//
// erase lists options and recreate them from the submitted form data
sqlStatement("DELETE FROM list_options WHERE list_id = '{$list_id}'");
for ($lino = 1; isset($opt["{$lino}"]['id']); ++$lino) {
$iter = $opt["{$lino}"];
$value = empty($iter['value']) ? 0 : formTrim($iter['value']) + 0;
$id = formTrim($iter['id']);
if (strlen($id) > 0) {
// Special processing for the immunizations list
// Map the entered cvx codes into the immunizations table cvx_code
sqlStatement("UPDATE `immunizations` " . "SET `cvx_code`='" . $value . "' " . "WHERE `immunization_id`='" . $id . "'");
// Force List Based Form names to start with LBF.
if ($list_id == 'lbfnames' && substr($id, 0, 3) != 'LBF') {
$id = "LBF{$id}";
}
sqlInsert("INSERT INTO list_options ( " . "list_id, option_id, title, seq, is_default, option_value, mapping, notes " . ") VALUES ( " . "'{$list_id}', " . "'" . $id . "', " . "'" . formTrim($iter['title']) . "', " . "'" . formTrim($iter['seq']) . "', " . "'" . formTrim($iter['default']) . "', " . "'" . $value . "', " . "'" . formTrim($iter['mapping']) . "', " . "'" . formTrim($iter['notes']) . "' " . ")");
}
}
}
}
} else {
if ($_POST['formaction'] == 'addlist') {
// make a new list ID from the new list name
$newlistID = $_POST['newlistname'];
$newlistID = preg_replace("/\\W/", "_", $newlistID);
// determine the position of this new list
$row = sqlQuery("SELECT max(seq) as maxseq FROM list_options WHERE list_id= 'lists'");
// add the new list to the list-of-lists
sqlInsert("INSERT INTO list_options ( " . "list_id, option_id, title, seq, is_default, option_value " . ") VALUES ( " . "'lists'," . "'" . $newlistID . "'," . "'" . $_POST['newlistname'] . "', " . "'" . ($row['maxseq'] + 1) . "'," . "'1', '0')");
} else {
if ($_POST['formaction'] == 'deletelist') {
// this new group is prefixed with the net highest number given the
// layout_id
$results = sqlStatement("select distinct(group_name) as gname " . " from layout_options where " . " form_id = '" . $_POST['layout_id'] . "'");
$maxnum = '1';
while ($result = sqlFetchArray($results)) {
$tmp = substr($result['gname'], 0, 1);
if ($tmp >= $maxnum) {
$maxnum = nextGroupOrder($tmp);
}
}
$data_type = formTrim($_POST['gnewdatatype']);
$max_length = $data_type == 3 ? 3 : 255;
$listval = $data_type == 34 ? formTrim($_POST['gcontextName']) : formTrim($_POST['gnewlistid']);
// add a new group to the layout, with the defined field
sqlStatement("INSERT INTO layout_options (" . " form_id, source, field_id, title, group_name, seq, uor, fld_length, fld_rows" . ", titlecols, datacols, data_type, edit_options, default_value, description" . ", max_length, list_id, list_backup_id " . ") VALUES ( " . "'" . formTrim($_POST['layout_id']) . "'" . ",'" . formTrim($_POST['gnewsource']) . "'" . ",'" . formTrim($_POST['gnewid']) . "'" . ",'" . formTrim($_POST['gnewtitle']) . "'" . ",'" . formTrim($maxnum . $_POST['newgroupname']) . "'" . ",'" . formTrim($_POST['gnewseq']) . "'" . ",'" . formTrim($_POST['gnewuor']) . "'" . ",'" . formTrim($_POST['gnewlengthWidth']) . "'" . ",'" . formTrim($_POST['gnewlengthHeight']) . "'" . ",'" . formTrim($_POST['gnewtitlecols']) . "'" . ",'" . formTrim($_POST['gnewdatacols']) . "'" . ",'{$data_type}'" . ",'" . formTrim($_POST['gnewedit_options']) . "'" . ",'" . formTrim($_POST['gnewdefault']) . "'" . ",'" . formTrim($_POST['gnewdesc']) . "'" . ",'" . formTrim($_POST['gnewmaxSize']) . "'" . ",'" . $listval . "'" . ",'" . formTrim($_POST['gnewbackuplistid']) . "'" . " )");
