3 * delete tool, for logging and removing patient data.
5 * Called from many different pages.
7 * Copyright (C) 2005-2013 Rod Roark <rod@sunsetsystems.com>
8 * Copyright (C) 2015 Roberto Vasquez <robertogagliotta@gmail.com>
10 * LICENSE: This program is free software; you can redistribute it and/or
11 * modify it under the terms of the GNU General Public License
12 * as published by the Free Software Foundation; either version 2
13 * of the License, or (at your option) any later version.
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
18 * You should have received a copy of the GNU General Public License
19 * along with this program. If not, see <http://opensource.org/licenses/gpl-license.php>;.
22 * @author Rod Roark <rod@sunsetsystems.com>
23 * @author Roberto Vasquez <robertogagliotta@gmail.com>
24 * @link http://www.open-emr.org
27 use OpenEMR\Core\Header
;
29 require_once('../globals.php');
30 require_once($GLOBALS['srcdir'].'/log.inc');
31 require_once($GLOBALS['srcdir'].'/acl.inc');
32 require_once($GLOBALS['srcdir'].'/sl_eob.inc.php');
34 $patient = $_REQUEST['patient'];
35 $encounterid = $_REQUEST['encounterid'];
36 $formid = $_REQUEST['formid'];
37 $issue = $_REQUEST['issue'];
38 $document = $_REQUEST['document'];
39 $payment = $_REQUEST['payment'];
40 $billing = $_REQUEST['billing'];
41 $transaction = $_REQUEST['transaction'];
45 // Delete rows, with logging, for the specified table using the
46 // specified WHERE clause.
48 function row_delete($table, $where)
50 $tres = sqlStatement("SELECT * FROM $table WHERE $where");
52 while ($trow = sqlFetchArray($tres)) {
54 foreach ($trow as $key => $value) {
55 if (! $value ||
$value == '0000-00-00 00:00:00') {
63 $logstring .= $key . "= '" . $value . "' ";
66 newEvent("delete", $_SESSION['authUser'], $_SESSION['authProvider'], 1, "$table: $logstring");
71 $query = "DELETE FROM $table WHERE $where";
72 if (!$GLOBALS['sql_string_no_show_screen']) {
73 echo text($query) . "<br>\n";
80 // Deactivate rows, with logging, for the specified table using the
81 // specified SET and WHERE clauses.
83 function row_modify($table, $set, $where)
85 if (sqlQuery("SELECT * FROM $table WHERE $where")) {
86 newEvent("deactivate", $_SESSION['authUser'], $_SESSION['authProvider'], 1, "$table: $where");
87 $query = "UPDATE $table SET $set WHERE $where";
88 if (!$GLOBALS['sql_string_no_show_screen']) {
89 echo text($query) . "<br>\n";
96 // We use this to put dashes, colons, etc. back into a timestamp.
98 function decorateString($fmt, $str)
102 $fc = substr($fmt, 0, 1);
103 $fmt = substr($fmt, 1);
105 $res .= substr($str, 0, 1);
106 $str = substr($str, 1);
115 // Delete and undo product sales for a given patient or visit.
116 // This is special because it has to replace the inventory.
118 function delete_drug_sales($patient_id, $encounter_id = 0)
120 $where = $encounter_id ?
"ds.encounter = '" . add_escape_custom($encounter_id) . "'" :
121 "ds.pid = '" . add_escape_custom($patient_id) . "' AND ds.encounter != 0";
122 sqlStatement("UPDATE drug_sales AS ds, drug_inventory AS di " .
123 "SET di.on_hand = di.on_hand + ds.quantity " .
124 "WHERE $where AND di.inventory_id = ds.inventory_id");
126 row_delete("drug_sales", "encounter = '" . add_escape_custom($encounter_id) . "'");
128 row_delete("drug_sales", "pid = '" . add_escape_custom($patient_id) . "'");
132 // Delete a form's data from its form-specific table.
134 function form_delete($formdir, $formid)
136 $formdir = ($formdir == 'newpatient') ?
'encounter' : $formdir;
137 $formdir = ($formdir == 'newGroupEncounter') ?
'groups_encounter' : $formdir;
138 if (substr($formdir, 0, 3) == 'LBF') {
139 row_delete("lbf_data", "form_id = '" . add_escape_custom($formid) . "'");
140 } else if ($formdir == 'procedure_order') {
141 $tres = sqlStatement("SELECT procedure_report_id FROM procedure_report " .
