function approveTheRefund() { //update the record in the DB as Approved global $db; $now = date("Y-m-d H:i:s"); $current_user_dept_id = ""; $department_name = ""; $accouting_approval = ""; $billing_approval = ""; $query = "SELECT dept_id from users WHERE user_id='{$_SESSION['userid']}'"; $result = mysqli_query($db, $query); while ($row = mysqli_fetch_array($result)) { $current_user_dept_id = $row['dept_id']; } $query = "SELECT name from departments WHERE dept_id={$current_user_dept_id}"; $result = mysqli_query($db, $query); while ($row = @mysqli_fetch_array($result)) { $department_name = $row['name']; } if ($department_name == "Accounting") { $billing_initial_approval = 0; $billing_final_approval = 0; $accounting_approval = 0; $queryCheckStatus = "SELECT accounting_approval,billing_initial_approval,billing_final_approval WHERE refund_id = {$_POST['refund_id']} "; $resultCheckStatus = mysqli_query($db, $queryCheckStatus); while ($rowCheckStatus = @mysqli_fetch_array($resultCheckStatus)) { $billing_initial_approval = $rowCheckStatus['billing_initial_approval']; $billing_final_approval = $rowCheckStatus['billing_final_approval']; $accounting_approval = $rowCheckStatus['accounting_approval']; } if (!$accounting_approval) { $query = "UPDATE refund \n\t\t\t\t\t\t\tSET status='ACCOUNTING APPROVED',\n\t\t\t\t\t\t\tmodfied_by={$_SESSION['userid']}, \n\t\t\t\t\t\t\tmodified_dt='{$now}',\n\t\t\t\t\t\t\taccounting_approval=1,\n\t\t\t\t\t\t\tvoided =0 \n\t\t\t\t\t\tWHERE refund_id = {$_POST['refund_id']} "; $result = mysqli_query($db, $query); //execute the update //TRACK CHANGES if ($billing_initial_approval) { //WAS IN THIS STAGE BEFORE THE ABOVE UPDATE $status_before = 'ACCOUNTING APPROVAL'; $status_after = 'ACCOUNTING APPROVED'; trackRefundChanges($status_before, $status_after); //$queryStatusChange = "INSERT INTO refund_changes (refund_id, status_before, status_after, date, name) VALUES ('{$_POST['refund_id']}','ACCOUNTING APPROVAL','ACCOUNTING APPROVED','{$now}','{$_SESSION['userid']}'"; //$result = mysqli_query($db,$queryStatusChange); } //TRACK THE CHANGES echo 'the result was <br>'; echo $query; } //select info to build up email for creator notification of rejection////////////////////////////////////////////////////////////////////////////////////// $created_by = ""; $status = ""; $is_urgent = ""; $payable_to = ""; $query = "SELECT created_by,urgent,payable FROM refund WHERE refund_id = {$_POST['refund_id']} "; $result = mysqli_query($db, $query); while ($row = mysqli_fetch_array($result)) { $created_by = $row['created_by']; $is_urgent = $row['urgent']; $payable_to = $row['payable']; } $queryUsername = "******"; $resultUsername = mysqli_query($db, $queryUsername); $rowUsername = mysqli_fetch_array($resultUsername); $to = $rowUsername['username'] . '@chcb.org'; //send notification that a refund has been accounting approved: call mail_presets //RULE: ON Accounting Approval: //IF urgent status email both creator and Erika, otherwise just email Erika/////////////////////////////////////////// //Email Three people from PAR1 -->Laura W., E.B., and Kim F. // if ($is_urgent) { //verify that this works as intended //$last_id = mysqli_insert_id($db); $status = "The Refund for " . $payable_to . " with a Refund ID of " . $_POST['refund_id'] . " has been approved by accounting, and is awaiting PAR1 Completion. <br> This refund was marked as URGENT."; mail_presets($to, $status); //creator mail_presets("*****@*****.**", $status); //email erika (ebrown@chcb.org) //email PAR1 recipients mail_presets("*****@*****.**", $status); //email mail_presets("*****@*****.**", $status); //email } else { //$last_id = mysqli_insert_id($db); $status = "The Refund for " . $payable_to . " with a Refund ID of " . $_POST['refund_id'] . " has been approved by accounting,and is awaiting PAR1 Completion."; mail_presets($to, $status); //creator mail_presets("*****@*****.**", $status); //email erika (ebrown@chcb.org) //email PAR1 recipients mail_presets("*****@*****.