search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
acknowledgments update
[openemr.git] / interface / patient_file / deleter.php
blob5b79b4c44648690aac2166d880d11a9be764e441
1 <?php
2 /**
3 * delete tool, for logging and removing patient data.
4 *
5 * Called from many different pages.
6 *
7 * Copyright (C) 2005-2013 Rod Roark <rod@sunsetsystems.com>
8 *
9 * This program is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU General Public License
11 * as published by the Free Software Foundation; either version 2
12 * of the License, or (at your option) any later version.
13 *
14 * @package OpenEMR
15 * @author Rod Roark <rod@sunsetsystems.com>
16 * @link http://www.open-emr.org
17 */
18
19 require_once('../globals.php');
20 require_once($GLOBALS['srcdir'].'/log.inc');
21 require_once($GLOBALS['srcdir'].'/acl.inc');
22 require_once($GLOBALS['srcdir'].'/sl_eob.inc.php');
23
24 $patient = $_REQUEST['patient'];
25 $encounterid = $_REQUEST['encounterid'];
26 $formid = $_REQUEST['formid'];
27 $issue = $_REQUEST['issue'];
28 $document = $_REQUEST['document'];
29 $payment = $_REQUEST['payment'];
30 $billing = $_REQUEST['billing'];
31 $transaction = $_REQUEST['transaction'];
32
33 $info_msg = "";
34
35 // Delete rows, with logging, for the specified table using the
36 // specified WHERE clause.
37 //
38 function row_delete($table, $where) {
39 $tres = sqlStatement("SELECT * FROM $table WHERE $where");
40 $count = 0;
41 while ($trow = sqlFetchArray($tres)) {
42 $logstring = "";
43 foreach ($trow as $key => $value) {
44 if (! $value || $value == '0000-00-00 00:00:00') continue;
45 if ($logstring) $logstring .= " ";
46 $logstring .= $key . "='" . addslashes($value) . "'";
47 }
48 newEvent("delete", $_SESSION['authUser'], $_SESSION['authProvider'], 1, "$table: $logstring");
49 ++$count;
50 }
51 if ($count) {
52 $query = "DELETE FROM $table WHERE $where";
53 echo $query . "<br>\n";
54 sqlStatement($query);
55 }
56 }
57
58 // Deactivate rows, with logging, for the specified table using the
59 // specified SET and WHERE clauses.
60 //
61 function row_modify($table, $set, $where) {
62 if (sqlQuery("SELECT * FROM $table WHERE $where")) {
63 newEvent("deactivate", $_SESSION['authUser'], $_SESSION['authProvider'], 1, "$table: $where");
64 $query = "UPDATE $table SET $set WHERE $where";
65 echo $query . "<br>\n";
66 sqlStatement($query);
67 }
68 }
69
70 // We use this to put dashes, colons, etc. back into a timestamp.
71 //
72 function decorateString($fmt, $str) {
73 $res = '';
74 while ($fmt) {
75 $fc = substr($fmt, 0, 1);
76 $fmt = substr($fmt, 1);
77 if ($fc == '.') {
78 $res .= substr($str, 0, 1);
79 $str = substr($str, 1);
80 } else {
81 $res .= $fc;
82 }
83 }
84 return $res;
85 }
86
87 // Delete and undo product sales for a given patient or visit.
88 // This is special because it has to replace the inventory.
89 //
90 function delete_drug_sales($patient_id, $encounter_id=0) {
91 $where = $encounter_id ? "ds.encounter = '$encounter_id'" :
92 "ds.pid = '$patient_id' AND ds.encounter != 0";
93 sqlStatement("UPDATE drug_sales AS ds, drug_inventory AS di " .
94 "SET di.on_hand = di.on_hand + ds.quantity " .
95 "WHERE $where AND di.inventory_id = ds.inventory_id");
96 if ($encounter_id) {
97 row_delete("drug_sales", "encounter = '$encounter_id'");
98 }
99 else {
100 row_delete("drug_sales", "pid = '$patient_id'");
101 }
102 }
103
104 // Delete a form's data from its form-specific table.
105 //
106 function form_delete($formdir, $formid) {
107 $formdir = ($formdir == 'newpatient') ? 'encounter' : $formdir;
108 if (substr($formdir,0,3) == 'LBF') {
109 row_delete("lbf_data", "form_id = '$formid'");
110 }
111 else if ($formdir == 'procedure_order') {
112 $tres = sqlStatement("SELECT procedure_report_id FROM procedure_report " .