142 "WHERE procedure_order_id = ?", array($formid));
143 while ($trow = sqlFetchArray($tres)) {
144 $reportid = 0 +
$trow['procedure_report_id'];
145 row_delete("procedure_result", "procedure_report_id = '" . add_escape_custom($reportid) . "'");
148 row_delete("procedure_report", "procedure_order_id = '" . add_escape_custom($formid) . "'");
149 row_delete("procedure_order_code", "procedure_order_id = '" . add_escape_custom($formid) . "'");
150 row_delete("procedure_order", "procedure_order_id = '" . add_escape_custom($formid) . "'");
151 } else if ($formdir == 'physical_exam') {
152 row_delete("form_$formdir", "forms_id = '" . add_escape_custom($formid) . "'");
154 row_delete("form_$formdir", "id = '" . add_escape_custom($formid) . "'");
158 // Delete a specified document including its associated relations and file.
160 function delete_document($document)
162 $trow = sqlQuery("SELECT url, thumb_url, storagemethod, couch_docid, couch_revid FROM documents WHERE id = ?", array($document));
164 $thumb_url = $trow['thumb_url'];
165 row_delete("categories_to_documents", "document_id = '" . add_escape_custom($document) . "'");
166 row_delete("documents", "id = '" . add_escape_custom($document) . "'");
167 row_delete("gprelations", "type1 = 1 AND id1 = '" . add_escape_custom($document) . "'");
169 switch ((int)$trow['storagemethod']) {
170 //for hard disk store
172 @unlink
(substr($url, 7));
174 if (!is_null($thumb_url)) {
175 @unlink
(substr($thumb_url, 7));
180 $couchDB = new CouchDB();
181 $couchDB->DeleteDoc($GLOBALS['couchdb_dbase'], $trow['couch_docid'], $trow['couch_revid']);
188 <?php Header
::setupHeader('opener'); ?
>
189 <title
><?php
echo xlt('Delete Patient, Encounter, Form, Issue, Document, Payment, Billing or Transaction'); ?
></title
>
191 <script language
="javascript">
192 function submit_form()
194 document
.deletefrm
.submit();
196 // Java script function for closing the popup
197 function popup_close() {
198 if(parent
.$
==undefined
) {
202 parent
.$
.fn
.fancybox
.close();
208 <body
class="body_top">
210 // If the delete is confirmed...
212 if ($_POST['form_submit']) {
214 if (!acl_check('admin', 'super') ||
!$GLOBALS['allow_pat_delete']) {
215 die("Not authorized!");
218 row_modify("billing", "activity = 0", "pid = '" . add_escape_custom($patient) . "'");
219 row_modify("pnotes", "deleted = 1", "pid = '" . add_escape_custom($patient) . "'");
220 // row_modify("prescriptions" , "active = 0" , "patient_id = '$patient'");
221 row_delete("prescriptions", "patient_id = '" . add_escape_custom($patient) . "'");
222 row_delete("claims", "patient_id = '" . add_escape_custom($patient) . "'");
223 delete_drug_sales($patient);
224 row_delete("payments", "pid = '" . add_escape_custom($patient) . "'");
225 row_delete("ar_activity", "pid = '" . add_escape_custom($patient) . "'");
226 row_delete("openemr_postcalendar_events", "pc_pid = '" . add_escape_custom($patient) . "'");
227 row_delete("immunizations", "patient_id = '" . add_escape_custom($patient) . "'");
228 row_delete("issue_encounter", "pid = '" . add_escape_custom($patient) . "'");
229 row_delete("lists", "pid = '" . add_escape_custom($patient) . "'");
230 row_delete("transactions", "pid = '" . add_escape_custom($patient) . "'");
231 row_delete("employer_data", "pid = '" . add_escape_custom($patient) . "'");
232 row_delete("history_data", "pid = '" . add_escape_custom($patient) . "'");
233 row_delete("insurance_data", "pid = '" . add_escape_custom($patient) . "'");
235 $res = sqlStatement("SELECT * FROM forms WHERE pid = ?", array($patient));
236 while ($row = sqlFetchArray($res)) {
237 form_delete($row['formdir'], $row['form_id']);
240 row_delete("forms", "pid = '" . add_escape_custom($patient) . "'");
242 // Delete all documents for the patient.
