if ($result) {
if ($title == "") {
$title = $result['title'];
}
$body = $result['body'];
if ($reply_to == "") {
$reply_to = $result['pid'];
}
$form_message_status = $result['message_status'];
}
break;
case "delete":
// Delete selected message(s) from the Messages box (only).
$delete_id = $_POST['delete_id'];
for ($i = 0; $i < count($delete_id); $i++) {
deletePnote($delete_id[$i]);
newEvent("delete", $_SESSION['authUser'], $_SESSION['authProvider'], 1, "pnotes: id " . $delete_id[$i]);
}
break;
}
if ($task == "addnew" or $task == "edit") {
// Display the Messages page layout.
echo "\n<form name=new_note id=new_note action=\"messages.php?showall=" . attr($showall) . "&sortby=" . attr($sortby) . "&sortorder=" . attr($sortorder) . "&begin=" . attr($begin) . "&{$activity_string_html}\" method=post>\n<input type=hidden name=noteid id=noteid value='" . attr($noteid) . "'>\n<input type=hidden name=task id=task value=add>";
?>
<div id="pnotes"><center>
<table border='0' cellspacing='8'>
<tr>
<td class='text'>
<b><?php
echo htmlspecialchars(xl('Type'), ENT_NOQUOTES);
?>
$note = $_POST['note'];
if ($noteid) {
updatePnote($noteid, $note, $_POST['form_note_type'], $_POST['assigned_to']);
} else {
$noteid = addPnote($patient_id, $note, $userauthorized, '1', $_POST['form_note_type'], $_POST['assigned_to']);
}
if ($docid) {
setGpRelation(1, $docid, 6, $noteid);
}
if ($orderid) {
setGpRelation(2, $orderid, 6, $noteid);
}
$noteid = '';
} elseif ($mode == "delete") {
if ($noteid) {
deletePnote($noteid);
newEvent("delete", $_SESSION['authUser'], $_SESSION['authProvider'], 1, "pnotes: id " . $noteid);
}
$noteid = '';
}
}
$title = '';
$assigned_to = $_SESSION['authUser'];
if ($noteid) {
$prow = getPnoteById($noteid, 'title,assigned_to,body');
$title = $prow['title'];
$assigned_to = $prow['assigned_to'];
}
// Get the users list. The "Inactive" test is a kludge, we should create
// a separate column for this.
$ures = sqlStatement("SELECT username, fname, lname FROM users " . "WHERE username != '' AND active = 1 AND " . "( info IS NULL OR info NOT LIKE '%Inactive%' ) " . "ORDER BY lname, fname");
* @package OpenEMR
* @author Karl Englund <*****@*****.**>
* @link http://www.open-emr.org
*/
header("Content-Type:text/xml");
$ignoreAuth = true;
require_once 'classes.php';
$xml_string = "";
$xml_string = "<PatientNotes>";
$token = $_POST['token'];
$id = $_POST['noteId'];
if ($userId = validateToken($token)) {
$user = getUsername($userId);
$acl_allow = acl_check('patients', 'notes', $user);
if ($acl_allow) {
$result = deletePnote($id);
if ($result) {
$xml_string .= "<status>0</status>";
$xml_string .= "<reason>Patient Notes has been deleted</reason>";
} else {
$xml_string .= "<status>-1</status>";
$xml_string .= "<reason>ERROR: Sorry, there was an error processing your data. Please re-submit the information again.</reason>";
}
} else {
$xml_string .= "<status>-2</status>\n";
$xml_string .= "<reason>You are not Authorized to perform this action</reason>\n";
}
} else {
$xml_string .= "<status>-2</status>";
$xml_string .= "<reason>Invalid Token</reason>";
}