113 "WHERE procedure_order_id = ?", array($formid));
114 while ($trow = sqlFetchArray($tres)) {
115 $reportid = 0 + $trow['procedure_report_id'];
116 row_delete("procedure_result", "procedure_report_id = '$reportid'");
117 }
118 row_delete("procedure_report", "procedure_order_id = '$formid'");
119 row_delete("procedure_order_code", "procedure_order_id = '$formid'");
120 row_delete("procedure_order", "procedure_order_id = '$formid'");
121 }
122 else if ($formdir == 'physical_exam') {
123 row_delete("form_$formdir", "forms_id = '$formid'");
124 }
125 else {
126 row_delete("form_$formdir", "id = '$formid'");
127 }
128 }
129
130 // Delete a specified document including its associated relations and file.
131 //
132 function delete_document($document) {
133 $trow = sqlQuery("SELECT url FROM documents WHERE id = '$document'");
134 $url = $trow['url'];
135 row_delete("categories_to_documents", "document_id = '$document'");
136 row_delete("documents", "id = '$document'");
137 row_delete("gprelations", "type1 = 1 AND id1 = '$document'");
138 if (substr($url, 0, 7) == 'file://') {
139 @unlink(substr($url, 7));
140 }
141 }
142 ?>
143 <html>
144 <head>
145 <?php html_header_show();?>
146 <title><?php xl('Delete Patient, Encounter, Form, Issue, Document, Payment, Billing or Transaction','e'); ?></title>
147 <link rel="stylesheet" href='<?php echo $css_header ?>' type='text/css'>
148
149 <style>
150 td { font-size:10pt; }
151 </style>
152
153 <script language="javascript">
154 function submit_form()
155 {
156 document.deletefrm.submit();
157 }
158 // Java script function for closing the popup
159 function popup_close() {
160 if(parent.$==undefined) {
161 window.close();
162 }
163 else {
164 parent.$.fn.fancybox.close();
165 }
166 }
167 </script>
168 </head>
169
170 <body class="body_top">
171 <?php
172 // If the delete is confirmed...
173 //
174 if ($_POST['form_submit']) {
175
176 if ($patient) {
177 if (!acl_check('admin', 'super')) die("Not authorized!");
178 row_modify("billing" , "activity = 0", "pid = '$patient'");
179 row_modify("pnotes" , "deleted = 1" , "pid = '$patient'");
180 // row_modify("prescriptions" , "active = 0" , "patient_id = '$patient'");
181 row_delete("prescriptions" , "patient_id = '$patient'");
182 row_delete("claims" , "patient_id = '$patient'");
183 delete_drug_sales($patient);
184 row_delete("payments" , "pid = '$patient'");
185 row_delete("ar_activity" , "pid = '$patient'");
186 row_delete("openemr_postcalendar_events", "pc_pid = '$patient'");
187 row_delete("immunizations" , "patient_id = '$patient'");
188 row_delete("issue_encounter", "pid = '$patient'");
189 row_delete("lists" , "pid = '$patient'");
190 row_delete("transactions" , "pid = '$patient'");
191 row_delete("employer_data" , "pid = '$patient'");
192 row_delete("history_data" , "pid = '$patient'");
193 row_delete("insurance_data" , "pid = '$patient'");
194
195 $res = sqlStatement("SELECT * FROM forms WHERE pid = '$patient'");
196 while ($row = sqlFetchArray($res)) {
197 form_delete($row['formdir'], $row['form_id']);
198 }
199 row_delete("forms", "pid = '$patient'");
200
201 // integration_mapping is used for sql-ledger and is virtually obsolete now.
202 $row = sqlQuery("SELECT id FROM patient_data WHERE pid = '$patient'");
203 row_delete("integration_mapping", "local_table = 'patient_data' AND " .
204 "local_id = '" . $row['id'] . "'");
205
206 // Delete all documents for the patient.
207 $res = sqlStatement("SELECT id FROM documents WHERE foreign_id = '$patient'");
208 while ($row = sqlFetchArray($res)) {
209 delete_document($row['id']);
210 }
211
212 // This table exists only for athletic teams.