**", $status); //email mail_presets("*****@*****.**", $status); //email //email PAR1 three recipients } //END Send Emails Upon Accounting Approval //////////////////////////////////////////////////////////////////////////////////////// } elseif (trim($department_name) == "Billing") { $billing_initial_approval = 0; $accounting_approval = 0; $billing_final_approval = 0; $current_status = ""; $refund_amt = 0; $queryCheckStatus = "SELECT amount,status,accounting_approval, billing_initial_approval,billing_final_approval FROM refund WHERE refund_id = '{$_POST['refund_id']}' "; $resultCheckStatus = mysqli_query($db, $queryCheckStatus); while ($rowCheckStatus = @mysqli_fetch_array($resultCheckStatus)) { $billing_initial_approval = $rowCheckStatus['billing_initial_approval']; $accounting_approval = $rowCheckStatus['accounting_approval']; $billing_final_approval = $rowCheckStatus['billing_final_approval']; $status = $rowCheckStatus['status']; $refund_amt = $rowCheckStatus['amount']; } //THREE MAJOR USE CASES: /////////////////////////////////////////////////////////////////////////////////////////////////////////// //BILLING: //IF THE STATUS WAS MARKED AS 'NEW' YOU NOW MARK IT AS: 'ACCOUNTING APPROVAL' //IF THE STATUS WAS MARKED AS 'ACCOUNTING APPROVED' //--> IF AMT <= 500 MARK AS 'COMPLETED' (BUT check that all: $billing_initial_approval,$accounting_approval, and $billing_final_approval are set) //--> IF AMT > 500 MARK AS 'BILLING APPROVED' //IF THE STATUS WAS MARKED AS BILLING APPROVED //UPDATE THE STATUS AS COMPLETED (BUT check that all: $billing_initial_approval,$accounting_approval, and $billing_final_approval are set) //IF THE STATUS WAS MARKED AS 'NEW' YOU NOW MARK IT AS: 'ACCOUNTING APPROVAL' if ($status == 'NEW') { $created_by = ""; $status = ""; $is_urgent = ""; $payable_to = ""; $query = "SELECT created_by,urgent,payable FROM refund WHERE refund_id = '{$_POST['refund_id']}' "; $result = mysqli_query($db, $query); // echo 'the new query is <br>'; // echo $query; while ($row = mysqli_fetch_array($result)) { $created_by = $row['created_by']; $is_urgent = $row['urgent']; $payable_to = $row['payable']; } $queryUsername = "******"; $resultUsername = mysqli_query($db, $queryUsername); $rowUsername = mysqli_fetch_array($resultUsername); $to = $rowUsername['username'] . '@chcb.org'; //send to accounting approval and mark as billing initially approved $query = "UPDATE refund \n\t\t\t\t\t\t\tSET status='ACCOUNTING APPROVAL',\n\t\t\t\t\t\t\tmodified_by={$_SESSION['userid']}, \n\t\t\t\t\t\t\tmodified_dt='{$now}',\n\t\t\t\t\t\t\tbilling_initial_approval=1,\n\t\t\t\t\t\t\tvoided =0 \n\t\t\t\t\t\tWHERE refund_id = '{$_POST['refund_id']}' "; $result = mysqli_query($db, $query); //execute the update //TRACK CHANGES $status_before = $status; $status_after = 'ACCOUNTING APPROVAL'; trackRefundChanges($status_before, $status_after); //TRACK THE CHANGES //////// $status = "A Refund for " . $_POST['payable'] . " with a Refund ID " . $_POST['refund_id'] . " has initial approval by PAR2. <br> "; $from = "Patient Refund <*****@*****.**>"; $subject = "Updated Patient Refund Request"; $body = "Hello,\n\n patient refund request # {$_POST['refund_id']} has been updated. Please login to the Patient Refund web application to review."; $body .= "<br>Status: " . $status; echo 'the from field is <br>'; echo $from; echo '<br>'; echo 'the to field is <br>'; echo $to; echo '<br>'; echo 'the subject is <br>'; echo $subject; echo '<br>'; echo 'the body of the email is something to the effect of: <br>'; echo $body; echo '<br>'; ///////// if ($is_urgent) { //verify that this works as intended //$last_id = mysqli_insert_id($db); $status = "The Refund for " . $payable_to . " with a Refund ID of " . $_POST['refund_id'] . " has initial approval by PAR2. <br> It has been marked as URGENT. "; mail_presets($to, $status); //creator mail_presets("*****@*****.**", $status); //email erika (ebrown@chcb.org) //email PAR1 recipients mail_presets("*****@*****.