controllers/C_PatientFinder.class.php

   1 <?php
   2
   3
   4 class C_PatientFinder extends Controller {
   5
   6         var $template_mod;
   7         var $_db;
   8
   9         function __construct($template_mod = "general") {
  10                 parent::__construct();
  11                 $this->_db = $GLOBALS['adodb']['db'];
  12                 $this->template_mod = $template_mod;
  13                 $this->assign("FORM_ACTION", $GLOBALS['webroot']."/controller.php?" . $_SERVER['QUERY_STRING']);
  14                 ///////////////////////////////////
  15                 //// What should this be?????
  16                 //////////////////////////////////
  17                 $this->assign("CURRENT_ACTION", $GLOBALS['webroot']."/controller.php?" . "practice_settings&patient_finder&");
  18                 /////////////////////////////////
  19                 $this->assign("STYLE", $GLOBALS['style']);
  20
  21         }
  22
  23         function default_action($form_id='',$form_name='',$pid='') {
  24                 return $this->find_action($form_id,$form_name,$pid);
  25         }
  26
  27         /**
  28         * Function that will display a patient finder widged, allowing
  29         *       the user to input search parameters to find a patient id.
  30         */
  31         function find_action($form_id, $form_name,$pid) {
  32                 $isPid = false;
  33                 //fix any magic quotes meddling
  34
  35                 $form_id = strip_escape_custom($form_id);
  36                 $form_name = strip_escape_custom($form_name);
  37                 $pid = strip_escape_custom($pid);
  38
  39         //prevent javascript injection, whitespace and semi-colons are the worry
  40         $form_id = preg_replace("/[^A-Za-z0-9\[\]\_\']/iS","",urldecode($form_id));
  41         $form_name = preg_replace("/[^A-Za-z0-9\[\]\_\']/iS","",urldecode($form_name));
  42         $this->assign('form_id', $form_id);
  43         $this->assign('form_name', $form_name);
  44         if(!empty($pid))
  45                 $isPid = true;
  46         $this->assign('hidden_ispid', $isPid);
  47
  48                 return $this->fetch($GLOBALS['template_dir'] . "patient_finder/" . $this->template_mod . "_find.html");
  49         }
  50
  51         /**
  52         * Function that will take a search string, parse it out and return all patients from the db matching.
  53         * @param string $search_string - String from html form giving us our search parameters
  54         */
  55         function find_action_process() {
  56
  57                 if ($_POST['process'] != "true")
  58                         return;
  59
  60                 $isPub = false;
  61                 $search_string = $_POST['searchstring'];
  62                 if(!empty($_POST['pid']))
  63                 {
  64                         $isPub = !$_POST['pid'];
  65                 }
  66                 //get the db connection and pass it to the helper functions
  67                 $sql = "SELECT CONCAT(lname, ' ', fname, ' ', mname) as name, DOB, pubpid, pid FROM patient_data";
  68                 //parse search_string to determine what type of search we have
  69                 $pos = strpos($search_string, ',');
  70
  71                 // get result set into array and pass to array
  72                 $result_array = array();
  73
  74                 if($pos === false) {
  75                         //no comma just last name
  76                         $result_array = $this->search_by_lName($sql, $search_string);
  77                 }
  78                 else if($pos === 0){
  79                         //first name only
  80                         $result_array = $this->search_by_fName($sql, $search_string);
  81                 }
  82                 else {
  83                         //last and first at least
  84                         $result_array = $this->search_by_FullName($sql,$search_string);
  85                 }
  86                 $this->assign('search_string',$search_string);
  87                 $this->assign('result_set', $result_array);
  88                 $this->assign('ispub', $isPub);
  89                 // we're done
  90                 $_POST['process'] = "";
  91         }
  92
  93         /**
  94         *       Function that returns an array containing the
  95         *       Results of a LastName search
  96         *       @-param string $sql base sql query
  97         *       @-param string $search_string parsed for last name
  98         */
  99         function search_by_lName($sql, $search_string) {
 100                 $lName = add_escape_custom($search_string);
 101                 $sql .= " WHERE lname LIKE '$lName%' ORDER BY lname, fname";
 102                 //print "SQL is $sql \n";
 103                 $result_array = $this->_db->GetAll($sql);
 104                 //print_r($result_array);
 105                 return $result_array;
 106         }
 107
 108         /**
 109         *       Function that returns an array containing the
 110         *       Results of a FirstName search
 111         *       @param string $sql base sql query
 112         *       @param string $search_string parsed for first name
 113         */
 114         function search_by_fName($sql, $search_string) {
 115                 $name_array = explode(",", $search_string);
 116                 $fName = add_escape_custom( trim($name_array[1]) );
 117                 $sql .= " WHERE fname LIKE '$fName%' ORDER BY lname, fname";
 118                 $result_array = $this->_db->GetAll($sql);
 119                 return $result_array;
 120         }
 121
 122         /**
 123         *       Function that returns an array containing the
 124         *       Results of a Full Name search
 125         *       @param string $sql base sql query
 126         *       @param string $search_string parsed for first, last and middle name
 127         */
 128         function search_by_FullName($sql, $search_string) {
 129                 $name_array = explode(",", $search_string);
 130                 $lName = add_escape_custom($name_array[0]);
 131                 $fName = add_escape_custom( trim($name_array[1]) );
 132                 $sql .= " WHERE fname LIKE '%$fName%' AND lname LIKE '$lName%' ORDER BY lname, fname";
 133                 //print "SQL is $sql \n";
 134                 $result_array = $this->_db->GetAll($sql);
 135                 return $result_array;
 136         }
 137 }
 138 ?>