213 $tmp = sqlQuery("SHOW TABLES LIKE 'daily_fitness'");
214 if (!empty($tmp)) {
215 row_delete("daily_fitness", "pid = '$patient'");
216 }
217
218 row_delete("patient_data", "pid = '$patient'");
219 }
220 else if ($encounterid) {
221 if (!acl_check('admin', 'super')) die("Not authorized!");
222 row_modify("billing", "activity = 0", "encounter = '$encounterid'");
223 delete_drug_sales(0, $encounterid);
224 row_delete("ar_activity", "encounter = '$encounterid'");
225 row_delete("claims", "encounter_id = '$encounterid'");
226 row_delete("issue_encounter", "encounter = '$encounterid'");
227 $res = sqlStatement("SELECT * FROM forms WHERE encounter = '$encounterid'");
228 while ($row = sqlFetchArray($res)) {
229 form_delete($row['formdir'], $row['form_id']);
230 }
231 row_delete("forms", "encounter = '$encounterid'");
232 }
233 else if ($formid) {
234 if (!acl_check('admin', 'super')) die("Not authorized!");
235 $row = sqlQuery("SELECT * FROM forms WHERE id = '$formid'");
236 $formdir = $row['formdir'];
237 if (! $formdir) die("There is no form with id '$formid'");
238 form_delete($formdir, $row['form_id']);
239 row_delete("forms", "id = '$formid'");
240 }
241 else if ($issue) {
242 if (!acl_check('admin', 'super')) die("Not authorized!");
243 row_delete("issue_encounter", "list_id = '$issue'");
244 row_delete("lists", "id = '$issue'");
245 }
246 else if ($document) {
247 if (!acl_check('admin', 'super')) die("Not authorized!");
248 delete_document($document);
249 }
250 else if ($payment) {
251 if (!acl_check('admin', 'super')) die("Not authorized!");
252 list($patient_id, $timestamp, $ref_id) = explode(".", $payment);
253 // if (empty($ref_id)) $ref_id = -1;
254 $timestamp = decorateString('....-..-.. ..:..:..', $timestamp);
255 $payres = sqlStatement("SELECT * FROM payments WHERE " .
256 "pid = '$patient_id' AND dtime = '$timestamp'");
257 while ($payrow = sqlFetchArray($payres)) {
258 if ($payrow['encounter']) {
259 $ref_id = -1;
260 // The session ID passed in is useless. Look for the most recent
261 // patient payment session with pay total matching pay amount and with
262 // no adjustments. The resulting session ID may be 0 (no session) which
263 // is why we start with -1.
264 $tpmt = $payrow['amount1'] + $payrow['amount2'];
265 $seres = sqlStatement("SELECT " .
266 "SUM(pay_amount) AS pay_amount, session_id " .
267 "FROM ar_activity WHERE " .
268 "pid = '$patient_id' AND " .
269 "encounter = '" . $payrow['encounter'] . "' AND " .
270 "payer_type = 0 AND " .
271 "adj_amount = 0.00 " .
272 "GROUP BY session_id ORDER BY session_id DESC");
273 while ($serow = sqlFetchArray($seres)) {
274 if (sprintf("%01.2f", $serow['adj_amount']) != 0.00) continue;
275 if (sprintf("%01.2f", $serow['pay_amount'] - $tpmt) == 0.00) {
276 $ref_id = $serow['session_id'];
277 break;
278 }
279 }
280 if ($ref_id == -1) {
281 die(xlt('Unable to match this payment in ar_activity') . ": $tpmt");
282 }
283 // Delete the payment.
284 row_delete("ar_activity",
285 "pid = '$patient_id' AND " .
286 "encounter = '" . $payrow['encounter'] . "' AND " .
287 "payer_type = 0 AND " .
288 "pay_amount != 0.00 AND " .
289 "adj_amount = 0.00 AND " .
290 "session_id = '$ref_id'");
291 if ($ref_id) {
292 row_delete("ar_session",
293 "patient_id = '$patient_id' AND " .
294 "session_id = '$ref_id'");
295 }
296 }
297 else {
298 // Encounter is 0! Seems this happens for pre-payments.
299 $tpmt = sprintf("%01.2f", $payrow['amount1'] + $payrow['amount2']);
300 row_delete("ar_session",
301 "patient_id = '$patient_id' AND " .
302 "payer_id = 0 AND " .
303 "reference = '" . add_escape_custom($payrow['source']) . "' AND " .
304 "pay_total = '$tpmt' AND " .
305 "(SELECT COUNT(*) FROM ar_activity where ar_activity.session_id = ar_session.session_id) = 0 " .
306 "ORDER BY session_id DESC LIMIT 1");
307 }
308 row_delete("payments", "id = '" . $payrow['id'] . "'");
309 }
310 }
311 else if ($billing) {
312 if (!acl_check('acct','disc')) die("Not authorized!");
313 list($patient_id, $encounter_id) = explode(".", $billing);
314 if ($GLOBALS['oer_config']['ws_accounting']['enabled'] === 2) {
315 sqlStatement("DELETE FROM ar_activity WHERE " .
316 "pid = '$patient_id' AND encounter = '$encounter_id'");
317 sqlStatement("DELETE ar_session FROM ar_session LEFT JOIN " .
