function setpid($new_pid)
{
global $pid;
$_SESSION['pid'] = $new_pid;
$pid = $new_pid;
newEvent("view", $_SESSION["authUser"], $_SESSION["authProvider"], 1, $pid);
}
function row_modify($table, $set, $where)
{
if (sqlQuery("SELECT * FROM {$table} WHERE {$where}")) {
newEvent("deactivate", $_SESSION['authUser'], $_SESSION['authProvider'], 1, "{$table}: {$where}");
$query = "UPDATE {$table} SET {$set} WHERE {$where}";
echo $query . "<br>\n";
sqlStatement($query);
}
}
function rhl7LogMsg($msg, $fatal = true)
{
// global $rhl7_return, $rhl7_segnum;
$rhl7_return['mssgs'][] = $msg;
if ($fatal) {
$rhl7_return['fatal'] = true;
newEvent("lab-results-error", $_SESSION['authUser'], $_SESSION['authProvider'], 0, $msg);
}
return $rhl7_return;
}
function rhl7LogMsg($msg, $fatal = true)
{
global $rhl7_return;
if ($fatal) {
$rhl7_return['mssgs'][] = '*' . $msg;
$rhl7_return['fatal'] = true;
newEvent("lab-results-error", $_SESSION['authUser'], $_SESSION['authProvider'], 0, $msg);
} else {
$rhl7_return['mssgs'][] = '>' . $msg;
}
return $rhl7_return;
}
function row_delete($table, $where)
{
$tres = sqlStatement("SELECT * FROM {$table} WHERE {$where}");
$count = 0;
while ($trow = sqlFetchArray($tres)) {
$logstring = "";
foreach ($trow as $key => $value) {
if (!$value || $value == '0000-00-00 00:00:00') {
continue;
}
if ($logstring) {
$logstring .= " ";
}
$logstring .= $key . "='" . addslashes($value) . "'";
}
newEvent("delete", $_SESSION['authUser'], $_SESSION['authProvider'], 1, "{$table}: {$logstring}");
++$count;
}
if ($count) {
$query = "DELETE FROM {$table} WHERE {$where}";
echo $query . "<br>\n";
sqlStatement($query);
}
}
function transmitCCD($ccd, $recipient, $requested_by)
{
global $pid;
$config_err = xl("Direct messaging is currently unavailable.") . " EC:";
if ($GLOBALS['phimail_enable'] == false) {
return "{$config_err} 1";
}
$phimail_server = @parse_url($GLOBALS['phimail_server_address']);
$phimail_username = $GLOBALS['phimail_username'];
$phimail_password = $GLOBALS['phimail_password'];
switch ($phimail_server['scheme']) {
case "http":
$server = "tcp://" . $phimail_server['host'];
break;
case "https":
$server = "ssl://" . $phimail_server['host'];
break;
default:
return "{$config_err} 2";
}
$fp = @fsockopen($server, $phimail_server['port']);
if ($fp === false) {
return "{$config_err} 3";
}
@fwrite($fp, "AUTH {$phimail_username} {$phimail_password}\n");
fflush($fp);
$ret = fgets($fp, 256);
if ($ret != "OK\n") {
fwrite($fp, "BYE\n");
fclose($fp);
return "{$config_err} 4";
}
fwrite($fp, "TO {$recipient}\n");
fflush($fp);
$ret = fgets($fp, 256);
if ($ret != "OK\n") {
fwrite($fp, "BYE\n");
fclose($fp);
return xl("Delivery is not currently permitted to the specified Direct Address.");
}
$ret = fgets($fp, 1024);
//ignore extra server data
if ($requested_by == "patient") {
$text_out = xl("Delivery of the attached clinical document was requested by the patient.");
} else {
$text_out = xl("A clinical document is attached.");
}
$text_len = strlen($text_out);
fwrite($fp, "TEXT {$text_len}\n");
fflush($fp);
$ret = @fgets($fp, 256);
if ($ret != "BEGIN\n") {
fwrite($fp, "BYE\n");
fclose($fp);
return "{$config_err} 5";
}
fwrite($fp, $text_out);
fflush($fp);
$ret = @fgets($fp, 256);
if ($ret != "OK\n") {
fwrite($fp, "BYE\n");
fclose($fp);
return "{$config_err} 6";
}
$ccd_out = $ccd->saveXml();
$ccd_len = strlen($ccd_out);
fwrite($fp, "CDA {$ccd_len}\n");
fflush($fp);
$ret = fgets($fp, 256);
if ($ret != "BEGIN\n") {
fwrite($fp, "BYE\n");
fclose($fp);
return "{$config_err} 7";
}
fwrite($fp, $ccd_out);
fflush($fp);
$ret = fgets($fp, 256);
if ($ret != "OK\n") {
fwrite($fp, "BYE\n");
fclose($fp);
return "{$config_err} 8";
}
fwrite($fp, "SEND\n");
fflush($fp);
$ret = fgets($fp, 256);
fwrite($fp, "BYE\n");
fclose($fp);
if ($requested_by == "patient") {
$reqBy = "portal-user";
$sql = "SELECT id FROM users WHERE username='******'";
if (($r = sqlStatementNoLog($sql)) === FALSE || ($u = sqlFetchArray($r)) === FALSE) {
$reqID = 1;
//default if we don't have a service user
} else {
$reqID = $u['id'];
}
} else {
$reqBy = $_SESSION['authUser'];
$reqID = $_SESSION['authUserID'];
}
if (substr($ret, 5) == "ERROR") {
//log the failure
newEvent("transmit-ccd", $reqBy, $_SESSION['authProvider'], 0, $ret, $pid);
return xl("The message could not be sent at this time.");
}
/**
* If we get here, the message was successfully sent and the return
* value $ret is of the form "QUEUED recipient message-id" which
* is suitable for logging.