addOrDeleteColumn($layout_id, formTrim($_POST['gnewid']), TRUE);
} else {
if ($_POST['formaction'] == "deletegroup" && $layout_id) {
// drop the fields from the related table (this is critical)
$res = sqlStatement("SELECT field_id FROM layout_options WHERE " . "form_id = '" . $_POST['layout_id'] . "' " . "AND group_name = '" . $_POST['deletegroupname'] . "'");
while ($row = sqlFetchArray($res)) {
addOrDeleteColumn($layout_id, $row['field_id'], FALSE);
}
// Delete an entire group from the form
sqlStatement("DELETE FROM layout_options WHERE " . " form_id = '" . $_POST['layout_id'] . "' " . " AND group_name = '" . $_POST['deletegroupname'] . "'");
} else {
if ($_POST['formaction'] == "movegroup" && $layout_id) {
$results = sqlStatement("SELECT DISTINCT(group_name) AS gname " . "FROM layout_options WHERE form_id = '{$layout_id}' " . "ORDER BY gname");
$garray = array();
$i = 0;
while ($result = sqlFetchArray($results)) {
}
// Force List Based Form names to start with LBF.
if ($list_id == 'lbfnames' && substr($id, 0, 3) != 'LBF') {
$id = "LBF{$id}";
}
// Force Transaction Form names to start with LBT.
if ($list_id == 'transactions' && substr($id, 0, 3) != 'LBT') {
$id = "LBT{$id}";
}
if ($list_id == 'apptstat') {
$notes = formTrim($iter['apptstat_color']) . '|' . formTrim($iter['apptstat_timealert']);
} else {
$notes = formTrim($iter['notes']);
}
// Insert the list item
sqlInsert("INSERT INTO list_options ( " . "list_id, option_id, title, seq, is_default, option_value, mapping, notes, codes, toggle_setting_1, toggle_setting_2, activity, subtype " . ") VALUES ( " . "'{$list_id}', " . "'" . $id . "', " . "'" . formTrim($iter['title']) . "', " . "'" . formTrim($iter['seq']) . "', " . "'" . formTrim($iter['default']) . "', " . "'" . $value . "', " . "'" . formTrim($iter['mapping']) . "', " . "'" . $notes . "', " . "'" . formTrim($iter['codes']) . "', " . "'" . formTrim($iter['toggle_setting_1']) . "', " . "'" . formTrim($iter['toggle_setting_2']) . "', " . "'" . formTrim($iter['activity']) . "', " . "'" . formTrim($iter['subtype']) . "' " . ")");
}
}
}
}
}
} else {
if ($_POST['formaction'] == 'addlist') {
// make a new list ID from the new list name
$newlistID = $_POST['newlistname'];
$newlistID = preg_replace("/\\W/", "_", $newlistID);
// determine the position of this new list
$row = sqlQuery("SELECT max(seq) as maxseq FROM list_options WHERE list_id= 'lists'");
// add the new list to the list-of-lists
sqlInsert("INSERT INTO list_options ( " . "list_id, option_id, title, seq, is_default, option_value " . ") VALUES ( " . "'lists'," . "'" . $newlistID . "'," . "'" . $_POST['newlistname'] . "', " . "'" . ($row['maxseq'] + 1) . "'," . "'1', '0')");
} else {
function get_layout_form_value($frow, $maxlength = 255)
{
// Bring in $sanitize_all_escapes variable, which will decide
// the variable escaping method.
global $sanitize_all_escapes;
$data_type = $frow['data_type'];
$field_id = $frow['field_id'];
$value = '';
if (isset($_POST["form_{$field_id}"])) {
if ($data_type == 21) {
// $_POST["form_$field_id"] is an array of checkboxes and its keys
// must be concatenated into a |-separated string.
