library/custom_template/ajax_code.php

   1 <?php
   2 // +-----------------------------------------------------------------------------+
   3 // Copyright (C) 2011 Z&H Consultancy Services Private Limited <sam@zhservices.com>
   4 //
   5 //
   6 // This program is free software; you can redistribute it and/or
   7 // modify it under the terms of the GNU General Public License
   8 // as published by the Free Software Foundation; either version 2
   9 // of the License, or (at your option) any later version.
  10 //
  11 //
  12 // This program is distributed in the hope that it will be useful,
  13 // but WITHOUT ANY WARRANTY; without even the implied warranty of
  14 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  15 // GNU General Public License for more details.
  16 //
  17 //
  18 // A copy of the GNU General Public License is included along with this program:
  19 // openemr/interface/login/GnuGPL.html
  20 // For more information write to the Free Software
  21 // Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
  22 //
  23 // Author:   Eldho Chacko <eldho@zhservices.com>
  24 //           Jacob T Paul <jacob@zhservices.com>
  25 //
  26 // +------------------------------------------------------------------------------+
  27
  28 //SANITIZE ALL ESCAPES
  29 $sanitize_all_escapes=true;
  30 //
  31
  32 //STOP FAKE REGISTER GLOBALS
  33 $fake_register_globals=false;
  34 //
  35
  36 require_once("../../interface/globals.php");
  37
  38 $templateid = $_REQUEST['templateid'];
  39 $Source = $_REQUEST['source'];
  40 $list_id = $_REQUEST['list_id'];
  41 $item = $_REQUEST['item'];
  42 $multi = $_REQUEST['multi'];
  43 $content = $_REQUEST['content'];
  44
  45 if($Source=="add_template"){
  46     $arr = explode("|",$multi);
  47
  48     for($i=0;$i<sizeof($arr)-1;$i++){
  49     $sql = sqlStatement("SELECT * FROM customlists AS cl LEFT OUTER JOIN template_users AS tu ON cl.cl_list_slno=tu.tu_template_id
  50                         WHERE cl_list_item_long=? AND cl_list_type=3 AND cl_deleted=0 AND cl_list_id=? AND tu.tu_user_id=?",array($templateid,$arr[$i],$_SESSION['authId']));
  51     $cnt = sqlNumRows($sql);
  52     if($cnt==0){
  53     $newid=sqlInsert("INSERT INTO customlists (cl_list_id,cl_list_type,cl_list_item_long,cl_creator) VALUES (?,?,?,?)",array($arr[$i],3,$templateid,$_SESSION['authId']));
  54     sqlInsert("INSERT INTO template_users (tu_user_id,tu_template_id) VALUES (?,?)",array($_SESSION['authId'],$newid));
  55     }
  56     echo "<select name='template' id='template' onchange='TemplateSentence(this.value)' style='width:180px'>";
  57     echo "<option value=''>".htmlspecialchars(xl('Select category'),ENT_QUOTES)."</option>";
  58         $resTemplates = sqlStatement("SELECT * FROM template_users AS tu LEFT OUTER JOIN customlists AS c ON tu.tu_template_id=c.cl_list_slno WHERE
  59                                      tu.tu_user_id=? AND c.cl_list_type=3 AND cl_list_id=? AND cl_deleted=0 ORDER BY tu.tu_template_order,
  60                                      c.cl_list_item_long",array($_SESSION['authId'],$list_id));
  61         while($rowTemplates = sqlFetchArray($resTemplates)){
  62         echo "<option value='".htmlspecialchars($rowTemplates['cl_list_slno'],ENT_QUOTES)."'>".htmlspecialchars($rowTemplates['cl_list_item_long'],ENT_QUOTES)."</option>";
  63         }
  64     echo "</select>";
  65     }
  66 }
  67 else if($Source=="save_provider"){
  68     $arr = explode("|",$multi);
  69     for($i=0;$i<sizeof($arr)-1;$i++){
  70         $cnt = sqlNumRows(sqlStatement("SELECT * FROM template_users WHERE tu_user_id=? AND tu_template_id=?",array($arr[$i],$list_id)));
  71         if(!$cnt){
  72         sqlInsert("INSERT INTO template_users (tu_user_id,tu_template_id) VALUES (?,?)",array($arr[$i],$list_id));
  73         }
  74     }
  75 }
  76 else if($Source=="add_item"){
  77     $row = sqlQuery("SELECT max(cl_order)+1 as order1 FROM customlists WHERE cl_list_id=?",array($templateid));