*/
$msg_id = explode(" ", trim($ret), 4);
if ($msg_id[0] != "QUEUED" || !isset($msg_id[2])) {
//unexpected response
$ret = "UNEXPECTED RESPONSE: " . $ret;
newEvent("transmit-ccd", $reqBy, $_SESSION['authProvider'], 0, $ret, $pid);
return xl("There was a problem sending the message.");
}
newEvent("transmit-ccd", $reqBy, $_SESSION['authProvider'], 1, $ret, $pid);
$adodb = $GLOBALS['adodb']['db'];
$sql = "INSERT INTO direct_message_log (msg_type,msg_id,sender,recipient,status,status_ts,patient_id,user_id) " . "VALUES ('S', ?, ?, ?, 'S', NOW(), ?, ?)";
$res = @sqlStatementNoLog($sql, array($msg_id[2], $phimail_username, $recipient, $pid, $reqID));
return "SUCCESS";
}
<?php
include "functionsClasses.php";
//functionen Includieren
// pr�fen ob Passwort und user name eingebebn wurd und obs richtig ist
if (isset($_POST["userpass"]) and isset($_POST["username"]) and $_POST["username"] != "") {
session_register("username");
// Userid in Session speichern
$_SESSION['username'] = $_POST["username"];
$name = $_SESSION['username'];
UserDBConnect();
if (UserDBCheck_user($_POST["username"], $_POST["userpass"]) == true) {
//Beim ersten Pageload sind nur die schon vorhandne Events zum anzeigen
//beim erneuten Pageload neue mit eintragen
if (isset($POST["beschreibung"]) and isset($POST["jahr"]) and isset($POST["monat"]) and isset($POST["tag"]) and isset($POST["zeit"]) and $_POST["beschreibung"] != "" and $_POST["jahr"] != "" and $_POST["monat"] != "" and $_POST["tag"] != "" and $_POST["zeit"] != "") {
//Neuen Event eintragen
newEvent($POST["beschreibung"], $POST["jahr"], $POST["monat"], $POST["tag"], $_POST["zeit"]);
} else {
include "home_box.php";
}
} else {
include "error_box.php";
}
} else {
//Calendar neu laden
inOrdnung($name);
}
?>
// $FEE_SHEET_COLUMNS should be defined in codes.php.
if (empty($FEE_SHEET_COLUMNS)) {
$FEE_SHEET_COLUMNS = 2;
}
// Update price level in patient demographics if it's changed.
if (!empty($_POST['pricelevel'])) {
$fs->updatePriceLevel($_POST['pricelevel']);
}
$current_checksum = $fs->visitChecksum();
// It's important to look for a checksum mismatch even if we're just refreshing
// the display, otherwise the error goes undetected on a refresh-then-save.
if (isset($_POST['form_checksum'])) {
if ($_POST['form_checksum'] != $current_checksum) {
$alertmsg = xl('Someone else has just changed this visit. Please cancel this page and try again.');
$comment = "CHECKSUM ERROR, expecting '{$_POST['form_checksum']}'";
newEvent("checksum", $_SESSION['authUser'], $_SESSION['authProvider'], 1, $comment, $pid);
}
}
if (!$alertmsg && ($_POST['bn_save'] || $_POST['bn_save_close'])) {
$alertmsg = $fs->checkInventory($_POST['prod']);
}
// If Save or Save-and-Close was clicked, save the new and modified billing
// lines; then if no error, redirect to $GLOBALS['form_exit_url'].
//
if (!$alertmsg && ($_POST['bn_save'] || $_POST['bn_save_close'])) {
$main_provid = 0 + $_POST['ProviderID'];
$main_supid = 0 + $_POST['SupervisorID'];
$fs->save($_POST['bill'], $_POST['prod'], $main_provid, $main_supid, $_POST['default_warehouse'], $_POST['bn_save_close']);
// Note: Taxes are computed at checkout time (in pos_checkout.php which
// also posts to SL). Currently taxes with insurance claims make no sense,
// so for now we'll ignore tax computation in the insurance billing logic.
}
}
if ($form_step == 7) {
// create the final compressed tar containing all files
$form_status .= xl('Backup file has been created. Will now send download.') . "<br />";
echo nl2br($form_status);
$cur_dir = getcwd();
chdir($BACKUP_DIR);
$file_list = array('.');
if (!create_tar_archive($TAR_FILE_PATH, '', $file_list)) {
die(xl("Error: Unable to create downloadable archive"));
}
chdir($cur_dir);
/* To log the backup event */
if ($GLOBALS['audit_events_backup']) {
newEvent("backup", $_SESSION['authUser'], $_SESSION['authProvider'], 0, "Backup is completed");
}
$auto_continue = true;
}
if ($form_step == 101) {
echo xl('Select the configuration items to export') . ":";
echo "<br /> <br />\n";
echo "<input type='checkbox' name='form_cb_services' value='1' />\n";
echo " " . xl('Services') . "<br />\n";
echo "<input type='checkbox' name='form_cb_products' value='1' />\n";
echo " " . xl('Products') . "<br />\n";
echo "<input type='checkbox' name='form_cb_lists' value='1' />\n";
echo " " . xl('Lists') . "<br />\n";
echo "<input type='checkbox' name='form_cb_layouts' value='1' />\n";
echo " " . xl('Layouts') . "<br />\n";
echo "<input type='checkbox' name='form_cb_prices' value='1' />\n";
// If requested, link the issue to a specified encounter.
if ($thisenc) {
$query = "INSERT INTO issue_encounter ( " . "pid, list_id, encounter " . ") VALUES ( " . "'{$thispid}', '{$issue}', '{$thisenc}'" . ")";
sqlStatement($query);
}
$tmp_title = $ISSUE_TYPES[$text_type][2] . ": {$form_begin} " . substr($_POST['form_title'], 0, 40);
// Close this window and redisplay the updated list of issues.
//
reload_close($info_msg, $issue, $tmp_title);
} else {
if ($_POST['form_reconcile']) {
if ($issue) {
$query = "UPDATE lists SET " . "reconcilestatus = '" . $_POST['form_reconcilestatus'] . "', " . "reconcilenote = '" . $_POST['form_reconcilenote'] . "', " . "reconciledate = NOW() " . "WHERE id = '{$issue}'";
sqlStatement($query);
}
newEvent('patient-medication-reconcile-update', $_SESSION['user'], $_SESSION['authProvider'], 1, $query);
if ($GLOBALS['reconcile_in_pnotes']) {
addPnote($thispid, "{$_SESSION['user']} has reconciled {$_POST['form_title']} with status '{$_POST['form_reconcilestatus']}' and note '{$_POST['form_reconcilenote']}'", 1, 1, 'Pharmacy');
}
reload_close($info_msg, $issue, $tmp_title);
}
}
$irow = array();
if ($issue) {
$irow = sqlQuery("SELECT * FROM lists WHERE id = {$issue}");
} else {
if ($thistype) {
$irow['type'] = $thistype;
}
}
$type_index = 0;
if ($noteid) {
updatePnote($noteid, $note, $_POST['form_note_type'], $_POST['assigned_to']);
} else {
$noteid = addPnote($patient_id, $note, $userauthorized, '1', $_POST['form_note_type'], $_POST['assigned_to']);
}
if ($docid) {
setGpRelation(1, $docid, 6, $noteid);
}
if ($orderid) {
setGpRelation(2, $orderid, 6, $noteid);
}
$noteid = '';
} elseif ($mode == "delete") {
if ($noteid) {
deletePnote($noteid);
newEvent("delete", $_SESSION['authUser'], $_SESSION['authProvider'], 1, "pnotes: id " . $noteid);
}
$noteid = '';
}
}
$title = '';
$assigned_to = $_SESSION['authUser'];
if ($noteid) {
$prow = getPnoteById($noteid, 'title,assigned_to,body');
$title = $prow['title'];
$assigned_to = $prow['assigned_to'];
}
// Get the users list. The "Inactive" test is a kludge, we should create
// a separate column for this.
