| blob | b91b25f350c5af82e7c4ee79c6abda5dd2d20230 |
1 <?php
2 //our api for 3rd party developers
3 include_once("../../globals.php");
4 include_once("{$GLOBALS['srcdir']}/sql.inc");
5 include_once("{$GLOBALS['srcdir']}/billing.inc");
6 include_once("{$GLOBALS['srcdir']}/formdata.inc.php");
8 $GLOBALS['form_exit_url'] = $GLOBALS['concurrent_layout'] ?
9 "$rootdir/patient_file/encounter/encounter_top.php" :
10 "$rootdir/patient_file/encounter/patient_encounter.php";
12 function formHeader ($title = "My Form")
13 {
14 ?>
15 <html>
16 <head>
17 <?php html_header_show();?>
18 <link rel=stylesheet href="<?php echo $GLOBALS['css_header']?>" type="text/css">
19 <title><?php echo $title?></title>
20 </head>
21 <body background="<?php echo $GLOBALS['backpic']?>" topmargin=0 rightmargin=0 leftmargin=2 bottommargin=0 marginwidth=2 marginheight=0>
22 <?php
23 }
25 function formFooter ()
26 {
27 ?>
28 </body>
29 </html>
30 <?php
31 }
33 // This function will escape the $values when using the new security method (ie. $sanitize_all_escapes is TRUE).
34 // Otherwise, this function expects the $values to already be escaped(original and legacy behavior).
35 function formSubmit ($tableName, $values, $id, $authorized = "0")
36 {
37 // Bring in $sanitize_all_escapes variable, which will decide
38 // the variable escaping method.
39 global $sanitize_all_escapes;
41 $sql = "insert into " . escape_table_name($tableName) . " set pid = ?,groupname=?,user=?,authorized=?,activity=1, date = NOW(),";
42 foreach ($values as $key => $value)
43 if (strpos($key,"openemr_net_cpt") === 0) {
44 //code to auto add cpt code
45 if (!empty($value)) {
46 $code_array = split(" ",$value,2);
48 addBilling(date("Ymd"), 'CPT4', $code_array[0], $code_array[1], $_SESSION['pid'], $authorized, $_SESSION['authUserID']);
49 }
51 }
52 //case where key looks like "[a-zA-Z]*diagnosis[0-9]" which is special, it is used to auto add ICD codes
54 elseif (strpos($key,"diagnosis") == (strlen($key) -10) && !(strpos($key,"diagnosis")=== false )) {
55 //icd auto add ICD9-CM
56 if (!empty($value)) {
57 $code_array = split(" ",$value,2);
58 addBilling(date("Ymd"), 'ICD9-M', $code_array[0], $code_array[1], $_SESSION['pid'], $authorized, $_SESSION['authUserID']);
59 }
60 }
61 else {
62 if (isset($sanitize_all_escapes) && $sanitize_all_escapes) {
63 // using new security method, so escape the key and values here
64 $sql .= " " . escape_sql_column_name($key,array($tableName)) . " = '" . add_escape_custom($value) . "',";
65 }
66 else {
67 // original method (rely on code to escape values before using this function)
68 $sql .= " $key = '$value',";
69 }
70 }
71 $sql = substr($sql, 0, -1);
72 return sqlInsert($sql,array($_SESSION['pid'],$_SESSION['authProvider'],$_SESSION['authUser'],$authorized));
73 }
76 function formUpdate ($tableName, $values, $id, $authorized = "0")
77 {
78 // Bring in $sanitize_all_escapes variable, which will decide
79 // the variable escaping method.
80 global $sanitize_all_escapes;
82 $sql = "update " . escape_table_name($tableName) . " set pid = ?,groupname=?,user=?,authorized=?,activity=1, date = NOW(),";
83 foreach ($values as $key => $value)
84 if (isset($sanitize_all_escapes) && $sanitize_all_escapes) {
85 // using new security method, so escape the key and values here
86 $sql .= " " . escape_sql_column_name($key,array($tableName)) . " = '" . add_escape_custom($value) . "',";
87 }
88 else {
89 // original method (rely on code to escape values before using this function)
90 $sql .= " $key = '$value',";
91 }
92 $sql = substr($sql, 0, -1);
93 $sql .= " where id=?";
95 return sqlInsert($sql,array($_SESSION['pid'],$_SESSION['authProvider'],$_SESSION['authUser'],$authorized,$id));
96 }
99 function formJump ($address = "0")
100 {
101 $returnurl = $GLOBALS['concurrent_layout'] ? 'encounter_top.php' : 'patient_encounter.php';
102 if ($address == "0")
103 $address = "{$GLOBALS['rootdir']}/patient_file/encounter/$returnurl";
104 echo "\n<script language='Javascript'>top.restoreSession();window.location='$address';</script>\n";
105 exit;
106 }
108 function formFetch ($tableName, $id, $cols="*", $activity="1")
109 {
110 // Note that tableName is hard-coded, so no need to run through escape_table_name() function (at least not yet).
111 return sqlQuery ( "select $cols from `" . $tableName . "` where id=? and pid = ? and activity like ? order by date DESC LIMIT 0,1", array($id,$GLOBALS['pid'],$activity) ) ;
112 }
114 function formGetIds ($tableName, $cols = "*", $limit='all', $start=0, $activity = "1")
115 {
116 if($limit == "all")
117 {
119 $sql = "select $cols from `$tableName` where pid like '$pid' ";
120 if ($activity != "all")
121 $sql .= "and activity like '$activity' ";
122 $sql .= "order by date DESC";
123 }
124 else
125 {
126 $sql = "select $cols from pnotes where pid like '$pid' ";
127 $sql .= " AND deleted != 1 "; // exclude ALL deleted notes
128 if ($activity != "all")
129 $sql .= "and activity like '$activity' ";
130 $sql .= "order by date DESC LIMIT $start, $limit";
131 }
133 $res = sqlStatement($sql);
135 for ($iter = 0;$row = sqlFetchArray($res);$iter++)
136 $all[$iter] = $row;
137 return $all;
138 }
140 function formDisappear ($tableName, $id)
141 {
142 if (sqlStatement("update `$tableName` set activity = '0' where id='$id' and pid='$pid'")) return true;
143 return false;
144 }
146 function formReappear ($tableName, $id)
147 {
148 if (sqlStatement("update `$tableName` set activity = '1' where id='$id' and pid='$pid'")) return true;
149 return false;
150 }
151 ?>