foreach ($_POST["form_{$field_id}"] as $key => $val) {
if (strlen($value)) {
$value .= '|';
}
$value .= $key;
}
} else {
if ($data_type == 22) {
// $_POST["form_$field_id"] is an array of text fields to be imploded
// into "key:value|key:value|...".
foreach ($_POST["form_{$field_id}"] as $key => $val) {
$val = str_replace('|', ' ', $val);
if (strlen($value)) {
$value .= '|';
}
$value .= "{$key}:{$val}";
}
} else {
if ($data_type == 23) {
// $_POST["form_$field_id"] is an array of text fields with companion
// radio buttons to be imploded into "key:n:notes|key:n:notes|...".
foreach ($_POST["form_{$field_id}"] as $key => $val) {
$restype = $_POST["radio_{$field_id}"][$key];
if (empty($restype)) {
$restype = '0';
}
$val = str_replace('|', ' ', $val);
if (strlen($value)) {
$value .= '|';
}
$value .= "{$key}:{$restype}:{$val}";
}
} else {
if ($data_type == 25) {
// $_POST["form_$field_id"] is an array of text fields with companion
// checkboxes to be imploded into "key:n:notes|key:n:notes|...".
foreach ($_POST["form_{$field_id}"] as $key => $val) {
$restype = empty($_POST["check_{$field_id}"][$key]) ? '0' : '1';
$val = str_replace('|', ' ', $val);
if (strlen($value)) {
$value .= '|';
}
$value .= "{$key}:{$restype}:{$val}";
}
} else {
if ($data_type == 28) {
// $_POST["form_$field_id"] is an date text fields with companion
// radio buttons to be imploded into "notes|type|date".
$restype = $_POST["radio_{$field_id}"];
if (empty($restype)) {
$restype = '0';
}
$resdate = str_replace('|', ' ', $_POST["date_{$field_id}"]);
$resnote = str_replace('|', ' ', $_POST["form_{$field_id}"]);
$value = "{$resnote}|{$restype}|{$resdate}";
} else {
$value = $_POST["form_{$field_id}"];
}
}
}
}
}
}
// Better to die than to silently truncate data!
if ($maxlength && $data_type != 3 && strlen($value) > $maxlength) {
die(htmlspecialchars(xl('ERROR: Field') . " '{$field_id}' " . xl('is too long'), ENT_NOQUOTES) . ":<br /> <br />" . htmlspecialchars($value, ENT_NOQUOTES));
}
// Make sure the return value is quote-safe.
if ($sanitize_all_escapes) {
//escapes already removed and using binding/placemarks in sql calls
// so only need to trim value
return trim($value);
} else {
//need to explicitly prepare value
return formTrim($value);
}
}
if ($layout_id == "SRH") {
$tablename = "lists_ippf_srh";
} else {
if ($layout_id == "CON") {
$tablename = "lists_ippf_con";
} else {
if ($layout_id == "GCA") {
$tablename = "lists_ippf_gcac";
}
}
}
}
}
}
sqlStatement("ALTER TABLE `" . $tablename . "` ADD " . "`" . formTrim($_POST['gnewid']) . "`" . " VARCHAR( 255 )");
newEvent("alter_table", $_SESSION['authUser'], $_SESSION['authProvider'], 1, $tablename . " ADD " . formTrim($_POST['gnewid']));
}
} else {
if ($_POST['formaction'] == "deletegroup" && $layout_id) {
// drop the fields from the related table (this is critical)
if (substr($layout_id, 0, 3) != 'LBF') {
$res = sqlStatement("SELECT field_id FROM layout_options WHERE " . " form_id = '" . $_POST['layout_id'] . "' " . " AND group_name = '" . $_POST['deletegroupname'] . "'");
while ($row = sqlFetchArray($res)) {
// drop the field from the table too (this is critical)
if ($layout_id == "DEM") {
$tablename = "patient_data";
} else {
if ($layout_id == "HIS") {
$tablename = "history_data";
} else {
if ($layout_id == "REF") {
function get_layout_form_value($frow, $prefix='form_') {
// Bring in $sanitize_all_escapes variable, which will decide
// the variable escaping method.