$ures = sqlStatement("SELECT username, fname, lname FROM users " . "WHERE username != '' AND active = 1 AND " . "( info IS NULL OR info NOT LIKE '%Inactive%' ) " . "ORDER BY lname, fname");
$pres = getPatientData($patient_id, "lname, fname");
include_once "{$srcdir}/pnotes.inc";
include_once "{$srcdir}/transactions.inc";
include_once "{$srcdir}/lists.inc";
include_once "{$srcdir}/patient.inc";
include_once "{$srcdir}/options.inc.php";
// The number of authorizations to display in the quick view:
// MAR 20041008 the full authorizations screen sucks... no links to the patient charts
// increase to a high number to make the mini frame more useful.
$N = 50;
$atemp = sqlQuery("SELECT see_auth FROM users WHERE username = ?", array($_SESSION['authUser']));
$see_auth = $atemp['see_auth'];
$imauthorized = $_SESSION['userauthorized'] || $see_auth > 2;
// This authorizes everything for the specified patient.
if (isset($_GET["mode"]) && $_GET["mode"] == "authorize" && $imauthorized) {
$retVal = getProviderId($_SESSION['authUser']);
newEvent("authorize", $_SESSION["authUser"], $_SESSION["authProvider"], 1, $_GET["pid"]);
sqlStatement("update billing set authorized=1 where pid=?", array($_GET["pid"]));
sqlStatement("update forms set authorized=1 where pid=?", array($_GET["pid"]));
sqlStatement("update pnotes set authorized=1 where pid=?", array($_GET["pid"]));
sqlStatement("update transactions set authorized=1 where pid=?", array($_GET["pid"]));
}
?>
<html>
<head>
<?php
html_header_show();
?>
<link rel='stylesheet' href="<?php
echo $css_header;
?>
" type="text/css">
if (isset($_GET['action'])) {
switch ($_GET['action']) {
case 'loadEvents':
loadEvents($mysqli);
break;
case 'deleteEvent':
deleteEvent($mysqli);
break;
case 'editEvent':
editEvent($mysqli);
break;
case 'getUserName':
getUserName();
break;
case 'newEvent':
newEvent($mysqli);
break;
default:
printError("Invalid Action Request");
break;
}
}
}
function loadEvents($db)
{
//make sure the request was sent properly
if (!(isset($_GET['month']) && isset($_GET['year']))) {
printError("Invalid Request");
}
$username = $_SESSION['username'];
$month = $_GET['month'];
function transmitCCD($data = array())
{
$ccd = $data['ccd'];
$recipient = $data['recipient'];
$requested_by = $data['requested_by'];
$xml_type = $data['xml_type'];
if (UserService::valid($data[0]) == 'existingpatient') {
try {
$_SESSION['authProvider'] = 1;
global $pid;
//get patient name in Last_First format (used for CCDA filename) and
//First Last for the message text.
$patientData = getPatientPID(array("pid" => $pid));
if (empty($patientData[0]['lname'])) {
$att_filename = "";
$patientName2 = "";
} else {
//spaces are the argument delimiter for the phiMail API calls and must be removed
$extension = $xml_type == 'CCDA' ? 'xml' : strtolower($xml_type);
$att_filename = " " . str_replace(" ", "_", $xml_type . "_" . $patientData[0]['lname'] . "_" . $patientData[0]['fname']) . "." . $extension;
$patientName2 = $patientData[0]['fname'] . " " . $patientData[0]['lname'];
}
$config_err = xl("Direct messaging is currently unavailable.") . " EC:";
if ($GLOBALS['phimail_enable'] == false) {
return "{$config_err} 1";
}
$fp = phimail_connect($err);
if ($fp === false) {
return "{$config_err} {$err}";
}
$phimail_username = $GLOBALS['phimail_username'];
$phimail_password = $GLOBALS['phimail_password'];
$ret = phimail_write_expect_OK($fp, "AUTH {$phimail_username} {$phimail_password}\n");
if ($ret !== TRUE) {
return "{$config_err} 4";
}
$ret = phimail_write_expect_OK($fp, "TO {$recipient}\n");
if ($ret !== TRUE) {
return xl("Delivery is not allowed to the specified Direct Address.");
}
$ret = fgets($fp, 1024);
//ignore extra server data
if ($requested_by == "patient") {
$text_out = xl("Delivery of the attached clinical document was requested by the patient") . ($patientName2 == "" ? "." : ", " . $patientName2 . ".");
} else {
$text_out = xl("A clinical document is attached") . ($patientName2 == "" ? "." : " " . xl("for patient") . " " . $patientName2 . ".");
}
$text_len = strlen($text_out);
phimail_write($fp, "TEXT {$text_len}\n");
$ret = @fgets($fp, 256);
if ($ret != "BEGIN\n") {
phimail_close($fp);
return "{$config_err} 5";
}
$ret = phimail_write_expect_OK($fp, $text_out);
if ($ret !== TRUE) {
return "{$config_err} 6";
}
if (in_array($xml_type, array('CCR', 'CCDA', 'CDA'))) {
$ccd = simplexml_load_string($ccd);
$ccd_out = $ccd->saveXml();
$ccd_len = strlen($ccd_out);
phimail_write($fp, "ADD " . ($xml_type == "CCR" ? $xml_type . ' ' : "CDA ") . $ccd_len . $att_filename . "\n");
//phimail_write($fp,"ADD " . (isset($xml_type) ? $xml_type . ' ' : "CDA ") . $ccd_len . $att_filename . "\n");
} else {
if (strtolower($xml_type) == 'html' || strtolower($xml_type) == 'pdf') {
$ccd_out = base64_decode($ccd);
$message_length = strlen($ccd_out);
$add_type = strtolower($xml_type) == 'html' ? 'TEXT' : 'RAW';
phimail_write($fp, "ADD " . $add_type . " " . $message_length . "" . $att_filename . "\n");
}
}
$ret = fgets($fp, 256);
if ($ret != "BEGIN\n") {
phimail_close($fp);
return "{$config_err} 7";
}
$ret = phimail_write_expect_OK($fp, $ccd_out);
if ($ret !== TRUE) {
return "{$config_err} 8";
}
phimail_write($fp, "SEND\n");
$ret = fgets($fp, 256);
phimail_close($fp);
if ($requested_by == "patient") {
$reqBy = "portal-user";
$sql = "SELECT id FROM users WHERE username='******'";
if (($r = sqlStatement($sql)) === FALSE || ($u = sqlFetchArray($r)) === FALSE) {
$reqID = 1;
//default if we don't have a service user
} else {
$reqID = $u['id'];
}
} else {
$reqBy = $_SESSION['authUser'];
$reqID = $_SESSION['authUserID'];
}
if (substr($ret, 5) == "ERROR") {
//log the failure
newEvent("transmit-ccd", $reqBy, $_SESSION['authProvider'], 0, $ret, $pid);
return xl("The message could not be sent at this time.");
}
/**
* If we get here, the message was successfully sent and the return
* value $ret is of the form "QUEUED recipient message-id" which
* is suitable for logging.