243 $res = sqlStatement("SELECT id FROM documents WHERE foreign_id = ?", array($patient));
244 while ($row = sqlFetchArray($res)) {
245 delete_document($row['id']);
248 row_delete("patient_data", "pid = '" . add_escape_custom($patient) . "'");
249 } else if ($encounterid) {
250 if (!acl_check('admin', 'super')) {
251 die("Not authorized!");
254 row_modify("billing", "activity = 0", "encounter = '" . add_escape_custom($encounterid) . "'");
255 delete_drug_sales(0, $encounterid);
256 row_delete("ar_activity", "encounter = '" . add_escape_custom($encounterid) . "'");
257 row_delete("claims", "encounter_id = '" . add_escape_custom($encounterid) . "'");
258 row_delete("issue_encounter", "encounter = '" . add_escape_custom($encounterid) . "'");
259 $res = sqlStatement("SELECT * FROM forms WHERE encounter = ?", array($encounterid));
260 while ($row = sqlFetchArray($res)) {
261 form_delete($row['formdir'], $row['form_id']);
264 row_delete("forms", "encounter = '" . add_escape_custom($encounterid) . "'");
265 } else if ($formid) {
266 if (!acl_check('admin', 'super')) {
267 die("Not authorized!");
270 $row = sqlQuery("SELECT * FROM forms WHERE id = ?", array($formid));
271 $formdir = $row['formdir'];
273 die("There is no form with id '" . text($formid) . "'");
276 form_delete($formdir, $row['form_id']);
277 row_delete("forms", "id = '" . add_escape_custom($formid) . "'");
279 if (!acl_check('admin', 'super')) {
280 die("Not authorized!");
283 row_delete("issue_encounter", "list_id = '" . add_escape_custom($issue) ."'");
284 row_delete("lists", "id = '" . add_escape_custom($issue) ."'");
285 } else if ($document) {
286 if (!acl_check('admin', 'super')) {
287 die("Not authorized!");
290 delete_document($document);
291 } else if ($payment) {
292 if (!acl_check('admin', 'super')) {
293 die("Not authorized!");
296 list($patient_id, $timestamp, $ref_id) = explode(".", $payment);
297 // if (empty($ref_id)) $ref_id = -1;
298 $timestamp = decorateString('....-..-.. ..:..:..', $timestamp);
299 $payres = sqlStatement("SELECT * FROM payments WHERE " .
300 "pid = ? AND dtime = ?", array($patient_id, $timestamp));
301 while ($payrow = sqlFetchArray($payres)) {
302 if ($payrow['encounter']) {
304 // The session ID passed in is useless. Look for the most recent
305 // patient payment session with pay total matching pay amount and with
306 // no adjustments. The resulting session ID may be 0 (no session) which
307 // is why we start with -1.
308 $tpmt = $payrow['amount1'] +
$payrow['amount2'];
309 $seres = sqlStatement("SELECT " .
310 "SUM(pay_amount) AS pay_amount, session_id " .
311 "FROM ar_activity WHERE " .
313 "encounter = ? AND " .
314 "payer_type = 0 AND " .
315 "adj_amount = 0.00 " .
316 "GROUP BY session_id ORDER BY session_id DESC", array($patient_id, $payrow['encounter']));
317 while ($serow = sqlFetchArray($seres)) {
318 if (sprintf("%01.2f", $serow['adj_amount']) != 0.00) {
322 if (sprintf("%01.2f", $serow['pay_amount'] - $tpmt) == 0.00) {
323 $ref_id = $serow['session_id'];
329 die(xlt('Unable to match this payment in ar_activity') . ": " . text($tpmt));
332 // Delete the payment.
335 "pid = '" . add_escape_custom($patient_id) . "' AND " .
336 "encounter = '" . add_escape_custom($payrow['encounter']) . "' AND " .
337 "payer_type = 0 AND " .
338 "pay_amount != 0.00 AND " .
339 "adj_amount = 0.00 AND " .
340 "session_id = '" . add_escape_custom($ref_id) . "'"
345 "patient_id = '" . add_escape_custom($patient_id) ."' AND " .
346 "session_id = '" . add_escape_custom($ref_id) . "'"
350 // Encounter is 0! Seems this happens for pre-payments.
351 $tpmt = sprintf("%01.2f", $payrow['amount1'] +
$payrow['amount2']);
354 "patient_id = '" . add_escape_custom($patient_id) . "' AND " .
355 "payer_id = 0 AND " .
