search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
allow a non-doc to authorize stuff if see_auth = all
[openemr.git] / interface / main / authorizations / authorizations.php
blob7dd7caa765c90e8d7a85edc87f913f7ffa086c75
1 <?
2 include_once("../../globals.php");
3 include_once("$srcdir/log.inc");
4 include_once("$srcdir/billing.inc");
5 include_once("$srcdir/forms.inc");
6 include_once("$srcdir/pnotes.inc");
7 include_once("$srcdir/transactions.inc");
8 include_once("$srcdir/lists.inc");
9 include_once("$srcdir/patient.inc");
10
11 //the number of authorizations to display in the quick view:
12 // MAR 20041008 the full authorizations screen sucks... no links to the patient charts
13 // increase to a high number to make the mini frame more useful.
14 $N = 50;
15
16 $atemp = sqlQuery("SELECT see_auth FROM users WHERE username = '" .
17 $_SESSION['authUser'] . "'");
18 $see_auth = $atemp['see_auth'];
19
20 $imauthorized = $_SESSION['userauthorized'] || $see_auth > 2;
21
22 // This authorizes everything for the specified patient.
23 if (isset($_GET["mode"]) && $_GET["mode"] == "authorize" && $imauthorized) {
24 $retVal = getProviderId($_SESSION['authUser']);
25 newEvent("view", $_SESSION["authUser"], $_SESSION["authProvider"], $_GET["pid"]);
26 sqlStatement("update billing set authorized=1, provider_id = '" .
27 mysql_real_escape_string($retVal[0]['id']) .
28 "' where pid='" . $_GET["pid"] . "'");
29 sqlStatement("update forms set authorized=1 where pid='" . $_GET["pid"] . "'");
30 sqlStatement("update pnotes set authorized=1 where pid='" . $_GET["pid"] . "'");
31 sqlStatement("update transactions set authorized=1 where pid='" . $_GET["pid"] . "'");
32 }
33 ?>
34 <html>
35 <head>
36 <link rel='stylesheet' href="<?echo $css_header;?>" type="text/css">
37 </head>
38
39 <body <?echo $bottom_bg_line;?> topmargin='0' rightmargin='0' leftmargin='2' bottommargin='0'
40 marginwidth='2' marginheight='0'>
41
42 <?php
43 $_GET['show_all']=='yes' ? $lnkvar="'authorizations.php?show_all=no' name='Just Mine'> (".xl('Just Mine').") " : $lnkvar="'authorizations.php?show_all=yes' name='See All'>(".xl('See All').")";
44 ?>
45
46 <font class='title'><?xl('Patient Notes','e')?> </font>
47 <a class='more' style='font-size:8pt;' href=<?php echo $lnkvar; ?></a> </font>
48
49 <?php
50 if ($imauthorized) {
51 ?>
52 <font class='title'><?xl('and ','e')?>
53 <?php if ($GLOBALS['concurrent_layout']) { ?>
54 <a href='authorizations_full.php'>
55 <?php } else { ?>
56 <a href='authorizations_full.php' target='Main'>
57 <?php } ?>
58 <?xl('Authorizations','e')?><font class='more'><?echo (xl($tmore));?></font></a>
59 <?php
60 }
61 ?>
62 </font>
63
64 <?php if (!$GLOBALS['concurrent_layout']) { ?>
65 <font class='more'> &nbsp;
66 <a class='more' style='font-size:8pt;' href='../calendar/find_patient.php?no_nav=1&mode=reset' name='Find Patients'>(<?xl('Find Patient','e')?>)</a>
67 </font>
68 <?php } ?>
69
70 <?php
71 // Retrieve all active notes addressed to me (or to anybody)
72 $_GET['show_all']=='yes' ? $usrvar='' : $usrvar=$_SESSION['authUser'] ;
73 if ($result=getPnotesByDate("", 1, "id,date,body,pid,user,title,assigned_to",
74 '%', "all", 0, $usrvar))
75 {
76 echo "<table border='0'>\n";
77 echo " <tr>\n";
78 echo " <td class='bold' nowrap>".xl('Patient')." &nbsp;</td>\n";
79 echo " <td class='bold' nowrap>".xl('Note Type')." &nbsp;</td>\n";
80 echo " <td class='bold' nowrap>".xl('Timestamp and Text')."</td>\n";
81 echo " </tr>\n";
82
83 foreach ($result as $iter) {
84 $body = $iter['body'];
85 if (preg_match('/^\d\d\d\d-\d\d-\d\d \d\d\:\d\d /', $body)) {
86 $body = nl2br($body);
87 } else {
88 $body = date('Y-m-d H:i', strtotime($iter['date'])) .