  78     $order = $row['order1'];
  79     $newid = sqlInsert("INSERT INTO customlists (cl_list_id,cl_list_type,cl_list_item_long,cl_order,cl_creator) VALUES (?,?,?,?,?)",array($templateid,4,$item,$order,$_SESSION['authId']));
  80     sqlInsert("INSERT INTO template_users (tu_user_id,tu_template_id,tu_template_order) VALUES (?,?,?)",array($_SESSION['authId'],$newid,$order));
  81 }
  82 else if($Source=="delete_item"){
  83     sqlStatement("DELETE FROM template_users WHERE tu_template_id=? AND tu_user_id=?",array($item,$_SESSION['authId']));
  84 }
  85 else if($Source=="update_item"){
  86     $row = sqlQuery("SELECT max(cl_order)+1 as order1 FROM customlists WHERE cl_list_id=?",array($templateid));
  87     $order = $row['order1'];
  88     $newid = sqlInsert("INSERT INTO customlists (cl_list_id,cl_list_type,cl_list_item_long,cl_order,cl_creator) VALUES (?,?,?,?,?)",array($templateid,4,$content,$order,$_SESSION['authId']));
  89     sqlStatement("UPDATE template_users SET tu_template_id=? WHERE tu_template_id=? AND tu_user_id=?",array($newid,$item,$_SESSION['authId']));
  90 }
  91 else if($Source=='item_show'){
  92     $sql = "SELECT * FROM customlists WHERE cl_list_id=? AND cl_list_type=4 AND cl_deleted=0";
  93     $res = sqlStatement($sql,array($list_id));
  94     $selcat = sqlQuery("SELECT * FROM customlists WHERE cl_list_slno=? AND cl_list_type=3 AND cl_deleted=0",array($list_id));
  95     $selcont = sqlQuery("SELECT * FROM customlists WHERE cl_list_slno=? AND cl_list_type=2 AND cl_deleted=0",array($selcat['cl_list_id']));
  96     $cnt =sqlNumRows($res);
  97     if($cnt){
  98         echo "<table width='100%'>";
  99         echo "<tr class='text'><th colspan=2  style='background-color:#ffffff'>".htmlspecialchars(xl('Preview of')," ".$selcat['cl_list_item_long']."(".$selcont['cl_list_item_long'].")",ENT_QUOTES)."</th></tr>";
 100         $i=0;
 101         while($row=sqlFetchArray($res)){
 102             $i++;
 103             $class = ($class=='reportTableOddRow') ? 'reportTableEvenRow' : 'reportTableOddRow';
 104             echo "<tr class='text'><td style='background-color:#ffffff'>".$i."</td><td style='background-color:#ffffff'>".htmlspecialchars($row['cl_list_item_long'],ENT_QUOTES)."</td></tr>";
 105         }
 106         echo "</table>";
 107     }
 108     else{
 109         echo "<table width='100%'>";
 110         echo "<tr class='text'><th colspan=2  style='background-color:#ffffff'>".htmlspecialchars(xl('No items under selected category'),ENT_QUOTES)."</th></tr>";
 111         echo "</table>";
 112     }
 113     $Source="add_template";
 114 }
 115 else if($Source=='check_item'){
 116     $sql=sqlStatement("SELECT * FROM template_users WHERE tu_template_id=? AND tu_user_id=?",array($item,$list_id));
 117     $cnt=sqlNumRows($sql);
 118     if($cnt){
 119         echo htmlspecialchars(xl("OK"),ENT_QUOTES);
 120     }
 121     else{
 122         echo htmlspecialchars(xl("FAIL"),ENT_QUOTES);
 123     }
 124     $Source="add_template";
 125 }
 126 else if($Source=='display_item'){
 127     $multi = preg_replace('/\|$/','',$multi);
 128     $val = str_replace("|",",",$multi);
 129     echo "<select multiple name='topersonalizeditem[]' id='topersonalizeditem' size='6' style='width:220px' onchange='display_item()'>";
 130     $resTemplates = sqlStatement("SELECT * FROM customlists WHERE cl_list_type=4 AND cl_deleted=0 AND cl_list_id IN ($val) ORDER BY cl_list_item_long");
 131         while($rowTemplates = sqlFetchArray($resTemplates)){
 132         echo "<option value='".htmlspecialchars($rowTemplates['cl_list_slno'],ENT_QUOTES)."'>".htmlspecialchars($rowTemplates['cl_list_item_long'],ENT_QUOTES)."</option>";
 133         }
 134     echo "</select>";
 135     $Source="add_template";
 136 }
 137 else if($Source=='delete_category'){
 138     $res = sqlStatement("SELECT * FROM template_users AS tu LEFT OUTER JOIN users AS u ON tu.tu_user_id=u.id WHERE tu_template_id=? AND tu.tu_user_id!=?",array($templateid,$_SESSION['authId']));