**", $status); //email mail_presets("*****@*****.**", $status); //email } else { //$last_id = mysqli_insert_id($db); $status = "The Refund for " . $payable_to . " with a Refund ID of " . $_POST['refund_id'] . " has initial approval by PAR2. <br> "; mail_presets($to, $status); //creator mail_presets("*****@*****.**", $status); //email erika (ebrown@chcb.org) //email PAR1 recipients mail_presets("*****@*****.**", $status); //email mail_presets("*****@*****.**", $status); //email } } elseif ($status == 'ACCOUNTING APPROVED') { //IF accounting approved, then billers can only have two possible actions <500 or not //mark as completed if meets conditions //$billing_initial_approval $accounting_approval $billing_final_approval if ($refund_amt <= 500 && billing_initial_approval && $accounting_approval && $billing_final_approval) { //if($refund_amt<=500){ $query = "UPDATE refund \n\t\t\t\t\t\t\tSET status='COMPLETED',\n\t\t\t\t\t\t\tmodified_by={$_SESSION['userid']}, \n\t\t\t\t\t\t\tmodified_dt='{$now}',\n\t\t\t\t\t\t\tvoided =0 \n\t\t\t\t\t\tWHERE refund_id = {$_POST['refund_id']} "; $result = mysqli_query($db, $query); //execute the update //TRACK CHANGES $status_before = $status; $status_after = 'COMPLETED'; trackRefundChanges($_POST, $status_before, $status_after); //TRACK THE CHANGES //SEND OFF THE APPROPRIATE NOTIFICATION EMAILS //select info to build up email for creator notification////////////////////////////////////////////////////////////////////////////////////// $created_by = ""; $status = ""; $is_urgent = ""; $payable_to = ""; $query = "SELECT created_by,urgent,payable FROM refund WHERE refund_id = {$_POST['refund_id']} "; $result = mysqli_query($db, $query); while ($row = mysqli_fetch_array($result)) { $created_by = $row['created_by']; $is_urgent = $row['urgent']; $payable_to = $row['payable']; } $queryUsername = "******"; $resultUsername = mysqli_query($db, $queryUsername); $rowUsername = mysqli_fetch_array($resultUsername); $to = $rowUsername['username'] . '@chcb.org'; //send notification that a refund has been billing approved: call mail_presets //RULE: ON Billing Approval: //IF urgent status email both creator and Erika, otherwise just email Erika/////////////////////////////////////////// //Email Three people from PAR1 -->Laura W., E.B., and Kim F. // if ($is_urgent) { //verify that this works as intended //$last_id = mysqli_insert_id($db); $status = "The Refund for " . $payable_to . " with a Refund ID of " . $_POST['refund_id'] . " has been approved by billing and is now marked as completed. <br> This refund was marked as URGENT."; mail_presets($to, $status); //creator mail_presets("*****@*****.**", $status); //email erika (ebrown@chcb.org) //email PAR1 recipients mail_presets("*****@*****.**", $status); //email mail_presets("*****@*****.**", $status); //email } else { //$last_id = mysqli_insert_id($db); $status = "The Refund for " . $payable_to . " with a Refund ID of " . $_POST['refund_id'] . " has been approved by billing and is now marked as completed."; mail_presets($to, $status); //creator mail_presets("*****@*****.**", $status); //email erika (ebrown@chcb.org) //email PAR1 recipients mail_presets("*****@*****.**", $status); //email mail_presets("*****@*****.**", $status); //email } } else { //if greater than 500, update with second approval //status is set as BILLING APPROVED as soon as either PAR2 verifies and accounting, //or PAR2 double verifies and accounting $query = "UPDATE refund \n\t\t\t\t\t\t\tSET status='BILLING APPROVED',\n\t\t\t\t\t\t\tmodified_by={$_SESSION['userid']}, \n\t\t\t\t\t\t\tmodified_dt='{$now}',\n\t\t\t\t\t\t\tbilling_final_approval=1,\n\t\t\t\t\t\t\tvoided =0 \n\t\t\t\t\t\tWHERE refund_id = {$_POST['refund_id']} "; $result = mysqli_query($db, $query); //execute the update //TRACK CHANGES $status_before = $status; $status_after = 'BILLING APPROVED'; trackRefundChanges($status_before, $status_after); //TRACK THE CHANGES //SEND OFF THE APPROPRIATE NOTIFICATION EMAILS //select info to build up email for creator