND " . "encounter = ?", array($pid, $encounter));
}
$form_filename = strip_escape_custom($_REQUEST['form_filename']);
$templatedir = "{$OE_SITE_DIR}/documents/doctemplates";
$templatepath = "{$templatedir}/{$form_filename}";
// Create a temporary file to hold the output.
$fname = tempnam($GLOBALS['temporary_files_dir'], 'OED');
// Get mime type in a way that works with old and new PHP releases.
$mimetype = 'application/octet-stream';
$ext = strtolower(array_pop(explode('.', $filename)));
if ('dotx' == $ext) {
// PHP does not seem to recognize this type.
$mimetype = 'application/msword';
} else {
if (function_exists('finfo_open')) {
$finfo = finfo_open(FILEINFO_MIME_TYPE);
$mimetype = finfo_file($finfo, $templatepath);
finfo_close($finfo);
include_once "../../globals.php";
include_once "../../../library/api.inc";
include_once "../../../library/forms.inc";
include_once "../../../library/sql.inc";
include_once "./content_parser.php";
include_once "../../../library/formdata.inc.php";
if ($_GET["mode"] == "delete") {
foreach ($_POST as $key => $val) {
if (substr($key, 0, 3) == 'ch_' and $val = 'on') {
$id = substr($key, 3);
if ($_POST['delete']) {
sqlInsert("delete from " . mitigateSqlTableUpperCase("form_CAMOS") . " where id={$id}");
sqlInsert("delete from forms where form_name like 'CAMOS%' and form_id={$id}");
}
if ($_POST['update']) {
// Replace the placeholders before saving the form. This was changed in version 4.0. Previous to this, placeholders
// were submitted into the database and converted when viewing. All new notes will now have placeholders converted
// before being submitted to the database. Will also continue to support placeholder conversion on report
// views to support notes within database that still contain placeholders (ie. notes that were created previous to
// version 4.0).
$content = strip_escape_custom($_POST['textarea_' . ${id}]);
$content = add_escape_custom(replace($pid, $encounter, $content));
sqlInsert("update " . mitigateSqlTableUpperCase("form_CAMOS") . " set content='{$content}' where id={$id}");
}
}
}
}
$_SESSION["encounter"] = $encounter;
formHeader("Redirecting....");
formJump();
formFooter();
addPnote($patient_id, $note, $userauthorized, '1', $_POST['form_note_type'], $_POST['form_note_to']);
}
// end post patient note
}
$action_taken = true;
}
// end copy to chart
if ($_POST['form_cb_forward']) {
$form_from = trim($_POST['form_from']);
$form_to = trim($_POST['form_to']);
$form_fax = trim($_POST['form_fax']);
$form_message = trim($_POST['form_message']);
$form_finemode = $_POST['form_finemode'] ? '-m' : '-l';
$form_from = strip_escape_custom($form_from);
$form_to = strip_escape_custom($form_to);
$form_message = strip_escape_custom($form_message);
// Generate a cover page using enscript. This can be a cool thing
// to do, as enscript is very powerful.
//
$tmp1 = array();
$tmp2 = 0;
$tmpfn1 = tempnam("/tmp", "fax1");
$tmpfn2 = tempnam("/tmp", "fax2");
$tmph = fopen($tmpfn1, "w");
$cpstring = '';
$fh = fopen($GLOBALS['OE_SITE_DIR'] . "/faxcover.txt", 'r');
while (!feof($fh)) {
$cpstring .= fread($fh, 8192);
}
fclose($fh);
$cpstring = str_replace('{CURRENT_DATE}', date('F j, Y'), $cpstring);
// skip if it came from the database
if ($iter["del"]) {
continue;
}
// skip if Delete was checked
$ndc_info = '';
if ($iter['ndcnum']) {
$ndc_info = 'N4' . trim($iter['ndcnum']) . ' ' . $iter['ndcuom'] . trim($iter['ndcqty']);
}
// $fee = 0 + trim($iter['fee']);
$units = max(1, intval(trim($iter['units'])));
$fee = sprintf('%01.2f', (0 + trim($iter['price'])) * $units);
if ($iter['code_type'] == 'COPAY' && $fee > 0) {
$fee = 0 - $fee;
}
echoLine(++$bill_lino, $iter["code_type"], $iter["code"], trim($iter["mod"]), $ndc_info, $iter["auth"], $iter["del"], $units, $fee, NULL, FALSE, NULL, $iter["justify"], 0 + $iter['provid'], strip_escape_custom($iter['notecodes']));
}
}
// Generate lines for items already in the drug_sales table for this encounter.