 139     $users ='';
 140     $i=0;
 141     while($row=sqlFetchArray($res)){
 142         $i++;
 143         $users .= $i.")".$row['fname']." ".$row['lname']."\n";
 144     }
 145     echo htmlspecialchars($users,ENT_QUOTES);
 146     $Source="add_template";
 147 }
 148 else if($Source=='delete_full_category'){
 149     sqlStatement("UPDATE customlists SET cl_deleted=? WHERE cl_list_slno=?",array(1,$templateid));
 150     sqlStatement("DELETE template_users WHERE tu_template_id=?",array($templateid));
 151     $res = sqlStatement("SELECT * FROM customlists AS cl WHERE cl_list_id=?",array($templateid));
 152     while($row=sqlFetchArray($res)){
 153         sqlStatement("UPDATE customlists SET cl_deleted=1 WHERE cl_list_slno=?",array($row['cl_list_slno']));
 154         sqlStatement("DELETE template_users WHERE tu_template_id=?",array($row['cl_list_slno']));
 155     }
 156
 157     $Source="add_template";
 158 }
 159 else if($Source=='checkcontext'){
 160     $res = sqlStatement("SELECT * FROM customlists WHERE cl_deleted=0 AND cl_list_type=3 AND cl_list_id=?",array($list_id));
 161     if(sqlNumRows($res)){
 162         echo "1";
 163     }
 164     else{
 165         echo "0";
 166     }
 167     $Source="add_template";
 168 }
 169 if($Source!="add_template"){
 170     $res= sqlStatement("SELECT * FROM customlists AS cl LEFT  OUTER JOIN template_users AS tu ON cl.cl_list_slno=tu.tu_template_id
 171                         WHERE cl_list_type=4 AND cl_list_id=? AND cl_deleted=0 AND tu.tu_user_id=? ORDER BY tu.tu_template_order",
 172                         array($templateid,$_SESSION['authId']));
 173     $i=0;
 174     while($row = sqlFetchArray($res)){
 175         $i++;
 176         echo "<li id='clorder_".htmlspecialchars($row['cl_list_slno'],ENT_QUOTES)."' style='cursor:pointer'><span>";
 177         if(acl_check('nationnotes', 'nn_configure')){
 178         echo "<img src='../../images/b_edit.png' onclick=update_item_div('".htmlspecialchars($row['cl_list_slno'],ENT_QUOTES)."')>";
 179         }
 180         echo "<div style='display:inline' id='".htmlspecialchars($row['cl_list_slno'],ENT_QUOTES)."' onclick=\"moveOptions_11('".htmlspecialchars($row['cl_list_slno'],ENT_QUOTES)."', 'textarea1');\">".htmlspecialchars($row['cl_list_item_long'],ENT_QUOTES)."</div>";
 181         if(acl_check('nationnotes', 'nn_configure')){
 182         echo "<img src='../../images/deleteBtn.png' onclick=\"delete_item('".htmlspecialchars($row['cl_list_slno'],ENT_QUOTES)."')\">";
 183         echo "<div id='update_item".htmlspecialchars($row['cl_list_slno'],ENT_QUOTES)."' style='display:none'><textarea name='update_item_txt".htmlspecialchars($row['cl_list_slno'],ENT_QUOTES)."' id='update_item_txt".htmlspecialchars($row['cl_list_slno'],ENT_QUOTES)."'>".htmlspecialchars($row['cl_list_item_long'],ENT_QUOTES)."</textarea></br>";
 184         echo "<input type='button' name='update' onclick=update_item('".$row['cl_list_slno']."') value='".htmlspecialchars(xl('Update'),ENT_QUOTES)."'><input type='button' name='cancel' value='". htmlspecialchars(xl('Cancel'),ENT_QUOTES)."' onclick=cancel_item('".htmlspecialchars($row['cl_list_slno'],ENT_QUOTES)."')></div>";
 185         }
 186         echo "</span></li>";
 187     }
 188     if(acl_check('nationnotes', 'nn_configure') && $templateid){
 189     echo "<li style='cursor:pointer'><span onclick='add_item()'>".htmlspecialchars(xl('Click to add new components'),ENT_QUOTES);
 190     echo "</span><div id='new_item' style='display:none'>";
 191     echo "<textarea name='item' id='item'></textarea></br>";
 192     echo "<input type='button' name='save' value='". htmlspecialchars(xl('Save'),ENT_QUOTES)."' onclick='save_item()'><input type='button' name='cancel' value='". htmlspecialchars(xl('Cancel'),ENT_QUOTES)."' onclick=cancel_item('".htmlspecialchars($row['cl_list_slno'],ENT_QUOTES)."')></div></li>";
 193     }
 194 }
 195 ?>