global $sanitize_all_escapes;
$maxlength = empty($frow['max_length']) ? 0 : intval($frow['max_length']);
$data_type = $frow['data_type'];
$field_id = $frow['field_id'];
$value = '';
if (isset($_POST["$prefix$field_id"])) {
if ($data_type == 21) {
// $_POST["$prefix$field_id"] is an array of checkboxes and its keys
// must be concatenated into a |-separated string.
foreach ($_POST["$prefix$field_id"] as $key => $val) {
if (strlen($value)) $value .= '|';
$value .= $key;
}
}
else if ($data_type == 22) {
// $_POST["$prefix$field_id"] is an array of text fields to be imploded
// into "key:value|key:value|...".
foreach ($_POST["$prefix$field_id"] as $key => $val) {
$val = str_replace('|', ' ', $val);
if (strlen($value)) $value .= '|';
$value .= "$key:$val";
}
}
else if ($data_type == 23) {
// $_POST["$prefix$field_id"] is an array of text fields with companion
// radio buttons to be imploded into "key:n:notes|key:n:notes|...".
foreach ($_POST["$prefix$field_id"] as $key => $val) {
$restype = $_POST["radio_{$field_id}"][$key];
if (empty($restype)) $restype = '0';
$val = str_replace('|', ' ', $val);
if (strlen($value)) $value .= '|';
$value .= "$key:$restype:$val";
}
}
else if ($data_type == 25) {
// $_POST["$prefix$field_id"] is an array of text fields with companion
// checkboxes to be imploded into "key:n:notes|key:n:notes|...".
foreach ($_POST["$prefix$field_id"] as $key => $val) {
$restype = empty($_POST["check_{$field_id}"][$key]) ? '0' : '1';
$val = str_replace('|', ' ', $val);
if (strlen($value)) $value .= '|';
$value .= "$key:$restype:$val";
}
}
else if ($data_type == 28 || $data_type == 32) {
// $_POST["$prefix$field_id"] is an date text fields with companion
// radio buttons to be imploded into "notes|type|date".
$restype = $_POST["radio_{$field_id}"];
if (empty($restype)) $restype = '0';
$resdate = str_replace('|', ' ', $_POST["date_$field_id"]);
$resnote = str_replace('|', ' ', $_POST["$prefix$field_id"]);
if ($data_type == 32)
{
//VicarePlus :: Smoking status data is imploded into "note|type|date|list".
$reslist = str_replace('|', ' ', $_POST["$prefix$field_id"]);
$res_text_note = str_replace('|', ' ', $_POST["{$prefix}text_$field_id"]);
$value = "$res_text_note|$restype|$resdate|$reslist";
}
else
$value = "$resnote|$restype|$resdate";
}
else if ($data_type == 36) {
$value_array = $_POST["form_$field_id"];
$i = 0;
foreach ($value_array as $key => $valueofkey) {
if ($i == 0) {
$value = $valueofkey;
} else {
$value = $value . "|" . $valueofkey;
}
$i++;
}
}
else {
$value = $_POST["$prefix$field_id"];
}
}
// Better to die than to silently truncate data!
if ($maxlength && $maxlength != 0 && strlen($value) > $maxlength)
die(htmlspecialchars( xl('ERROR: Field') . " '$field_id' " . xl('is too long'), ENT_NOQUOTES) .
":<br /> <br />".htmlspecialchars( $value, ENT_NOQUOTES));
// Make sure the return value is quote-safe.
if ($sanitize_all_escapes) {
//escapes already removed and using binding/placemarks in sql calls
// so only need to trim value
return trim($value);
}
else {
//need to explicitly prepare value
return formTrim($value);
}
}
}
// Insert the list item
sqlInsert("INSERT INTO list_options ( " .
