library/ajax/addlistitem.php

   1 <?php
   2 /**
   3  * This file is used to add an item to the list_options table
   4  *
   5  * OUTPUT
   6  *   on error = NULL
   7  *   on succcess = JSON data, array of "value":"title" for new list of options
   8  *
   9  * @package   OpenEMR
  10  * @link      http://www.open-emr.org
  11  * @author    Jason Morrill <jason@italktech.net>
  12  * @author    Brady Miller <brady.g.miller@gmail.com>
  13  * @author    Daniel Ehrlich <daniel.ehrlich1@gmail.com>
  14  * @copyright Copyright (c) 2009 Jason Morrill <jason@italktech.net>
  15  * @copyright Copyright (c) 2018 Brady Miller <brady.g.miller@gmail.com>
  16  * @copyright Copyright (c) 2018 Daniel Ehrlich <daniel.ehrlich1@gmail.com>
  17  * @license   https://github.com/openemr/openemr/blob/master/LICENSE GNU General Public License 3
  18  */
  19
  20
  21 require_once("../../interface/globals.php");
  22
  23 //verify csrf
  24 if (!verifyCsrfToken($_GET["csrf_token_form"])) {
  25     echo json_encode(array("error"=> xl('Authentication Error') ));
  26     exit;
  27 }
  28
  29 // check for required values
  30 if ($_GET['listid'] == "" || trim($_GET['newitem']) == "" || trim($_GET['newitem_abbr']) == "") {
  31     exit;
  32 }
  33
  34 // set the values for the new list item
  35 $is_default = 0;
  36 $list_id = $_GET['listid'];
  37 $title = trim($_GET['newitem']);
  38 $option_id = trim($_GET['newitem_abbr']);
  39 $option_value = 0;
  40
  41 // make sure we're not adding a duplicate title or id
  42 $exists_title = sqlQuery("SELECT * FROM list_options WHERE ".
  43     " list_id= ? ".
  44     " and title = ? AND activity = 1", array($list_id, $title));
  45 if ($exists_title) {
  46     echo json_encode(array("error"=> xl('Record already exist') ));
  47     exit;
  48 }
  49
  50 $exists_id = sqlQuery("SELECT * FROM list_options WHERE ".
  51     " list_id= ?".
  52     "AND option_id = ?". "AND activity = 1", array($list_id, $option_id));
  53 if ($exists_id) {
  54     echo json_encode(array("error"=> xl('Record already exist') ));
  55     exit;
  56 }
  57
  58 // determine the sequential order of the new item,
  59 // it should be the maximum number for the specified list plus one
  60 $seq = 0;
  61 $row = sqlQuery("SELECT max(seq) as maxseq FROM list_options WHERE list_id = ? AND activity = 1", array($list_id));
  62 $seq = $row['maxseq']+1;
  63
  64 // add the new list item
  65 $rc = sqlInsert("INSERT INTO list_options ( " .
  66     "list_id, option_id, title, seq, is_default, option_value ) VALUES ( ?, ?, ?, ?, ?, ? )", array($list_id, $option_id, $title, $seq, $is_default, $option_value));
  67
  68 // return JSON data of list items on success
  69 echo '{ "error":"", "options": [';
  70 // send the 'Unassigned' empty variable
  71 echo '{"id":"","title":"' . xl('Unassigned') . '"}';
  72 $comma = ",";
  73 $lres = sqlStatement("SELECT * FROM list_options WHERE list_id = ? AND activity = 1 ORDER BY seq", array($list_id));
  74 while ($lrow = sqlFetchArray($lres)) {
  75     echo $comma;
  76     echo '{"id":"'.$lrow['option_id'].'",';
  77
  78     // translate title if translate-lists flag set and not english
  79     if ($GLOBALS['translate_lists'] && $_SESSION['language_choice'] > 1) {
  80         echo '"title":"' . xl($lrow['title']) .'"}';
  81     } else {
  82         echo '"title":"'.$lrow['title'].'"}';
  83     }
  84 }
  85
  86 echo "]}";
  87 exit;