89 ' (' . $iter['user'] . ') ' . nl2br($body);
90 }
91
92 echo " <tr>\n";
93 echo " <td valign='top' class='text'>\n";
94 echo getPatientName($iter['pid']) . "\n";
95 echo " </td>\n";
96 echo " <td valign='top'>\n";
97
98 if ($GLOBALS['concurrent_layout']) {
99 echo " <a href='../../patient_file/summary/pnotes_full.php" .
100 "?set_pid=" . $iter['pid'] . "&noteid=" . $iter['id'] .
101 "&active=1' class='link_submit'>" . $iter['title'] . "</a>\n";
102 } else {
103 echo " <a href='../../patient_file/patient_file.php" .
104 "?set_pid=" . $iter['pid'] . "&noteid=" . $iter['id'] .
105 "' target='_top' class='link_submit'>" . $iter['title'] . "</a>\n";
106 }
107
108 echo " </td>\n";
109 echo " <td valign='top' class='text'>\n";
110 echo " $body\n";
111 echo " </td>\n";
112 echo " </tr>\n";
113 }
114
115 echo "</table>\n";
116 }
117 ?>
118
119 <?php
120 if ($imauthorized && $see_auth > 1) {
121
122 // provider
123 // billing
124 // forms
125 // pnotes
126 // transactions
127
128 //fetch billing information:
129 if ($res = sqlStatement("select *, concat(u.fname,' ', u.lname) as user " .
130 "from billing LEFT JOIN users as u on billing.user = u.id where " .
131 "billing.authorized = 0 and billing.activity = 1 and " .
132 "groupname = '$groupname'"))
133 {
134 for ($iter = 0;$row = sqlFetchArray($res);$iter++)
135 $result1[$iter] = $row;
136 if ($result1) {
137 foreach ($result1 as $iter) {
138 $authorize{$iter{"pid"}}{"billing"} .= "<span class=text>" .
139 $iter{"code_text"} . " " . date("n/j/Y",strtotime($iter{"date"})) .
140 "</span><br>\n";
141 }
142 //$authorize[$iter{"pid"}]{"billing"} = substr($authorize[$iter{"pid"}]{"billing"},0,strlen($authorize[$iter{"pid"}]{"billing"}));
143 }
144 }
145
146 //fetch transaction information:
147 if ($res = sqlStatement("select * from transactions where " .
148 "authorized = 0 and groupname = '$groupname'"))
149 {
150 for ($iter = 0;$row = sqlFetchArray($res);$iter++)
151 $result2[$iter] = $row;
152 if ($result2) {
153 foreach ($result2 as $iter) {
154 $authorize{$iter{"pid"}}{"transaction"} .= "<span class=text>" .
155 $iter{"title"} . ": " . stripslashes(strterm($iter{"body"},25)) .
156 " " . date("n/j/Y",strtotime($iter{"date"})) . "</span><br>\n";
157 }
158 //$authorize[$iter{"pid"}]{"transaction"} = substr($authorize[$iter{"pid"}]{"transaction"},0,strlen($authorize[$iter{"pid"}]{"transaction"}));
159 }
160 }
161
162 //fetch pnotes information:
163 if ($res = sqlStatement("select * from pnotes where authorized = 0 and " .
164 "groupname = '$groupname'"))
165 {
166 for ($iter = 0;$row = sqlFetchArray($res);$iter++)
167 $result3[$iter] = $row;
168 if ($result3) {
169 foreach ($result3 as $iter) {
170 $authorize{$iter{"pid"}}{"pnotes"} .= "<span class=text>" .
171 stripslashes(strterm($iter{"body"},25)) . " " .
