2 // Copyright (C) 2005-2013 Rod Roark <rod@sunsetsystems.com>
4 // This program is free software; you can redistribute it and/or
5 // modify it under the terms of the GNU General Public License
6 // as published by the Free Software Foundation; either version 2
7 // of the License, or (at your option) any later version.
9 require_once("../globals.php");
10 require_once("$srcdir/log.inc");
11 require_once("$srcdir/acl.inc");
12 require_once("$srcdir/sl_eob.inc.php");
14 $patient = $_REQUEST['patient'];
15 $encounterid = $_REQUEST['encounterid'];
16 $formid = $_REQUEST['formid'];
17 $issue = $_REQUEST['issue'];
18 $document = $_REQUEST['document'];
19 $payment = $_REQUEST['payment'];
20 $billing = $_REQUEST['billing'];
21 $transaction = $_REQUEST['transaction'];
25 // Delete rows, with logging, for the specified table using the
26 // specified WHERE clause.
28 function row_delete($table, $where) {
29 $tres = sqlStatement("SELECT * FROM $table WHERE $where");
31 while ($trow = sqlFetchArray($tres)) {
33 foreach ($trow as $key => $value) {
34 if (! $value ||
$value == '0000-00-00 00:00:00') continue;
35 if ($logstring) $logstring .= " ";
36 $logstring .= $key . "='" . addslashes($value) . "'";
38 newEvent("delete", $_SESSION['authUser'], $_SESSION['authProvider'], 1, "$table: $logstring");
42 $query = "DELETE FROM $table WHERE $where";
43 echo $query . "<br>\n";
48 // Deactivate rows, with logging, for the specified table using the
49 // specified SET and WHERE clauses.
51 function row_modify($table, $set, $where) {
52 if (sqlQuery("SELECT * FROM $table WHERE $where")) {
53 newEvent("deactivate", $_SESSION['authUser'], $_SESSION['authProvider'], 1, "$table: $where");
54 $query = "UPDATE $table SET $set WHERE $where";
55 echo $query . "<br>\n";
60 // We use this to put dashes, colons, etc. back into a timestamp.
62 function decorateString($fmt, $str) {
65 $fc = substr($fmt, 0, 1);
66 $fmt = substr($fmt, 1);
68 $res .= substr($str, 0, 1);
69 $str = substr($str, 1);
77 // Delete and undo product sales for a given patient or visit.
78 // This is special because it has to replace the inventory.
80 function delete_drug_sales($patient_id, $encounter_id=0) {
81 $where = $encounter_id ?
"ds.encounter = '$encounter_id'" :
82 "ds.pid = '$patient_id' AND ds.encounter != 0";
83 sqlStatement("UPDATE drug_sales AS ds, drug_inventory AS di " .
84 "SET di.on_hand = di.on_hand + ds.quantity " .
85 "WHERE $where AND di.inventory_id = ds.inventory_id");
87 row_delete("drug_sales", "encounter = '$encounter_id'");
90 row_delete("drug_sales", "pid = '$patient_id'");
94 // Delete a form's data from its form-specific table.
96 function form_delete($formdir, $formid) {
97 $formdir = ($formdir == 'newpatient') ?
'encounter' : $formdir;
98 if (substr($formdir,0,3) == 'LBF') {
99 row_delete("lbf_data", "form_id = '$formid'");
101 else if ($formdir == 'procedure_order') {
102 $tres = sqlStatement("SELECT procedure_report_id FROM procedure_report " .
103 "WHERE procedure_order_id = ?", array($formid));
104 while ($trow = sqlFetchArray($tres)) {
105 $reportid = 0 +
$trow['procedure_report_id'];
106 row_delete("procedure_result", "procedure_report_id = '$reportid'");
108 row_delete("procedure_report", "procedure_order_id = '$formid'");
109 row_delete("procedure_order_code", "procedure_order_id = '$formid'");
110 row_delete("procedure_order", "procedure_order_id = '$formid'");
113 row_delete("form_$formdir", "id = '$formid'");
117 // Delete a specified document including its associated relations and file.
