search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
addresses vulnerabilities reported at http://secunia.com/advisories/22695
[openemr.git] / interface / drugs / add_edit_lot.php
blob352c45ec846d716777e725b549fd333cf06abef2
1 <?php
2 // Copyright (C) 2006 Rod Roark <rod@sunsetsystems.com>
3 //
4 // This program is free software; you can redistribute it and/or
5 // modify it under the terms of the GNU General Public License
6 // as published by the Free Software Foundation; either version 2
7 // of the License, or (at your option) any later version.
8
9 require_once("../globals.php");
10 require_once("$srcdir/acl.inc");
11 require_once("drugs.inc.php");
12
13 function QuotedOrNull($fld) {
14 if ($fld) return "'$fld'";
15 return "NULL";
16 }
17
18 $drug_id = $_REQUEST['drug'];
19 $lot_id = $_REQUEST['lot'];
20 $info_msg = "";
21
22 if (!acl_check('admin', 'drugs')) die("Not authorized!");
23 if (!$drug_id) die("Drug ID missing!");
24 ?>
25 <html>
26 <head>
27 <title><?php echo $lot_id ? xl("Edit") : xl("Add New"); xl(' Lot', 'e'); ?></title>
28 <link rel=stylesheet href='<?php echo $css_header ?>' type='text/css'>
29
30 <style>
31 td { font-size:10pt; }
32 </style>
33
34 <style type="text/css">@import url(../../library/dynarch_calendar.css);</style>
35 <script type="text/javascript" src="../../library/textformat.js"></script>
36 <script type="text/javascript" src="../../library/dynarch_calendar.js"></script>
37 <script type="text/javascript" src="../../library/dynarch_calendar_en.js"></script>
38 <script type="text/javascript" src="../../library/dynarch_calendar_setup.js"></script>
39
40 <script language="JavaScript">
41 var mypcc = '<?php echo $GLOBALS['phone_country_code'] ?>';
42 </script>
43
44 </head>
45
46 <body <?php echo $top_bg_line;?>>
47 <?php
48 // If we are saving, then save and close the window.
49 //
50 if ($_POST['form_save'] || $_POST['form_delete']) {
51 if ($lot_id) {
52 if ($_POST['form_save']) {
53 sqlStatement("UPDATE drug_inventory SET " .
54 "lot_number = '" . $_POST['form_lot_number'] . "', " .
55 "manufacturer = '" . $_POST['form_manufacturer'] . "', " .
56 "expiration = " . QuotedOrNull($form_expiration) . ", " .
57 "on_hand = '" . $_POST['form_on_hand'] . "' " .
58 "WHERE drug_id = '$drug_id' AND inventory_id = '$lot_id'");
59 } else {
60 sqlStatement("DELETE FROM drug_inventory WHERE drug_id = '$drug_id' AND inventory_id = '$lot_id'");
61 }
62 } else {
63 $lot_id = sqlInsert("INSERT INTO drug_inventory ( " .
64 "drug_id, lot_number, manufacturer, expiration, on_hand " .
65 ") VALUES ( " .
66 "'$drug_id', " .
67 "'" . $_POST['form_lot_number'] . "', " .
68 "'" . $_POST['form_manufacturer'] . "', " .
69 QuotedOrNull($form_expiration) . ", " .
70 "'" . $_POST['form_on_hand'] . "' " .
71 ")");
72 }
73
74 // Close this window and redisplay the updated list of drugs.
75 //
76 echo "<script language='JavaScript'>\n";
77 if ($info_msg) echo " alert('$info_msg');\n";
78 echo " window.close();\n";
79 echo " if (opener.refreshme) opener.refreshme();\n";
80 echo "</script></body></html>\n";
81 exit();
82 }
83
84 if ($lot_id) {
85 $row = sqlQuery("SELECT * FROM drug_inventory WHERE drug_id = '$drug_id' " .
86 "AND inventory_id = '$lot_id'");
87 }
88 ?>
89
90 <form method='post' name='theform' action='add_edit_lot.php?drug=<?php echo $drug_id ?>&lot=<?php echo $lot_id ?>'>
91 <center>
92
93 <table border='0' width='100%'>
94
95 <tr>
96 <td valign='top' width='1%' nowrap><b><?php xl('Lot Number','e'); ?>:</b></td>
97 <td>
98 <input type='text' size='40' name='form_lot_number' maxlength='40' value='<?php echo $row['lot_number'] ?>' style='width:100%' />
99 </td>
100 </tr>
101
102 <tr>
103 <td valign='top' nowrap><b><?php xl('Manufacturer','e'); ?>:</b></td>
104 <td>
105 <input type='text' size='40' name='form_manufacturer' maxlength='250' value='<?php echo $row['manufacturer'] ?>' style='width:100%' />
106 </td>
107 </tr>
108
109 <tr>
110 <td valign='top' nowrap><b><?php xl('Expiration','e'); ?>:</b></td>
111 <td>
112 <input type='text' size='10' name='form_expiration' id='form_expiration'
113 value='<?php echo $row['expiration'] ?>'
114 onkeyup='datekeyup(this,mypcc)' onblur='dateblur(this,mypcc)'
115 title='yyyy-mm-dd date of expiration' />
116 <img src='../pic/show_calendar.gif' align='absbottom' width='24' height='22'
117 id='img_expiration' border='0' alt='[?]' style='cursor:pointer'
118 title='Click here to choose a date'>
119 </td>
120 </tr>
121
122 <tr>
123 <td valign='top' nowrap><b><?php xl('On Hand','e'); ?>:</b></td>
124 <td>
125 <input type='text' size='5' name='form_on_hand' maxlength='7' value='<?php echo $row['on_hand'] ?>' />
126 </td>
127 </tr>
128
129 </table>
130
131 <p>
132 <input type='submit' name='form_save' value='<?php xl('Save','e'); ?>' />
133
134 &nbsp;
135 <input type='button' value='<?php xl('Destroy...','e'); ?>'
136 onclick="window.location.href='destroy_lot.php?drug=<?php echo $drug_id ?>&lot=<?php echo $lot_id ?>'" />
137
138 &nbsp;
139 <input type='button' value='<?php xl('Cancel','e'); ?>' onclick='window.close()' />
140 </p>
141
142 </center>
143 </form>
144 <script language='JavaScript'>
145 Calendar.setup({inputField:"form_expiration", ifFormat:"%Y-%m-%d", button:"img_expiration"});
146 </script>
147 </body>
148 </html>
Mirror of official OpenEMR Sourceforge repository