356 "reference = '" . add_escape_custom($payrow['source']) . "' AND " .
357 "pay_total = '" . add_escape_custom($tpmt) . "' AND " .
358 "(SELECT COUNT(*) FROM ar_activity where ar_activity.session_id = ar_session.session_id) = 0 " .
359 "ORDER BY session_id DESC LIMIT 1"
363 row_delete("payments", "id = '" . add_escape_custom($payrow['id']) . "'");
365 } else if ($billing) {
366 if (!acl_check('acct', 'disc')) {
367 die("Not authorized!");
370 list($patient_id, $encounter_id) = explode(".", $billing);
371 sqlStatement("DELETE FROM ar_activity WHERE " .
372 "pid = ? AND encounter = ? ", array($patient_id, $encounter_id));
373 sqlStatement("DELETE ar_session FROM ar_session LEFT JOIN " .
374 "ar_activity ON ar_session.session_id = ar_activity.session_id " .
375 "WHERE ar_activity.session_id IS NULL");
379 "pid = '" . add_escape_custom($patient_id) . "' AND " .
380 "encounter = '" . add_escape_custom($encounter_id) . "' AND " .
381 "code_type = 'COPAY' AND " .
384 sqlStatement("UPDATE form_encounter SET last_level_billed = 0, " .
385 "last_level_closed = 0, stmt_count = 0, last_stmt_date = NULL " .
386 "WHERE pid = ? AND encounter = ?", array($patient_id, $encounter_id));
387 sqlStatement("UPDATE drug_sales SET billed = 0 WHERE " .
388 "pid = ? AND encounter = ?", array($patient_id, $encounter_id));
389 updateClaim(true, $patient_id, $encounter_id, -1, -1, 1, 0, ''); // clears for rebilling
390 } else if ($transaction) {
391 if (!acl_check('admin', 'super')) {
392 die("Not authorized!");
395 row_delete("transactions", "id = '" . add_escape_custom($transaction) . "'");
397 die("Nothing was recognized to delete!");
401 $info_msg = xl('Delete successful.');
404 // Close this window and tell our opener that it's done.
406 echo "<script language='JavaScript'>\n";
408 echo " alert('" . addslashes($info_msg) . "');\n";
411 if ($encounterid) { //this code need to be same as 'parent.imdeleted($encounterid)' when the popup is div like
412 echo "window.opener.imdeleted(" . attr($encounterid) . ");\n";
414 echo " if (opener && opener.imdeleted) opener.imdeleted(); else parent.imdeleted();\n";
417 echo " window.close();\n";
418 echo "</script></body></html>\n";
423 <form method
='post' name
="deletefrm" action
='deleter.php?patient=<?php echo attr($patient) ?>&encounterid=<?php echo attr($encounterid) ?>&formid=<?php echo attr($formid) ?>&issue=<?php echo attr($issue) ?>&document=<?php echo attr($document) ?>&payment=<?php echo attr($payment) ?>&billing=<?php echo attr($billing) ?>&transaction=<?php echo attr($transaction) ?>' onsubmit
="javascript:alert('1');document.deleform.submit();">
425 <p
class="lead"> 
;<br
><?php
echo xlt('Do you really want to delete'); ?
>
429 echo xlt('patient') . " " . text($patient);
430 } else if ($encounterid) {
431 echo xlt('encounter') . " " . text($encounterid);
432 } else if ($formid) {
433 echo xlt('form') . " " . text($formid);
435 echo xlt('issue') . " " .text($issue);
436 } else if ($document) {
437 echo xlt('document') . " " . text($document);
438 } else if ($payment) {
439 echo xlt('payment') . " " .text($payment);
440 } else if ($billing) {
441 echo xlt('invoice') . " " . text($billing);
442 } else if ($transaction) {
443 echo xlt('transaction') . " " . text($transaction);
445 ?
> <?php
echo xlt('and all subordinate data? This action will be logged'); ?
>!</p
>
446 <div
class="btn-group">
447 <a href
="#" onclick
="submit_form()" class="btn btn-lg btn-save btn-default"><?php
echo xlt('Yes, Delete and Log'); ?
></a
>
448 <a href
='#' class="btn btn-lg btn-link btn-cancel" onclick
="popup_close();"><?php
echo xlt('No, Cancel');?
></a
>
450 <input type
='hidden' name
='form_submit' value
='<?php echo xla('Yes
, Delete
and Log
'); ?>'/>