$xml_string = ""; $xml_string .= "<Messages>"; $token = $_POST['token']; $from_date = !empty($_POST['from_date']) ? $_POST['from_date'] : ''; $to_date = !empty($_POST['to_date']) ? $_POST['to_date'] : ''; $date = ''; $sortby = 'date'; $sortorder = 'DESC'; $begin = '0'; $listnumber = '100'; if ($userId = validateToken($token)) { $user = getUsername($userId); $acl_allow = acl_check('patients', 'notes', $user); if ($acl_allow) { $provider_id = $userId; $username = getProviderUsername($provider_id); $where = ''; if ($from_date) { $where .= " AND pnotes.date >= '{$from_date}'"; } if ($to_date) { $where .= " AND pnotes.date <= '{$to_date}'"; } $sql = "SELECT pnotes.id, pnotes.assigned_to, pnotes.user, pnotes.pid, pnotes.title, pnotes.date,pnotes.body, pnotes.message_status, \n IF(pnotes.user != pnotes.pid,users.fname,patient_data.fname) as users_fname,\n IF(pnotes.user != pnotes.pid,users.lname,patient_data.lname) as users_lname,\n patient_data.fname as patient_data_fname, patient_data.lname as patient_data_lname\n FROM ((pnotes LEFT JOIN users ON pnotes.user = users.username) \n JOIN patient_data ON pnotes.pid = patient_data.pid) WHERE \n pnotes.deleted != '1' {$where} AND pnotes.user LIKE ?" . " order by " . add_escape_custom($sortby) . " " . add_escape_custom($sortorder) . " limit " . add_escape_custom($begin) . ", " . add_escape_custom($listnumber); $result = sqlStatement($sql, array($username)); if ($result->_numOfRows > 0) { $xml_string .= "<status>0</status>"; $xml_string .= "<reason>The Messages Record has been fetched</reason>"; while ($myrow = sqlFetchArray($result)) { $xml_string .= "<Message>\n"; foreach ($myrow as $fieldName => $fieldValue) {
$pc_hometext = $_POST['pc_hometext']; $appointmentDate = $_POST['appointmentDate']; $appointmentTime = date("H:i:s", strtotime($_POST['appointmentTime'])); $app_status = $_POST['pc_apptstatus']; $pc_title = $_POST['pc_title']; $patientId = $_POST['patientId']; $admin_id = $_POST['uprovider_id']; $facility = $_POST['pc_facility']; $pc_billing_location = $_POST['pc_billing_location']; $pc_duration = $_POST['pc_duration']; $app_status = $app_status == 'p' ? '+' : $app_status; $endTime = date('H:i:s', strtotime($_POST['appointmentTime']) + $pc_duration); if ($userId = validateToken($token)) { $user = getUsername($userId); $username = $user; $provider_username = getProviderUsername($admin_id); $acl_allow = acl_check('patients', 'appt', $username); if ($acl_allow) { $strQuery = "UPDATE openemr_postcalendar_events SET \n pc_title = '" . add_escape_custom($pc_title) . "', \n pc_hometext = '" . add_escape_custom($pc_hometext) . "' , \n pc_catid = '" . add_escape_custom($pc_catid) . "' , \n pc_eventDate = '" . add_escape_custom($appointmentDate) . "', \n pc_startTime = '" . add_escape_custom($appointmentTime) . "', \n pc_endTime = '" . add_escape_custom($endTime) . "', \n pc_aid = '" . add_escape_custom($admin_id) . "', \n pc_facility = '" . add_escape_custom($facility) . "',\n pc_billing_location = '" . add_escape_custom($pc_billing_location) . "',\n pc_duration = '" . add_escape_custom($pc_duration) . "',\n pc_pid = '" . add_escape_custom($patientId) . "',\n pc_apptstatus = '" . add_escape_custom($app_status) . "' \n WHERE pc_eid=?"; $result = sqlStatement($strQuery, array($appointmentId)); $device_token_badge = getDeviceTokenBadge($provider_username, 'appointment'); $badge = $device_token_badge['badge']; $deviceToken = $device_token_badge['device_token']; if ($deviceToken) { $notification_res = notification($deviceToken, $badge, $msg_count = 0, $apt_count = 0, $message = 'Appointment Updated!'); } if ($result !== FALSE) { $xml_array['status'] = 0; $xml_array['reason'] = 'The Appointment has been updated.'; if ($notification_res) { $xml_array['notification'] = 'Update Appointment Notification(' . $notification_res . ')';