"list_id, option_id, title, seq, is_default, option_value, mapping, notes, codes, toggle_setting_1, toggle_setting_2 " .
") VALUES ( " .
"'$list_id', " .
"'" . $id . "', " .
"'" . formTrim($iter['title']) . "', " .
"'" . formTrim($iter['seq']) . "', " .
"'" . formTrim($iter['default']) . "', " .
"'" . $value . "', " .
"'" . formTrim($iter['mapping']) . "', " .
"'" . $notes . "', " .
"'" . formTrim($iter['codes']) . "', " .
"'" . formTrim($iter['toggle_setting_1']) . "', " .
"'" . formTrim($iter['toggle_setting_2']) . "' " .
")");
}
}
}
}
else if ($_POST['formaction']=='addlist') {
// make a new list ID from the new list name
$newlistID = $_POST['newlistname'];
$newlistID = preg_replace("/\W/", "_", $newlistID);
// determine the position of this new list
$row = sqlQuery("SELECT max(seq) as maxseq FROM list_options WHERE list_id= 'lists'");
// add the new list to the list-of-lists
sqlInsert("INSERT INTO list_options ( " .
function get_layout_form_value($frow, $maxlength = 255)
{
$data_type = $frow['data_type'];
$field_id = $frow['field_id'];
$value = '';
if (isset($_POST["form_{$field_id}"])) {
if ($data_type == 21) {
// $_POST["form_$field_id"] is an array of checkboxes and its keys
// must be concatenated into a |-separated string.
foreach ($_POST["form_{$field_id}"] as $key => $val) {
if (strlen($value)) {
$value .= '|';
}
$value .= $key;
}
} else {
if ($data_type == 22) {
// $_POST["form_$field_id"] is an array of text fields to be imploded
// into "key:value|key:value|...".
foreach ($_POST["form_{$field_id}"] as $key => $val) {
$val = str_replace('|', ' ', $val);
if (strlen($value)) {
$value .= '|';
}
$value .= "{$key}:{$val}";
}
} else {
if ($data_type == 23) {
// $_POST["form_$field_id"] is an array of text fields with companion
// radio buttons to be imploded into "key:n:notes|key:n:notes|...".
foreach ($_POST["form_{$field_id}"] as $key => $val) {
$restype = $_POST["radio_{$field_id}"][$key];
if (empty($restype)) {
$restype = '0';
}
$val = str_replace('|', ' ', $val);
if (strlen($value)) {
$value .= '|';
}
$value .= "{$key}:{$restype}:{$val}";
}
} else {
if ($data_type == 25) {
// $_POST["form_$field_id"] is an array of text fields with companion
// checkboxes to be imploded into "key:n:notes|key:n:notes|...".
foreach ($_POST["form_{$field_id}"] as $key => $val) {
$restype = empty($_POST["check_{$field_id}"][$key]) ? '0' : '1';
$val = str_replace('|', ' ', $val);
if (strlen($value)) {
$value .= '|';
}
$value .= "{$key}:{$restype}:{$val}";
}
} else {
if ($data_type == 28) {
// $_POST["form_$field_id"] is an date text fields with companion
// radio buttons to be imploded into "notes|type|date".
$restype = $_POST["radio_{$field_id}"];
if (empty($restype)) {
$restype = '0';
}
$resdate = str_replace('|', ' ', $_POST["date_{$field_id}"]);
$resnote = str_replace('|', ' ', $_POST["form_{$field_id}"]);
$value = "{$resnote}|{$restype}|{$resdate}";
} else {
$value = $_POST["form_{$field_id}"];
}
}
}
}
}
}
// Better to die than to silently truncate data!
if ($maxlength && $data_type != 3 && strlen($value) > $maxlength) {
die(xl('ERROR: Field') . " '{$field_id}' " . xl('is too long') . ":<br /> <br />{$value}");
}
// Make sure the return value is quote-safe.
return formTrim($value);
}