*/
$msg_id = explode(" ", trim($ret), 4);
if ($msg_id[0] != "QUEUED" || !isset($msg_id[2])) {
//unexpected response
$ret = "UNEXPECTED RESPONSE: " . $ret;
newEvent("transmit-ccd", $reqBy, $_SESSION['authProvider'], 0, $ret, $pid);
return xl("There was a problem sending the message.");
}
newEvent("transmit-" . $xml_type, $reqBy, $_SESSION['authProvider'], 1, $ret, $pid);
$adodb = $GLOBALS['adodb']['db'];
// $sql="INSERT INTO direct_message_log (msg_type,msg_id,sender,recipient,status,status_ts,patient_id,user_id) " .
// "VALUES ('S', ?, ?, ?, 'S', NOW(), ?, ?)";
// $res=@sqlStatement($sql,array($msg_id[2],$phimail_username,$recipient,$pid,$reqID));
return "SUCCESS";
} catch (Exception $e) {
return 'Error: ' . $e->getMessage();
}
}
}
function verify_user_gacl_group($user)
{
global $phpgacl_location;
if (isset($phpgacl_location)) {
if (acl_get_group_titles($user) == 0) {
newEvent('login', $user, $provider, 0, "failure: {$ip}. user not in any phpGACL groups. (bad username?)");
return false;
}
}
return true;
}
<?php
//Create new event
function newEvent($event, $userData)
{
createEvent($event, $userData['latitude'], $userData['longitude']);
updateUserEvent($userData['ustreamUID'], $event);
}
//Join existing event
function joinEvent($userData)
{
updateUserEvent($userData['ustreamUID'], $userData['event']);
}
//Search for events
function search($event)
{
$eventArr = searchEvent($event);
echo json_encode($eventArr);
}
if (isset($_REQUEST['actionType']) && isset($_REQUEST['eventName'])) {
if ($_REQUEST['actionType'] == 1) {
//SEARCH EVENTS
search($_REQUEST['eventName']);
} else {
if ($_REQUEST['actionType'] == 2) {
//CREATE EVENT
newEvent($_REQUEST['eventName'], $userData);
}
}
}
<?php
include "functionsClasses.php";
if (isset($_GET['jahr'])) {
//Neuen Event eintragen
$beschr = $_GET["beschreibung"];
$jahr = $_GET["jahr"];
$tag = $_GET["tag"];
$monat = $_GET["monat"];
$zeit = $_GET["zeit"];
newEvent($beschr, $tag, $monat, $jahr, $zeit);
//testEvent();
echo "<h1>OK</h1>";
} else {
echo "<h1>MEEEEEPPP</h1>";
}
echo "<html><head></head><body>";
include "usercalendar.php";
echo "<div id=\"userevents\">\r\n \t<h3> Hier können Sie Ihre Events eintragen!</h3> \r\n \t<form method=GET action=\"test.php\"> \r\n <table>\r\n <tr>\r\n <td><label>Event beschreibung:</label></td>\r\n <td><input name=\"beschreibung\" type=\"text\"></td>\r\n <td><label>Bsp: Party bei Huber </label></td>\r\n </tr>\r\n <tr>\r\n <td><label>Jahr des Events: </label></td>\r\n <td><input name=\"jahr\" type=\"text\" ></td>\r\n <td><label>Format: yyyy --> 2008</label></td>\t\t\r\n </tr>\r\n <tr>\r\n <td><label>Monat des Events: </label></td>\r\n <td><input name=\"monat\" type=\"text\" ></td>\r\n <td><label>Format: mm --> 01 bis 12</label></td>\t\t\r\n </tr>\r\n <tr>\r\n <td><label>Tag des Events: </label></td>\r\n <td><input name=\"tag\" type=\"text\" ></td>\r\n <td><label>Format: dd --> 01 bis 31</label></td>\t\t\r\n </tr>\r\n <tr>\r\n <td><label>Zeit des Events: </label></td>\r\n <td><input name=\"zeit\" type=\"text\"></td>\r\n <td><label>Format: 24:60:60 --> 00:00:00</label></td>\t\t\r\n </tr>\r\n </table>\r\n <input name=\"eintragen\" type=\"submit\" value=\"Event eintragen\">\r\n </form>\t\t\r\n\t </div><!-- userevents -->";
echo "</body></html>";
if ($title == "") {
$title = $result['title'];
}
$body = $result['body'];
if ($reply_to == "") {
$reply_to = $result['pid'];
}
$form_message_status = $result['message_status'];
}
break;
case "delete":
// Delete selected message(s) from the Messages box (only).
$delete_id = $_POST['delete_id'];
for ($i = 0; $i < count($delete_id); $i++) {
deletePnote($delete_id[$i]);
newEvent("delete", $_SESSION['authUser'], $_SESSION['authProvider'], 1, "pnotes: id " . $delete_id[$i]);
}
break;
}
if ($task == "addnew" or $task == "edit") {
// Display the Messages page layout.