notification////////////////////////////////////////////////////////////////////////////////////// $created_by = ""; $status = ""; $is_urgent = ""; $payable_to = ""; $query = "SELECT created_by,urgent,payable FROM refund WHERE refund_id = {$_POST['refund_id']} "; $result = mysqli_query($db, $query); while ($row = mysqli_fetch_array($result)) { $created_by = $row['created_by']; $is_urgent = $row['urgent']; $payable_to = $row['payable']; } $queryUsername = "******"; $resultUsername = mysqli_query($db, $queryUsername); $rowUsername = mysqli_fetch_array($resultUsername); $to = $rowUsername['username'] . '@chcb.org'; //send notification that a refund has been billing approved: call mail_presets //RULE: ON Billing Approval: //IF urgent status email both creator and Erika, otherwise just email Erika/////////////////////////////////////////// //Email Three people from PAR1 -->Laura W., E.B., and Kim F. // if ($is_urgent) { //verify that this works as intended //$last_id = mysqli_insert_id($db); $status = "The Refund for " . $payable_to . " with a Refund ID of " . $_POST['refund_id'] . " has received dual approval by Billing and is awaiting final completion by PAR1. <br> This refund was marked as URGENT."; mail_presets($to, $status); //creator mail_presets("*****@*****.**", $status); //email erika (ebrown@chcb.org) //email PAR1 recipients mail_presets("*****@*****.**", $status); //email mail_presets("*****@*****.**", $status); //email } else { //$last_id = mysqli_insert_id($db); $status = "The Refund for " . $payable_to . " with a Refund ID of " . $_POST['refund_id'] . " received dual approval by Billing and is awaiting final completion by PAR1."; mail_presets($to, $status); //creator mail_presets("*****@*****.**", $status); //email erika (ebrown@chcb.org) //email PAR1 recipients mail_presets("*****@*****.**", $status); //email mail_presets("*****@*****.**", $status); //email } } //end else amount > 500 } elseif ($status == 'BILLING APPROVED') { //if status is billing approved and you are a biller the only possible action is to complete //contingent on all other approvals if (billing_initial_approval && $accounting_approval && $billing_final_approval) { $query = "UPDATE refund \n\t\t\t\t\t\t\t\t\tSET status='COMPLETED',\n\t\t\t\t\t\t\t\t\tmodified_by={$_SESSION['userid']}, \n\t\t\t\t\t\t\t\t\tmodified_dt='{$now}',\n\t\t\t\t\t\t\t\t\tvoided =0 \n\t\t\t\t\t\t\t\tWHERE refund_id = {$_POST['refund_id']} "; $result = mysqli_query($db, $query); //execute the update } //TRACK CHANGES $status_before = $status; $status_after = 'COMPLETED'; trackRefundChanges($status_before, $status_after); //TRACK THE CHANGES //SEND OFF THE APPROPRIATE NOTIFICATION EMAILS //select info to build up email for creator notification of rejection////////////////////////////////////////////////////////////////////////////////////// $created_by = ""; $status = ""; $is_urgent = ""; $payable_to = ""; $query = "SELECT created_by,urgent,payable FROM refund WHERE refund_id = {$_POST['refund_id']} "; $result = mysqli_query($db, $query); while ($row = mysqli_fetch_array($result)) { $created_by = $row['created_by']; $is_urgent = $row['urgent']; $payable_to = $row['payable']; } $queryUsername = "******"; $resultUsername = mysqli_query($db, $queryUsername); $rowUsername = mysqli_fetch_array($resultUsername); $to = $rowUsername['username'] . '@chcb.org'; //send notification that a refund has been accounting approved: call mail_presets //RULE: ON Billing Approval: //IF urgent status email both creator and Erika, otherwise just email Erika/////////////////////////////////////////// //Email Three people from PAR1 -->Laura W., E.B., and Kim F. // if ($is_urgent) { //verify that this works as intended //$last_id = mysqli_insert_id($db); $status = "The Refund for " . $payable_to . " with a Refund ID of " . $_POST['refund_id'] . " has been marked as completed by billing. <br> This refund was marked as URGENT."; mail_presets($to, $status); //creator mail_presets("*****@*****.