//
$query = "SELECT * FROM drug_sales WHERE " . "pid = '{$pid}' AND encounter = '{$encounter}' " . "ORDER BY sale_id";
$sres = sqlStatement($query);
$prod_lino = 0;
while ($srow = sqlFetchArray($sres)) {
++$prod_lino;
$pline = $_POST['prod']["{$prod_lino}"];
$del = $pline['del'];
// preserve Delete if checked
$sale_id = $srow['sale_id'];
$drug_id = $srow['drug_id'];
$units = $srow['quantity'];
<form method='post' name='theform' id='theform' action='encounters_report.php'>
<div id="report_parameters">
<table>
<tr>
<td width='550px'>
<div style='float:left'>
<table class='text'>
<tr>
<td class='label'>
<?php xl('Facility','e'); ?>:
</td>
<td>
<?php dropdown_facility(strip_escape_custom($form_facility), 'form_facility', true); ?>
</td>
<td class='label'>
<?php xl('Provider','e'); ?>:
</td>
<td>
<?php
// Build a drop-down list of providers.
//
$query = "SELECT id, lname, fname FROM users WHERE ".
"authorized = 1 $provider_facility_filter ORDER BY lname, fname"; //(CHEMED) facility filter
$ures = sqlStatement($query);
<?php
xl('Specialty', 'e');
?>
:
<input type='text' name='form_specialty' size='10' value='<?php
echo htmlspecialchars(strip_escape_custom($_POST['form_specialty']), ENT_QUOTES);
?>
'
class='inputtext' title='<?php
xl("Any part of the desired specialty", "e");
?>
' />
<?php
echo xl('Type') . ": ";
// Generates a select list named form_abook_type:
echo generate_select_list("form_abook_type", "abook_type", strip_escape_custom($_REQUEST['form_abook_type']), '', 'All');
?>
<input type='checkbox' name='form_external' value='1'<?php
if ($form_external) {
echo ' checked';
}
?>
title='<?php
xl("Omit internal users?", "e");
?>
' />
<?php
xl('External Only', 'e');
?>
<input type='submit' class='button' name='form_search' value='<?php
</option>
<option value="DOB"<?php
if ($searchby == 'DOB') {
echo ' selected';
}
?>
><?php
xl('DOB', 'e');
?>
</option>
</select>
<?php
xl('for:', 'e');
?>
<input type='text' id='searchparm' name='searchparm' size='12' value='<?php
echo htmlspecialchars(strip_escape_custom($_REQUEST['searchparm']), ENT_QUOTES);
?>
'
title='<?php
xl('If name, any part of lastname or lastname,firstname', 'e');
?>
'>
<input type='submit' id="submitbtn" value='<?php
xl('Search', 'e');
?>
'>
<!-- <input type='button' value='<?php
xl('Close', 'e');
?>
' onclick='window.close()' /> -->
}
}
?>
<table><tr><td><span class="title"><?php
xl('Messages', 'e');
?>
</span> <a class='more' href=<?php
echo $lnkvar;
?>
</a></td></tr></table><br>
<?php
switch ($task) {
case "add":
// Add a new message for a specific patient; the message is documented in Patient Notes.
// Add a new message; it's treated as a new note in Patient Notes.
$note = strip_escape_custom($_POST['note']);
$noteid = formData("noteid");
$form_note_type = formData("form_note_type");
$assigned_to = formData("assigned_to");
$form_message_status = formData("form_message_status");
$reply_to = formData("reply_to");
$userauthorized = formData("userauthorized");
if ($noteid) {
updatePnote($noteid, $note, $form_note_type, $assigned_to);
sqlQuery("update pnotes set message_status='" . $form_message_status . "' where id = '" . $noteid . "'");
$noteid = '';
} else {
$noteid = addPnote($reply_to, $note, $userauthorized, '1', $form_note_type, $assigned_to);
sqlQuery("update pnotes set message_status='" . $form_message_status . "' where id = '{$noteid}'");
}
break;
$MAXSHOW = 100;
// maximum number of results to display at once
// Construct query and save search parameters as form fields.
// An interesting requirement is to sort on the number of matching fields.