echo "\n<form name=new_note id=new_note action=\"messages.php?showall=" . attr($showall) . "&sortby=" . attr($sortby) . "&sortorder=" . attr($sortorder) . "&begin=" . attr($begin) . "&{$activity_string_html}\" method=post>\n<input type=hidden name=noteid id=noteid value='" . attr($noteid) . "'>\n<input type=hidden name=task id=task value=add>";
?>
<div id="pnotes"><center>
<table border='0' cellspacing='8'>
<tr>
<td class='text'>
<b><?php
echo htmlspecialchars(xl('Type'), ENT_NOQUOTES);
?>
:</b>
if ($layout_id == "SRH") {
$tablename = "lists_ippf_srh";
} else {
if ($layout_id == "CON") {
$tablename = "lists_ippf_con";
} else {
if ($layout_id == "GCA") {
$tablename = "lists_ippf_gcac";
}
}
}
}
}
}
sqlStatement("ALTER TABLE `" . $tablename . "` DROP `" . $row['field_id'] . "`");
newEvent("alter_table", $_SESSION['authUser'], $_SESSION['authProvider'], 1, $tablename . " DROP " . trim($row['field_id']));
}
}
// Delete an entire group from the form
sqlStatement("DELETE FROM layout_options WHERE " . " form_id = '" . $_POST['layout_id'] . "' " . " AND group_name = '" . $_POST['deletegroupname'] . "'");
} else {
if ($_POST['formaction'] == "movegroup" && $layout_id) {
$results = sqlStatement("SELECT DISTINCT(group_name) AS gname " . "FROM layout_options WHERE form_id = '{$layout_id}' " . "ORDER BY gname");
$garray = array();
$i = 0;
while ($result = sqlFetchArray($results)) {
if ($result['gname'] == $_POST['movegroupname']) {
if ($_POST['movedirection'] == 'up') {
// moving up
if ($i > 0) {
$garray[$i] = $garray[$i - 1];
$xml_array["Labresultslist"]['reason'] = 'Lab results not found';
}
/**
* User Messages
*/
$sql = "SELECT pnotes.id, pnotes.user, pnotes.pid, pnotes.title, pnotes.date,pnotes.body, pnotes.message_status, \n IF(pnotes.user != pnotes.pid,users.fname,patient_data.fname) as users_fname,\n IF(pnotes.user != pnotes.pid,users.lname,patient_data.lname) as users_lname,\n patient_data.fname as patient_data_fname, patient_data.lname as patient_data_lname\n FROM ((pnotes LEFT JOIN users ON pnotes.user = users.username) \n JOIN patient_data ON pnotes.pid = patient_data.pid) WHERE pnotes.message_status LIKE 'New' \n AND pnotes.deleted != '1' AND pnotes.date >= '{$date} 00:00:00' AND pnotes.date <= '{$date} 24:00:00' AND pnotes.assigned_to LIKE ?";
$messageResult = sqlStatement($sql, array($username));
if ($messageResult->_numOfRows > 0) {
$xml_array["Messages"]['status'] = 0;
$xml_array["Messages"]['reason'] = 'Messages Processed successfully';
$count = 1;
while ($myrow = sqlFetchArray($messageResult)) {
foreach ($myrow as $fieldName => $fieldValue) {
$rowValue = xmlsafestring($fieldValue);
$xml_array["Messages"]['Message-' . $count][$fieldName] = $rowValue;
}
$count++;
}
} else {
$xml_array["Messages"]['status'] = -1;
$xml_array["Messages"]['reason'] = 'Messages not found.';
}
}
$ip = $_SERVER['REMOTE_ADDR'];
newEvent($event = 'login', $username, $groupname = 'Default', $success = '1', 'success: ' . $ip);
} else {
$xml_array['status'] = -1;
$xml_array['reason'] = 'Username/Pin incorrect.';
}
$xml = ArrayToXML::toXml($xml_array, 'MedMasterUser');
echo $xml;
function visitChecksum($pid, $encounter, $saved = false)
{
$rowb = sqlQuery("SELECT BIT_XOR(CRC32(CONCAT_WS(',', " . "id, code, modifier, units, fee, authorized, provider_id, ndc_info, justify, billed" . "))) AS checksum FROM billing WHERE " . "pid = ? AND encounter = ? AND activity = 1", array($pid, $encounter));
$rowp = sqlQuery("SELECT BIT_XOR(CRC32(CONCAT_WS(',', " . "sale_id, inventory_id, prescription_id, quantity, fee, sale_date, billed" . "))) AS checksum FROM drug_sales WHERE " . "pid = ? AND encounter = ?", array($pid, $encounter));
$ret = intval($rowb['checksum']) ^ intval($rowp['checksum']);
if (CHECKSUM_LOGGING) {
$comment = "Checksum = '{$ret}'";
$comment .= ", AJAX = " . (empty($_POST['running_as_ajax']) ? "false" : "true");
$comment .= ", Save = " . (empty($_POST['bn_save']) ? "false" : "true");
$comment .= ", Saved = " . ($saved ? "true" : "false");
newEvent("checksum", $_SESSION['authUser'], $_SESSION['authProvider'], 1, $comment, $pid);
}
return $ret;
}
$fake_register_globals = false;
//
include_once "../../globals.php";
include_once "{$srcdir}/sql.inc";
include_once "{$srcdir}/options.inc.php";
if (isset($_GET['mode'])) {
if ($_GET['mode'] == "add") {
$sql = "REPLACE INTO immunizations set \n id = ?,\n administered_date = if(?,?,NULL), \n immunization_id = ?,\n cvx_code = ?, \n manufacturer = ?,\n lot_number = ?,\n administered_by_id = if(?,?,NULL),\n administered_by = if(?,?,NULL),\n education_date = if(?,?,NULL), \n vis_date = if(?,?,NULL), \n note = ?,\n patient_id = ?,\n created_by = ?,\n updated_by = ?,\n create_date = now() ";
$sqlBindArray = array(trim($_GET['id']), trim($_GET['administered_date']), trim($_GET['administered_date']), trim($_GET['form_immunization_id']), trim($_GET['cvx_code']), trim($_GET['manufacturer']), trim($_GET['lot_number']), trim($_GET['administered_by_id']), trim($_GET['administered_by_id']), trim($_GET['administered_by']), trim($_GET['administered_by']), trim($_GET['education_date']), trim($_GET['education_date']), trim($_GET['vis_date']), trim($_GET['vis_date']), trim($_GET['note']), $pid, $_SESSION['authId'], $_SESSION['authId']);
sqlStatement($sql, $sqlBindArray);
$administered_date = $education_date = date('Y-m-d');
$immunization_id = $cvx_code = $manufacturer = $lot_number = $administered_by_id = $note = $id = "";
$administered_by = $vis_date = "";
} elseif ($_GET['mode'] == "delete") {
// log the event
newEvent("delete", $_SESSION['authUser'], $_SESSION['authProvider'], 1, "Immunization id " . $_GET['id'] . " deleted from pid " . $pid);
// delete the immunization
$sql = "DELETE FROM immunizations WHERE id =? LIMIT 1";
sqlStatement($sql, array($_GET['id']));
} elseif ($_GET['mode'] == "edit") {
$sql = "select * from immunizations where id = ?";
$result = sqlQuery($sql, array($_GET['id']));
$administered_date = $result['administered_date'];
$immunization_id = $result['immunization_id'];
$cvx_code = $result['cvx_code'];
$code_text = '';
if (!empty($cvx_code)) {
$query = "SELECT codes.code_text as `code_text`, codes.code as `code` " . "FROM codes " . "LEFT JOIN code_types on codes.code_type = code_types.ct_id " . "WHERE code_types.ct_key = 'CVX' AND codes.code = ?";
$result_code_text = sqlQuery($query, array($cvx_code));
$code_text = $result_code_text['code_text'];
}
function addOrDeleteColumn($layout_id, $field_id, $add = TRUE)
{
if (substr($layout_id, 0, 3) == 'LBF' || substr($layout_id, 0, 3) == 'LBT' || $layout_id == "FACUSR") {
return;
}
if ($layout_id == "DEM") {
$tablename = "patient_data";
} else {
if ($layout_id == "HIS") {
$tablename = "history_data";
} else {
if ($layout_id == "SRH") {
$tablename = "lists_ippf_srh";
} else {
if ($layout_id == "CON") {
$tablename = "lists_ippf_con";
} else {
if ($layout_id == "GCA") {
$tablename = "lists_ippf_gcac";
} else {
die('Internal error in addOrDeleteColumn()');
}
}
}
}
}
// Check if the column currently exists.
