$hipaa = array(xl('NO'), xl('YES')); $sort_by = array(xl('Zip Code') => 'patient_data.postal_code', xl('Last Name') => 'patient_data.lname', xl('Appointment Date') => 'last_ap'); // process form if ($_POST['form_action'] == 'Process') { //validation uses the functions in batchcom.inc.php //validate dates if (!check_date_format($_POST['app_s'])) { $form_err .= xl('Date format for "appointment start" is not valid', '', '<br>'); } if (!check_date_format($_POST['app_e'])) { $form_err .= xl('Date format for "appointment end" is not valid', '', '<br>'); } if (!check_date_format($_POST['seen_since'])) { $form_err .= xl('Date format for "seen since" is not valid', '', '<br>'); } if (!check_date_format($_POST['not_seen_since'])) { $form_err .= xl('Date format for "not seen since" is not valid', '', '<br>'); } // validate numbers if (!check_age($_POST['age_from'])) { $form_err .= xl('Age format for "age from" is not valid', '', '<br>'); } if (!check_age($_POST['age_upto'])) { $form_err .= xl('Age format for "age up to" is not valid', '', '<br>'); } // validate selections if (!check_select($_POST['gender'], $gender)) { $form_err .= xl('Error in "Gender" selection', '', '<br>'); } if (!check_select($_POST['process_type'], $choices)) { $form_err .= xl('Error in "Process" selection', '', '<br>');
$provider_name = "EMR Group"; $message = "Welcome to EMR Group"; $type = "Email"; $email_sender = "EMR Group"; $email_subject = "Welcome to EMR Group"; // process form if ($_POST['form_action'] == 'Save') { //validation uses the functions in notification.inc.php if ($_POST['email_sender'] == "") { $form_err .= xl('Empty value in "Email Sender"', '', '<br>'); } if ($_POST['email_subject'] == "") { $form_err .= xl('Empty value in "Email Subject"', '', '<br>'); } //validate dates if (!check_date_format($_POST['next_app_date'])) { $form_err .= xl('Date format for "Next Appointment" is not valid', '', '<br>'); } // validates and or if ($_POST['provider_name'] == "") { $form_err .= xl('Empty value in "Name of Provider"', '', '<br>'); } if ($_POST['message'] == "") { $form_err .= xl('Empty value in "Email Text"', '', '<br>'); } //process sql if (!$form_err) { $next_app_time = $_POST[hour] . ":" . $_POST['min']; $sql_text = " ( `notification_id` , `sms_gateway_type` , `next_app_date` , `next_app_time` , `provider_name` , `message` , `email_sender` , `email_subject` , `type` ) "; $sql_value = " ( '" . $_POST[notification_id] . "' , '" . $_POST[sms_gateway_type] . "' , '" . $_POST[next_app_date] . "' , '" . $next_app_time . "' , '" . $_POST[provider_name] . "' , '" . $_POST[message] . "' , '" . $_POST[email_sender] . "' , '" . $_POST[email_subject] . "' , '" . $type . "' ) "; $query = "REPLACE INTO `automatic_notification` {$sql_text} VALUES {$sql_value}";
<?php require_once "./header.php"; logged_in_only(); $message = ''; if (isset($_POST['settings_apply'])) { $settings = array('root_folder_name' => set_post_foldername("settings_root_folder_name"), 'column_width_folder' => check_num_var("settings_column_width_folder"), 'column_width_bookmark' => check_num_var("settings_column_width_bookmark"), 'table_height' => check_num_var("settings_table_height"), 'confirm_delete' => set_post_bool_var("settings_confirm_delete", false), 'open_new_window' => set_post_bool_var("settings_open_new_window", false), 'show_bookmark_description' => set_post_bool_var("settings_show_bookmark_description", false), 'show_bookmark_icon' => set_post_bool_var("settings_show_bookmark_icon", false), 'show_column_date' => set_post_bool_var("settings_show_column_date", false), 'date_format' => check_date_format(), 'show_column_edit' => set_post_bool_var("settings_show_column_edit", false), 'show_column_move' => set_post_bool_var("settings_show_column_move", false), 'show_column_delete' => set_post_bool_var("settings_show_column_delete", false), 'fast_folder_minus' => set_post_bool_var("settings_fast_folder_minus", false), 'fast_folder_plus' => set_post_bool_var("settings_fast_folder_plus", false), 'fast_symbol' => set_post_bool_var("settings_fast_symbol", false), 'simple_tree_mode' => set_post_bool_var("settings_simple_tree_mode", false), 'show_public' => set_post_bool_var("settings_show_public", false), 'theme' => set_post_string_var("settings_theme", '')); $query = sprintf("UPDATE user SET\n\t\troot_folder_name\t\t\t='%s',\n\t\tcolumn_width_folder\t\t\t='%d',\n\t\tcolumn_width_bookmark\t\t='%d',\n\t\ttable_height\t\t\t\t='%d',\n\t\tconfirm_delete\t\t\t\t='%d',\n\t\topen_new_window\t\t\t\t='%d',\n\t\tshow_bookmark_description\t='%d',\n\t\tshow_bookmark_icon\t\t\t='%d',\n\t\tshow_column_date\t\t\t='%d',\n\t\tdate_format\t\t\t\t\t='%s',\n\t\tshow_column_edit\t\t\t='%d',\n\t\tshow_column_move\t\t\t='%d',\n\t\tshow_column_delete\t\t\t='%d',\n\t\tfast_folder_minus\t\t\t='%d',\n\t\tfast_folder_plus\t\t\t='%d',\n\t\tfast_symbol\t\t\t\t\t='%d',\n\t\tsimple_tree_mode\t\t\t='%d',\n\t\tshow_public\t\t\t\t\t='%d',\n\t\ttheme\t\t\t\t\t\t='%s'\n\t\tWHERE username='******'", $mysql->escape($settings['root_folder_name']), $settings['column_width_folder'], $settings['column_width_bookmark'], $settings['table_height'], $settings['confirm_delete'], $settings['open_new_window'], $settings['show_bookmark_description'], $settings['show_bookmark_icon'], $settings['show_column_date'], $mysql->escape($settings['date_format']), $settings['show_column_edit'], $settings['show_column_move'], $settings['show_column_delete'], $settings['fast_folder_minus'], $settings['fast_folder_plus'], $settings['fast_symbol'], $settings['simple_tree_mode'], $settings['show_public'], $mysql->escape($settings['theme']), $mysql->escape($username)); if ($mysql->query($query)) { $message = "Settings applied."; } else { message($mysql->error); } } # I really don't feel like putting these very specific function into lib.php... function check_num_var($varname) { if (!is_numeric($_POST[$varname])) { return 280; } else { if ($_POST[$varname] == 0 && $varname == "settings_column_width_bookmark") { return 0; } else { if ($_POST[$varname] < 0) { return 0; } else { if ($_POST[$varname] > 800) { return 800; } else { return $_POST[$varname]; }