**", $status); //email erika (ebrown@chcb.org) //email PAR1 recipients mail_presets("*****@*****.**", $status); //email mail_presets("*****@*****.**", $status); //email } else { //$last_id = mysqli_insert_id($db); $status = "The Refund for " . $payable_to . " with a Refund ID of " . $_POST['refund_id'] . " has been marked as completed by billing."; mail_presets($to, $status); //creator mail_presets("*****@*****.**", $status); //email erika (ebrown@chcb.org) //email PAR1 recipients mail_presets("*****@*****.**", $status); //email mail_presets("*****@*****.**", $status); //email } } //THREE MAJOR USE CASES: /////////////////////////////////////////////////////////////////////////////////////////////////////////// } else { //this means they are an admin with either Approver or SuperUser status, either way they have override approval abilities for purposes of this app //haven't fully flushed out this use case $query = "UPDATE refund \n\t\t\t\t\t\tSET status='APPROVED', \n\t\t\t\t\t\tmodified_by={$_SESSION['userid']}, \n\t\t\t\t\t\tmodified_dt='{$now}',\n\t\t\t\t\t\tvoided =0\t\t\t\t\n\t\t\t\t\tWHERE refund_id = {$_POST['refund_id']} "; } $result = mysqli_query($db, $query); if (@mysqli_error($result)) { print mysqli_error($result); } //START Derek Hack//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// //Hack inserted because app previously wasn't immediately displaying changes, forces a refresh of page if the form has been submitted. //Refresh the page if you just edited a refund, but before you hit the back to refunds page //Refresh the page if you just edited a refund, but before you hit the back to refunds page if (isset($_POST['_app_submit']) && $_POST['Approve'] == "approve") { //include 'dump_all_page_contents.php'; //build up the redirect string to redirect to the edit page of the refund you are currently editing (needs to reference correct refund_id) //format: //?refund_id=3&action=delete $refresh_id = "?refund_id="; $refresh_id .= $_POST['refund_id']; $refresh_id .= "&action=approve"; Header('Location: ' . $_SERVER['PHP_SELF'] . $refresh_id); } //END Derek Hack////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// //show successful void message print '<h3 align="center"> Refund for ' . $_POST['payable'] . ' has been successfully Approved!</h3>'; print '<h4 align="center"><a href="index.php">Return to Refunds Page</a></h4>'; //echo "I'm about to approve you."; //die(); }
//show successful void message print '<h3 align="center"> Refund for ' . $_POST['payable'] . ' has been successfully voided!</h3>'; print '<h4 align="center"><a href="refunds.php">Return to Refunds Page</a></h4>'; //echo "I'm about to void you."; //die(); } elseif (isset($_POST['_rej_submit']) && $_POST['_rej_submit'] != "" && $_POST['_rej_submit'] != NULL) { $now = date("Y-m-d H:i:s"); $query_status = "SELECT status FROM refund WHERE refund_id={$_POST['refund_id']}"; $result_status = mysqli_query($db, $query_status); $rowquery_status = mysqli_fetch_array($result_status); $query_reject = "UPDATE refund SET \n\t\t\t\tstatus='REJECTED', \n\t\t\t\tmodified_by='{$_SESSION['userid']}', \n\t\t\t\tmodified_dt='{$now}',\n\t\t\t\trejected =1 \n\t\t\t\tWHERE refund_id = '{$_POST['refund_id']}' "; $result_reject = mysqli_query($db, $query_reject); //TRACK CHANGES $status_before = $rowquery_status['status']; $status_after = 'REJECTED'; trackRefundChanges($status_before, $status_after); //TRACK THE CHANGES if (@mysqli_error($result_reject)) { print mysqli_error($result_reject); } //select info to build up email for creator notification of rejection////////////////////////////////////////////////////////////////////////////////////// $created_by = ""; $status = ""; $is_urgent = ""; $payable_to = ""; $query = "SELECT created_by,urgent,payable FROM refund WHERE refund_id = {$_POST['refund_id']} "; $result = mysqli_query($db, $query); while ($row = mysqli_fetch_array($result)) { $created_by = $row['created_by']; $is_urgent = $row['urgent']; $payable_to = $row['payable'];