$tmp = sqlQuery("SHOW COLUMNS FROM `{$tablename}` LIKE '{$field_id}'");
$column_exists = !empty($tmp);
if ($add && !$column_exists) {
sqlStatement("ALTER TABLE `{$tablename}` ADD `{$field_id}` TEXT");
newEvent("alter_table", $_SESSION['authUser'], $_SESSION['authProvider'], 1, "{$tablename} ADD {$field_id}");
} else {
if (!$add && $column_exists) {
// Do not drop a column that has any data.
$tmp = sqlQuery("SELECT `{$field_id}` FROM `{$tablename}` WHERE " . "`{$field_id}` IS NOT NULL AND `{$field_id}` != '' LIMIT 1");
if (!isset($tmp['field_id'])) {
sqlStatement("ALTER TABLE `{$tablename}` DROP `{$field_id}`");
newEvent("alter_table", $_SESSION['authUser'], $_SESSION['authProvider'], 1, "{$tablename} DROP {$field_id} ");
}
}
}
}
/**
* @param string $collection
* @param string $key
* @param string $type
* @param int $timestamp
* @param int $ordinal
*
* @return EventInterface
* @link https://orchestrate.io/docs/apiref#events-delete
*/
public function purgeEvent($collection, $key, $type, $timestamp, $ordinal)
{
$item = newEvent($collection, $key, $type, $timestamp, $ordinal);
$item->purge();
return $item;
}
}
echo "<li>Altered last name of PID " . $otherPID . " to '" . $newlname . "'</li>";
// add patient notes regarding the merged data
$notetext = "All related patient data has been merged into patient record PID# " . $masterPID;
echo "<li>Added note about the merge to the PID " . $otherPID . "</li>";
if ($commitchanges == true) {
addPnote($otherPID, $notetext);
}
$notetext = "All related patient data has been merged from patient record PID# " . $otherPID;
echo "<li>Added note about the merge to the Master PID " . $masterPID . "</li>";
if ($commitchanges == true) {
addPnote($masterPID, $notetext);
}
// add a log entry regarding the merged data
if ($commitchanges == true) {
newEvent("data_merge", $_SESSION['authUser'], "Default", 1, "Merged PID " . $otherPID . " data into master PID " . $masterPID);
}
echo "<li>Added entry to log</li>";
echo "<br><br>";
}
// end of otherID loop
function UpdateTable($tablename, $pid_col, $oldvalue, $newvalue)
{
global $commitchanges, $oemrdb;
$sqlstmt = "select count(*) as numrows from " . $tablename . " where " . $pid_col . "='" . $oldvalue . "'";
$qResults = sqlQ($sqlstmt);
if ($qResults) {
$row = sqlFetchArray($qResults);
if ($row['numrows'] > 0) {
$sqlstmt = "update " . $tablename . " set " . $pid_col . "='" . $newvalue . "' where " . $pid_col . "='" . $oldvalue . "'";
if ($commitchanges == true) {
/**
* API function for CCDA fetching
*/
public function ccdaFetching($parameterArray = array())
{
$validResult = $this->getEncounterccdadispatchTable()->valid($parameterArray[0]);
// validate credentials
if ($validResult == 'existingpatient') {
global $assignedEntity;
global $representedOrganization;
$mirth_ip = $this->getEncounterccdadispatchTable()->getSettings('Carecoordination', 'hie_mirth_ip');
$representedOrganization = $this->getEncounterccdadispatchTable()->getRepresentedOrganization();
$this->patient_id = $this->getEncounterccdadispatchTable()->getPatientId($parameterArray[0][6]);
//$this->getRequest()->getQuery('pid');
$this->patient_username = $parameterArray[0][6];
$this->encounter_id = isset($parameterArray['encounter']) ? $parameterArray['encounter'] : '';
$combination = isset($parameterArray['combination']) ? $parameterArray['combination'] : '';
$this->sections = isset($parameterArray['sections']) ? $parameterArray['sections'] : '';
$sent_by = isset($parameterArray['sent_by']) ? $parameterArray['sent_by'] : '';
$send = isset($parameterArray['send']) ? $parameterArray['send'] : 0;
$view = isset($parameterArray['view']) ? $parameterArray['view'] : 0;
$emr_transfer = isset($parameterArray['emr_transfer']) ? $parameterArray['emr_transfer'] : 0;
$this->recipients = isset($parameterArray['recipients']) ? $parameterArray['recipients'] : '';
if ($this->recipients == 'patient') {
$this->params = $this->patient_id;
} else {
$this->params = isset($parameterArray['param']) ? $parameterArray['param'] : '';
}
if ($sent_by != '') {
$_SESSION['authId'] = $sent_by;
}
if (!$this->sections) {
$components0 = $this->getEncounterccdadispatchTable()->getCCDAComponents(0);
foreach ($components0 as $key => $value) {
if ($str) {
$str .= '|';
}
$str .= $key;
}
$this->sections = $str;
}
if (!$this->components) {
$components1 = $this->getEncounterccdadispatchTable()->getCCDAComponents(1);
foreach ($components1 as $key => $value) {
if ($str1) {
$str1 .= '|';
}
$str1 .= $key;
}
$this->components = $str1;
}
if ($combination != '') {
$arr = explode('|', $combination);
foreach ($arr as $row) {
$arr = explode('_', $row);
$this->patient_id = $arr[0];
$this->encounter_id = $arr[1] > 0 ? $arr[1] : NULL;
$this->create_data($this->patient_id, $this->encounter_id, $this->sections, $send, $this->components);
$content = $this->socket_get("{$mirth_ip}", "6661", $this->data);
if ($content == 'Authetication Failure') {
return $content;
die;
}
$to_replace = '<?xml version="1.0" encoding="UTF-8"?>
<?xml-stylesheet type="text/xsl" href="CDA.xsl"?>
<ClinicalDocument xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="urn:hl7-org:v3 http://xreg2.nist.gov:8080/hitspValidation/schema/cdar2c32/infrastructure/cda/C32_CDA.xsd"
