search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
addresses vulnerabilities reported at http://secunia.com/advisories/22695
[openemr.git] / interface / drugs / destroy_lot.php
blob9edd4b292d441133b8c76a3d4e5f86681999c969
1 <?php
2 // Copyright (C) 2006 Rod Roark <rod@sunsetsystems.com>
3 //
4 // This program is free software; you can redistribute it and/or
5 // modify it under the terms of the GNU General Public License
6 // as published by the Free Software Foundation; either version 2
7 // of the License, or (at your option) any later version.
8
9 require_once("../globals.php");
10 require_once("$srcdir/acl.inc");
11 require_once("drugs.inc.php");
12
13 function QuotedOrNull($fld) {
14 if ($fld) return "'$fld'";
15 return "NULL";
16 }
17
18 $drug_id = $_REQUEST['drug'];
19 $lot_id = $_REQUEST['lot'];
20 $info_msg = "";
21
22 if (!acl_check('admin', 'drugs')) die("Not authorized!");
23 if (!$drug_id) die("Drug ID missing!");
24 if (!$lot_id ) die("Lot ID missing!");
25 ?>
26 <html>
27 <head>
28 <title><?php xl ('Destroy Lot','e') ?></title>
29 <link rel=stylesheet href='<?php echo $css_header ?>' type='text/css'>
30
31 <style>
32 td { font-size:10pt; }
33 </style>
34
35 <style type="text/css">@import url(../../library/dynarch_calendar.css);</style>
36 <script type="text/javascript" src="../../library/textformat.js"></script>
37 <script type="text/javascript" src="../../library/dynarch_calendar.js"></script>
38 <script type="text/javascript" src="../../library/dynarch_calendar_en.js"></script>
39 <script type="text/javascript" src="../../library/dynarch_calendar_setup.js"></script>
40
41 <script language="JavaScript">
42 var mypcc = '<?php echo $GLOBALS['phone_country_code'] ?>';
43 </script>
44
45 </head>
46
47 <body <?php echo $top_bg_line;?>>
48 <?php
49 // If we are saving, then save and close the window.
50 //
51 if ($_POST['form_save']) {
52 sqlStatement("UPDATE drug_inventory SET " .
53 "destroy_date = " . QuotedOrNull($form_date) . ", " .
54 "destroy_method = '" . $_POST['form_method'] . "', " .
55 "destroy_witness = '" . $_POST['form_witness'] . "', " .
56 "destroy_notes = '" . $_POST['form_notes'] . "' " .
57 "WHERE drug_id = '$drug_id' AND inventory_id = '$lot_id'");
58
59 // Close this window and redisplay the updated list of drugs.
60 //
61 echo "<script language='JavaScript'>\n";
62 if ($info_msg) echo " alert('$info_msg');\n";
63 echo " window.close();\n";
64 echo " if (opener.refreshme) opener.refreshme();\n";
65 echo "</script></body></html>\n";
66 exit();
67 }
68
69 $row = sqlQuery("SELECT * FROM drug_inventory WHERE drug_id = '$drug_id' " .
70 "AND inventory_id = '$lot_id'");
71 ?>
72
73 <form method='post' name='theform' action='destroy_lot.php?drug=<?php echo $drug_id ?>&lot=<?php echo $lot_id ?>'>
74 <center>
75
76 <table border='0' width='100%'>
77
78 <tr>
79 <td valign='top' width='1%' nowrap><b><?php xl('Lot Number','e'); ?>:</b></td>
80 <td>
81 <?php echo $row['lot_number'] ?>
82 </td>
83 </tr>
84
85 <tr>
86 <td valign='top' nowrap><b><?php xl('Manufacturer','e'); ?>:</b></td>
87 <td>
88 <?php echo $row['manufacturer'] ?>
89 </td>
90 </tr>
91
92 <tr>
93 <td valign='top' nowrap><b><?php xl('Quantity On Hand','e'); ?>:</b></td>
94 <td>
95 <?php echo $row['on_hand'] ?>
96 </td>
97 </tr>
98
99 <tr>
100 <td valign='top' nowrap><b><?php xl('Expiration Date','e'); ?>:</b></td>
101 <td>
102 <?php echo $row['expiration'] ?>
103 </td>
104 </tr>
105
106 <tr>
107 <td valign='top' nowrap><b><?php xl('Date Destroyed','e'); ?>:</b></td>
108 <td>
109 <input type='text' size='10' name='form_date' id='form_date'
110 value='<?php echo $row['destroy_date'] ? $row['destroy_date'] : date("Y-m-d"); ?>'
111 onkeyup='datekeyup(this,mypcc)' onblur='dateblur(this,mypcc)'
112 title='yyyy-mm-dd date destroyed' />
113 <img src='../pic/show_calendar.gif' align='absbottom' width='24' height='22'
114 id='img_date' border='0' alt='[?]' style='cursor:pointer'
115 title='Click here to choose a date'>
116 </td>
117 </tr>
118
119 <tr>
120 <td valign='top' nowrap><b><?php xl('Method of Destruction','e'); ?>:</b></td>
121 <td>
122 <input type='text' size='40' name='form_method' maxlength='250'
123 value='<?php echo $row['destroy_method'] ?>' style='width:100%' />
124 </td>
125 </tr>
126
127 <tr>
128 <td valign='top' nowrap><b><?php xl('Witness','e'); ?>:</b></td>
129 <td>
130 <input type='text' size='40' name='form_witness' maxlength='250'
131 value='<?php echo $row['destroy_witness'] ?>' style='width:100%' />
132 </td>
133 </tr>
134
135 <tr>
136 <td valign='top' nowrap><b><?php xl('Notes','e'); ?>:</b></td>
137 <td>
138 <input type='text' size='40' name='form_notes' maxlength='250'
139 value='<?php echo $row['destroy_notes'] ?>' style='width:100%' />
140 </td>
141 </tr>
142
143 </table>
144
145 <p>
146 <input type='submit' name='form_save' value='<?php xl('Submit','e') ;?>' />
147
148 &nbsp;
149 <input type='button' value='<?php xl('Cancel','e'); ?>' onclick='window.close()' />
150 </p>
151
152 </center>
153 </form>
154 <script language='JavaScript'>
155 Calendar.setup({inputField:"form_date", ifFormat:"%Y-%m-%d", button:"img_date"});
156 </script>
157 </body>
158 </html>
Mirror of official OpenEMR Sourceforge repository