119 function delete_document($document) {
120 $trow = sqlQuery("SELECT url FROM documents WHERE id = '$document'");
122 row_delete("categories_to_documents", "document_id = '$document'");
123 row_delete("documents", "id = '$document'");
124 row_delete("gprelations", "type1 = 1 AND id1 = '$document'");
125 if (substr($url, 0, 7) == 'file://') {
126 @unlink
(substr($url, 7));
132 <?php
html_header_show();?
>
133 <title
><?php
xl('Delete Patient, Encounter, Form, Issue, Document, Payment, Billing or Transaction','e'); ?
></title
>
134 <link rel
="stylesheet" href
='<?php echo $css_header ?>' type
='text/css'>
137 td
{ font
-size
:10pt
; }
140 <script language
="javascript">
141 function submit_form()
143 document
.deletefrm
.submit();
145 // Java script function for closing the popup
146 function popup_close() {
147 if(parent
.$
==undefined
) {
151 parent
.$
.fn
.fancybox
.close();
157 <body
class="body_top">
159 // If the delete is confirmed...
161 if ($_POST['form_submit']) {
164 if (!acl_check('admin', 'super')) die("Not authorized!");
165 row_modify("billing" , "activity = 0", "pid = '$patient'");
166 row_modify("pnotes" , "deleted = 1" , "pid = '$patient'");
167 // row_modify("prescriptions" , "active = 0" , "patient_id = '$patient'");
168 row_delete("prescriptions" , "patient_id = '$patient'");
169 row_delete("claims" , "patient_id = '$patient'");
170 delete_drug_sales($patient);
171 row_delete("payments" , "pid = '$patient'");
172 row_delete("ar_activity" , "pid = '$patient'");
173 row_delete("openemr_postcalendar_events", "pc_pid = '$patient'");
174 row_delete("immunizations" , "patient_id = '$patient'");
175 row_delete("issue_encounter", "pid = '$patient'");
176 row_delete("lists" , "pid = '$patient'");
177 row_delete("transactions" , "pid = '$patient'");
178 row_delete("employer_data" , "pid = '$patient'");
179 row_delete("history_data" , "pid = '$patient'");
180 row_delete("insurance_data" , "pid = '$patient'");
182 $res = sqlStatement("SELECT * FROM forms WHERE pid = '$patient'");
183 while ($row = sqlFetchArray($res)) {
184 form_delete($row['formdir'], $row['form_id']);
186 row_delete("forms", "pid = '$patient'");
188 // integration_mapping is used for sql-ledger and is virtually obsolete now.
189 $row = sqlQuery("SELECT id FROM patient_data WHERE pid = '$patient'");
190 row_delete("integration_mapping", "local_table = 'patient_data' AND " .
191 "local_id = '" . $row['id'] . "'");
193 // Delete all documents for the patient.
194 $res = sqlStatement("SELECT id FROM documents WHERE foreign_id = '$patient'");
195 while ($row = sqlFetchArray($res)) {
196 delete_document($row['id']);
199 // This table exists only for athletic teams.