xmlns="urn:hl7-org:v3"
xmlns:mif="urn:hl7-org:v3/mif">
<!--';
$content = preg_replace('/<ClinicalDocument.*><!--/', $to_replace, trim($content));
$ccdaDocumentId = $this->getEncounterccdadispatchTable()->logCCDA($this->patient_id, $this->encounter_id, base64_encode($content), $this->createdtime, 0, $_SESSION['authId'], $view, $send, $emr_transfer);
try {
$event = isset($parameterArray['event']) ? $parameterArray['event'] : 'patient-record';
$menu_item = isset($parameterArray['menu_item']) ? $parameterArray['menu_item'] : 'Dashboard';
newEvent($event, $this->patient_username, '', 1, '', $this->patient_id, $log_from = 'patient-portal', $menu_item, $ccdaDocumentId);
} catch (Exception $e) {
}
}
if (!$view) {
return "Queued for Transfer";
}
if ($view) {
$xml = simplexml_load_string($content);
$xsl = new \DOMDocument();
$xsl->load(dirname(__FILE__) . '/../../../../../public/xsl/ccda.xsl');
$proc = new \XSLTProcessor();
$proc->importStyleSheet($xsl);
// attach the xsl rules
$outputFile = sys_get_temp_dir() . '/out_' . time() . '.html';
$proc->transformToURI($xml, $outputFile);
$htmlContent = file_get_contents($outputFile);
return $htmlContent;
}
die;
} else {
$practice_filename = "CCDA_{$this->patient_id}.xml";
$this->create_data($this->patient_id, $this->encounter_id, $this->sections, $send, $this->components);
$content = $this->socket_get("{$mirth_ip}", "6661", $this->data);
$to_replace = '<?xml version="1.0" encoding="UTF-8"?>
<?xml-stylesheet type="text/xsl" href="CDA.xsl"?>
<ClinicalDocument xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="urn:hl7-org:v3 http://xreg2.nist.gov:8080/hitspValidation/schema/cdar2c32/infrastructure/cda/C32_CDA.xsd"
xmlns="urn:hl7-org:v3"
xmlns:mif="urn:hl7-org:v3/mif">
<!--';
$content = preg_replace('/<ClinicalDocument.*><!--/', $to_replace, trim($content));
$ccdaDocumentId = $this->getEncounterccdadispatchTable()->logCCDA($this->patient_id, $this->encounter_id, base64_encode($content), $this->createdtime, 0, $_SESSION['authId'], $view, $send, $emr_transfer);
try {
$event = isset($parameterArray['event']) ? $parameterArray['event'] : 'patient-record';
$menu_item = isset($parameterArray['menu_item']) ? $parameterArray['menu_item'] : 'Dashboard';
newEvent($event, $this->patient_username, '', 1, '', $this->patient_id, $log_from = 'patient-portal', $menu_item, $ccdaDocumentId);
} catch (Exception $e) {
}
return $content;
die;
}
try {
ob_clean();
header("Cache-Control: public");
header("Content-Description: File Transfer");
header("Content-Disposition: attachment; filename=" . $practice_filename);
header("Content-Type: application/download");
header("Content-Transfer-Encoding: binary");
return $content;
exit;
} catch (Exception $e) {
die('SOAP Error');
}
} else {
return '<?xml version="1.0" encoding="UTF-8"?>
<!-- Edited by XMLSpy -->
<note>
<heading>Authetication Failure</heading>
<body></body>
</note>
';
}
}
/**
* Transmit HL7 for the specified lab.
*
* @param integer $ppid Procedure provider ID.
* @param string $out The HL7 text to be sent.
* @return string Error text, or empty if no errors.
*/
function send_hl7_order($ppid, $out)
{
global $srcdir;
$d0 = "\r";
$pprow = sqlQuery("SELECT * FROM procedure_providers " . "WHERE ppid = ?", array($ppid));
if (empty($pprow)) {
return xl('Procedure provider') . " {$ppid} " . xl('not found');
}
$protocol = $pprow['protocol'];
$remote_host = $pprow['remote_host'];
// Extract MSH-10 which is the message control ID.
$segmsh = explode(substr($out, 3, 1), substr($out, 0, strpos($out, $d0)));
$msgid = $segmsh[9];
if (empty($msgid)) {
return xl('Internal error: Cannot find MSH-10');
}
if ($protocol == 'DL' || $pprow['orders_path'] === '') {
header("Pragma: public");
header("Expires: 0");
header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
header("Content-Type: application/force-download");
header("Content-Disposition: attachment; filename=order_{$msgid}.hl7");
header("Content-Description: File Transfer");
echo $out;
exit;
} else {
if ($protocol == 'SFTP') {
ini_set('include_path', ini_get('include_path') . PATH_SEPARATOR . "{$srcdir}/phpseclib");
require_once "{$srcdir}/phpseclib/Net/SFTP.php";
// Compute the target path/file name.
$filename = $msgid . '.txt';
if ($pprow['orders_path']) {
$filename = $pprow['orders_path'] . '/' . $filename;
}
// Connect to the server and write the file.
$sftp = new Net_SFTP($remote_host);
if (!$sftp->login($pprow['login'], $pprow['password'])) {
return xl('Login to this remote host failed') . ": '{$remote_host}'";
}
if (!$sftp->put($filename, $out)) {
return xl('Creating this file on remote host failed') . ": '{$filename}'";
}
} else {
if ($protocol == 'FS') {
// Compute the target path/file name.
$filename = $msgid . '.txt';
if ($pprow['orders_path']) {
$filename = $pprow['orders_path'] . '/' . $filename;
}
$fh = fopen("{$filename}", 'w');
if ($fh) {
fwrite($fh, $out);
fclose($fh);
} else {
return xl('Cannot create file') . ' "' . "{$filename}" . '"';
}
} else {
return xl('This protocol is not implemented') . ": '{$protocol}'";
}
}
}
// Falling through to here indicates success.