$message = "";
$numfields = 0;
$relevance = "0";
$where = "1 = 0";
foreach ($_REQUEST as $key => $value) {
if (substr($key, 0, 3) != 'mf_') {
continue;
}
// "match field"
$fldname = substr($key, 3);
$avalue = formDataCore($value);
$hvalue = htmlspecialchars(strip_escape_custom($value));
// pubpid requires special treatment. Match on that is fatal.
if ($fldname == 'pubpid') {
$relevance .= " + 1000 * ( {$fldname} LIKE '{$avalue}' )";
} else {
$relevance .= " + ( {$fldname} LIKE '{$avalue}' )";
}
$where .= " OR {$fldname} LIKE '{$avalue}'";
echo "<input type='hidden' name='{$key}' value='{$hvalue}' />\n";
++$numfields;
}
$sql = "SELECT *, ( {$relevance} ) AS relevance, " . "DATE_FORMAT(DOB,'%m/%d/%Y') as DOB_TS " . "FROM patient_data WHERE {$where} " . "ORDER BY relevance DESC, lname, fname, mname " . "LIMIT {$fstart}, {$MAXSHOW}";
$rez = sqlStatement($sql);
$result = array();
while ($row = sqlFetchArray($rez)) {
$result[] = $row;
$N = 10;
$mode = $_GET['mode'];
$type = $_GET['type'];
$modifier = $_GET['modifier'];
$units = $_GET['units'];
$fee = $_GET['fee'];
$code = $_GET['code'];
$text = $_GET['text'];
if (isset($mode)) {
if ($mode == "add") {
if (strtolower($type) == "copay") {
addBilling($encounter, $type, sprintf("%01.2f", $code), strip_escape_custom($text), $pid, $userauthorized, $_SESSION['authUserID'], $modifier, $units, sprintf("%01.2f", 0 - $code));
} elseif (strtolower($type) == "other") {
addBilling($encounter, $type, $code, strip_escape_custom($text), $pid, $userauthorized, $_SESSION['authUserID'], $modifier, $units, sprintf("%01.2f", $fee));
} else {
addBilling($encounter, $type, $code, strip_escape_custom($text), $pid, $userauthorized, $_SESSION['authUserID'], $modifier, $units, $fee);
}
}
}
?>
<html>
<head>
<?php
html_header_show();
?>
<link rel="stylesheet" href="<?php
echo $css_header;
?>
" type="text/css">
</head>
<body class="body_bottom">
if ($ALLOW_DELETE && !$debug) {
foreach ($_POST['form_del'] as $arseq => $dummy) {
row_delete("ar_activity", "pid = '{$patient_id}' AND " . "encounter = '{$encounter_id}' AND sequence_no = '{$arseq}'");
}
}
}
$paytotal = 0;
foreach ($_POST['form_line'] as $code => $cdata) {
if (!$INTEGRATED_AR) {
$thissrc = trim($cdata['src']);
$thisdate = trim($cdata['date']);
}
$thispay = trim($cdata['pay']);
$thisadj = trim($cdata['adj']);
$thisins = trim($cdata['ins']);
$reason = strip_escape_custom($cdata['reason']);
// Get the adjustment reason type. Possible values are:
// 1 = Charge adjustment
// 2 = Coinsurance
// 3 = Deductible
// 4 = Other pt resp
// 5 = Comment
$reason_type = '1';
if ($reason) {
$tmp = sqlQuery("SELECT option_value FROM list_options WHERE " . "list_id = 'adjreason' AND " . "option_id = '" . add_escape_custom($reason) . "'");
if (empty($tmp['option_value'])) {
// This should not happen but if it does, apply old logic.
if (preg_match("/To copay/", $reason)) {
$reason_type = 2;
} else {
if (preg_match("/To ded'ble/", $reason)) {
function oresRawData($name, $index)
{
$s = isset($_POST[$name][$index]) ? $_POST[$name][$index] : '';
return trim(strip_escape_custom($s));
}
$tmp = sqlQuery("SELECT users.id FROM forms, users WHERE " . "forms.pid = '{$pid}' AND forms.encounter = '{$encounter}' AND " . "forms.formdir='newpatient' AND users.username = forms.user AND " . "users.authorized = 1");
$provid = $tmp['id'] ? $tmp['id'] : $_SESSION["authUserID"];
if (strtolower($type) == "copay") {
addBilling($encounter, $type, sprintf("%01.2f", $code), strip_escape_custom($payment_method), $pid, $userauthorized, $provid, $modifier, $units, sprintf("%01.2f", 0 - $code));
} elseif (strtolower($type) == "other") {
addBilling($encounter, $type, $code, strip_escape_custom($text), $pid, $userauthorized, $provid, $modifier, $units, sprintf("%01.2f", $fee));
} else {
$ndc_info = '';
// If HCPCS, get and save default NDC data.