172 date("n/j/Y",strtotime($iter{"date"})) . "</span><br>\n";
173 }
174 //$authorize[$iter{"pid"}]{"pnotes"} = substr($authorize[$iter{"pid"}]{"pnotes"},0,strlen($authorize[$iter{"pid"}]{"pnotes"}));
175 }
176 }
177
178 //fetch forms information:
179 if ($res = sqlStatement("select * from forms where authorized = 0 and " .
180 "groupname = '$groupname'"))
181 {
182 for ($iter = 0;$row = sqlFetchArray($res);$iter++)
183 $result4[$iter] = $row;
184 if ($result4) {
185 foreach ($result4 as $iter) {
186 $authorize{$iter{"pid"}}{"forms"} .= "<span class=text>" .
187 $iter{"form_name"} . " " . date("n/j/Y",strtotime($iter{"date"})) .
188 "</span><br>\n";
189 }
190 //$authorize[$iter{"pid"}]{"forms"} = substr($authorize[$iter{"pid"}]{"forms"},0,strlen($authorize[$iter{"pid"}]{"forms"}));
191 }
192 }
193 ?>
194
195 <table border='0' cellpadding='0' cellspacing='2' width='100%'>
196 <tr>
197 <td valign='top'>
198
199 <?
200 if ($authorize) {
201 $count = 0;
202
203 while (list($ppid,$patient) = each($authorize)) {
204 $name = getPatientData($ppid);
205
206 // If I want to see mine only and this patient is not mine, skip it.
207 if ($see_auth == 2 && $_SESSION['authUserID'] != $name['id'])
208 continue;
209
210 if ($count >= $N) {
211 print "<tr><td colspan='5' align='center'><a" .
212 ($GLOBALS['concurrent_layout'] ? "" : " target='Main'") .
213 " href='authorizations_full.php?active=1' class='alert'>" .
214 xl('Some authorizations were not displayed. Click here to view all') .
215 "</a></td></tr>\n";
216 break;
217 }
218
219 echo "<tr><td valign='top'>";
220 if ($GLOBALS['concurrent_layout']) {
221 // Clicking the patient name will load both frames for that patient,
222 // as demographics.php takes care of loading the bottom frame.
223 echo "<a href='$rootdir/patient_file/summary/demographics.php?set_pid=$ppid' " .
224 "target='RTop'>";
225 } else {
226 echo "<a href='$rootdir/patient_file/patient_file.php?set_pid=$ppid' " .
227 "target='_top'>";
228 }
229 echo "<span class='bold'>" . $name{"fname"} . " " .
230 $name{"lname"} . "</span></a><br>" .
231 "<a class=link_submit href='authorizations.php?mode=authorize" .
232 "&pid=$ppid'>" . xl('Authorize') . "</a></td>\n";
233
234 /****
235 //Michael A Rowley MD 20041012.
236 // added below 4 lines to add provider to authorizations for ez reference.
237 $providerID = sqlFetchArray(sqlStatement(
238 "select providerID from patient_data where pid=$ppid"));
239 $userID=$providerID{"providerID"};
240 $providerName = sqlFetchArray(sqlStatement(
241 "select lname from users where id=$userID"));
242 ****/
243 // Don't use sqlQuery because there might be no match.
244 $providerName = sqlFetchArray(sqlStatement(
245 "select lname from users where id = " . $name['providerID']));
246 /****/
247
248 echo "<td valign=top><span class=bold>".xl('Provider').":</span><span class=text><br>" .
249 $providerName{"lname"} . "</td>\n";
250 // ha ha, see if that works....mar.
251 echo "<td valign=top><span class=bold>".xl('Billing').":</span><span class=text><br>" .
252 $patient{"billing"} . "</td>\n";
253 echo "<td valign=top><span class=bold>".xl('Transactions').":</span><span class=text><br>" .
254 $patient{"transaction"} . "</td>\n";
255 echo "<td valign=top><span class=bold>".xl('Patient Notes').":</span><span class=text><br>" .
256 $patient{"pnotes"} . "</td>\n";
257 echo "<td valign=top><span class=bold>".xl('Encounter Forms').":</span><span class=text><br>" .
258 $patient{"forms"} . "</td>\n";
259 echo "</tr>\n";
260
261 $count++;
262 }
263 }
264 ?>
265
266 </td>
267
268 </tr>
269 </table>
270
271 <?php } ?>
272
273 </body>
274 </html>
Mirror of official OpenEMR Sourceforge repository