newEvent("proc_order_xmit", $_SESSION['authUser'], $_SESSION['authProvider'], 1, "ID: {$msgid} Protocol: {$protocol} Host: {$remote_host}");
return '';
}
}
/**
* User Messages
*/
$sql = "SELECT pnotes.id, pnotes.user, pnotes.pid, pnotes.title, pnotes.date,pnotes.body, pnotes.message_status, \n IF(pnotes.user != pnotes.pid,users.fname,patient_data.fname) as users_fname,\n IF(pnotes.user != pnotes.pid,users.lname,patient_data.lname) as users_lname,\n patient_data.fname as patient_data_fname, patient_data.lname as patient_data_lname\n FROM ((pnotes LEFT JOIN users ON pnotes.user = users.username) \n JOIN patient_data ON pnotes.pid = patient_data.pid) WHERE pnotes.message_status LIKE 'New' \n AND pnotes.deleted != '1' AND pnotes.date >= '{$date} 00:00:00' AND pnotes.date <= '{$date} 24:00:00' AND pnotes.assigned_to LIKE ?";
$messageResult = sqlStatement($sql, array($username));
if ($messageResult->_numOfRows > 0) {
$xml_array["Messages"]['status'] = 0;
$xml_array["Messages"]['reason'] = 'Messages Processed successfully';
$count = 1;
while ($myrow = sqlFetchArray($messageResult)) {
foreach ($myrow as $fieldName => $fieldValue) {
$rowValue = xmlsafestring($fieldValue);
$xml_array["Messages"]['Message-' . $count][$fieldName] = $rowValue;
}
$count++;
}
} else {
$xml_array["Messages"]['status'] = -1;
$xml_array["Messages"]['reason'] = 'Messages not found.';
}
}
$ip = $_SERVER['REMOTE_ADDR'];
newEvent($event = 'login', $username, $groupname = 'Default', $success = '1', 'success: ' . $ip);
} else {
newEvent($event = 'login', $username, $groupname = 'Default', $success = '1', 'failure: ' . $ip . ". user password mismatch (" . sha1($password) . ")");
$xml_array['status'] = -1;
$xml_array['reason'] = 'Username/Password incorrect.';
}
$xml = ArrayToXML::toXml($xml_array, 'MedMasterUser');
echo $xml;
check_file_dir_name($_REQUEST["formname"]);
if (file_exists($deleteform)) {
include_once $deleteform;
exit;
}
// if no custom 'delete' form, then use a generic one
// when the Cancel button is pressed, where do we go?
$returnurl = $GLOBALS['concurrent_layout'] ? 'encounter_top.php' : 'patient_encounter.php';
if ($_POST['confirm']) {
// set the deleted flag of the indicated form
$sql = "update forms set deleted=1 where id= ?";
if ($_POST['id'] != "*" && $_POST['id'] != '') {
sqlInsert($sql, array($_POST['id']));
}
// log the event
newEvent("delete", $_SESSION['authUser'], $_SESSION['authProvider'], 1, "Form " . $_POST['formname'] . " deleted from Encounter " . $_POST['encounter']);
// redirect back to the encounter
$address = "{$GLOBALS['rootdir']}/patient_file/encounter/{$returnurl}";
echo "\n<script language='Javascript'>top.restoreSession();window.location='{$address}';</script>\n";
exit;
}
?>
<html>
<head>
<?php
html_header_show();
?>
<link rel="stylesheet" href="<?php
echo $css_header;
?>
$_SESSION['site']['flops'] = 0;
if (isset($_POST['action'])) {
// *************************************************************************************
// Add new record
// *************************************************************************************
if ($_POST['action'] == "add") {
$sql = "REPLACE INTO \n\t\t\t\t\timmunizations\n\t\t\t\tSET \n\t\t\t\t\tid = ?,\n\t\t\t\t\tadministered_date = if(?,?,NULL), \n\t\t\t\t\timmunization_id = ?,\n\t\t\t\t\tmanufacturer = ?,\n\t\t\t\t\tlot_number = ?,\n\t\t\t\t\tadministered_by_id = if(?,?,NULL),\n\t\t\t\t\tadministered_by = if(?,?,NULL),\n\t\t\t\t\teducation_date = if(?,?,NULL), \n\t\t\t\t\tvis_date = if(?,?,NULL), \n\t\t\t\t\tnote = ?,\n\t\t\t\t\tpatient_id = ?,\n\t\t\t\t\tcreated_by = ?,\n\t\t\t\t\tupdated_by = ?,\n\t\t\t\t\tcreate_date = now() ";
$sqlBindArray = array(trim($_POST['id']), trim($_POST['administered_date']), trim($_POST['administered_date']), trim($_POST['immunization_id']), trim($_POST['manufacturer']), trim($_POST['lotnumber']), trim($_POST['administered_by_id']), trim($_POST['administered_by_id']), trim($_POST['administered_by']), trim($_POST['administered_by']), trim($_POST['education_date']), trim($_POST['education_date']), trim($_POST['vis_date']), trim($_POST['vis_date']), trim($_POST['note']), $pid, $_SESSION['authId'], $_SESSION['authId']);
sqlStatement($sql, $sqlBindArray);
$administered_date = $education_date = date('Y-m-d');
$immunization_id = $manufacturer = $lot_number = $administered_by_id = $note = $id = "";
$administered_by = $vis_date = "";
} elseif ($_POST['action'] == "delete") {
// Need to be fixed, the GRID it's not calling the form for deletion.
// log the event
newEvent("delete", $_SESSION['authUser'], $_SESSION['authProvider'], "Immunization id " . $_POST['id'] . " deleted from pid " . $_POST['pid']);
// delete the immunization
$sql = "DELETE FROM immunizations WHERE id =" . mysql_real_escape_string($_POST['id']) . " LIMIT 1";
sqlStatement($sql);
} elseif ($_POST['action'] == "save") {
$sql = "UPDATE \n\t\t\t\t\timmunizations\n\t\t\t\tSET \n\t\t\t\t\tadministered_date = if(?,?,NULL), \n\t\t\t\t\timmunization_id = ?,\n\t\t\t\t\tmanufacturer = ?,\n\t\t\t\t\tlot_number = ?,\n\t\t\t\t\tadministered_by_id = if(?,?,NULL),\n\t\t\t\t\tadministered_by = if(?,?,NULL),\n\t\t\t\t\teducation_date = if(?,?,NULL), \n\t\t\t\t\tvis_date = if(?,?,NULL), \n\t\t\t\t\tnote = ?,\n\t\t\t\t\tpatient_id = ?,\n\t\t\t\t\tcreated_by = ?,\n\t\t\t\t\tupdated_by = ?\n\t\t\t\tWHERE \n\t\t\t\t\tid = ?";
$sqlBindArray = array(trim($_POST['administered_date']), trim($_POST['administered_date']), trim($_POST['immunization_id']), trim($_POST['manufacturer']), trim($_POST['lotnumber']), trim($_POST['administered_by_id']), trim($_POST['administered_by_id']), trim($_POST['administered_by']), trim($_POST['administered_by']), trim($_POST['education_date']), trim($_POST['education_date']), trim($_POST['vis_date']), trim($_POST['vis_date']), trim($_POST['note']), $pid, $_SESSION['authId'], $_SESSION['authId'], trim($_POST['id']));
sqlStatement($sql, $sqlBindArray);
$administered_date = $education_date = date('Y-m-d');
$immunization_id = $manufacturer = $lot_number = $administered_by_id = $note = $id = "";
$administered_by = $vis_date = "";
}
}
// *************************************************************************************
// Sensha Ext JS Start
// New Gui Framework