318 "ar_activity ON ar_session.session_id = ar_activity.session_id " .
319 "WHERE ar_activity.session_id IS NULL");
320 row_modify("billing", "activity = 0",
321 "pid = '$patient_id' AND " .
322 "encounter = '$encounter_id' AND " .
323 "code_type = 'COPAY' AND " .
324 "activity = 1");
325 sqlStatement("UPDATE form_encounter SET last_level_billed = 0, " .
326 "last_level_closed = 0, stmt_count = 0, last_stmt_date = NULL " .
327 "WHERE pid = '$patient_id' AND encounter = '$encounter_id'");
328 }
329 else {
330 slInitialize();
331 $trans_id = SLQueryValue("SELECT id FROM ar WHERE ar.invnumber = '$billing' LIMIT 1");
332 if ($trans_id) {
333 newEvent("delete", $_SESSION['authUser'], $_SESSION['authProvider'], 1, "Invoice $billing from SQL-Ledger");
334 SLQuery("DELETE FROM acc_trans WHERE trans_id = '$trans_id'");
335 if ($sl_err) die($sl_err);
336 SLQuery("DELETE FROM invoice WHERE trans_id = '$trans_id'");
337 if ($sl_err) die($sl_err);
338 SLQuery("DELETE FROM ar WHERE id = '$trans_id'");
339 if ($sl_err) die($sl_err);
340 } else {
341 $info_msg .= "Invoice '$billing' not found!";
342 }
343 SLClose();
344 }
345 sqlStatement("UPDATE drug_sales SET billed = 0 WHERE " .
346 "pid = '$patient_id' AND encounter = '$encounter_id'");
347 updateClaim(true, $patient_id, $encounter_id, -1, -1, 1, 0, ''); // clears for rebilling
348 }
349 else if ($transaction) {
350 if (!acl_check('admin', 'super')) die("Not authorized!");
351 row_delete("transactions", "id = '$transaction'");
352 }
353 else {
354 die("Nothing was recognized to delete!");
355 }
356
357 if (! $info_msg) $info_msg = xl('Delete successful.');
358
359 // Close this window and tell our opener that it's done.
360 //
361 echo "<script language='JavaScript'>\n";
362 if ($info_msg) echo " alert('$info_msg');\n";
363 if ($encounterid) //this code need to be same as 'parent.imdeleted($encounterid)' when the popup is div like
364 {
365 echo "window.opener.imdeleted($encounterid);\n";
366 }
367 else
368 {
369 echo " if (opener && opener.imdeleted) opener.imdeleted(); else parent.imdeleted();\n";
370 }
371 echo " window.close();\n";
372 echo "</script></body></html>\n";
373 exit();
374 }
375 ?>
376
377 <form method='post' name="deletefrm" action='deleter.php?patient=<?php echo $patient ?>&encounterid=<?php echo $encounterid ?>&formid=<?php echo $formid ?>&issue=<?php echo $issue ?>&document=<?php echo $document ?>&payment=<?php echo $payment ?>&billing=<?php echo $billing ?>&transaction=<?php echo $transaction ?>' onsubmit="javascript:alert('1');document.deleform.submit();">
378
379 <p class="text">&nbsp;<br><?php xl('Do you really want to delete','e'); ?>
380
381 <?php
382 if ($patient) {
383 echo xl('patient') . " $patient";
384 } else if ($encounterid) {
385 echo xl('encounter') . " $encounterid";
386 } else if ($formid) {
387 echo xl('form') . " $formid";
388 } else if ($issue) {
389 echo xl('issue') . " $issue";
390 } else if ($document) {
391 echo xl('document') . " $document";
392 } else if ($payment) {
393 echo xl('payment') . " $payment";
394 } else if ($billing) {
395 echo xl('invoice') . " $billing";
396 } else if ($transaction) {
397 echo xl('transaction') . " $transaction";
398 }
399 ?> <?php xl('and all subordinate data? This action will be logged','e'); ?>!</p>
400
401 <center>
402
403 <p class="text">&nbsp;<br>
404 <a href="#" onclick="submit_form()" class="css_button"><span><?php xl('Yes, Delete and Log','e'); ?></span></a>
405 <input type='hidden' name='form_submit' value=<?php xl('Yes, Delete and Log','e','\'','\''); ?>/>
406 <a href='#' class="css_button" onclick=popup_close();><span><?php echo xl('No, Cancel');?></span></a>
407 </p>
408
409 </center>
410 </form>
411 </body>
412 </html>
Mirror of official OpenEMR Sourceforge repository