if (strtolower($type) == "hcpcs") {
$tmp = sqlQuery("SELECT ndc_info FROM billing WHERE " . "code_type = 'HCPCS' AND code = '{$code}' AND ndc_info LIKE 'N4%' " . "ORDER BY date DESC LIMIT 1");
if (!empty($tmp)) {
$ndc_info = $tmp['ndc_info'];
}
}
addBilling($encounter, $type, $code, strip_escape_custom($text), $pid, $userauthorized, $provid, $modifier, $units, $fee, $ndc_info);
}
} elseif ($mode == "justify") {
$diags = $_POST['code']['diag'];
$procs = $_POST['code']['proc'];
$sql = array();
if (!empty($procs) && !empty($diags)) {
$sql = array();
foreach ($procs as $proc) {
$justify_string = "";
foreach ($diags as $diag) {
$justify_string .= $diag . ":";
}
$sql[] = "UPDATE billing set justify = concat(justify,'" . add_escape_custom($justify_string) . "') where encounter = '" . add_escape_custom($_POST['encounter_id']) . "' and pid = '" . add_escape_custom($_POST['patient_id']) . "' and code = '" . add_escape_custom($proc) . "'";
}
}
$data = $_POST["G1_{$prefix}{$qcode}"] * 7 + $_POST["G2_{$prefix}{$qcode}"];
}
} else {
$data = $_POST["{$prefix}{$qcode}"];
}
if (!isset($data) || $data === '') {
continue;
}
if (!is_array($data)) {
$data = array($data);
}
foreach ($data as $datum) {
// Note this will auto-assign the seq value.
sqlBeginTrans();
$answer_seq = sqlQuery("SELECT IFNULL(MAX(answer_seq),0) + 1 AS increment FROM procedure_answers WHERE procedure_order_id = ? AND procedure_order_seq = ? AND question_code = ? ", array($formid, $poseq, $qcode));
sqlStatement("INSERT INTO procedure_answers SET " . "procedure_order_id = ?, " . "procedure_order_seq = ?, " . "question_code = ?, " . "answer_seq = ?, " . "answer = ?", array($formid, $poseq, $qcode, $answer_seq['increment'], strip_escape_custom($datum)));
sqlCommitTrans();
}
}
}
$alertmsg = '';
if ($_POST['bn_xmit']) {
$hl7 = '';
$alertmsg = gen_hl7_order($formid, $hl7);
if (empty($alertmsg)) {
$alertmsg = send_hl7_order($ppid, $hl7);
}
if (empty($alertmsg)) {
sqlStatement("UPDATE procedure_order SET date_transmitted = NOW() WHERE " . "procedure_order_id = ?", array($formid));
}
}
function stripslashes_deep($value)
{
$value = is_array($value) ? array_map('stripslashes_deep', $value) : strip_escape_custom($value);
return $value;
}
<?php
// This program is free software; you can redistribute it and/or
// modify it under the terms of the GNU General Public License
// as published by the Free Software Foundation; either version 2
// of the License, or (at your option) any later version.
include_once "../../globals.php";
include_once "{$srcdir}/patient.inc";
include_once "{$srcdir}/formdata.inc.php";
$fstart = $_REQUEST['fstart'] + 0;
$popup = empty($_REQUEST['popup']) ? 0 : 1;
$message = strip_escape_custom($_GET['message']);
?>
<html>
<head>
<?php
html_header_show();
?>
<link rel=stylesheet href="<?php
echo $css_header;
?>
" type="text/css">
<style>
form {
padding: 0px;
margin: 0px;
}
#searchCriteria {
text-align: center;
<?php
xl('Specialty', 'e');
?>
:
<input type='text' name='form_specialty' size='10' value='<?php
echo htmlspecialchars(strip_escape_custom($_POST['form_specialty']), ENT_QUOTES);
?>
'
class='inputtext' title='<?php
xl("Any part of the desired specialty", "e");
?>
' />
<?php
echo xl('Type') . ": ";
// Generates a select list named form_abook_type:
generate_form_field(array('data_type' => 1, 'field_id' => 'abook_type', 'list_id' => 'abook_type', 'empty_title' => 'All'), strip_escape_custom($_REQUEST['form_abook_type']));
?>
<input type='checkbox' name='form_external' value='1'<?php
if ($form_external) {
echo ' checked';
}
?>
title='<?php
xl("Omit internal users?", "e");
?>
' />
<?php
xl('External Only', 'e');
?>
<input type='submit' class='button' name='form_search' value='<?php
<table>
<tr>
<td width='660px'>
<div style='float:left'>
<table class='text'>
<tr>
<td class='label'>
<?php
xl('Facility', 'e');
?>
:
</td>
<td>
<?php
dropdown_facility(strip_escape_custom($form_facility), 'form_facility');
?>
</td>
<td class='label'>
<?php
xl('Provider', 'e');
?>
:
</td>
<td>
<?php
if (acl_check('acct', 'rep_a')) {
// Build a drop-down list of providers.
