$xml_string = "";
$xml_string .= "<Messages>";
$token = $_POST['token'];
$from_date = !empty($_POST['from_date']) ? $_POST['from_date'] : '';
$to_date = !empty($_POST['to_date']) ? $_POST['to_date'] : '';
$date = '';
$sortby = 'date';
$sortorder = 'DESC';
$begin = '0';
$listnumber = '100';
if ($userId = validateToken($token)) {
$user = getUsername($userId);
$acl_allow = acl_check('patients', 'notes', $user);
if ($acl_allow) {
$provider_id = $userId;
$username = getProviderUsername($provider_id);
$where = '';
if ($from_date) {
$where .= " AND pnotes.date >= '{$from_date}'";
}
if ($to_date) {
$where .= " AND pnotes.date <= '{$to_date}'";
}
$sql = "SELECT pnotes.id, pnotes.assigned_to, pnotes.user, pnotes.pid, pnotes.title, pnotes.date,pnotes.body, pnotes.message_status, \n IF(pnotes.user != pnotes.pid,users.fname,patient_data.fname) as users_fname,\n IF(pnotes.user != pnotes.pid,users.lname,patient_data.lname) as users_lname,\n patient_data.fname as patient_data_fname, patient_data.lname as patient_data_lname\n FROM ((pnotes LEFT JOIN users ON pnotes.user = users.username) \n JOIN patient_data ON pnotes.pid = patient_data.pid) WHERE \n pnotes.deleted != '1' {$where} AND pnotes.user LIKE ?" . " order by " . add_escape_custom($sortby) . " " . add_escape_custom($sortorder) . " limit " . add_escape_custom($begin) . ", " . add_escape_custom($listnumber);
$result = sqlStatement($sql, array($username));
if ($result->_numOfRows > 0) {
$xml_string .= "<status>0</status>";
$xml_string .= "<reason>The Messages Record has been fetched</reason>";
while ($myrow = sqlFetchArray($result)) {
$xml_string .= "<Message>\n";
foreach ($myrow as $fieldName => $fieldValue) {
$pc_hometext = $_POST['pc_hometext'];
$appointmentDate = $_POST['appointmentDate'];
$appointmentTime = date("H:i:s", strtotime($_POST['appointmentTime']));
$app_status = $_POST['pc_apptstatus'];
$pc_title = $_POST['pc_title'];
$patientId = $_POST['patientId'];
$admin_id = $_POST['uprovider_id'];
$facility = $_POST['pc_facility'];
$pc_billing_location = $_POST['pc_billing_location'];
$pc_duration = $_POST['pc_duration'];
$app_status = $app_status == 'p' ? '+' : $app_status;
$endTime = date('H:i:s', strtotime($_POST['appointmentTime']) + $pc_duration);
if ($userId = validateToken($token)) {
$user = getUsername($userId);
$username = $user;
$provider_username = getProviderUsername($admin_id);
$acl_allow = acl_check('patients', 'appt', $username);
if ($acl_allow) {
$strQuery = "UPDATE openemr_postcalendar_events SET \n pc_title = '" . add_escape_custom($pc_title) . "', \n pc_hometext = '" . add_escape_custom($pc_hometext) . "' , \n pc_catid = '" . add_escape_custom($pc_catid) . "' , \n pc_eventDate = '" . add_escape_custom($appointmentDate) . "', \n pc_startTime = '" . add_escape_custom($appointmentTime) . "', \n pc_endTime = '" . add_escape_custom($endTime) . "', \n pc_aid = '" . add_escape_custom($admin_id) . "', \n pc_facility = '" . add_escape_custom($facility) . "',\n pc_billing_location = '" . add_escape_custom($pc_billing_location) . "',\n pc_duration = '" . add_escape_custom($pc_duration) . "',\n pc_pid = '" . add_escape_custom($patientId) . "',\n pc_apptstatus = '" . add_escape_custom($app_status) . "' \n WHERE pc_eid=?";
$result = sqlStatement($strQuery, array($appointmentId));
$device_token_badge = getDeviceTokenBadge($provider_username, 'appointment');
$badge = $device_token_badge['badge'];
$deviceToken = $device_token_badge['device_token'];
if ($deviceToken) {
$notification_res = notification($deviceToken, $badge, $msg_count = 0, $apt_count = 0, $message = 'Appointment Updated!');
}
if ($result !== FALSE) {
$xml_array['status'] = 0;
$xml_array['reason'] = 'The Appointment has been updated.';
if ($notification_res) {
$xml_array['notification'] = 'Update Appointment Notification(' . $notification_res . ')';
