search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Implement new security model in LBF forms.
[openemr.git] / custom / search.php
blobc4c5fd8cb4d1fdeae6b15597b4c0300cba7bff4d
1 <?php
2 //// Copyright (C) 2009 Aron Racho <aron@mi-squared.com>
3
4 // This program is free software; you can redistribute it and/or
5 // modify it under the terms of the GNU General Public License
6 // as published by the Free Software Foundation; either version 2
7 // of the License, or (at your option) any later version.
8
9 //SANITIZE ALL ESCAPES
10 $sanitize_all_escapes=true;
11 //
12
13 //STOP FAKE REGISTER GLOBALS
14 $fake_register_globals=false;
15 //
16
17 require_once("../interface/globals.php");
18 require_once("$srcdir/sql.inc");
19 ?>
20 <html>
21 <head>
22 <link rel="stylesheet" href="<?php echo $css_header;?>" type="text/css">
23 <style type="text/css">
24 body {
25 font-size:8pt;
26 font-weight:normal;
27 padding: 5px 3px 5px 3px;
28 background: #94D6E7;
29 }
30 </style>
31 <script language="javascript">
32 function doSelectorButton() {
33 var selector = document.getElementById('selectorButton');
34 var value;
35 if ( selector.value == "<?php echo htmlspecialchars( xl('Select All'), ENT_QUOTES); ?>" ) {
36 selector.value = "<?php echo htmlspecialchars( xl('Unselect All'), ENT_QUOTES); ?>";
37 value = true;
38 } else {
39 selector.value = "<?php echo htmlspecialchars( xl('Select All'), ENT_QUOTES); ?>";
40 value = false;
41 }
42 var checkBoxes = document.getElementsByName( "searchFields" );
43 setAll( checkBoxes, value );
44 }
45
46 function setAll(field, value) {
47 for (i = 0; i < field.length; i++) {
48 field[i].checked = value ;
49 }
50 }
51
52 function doSubmit() {
53 // buildup fieldstring
54 var checkBoxes = document.getElementsByName( "searchFields" );
55 var fieldString = '';
56 var ssc = document.forms[0].search_service_code.value;
57 for (i = 0; i < checkBoxes.length; i++) {
58 if ( checkBoxes[i].checked ) {
59 if ( fieldString != '' ) {
60 fieldString += "~";
61 }
62 fieldString += checkBoxes[i].value;
63 }
64 }
65 if ( opener != null ) {
66 if (fieldString == undefined || (fieldString == '' && ssc.length == '')) {
67 alert("<?php echo htmlspecialchars( xl('You must select some fields to continue.'), ENT_QUOTES); ?>");
68 return false;
69 }
70 opener.processFilter(fieldString, ssc);
71 }
72 }
73
74 </script>
75 </head>
76
77 <body>
78 <form>
79
80 <table>
81 <tr>
82 <td>
83 <b><?php echo htmlspecialchars(xl('Select Fields')); ?>:</b>
84 </td>
85 <td>
86 <input type="button" value="<?php echo htmlspecialchars( xl('Submit'), ENT_QUOTES); ?>" id="submit" onclick="javascript:doSubmit();"></input>
87 </td>
88 <td>
89 <input type="button" value="<?php echo htmlspecialchars( xl('Select All'), ENT_QUOTES); ?>" id="selectorButton" onclick="javascript:doSelectorButton();"></input>
90 </td>
91 </tr>
92 </table>
93
94 <?php
95 function echoFilterItem($iter, $fieldId, $fieldTitle) {
96 if ($iter % 3 == 0) {
97 if ( $iter > 0 ) {
98 echo "</tr>\n";
99 }
100 echo "<tr>\n";
101 }
102 echo "<td>";
103 echo "<input type='checkbox' value='".htmlspecialchars( ${fieldId}, ENT_QUOTES)."' name='searchFields'/> <b>".htmlspecialchars( $fieldTitle, ENT_NOQUOTES)."</b>";
104 echo "</td>\n";
105 }
106
107 $layoutCols = sqlStatement( "SELECT field_id, title, description, group_name "
108 . "FROM layout_options "
109 . "WHERE form_id='DEM' "
110 . "AND group_name not like ('%Employer%' ) AND uor != 0 "
111 . "ORDER BY group_name,seq"
112 );
113
114 echo "<table>";
115
116 for($iter=0; $row=sqlFetchArray($layoutCols); $iter++) {
117 $label = $row['title'] ? $row['title'] : $row['description'];
118 if ( !$label ) {
119 $label = $row['field_id'];
120 }
121 echoFilterItem(
122 $iter,
123 $row['field_id'],
124 xl_layout_label($label)
125 );
126 }
127 echoFilterItem($iter++, 'pid', xl('Internal Identifier (pid)'));
128
129 // Finish the row gracefully.
130 while ($iter++ % 3) echo "<td>&nbsp;</td>\n";
131 echo "</tr>\n";
132
133 // Write a final line to solicit an optional service code.
134 echo "<tr>\n";
135 echo "<td colspan='3'>";
136 echo "<input type='text' value='' name='search_service_code' size='8' /> " .
137 "<b>" . htmlspecialchars(xl('Service Code')) . "</b> (" .
138 htmlspecialchars(xl('if entered, select only those who have had this service')) . ")";
139 echo "</td>\n";
140 echo "</tr>\n";
141
142 echo "</table>";
143 ?>
144
145 </form>
146 </body>
147 </html>
Mirror of official OpenEMR Sourceforge repository