200 $tmp = sqlQuery("SHOW TABLES LIKE 'daily_fitness'");
202 row_delete("daily_fitness", "pid = '$patient'");
205 row_delete("patient_data", "pid = '$patient'");
207 else if ($encounterid) {
208 if (!acl_check('admin', 'super')) die("Not authorized!");
209 row_modify("billing", "activity = 0", "encounter = '$encounterid'");
210 delete_drug_sales(0, $encounterid);
211 row_delete("ar_activity", "encounter = '$encounterid'");
212 row_delete("claims", "encounter_id = '$encounterid'");
213 row_delete("issue_encounter", "encounter = '$encounterid'");
214 $res = sqlStatement("SELECT * FROM forms WHERE encounter = '$encounterid'");
215 while ($row = sqlFetchArray($res)) {
216 form_delete($row['formdir'], $row['form_id']);
218 row_delete("forms", "encounter = '$encounterid'");
221 if (!acl_check('admin', 'super')) die("Not authorized!");
222 $row = sqlQuery("SELECT * FROM forms WHERE id = '$formid'");
223 $formdir = $row['formdir'];
224 if (! $formdir) die("There is no form with id '$formid'");
225 form_delete($formdir, $row['form_id']);
226 row_delete("forms", "id = '$formid'");
229 if (!acl_check('admin', 'super')) die("Not authorized!");
230 row_delete("issue_encounter", "list_id = '$issue'");
231 row_delete("lists", "id = '$issue'");
233 else if ($document) {
234 if (!acl_check('admin', 'super')) die("Not authorized!");
235 delete_document($document);
238 if (!acl_check('admin', 'super')) die("Not authorized!");
239 list($patient_id, $timestamp, $ref_id) = explode(".", $payment);
240 // if (empty($ref_id)) $ref_id = -1;
241 $timestamp = decorateString('....-..-.. ..:..:..', $timestamp);
242 $payres = sqlStatement("SELECT * FROM payments WHERE " .
243 "pid = '$patient_id' AND dtime = '$timestamp'");
244 while ($payrow = sqlFetchArray($payres)) {
245 if ($payrow['encounter']) {
247 // The session ID passed in is useless. Look for the most recent
248 // patient payment session with pay total matching pay amount and with
249 // no adjustments. The resulting session ID may be 0 (no session) which
250 // is why we start with -1.
251 $tpmt = $payrow['amount1'] +
$payrow['amount2'];
252 $seres = sqlStatement("SELECT " .
253 "SUM(pay_amount) AS pay_amount, session_id " .
254 "FROM ar_activity WHERE " .
255 "pid = '$patient_id' AND " .
256 "encounter = '" . $payrow['encounter'] . "' AND " .
257 "payer_type = 0 AND " .
258 "adj_amount = 0.00 " .
259 "GROUP BY session_id ORDER BY session_id DESC");
260 while ($serow = sqlFetchArray($seres)) {
261 if (sprintf("%01.2f", $serow['adj_amount']) != 0.00) continue;
262 if (sprintf("%01.2f", $serow['pay_amount'] - $tpmt) == 0.00) {
263 $ref_id = $serow['session_id'];
268 die(xlt('Unable to match this payment in ar_activity') . ": $tpmt");
270 // Delete the payment.
271 row_delete("ar_activity",
272 "pid = '$patient_id' AND " .
273 "encounter = '" . $payrow['encounter'] . "' AND " .
274 "payer_type = 0 AND " .
275 "pay_amount != 0.00 AND " .
276 "adj_amount = 0.00 AND " .
277 "session_id = '$ref_id'");
279 row_delete("ar_session",
280 "patient_id = '$patient_id' AND " .
281 "session_id = '$ref_id'");
285 // Encounter is 0! Seems this happens for pre-payments.
286 $tpmt = sprintf("%01.2f", $payrow['amount1'] +
$payrow['amount2']);
287 row_delete("ar_session",
288 "patient_id = '$patient_id' AND " .
289 "payer_id = 0 AND " .
290 "reference = '" . add_escape_custom($payrow['source']) . "' AND " .
291 "pay_total = '$tpmt' AND " .
292 "(SELECT COUNT(*) FROM ar_activity where ar_activity.session_id = ar_session.session_id) = 0 " .
293 "ORDER BY session_id DESC LIMIT 1");
295 row_delete("payments", "id = '" . $payrow['id'] . "'");
299 if (!acl_check('acct','disc')) die("Not authorized!");
300 list($patient_id, $encounter_id) = explode(".", $billing);
301 if ($GLOBALS['oer_config']['ws_accounting']['enabled'] === 2) {
302 sqlStatement("DELETE FROM ar_activity WHERE " .
303 "pid = '$patient_id' AND encounter = '$encounter_id'");
304 sqlStatement("DELETE ar_session FROM ar_session LEFT JOIN " .
305 "ar_activity ON ar_session.session_id = ar_activity.session_id " .