//
$query = "select id, lname, fname from users where " . "authorized = 1 order by lname, fname";
$res = sqlStatement($query);
<html>
<head>
<?php
html_header_show();
// If we are saving user_specific globals.
//
if ($_POST['form_save'] && $_GET['mode'] == "user") {
$i = 0;
foreach ($GLOBALS_METADATA as $grpname => $grparr) {
if (in_array($grpname, $USER_SPECIFIC_TABS)) {
foreach ($grparr as $fldid => $fldarr) {
if (in_array($fldid, $USER_SPECIFIC_GLOBALS)) {
list($fldname, $fldtype, $flddef, $flddesc) = $fldarr;
$label = "global:" . $fldid;
$fldvalue = trim(strip_escape_custom($_POST["form_{$i}"]));
setUserSetting($label, $fldvalue, $_SESSION['authId'], FALSE);
if ($_POST["toggle_{$i}"] == "YES") {
removeUserSetting($label);
}
++$i;
}
}
}
}
echo "<script type='text/javascript'>";
echo "parent.left_nav.location.reload();";
echo "parent.Title.location.reload();";
echo "if(self.name=='RTop'){";
echo "parent.RBot.location.reload();";
echo "}else{";
<?php
//------------This file inserts your field data into the MySQL database
include_once "../../globals.php";
include_once "../../../library/api.inc";
include_once "../../../library/forms.inc";
include_once "../../../library/sql.inc";
include_once "content_parser.php";
include_once "../../../library/formdata.inc.php";
$field_names = array('category' => formData("category"), 'subcategory' => formData("subcategory"), 'item' => formData("item"), 'content' => strip_escape_custom($_POST['content']));
$camos_array = array();
process_commands($field_names['content'], $camos_array);
$CAMOS_form_name = "CAMOS-" . $field_names['category'] . '-' . $field_names['subcategory'] . '-' . $field_names['item'];
if ($encounter == "") {
$encounter = date("Ymd");
}
if (preg_match("/^[\\s\\r\\n\\\\r\\\\n]*\$/", $field_names['content']) == 0) {
//make sure blanks do not get submitted
// Replace the placeholders before saving the form. This was changed in version 4.0. Previous to this, placeholders
// were submitted into the database and converted when viewing. All new notes will now have placeholders converted
// before being submitted to the database. Will also continue to support placeholder conversion on report
// views to support notes within database that still contain placeholders (ie. notes that were created previous to
// version 4.0).
$field_names['content'] = add_escape_custom(replace($pid, $encounter, $field_names['content']));
reset($field_names);
$newid = formSubmit("form_CAMOS", $field_names, $_GET["id"], $userauthorized);
addForm($encounter, $CAMOS_form_name, $newid, "CAMOS", $pid, $userauthorized);
}
//deal with embedded camos submissions here
foreach ($camos_array as $val) {
if (preg_match("/^[\\s\\r\\n\\\\r\\\\n]*\$/", $val['content']) == 0) {
<?php
require_once "../dompdf_config.inc.php";
// We check wether the user is accessing the demo locally
$local = array("::1", "127.0.0.1");
$is_local = in_array($_SERVER['REMOTE_ADDR'], $local);
if (isset($_POST["html"]) && $is_local) {
$_POST["html"] = strip_escape_custom($_POST["html"]);
$dompdf = new DOMPDF();
$dompdf->load_html($_POST["html"]);
$dompdf->set_paper($_POST["paper"], $_POST["orientation"]);
$dompdf->render();
$dompdf->stream("dompdf_out.pdf", array("Attachment" => false));
exit(0);
}
include "head.inc";
?>
<a name="demo"> </a>
<h2>Demo</h2>
<?php
if ($is_local) {
?>
<p>Enter your html snippet in the text box below to see it rendered as a
PDF: (Note by default, remote stylesheets, images & inline PHP are disabled.)</p>
<form action="<?php
echo $_SERVER["PHP_SELF"];
?>