306 "WHERE ar_activity.session_id IS NULL");
307 row_modify("billing", "activity = 0",
308 "pid = '$patient_id' AND " .
309 "encounter = '$encounter_id' AND " .
310 "code_type = 'COPAY' AND " .
312 sqlStatement("UPDATE form_encounter SET last_level_billed = 0, " .
313 "last_level_closed = 0, stmt_count = 0, last_stmt_date = NULL " .
314 "WHERE pid = '$patient_id' AND encounter = '$encounter_id'");
318 $trans_id = SLQueryValue("SELECT id FROM ar WHERE ar.invnumber = '$billing' LIMIT 1");
320 newEvent("delete", $_SESSION['authUser'], $_SESSION['authProvider'], 1, "Invoice $billing from SQL-Ledger");
321 SLQuery("DELETE FROM acc_trans WHERE trans_id = '$trans_id'");
322 if ($sl_err) die($sl_err);
323 SLQuery("DELETE FROM invoice WHERE trans_id = '$trans_id'");
324 if ($sl_err) die($sl_err);
325 SLQuery("DELETE FROM ar WHERE id = '$trans_id'");
326 if ($sl_err) die($sl_err);
328 $info_msg .= "Invoice '$billing' not found!";
332 sqlStatement("UPDATE drug_sales SET billed = 0 WHERE " .
333 "pid = '$patient_id' AND encounter = '$encounter_id'");
334 updateClaim(true, $patient_id, $encounter_id, -1, -1, 1, 0, ''); // clears for rebilling
336 else if ($transaction) {
337 if (!acl_check('admin', 'super')) die("Not authorized!");
338 row_delete("transactions", "id = '$transaction'");
341 die("Nothing was recognized to delete!");
344 if (! $info_msg) $info_msg = xl('Delete successful.');
346 // Close this window and tell our opener that it's done.
348 echo "<script language='JavaScript'>\n";
349 if ($info_msg) echo " alert('$info_msg');\n";
350 if ($encounterid) //this code need to be same as 'parent.imdeleted($encounterid)' when the popup is div like
352 echo "window.opener.imdeleted($encounterid);\n";
356 echo " if (opener && opener.imdeleted) opener.imdeleted(); else parent.imdeleted();\n";
358 echo " window.close();\n";
359 echo "</script></body></html>\n";
364 <form method
='post' name
="deletefrm" action
='deleter.php?patient=<?php echo $patient ?>&encounterid=<?php echo $encounterid ?>&formid=<?php echo $formid ?>&issue=<?php echo $issue ?>&document=<?php echo $document ?>&payment=<?php echo $payment ?>&billing=<?php echo $billing ?>&transaction=<?php echo $transaction ?>' onsubmit
="javascript:alert('1');document.deleform.submit();">
366 <p
class="text"> 
;<br
><?php
xl('Do you really want to delete','e'); ?
>
370 echo xl('patient') . " $patient";
371 } else if ($encounterid) {
372 echo xl('encounter') . " $encounterid";
373 } else if ($formid) {
374 echo xl('form') . " $formid";
376 echo xl('issue') . " $issue";
377 } else if ($document) {
378 echo xl('document') . " $document";
379 } else if ($payment) {
380 echo xl('payment') . " $payment";
381 } else if ($billing) {
382 echo xl('invoice') . " $billing";
383 } else if ($transaction) {
384 echo xl('transaction') . " $transaction";
386 ?
> <?php
xl('and all subordinate data? This action will be logged','e'); ?
>!</p
>
390 <p
class="text"> 
;<br
>
391 <a href
="#" onclick
="submit_form()" class="css_button"><span
><?php
xl('Yes, Delete and Log','e'); ?
></span
></a
>
392 <input type
='hidden' name
='form_submit' value
=<?php
xl('Yes, Delete and Log','e','\'','\''); ?
>/>
393 <a href
='#' class="css_button" onclick
=popup_close();><span
><?php
echo xl('No, Cancel');?
></span
></a
>
