search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Added option to not show sql queries on the screen
[openemr.git] / interface / patient_file / deleter.php
blob2d6559b425b4eca535aeb6ae697dfef2b75c206e
1 <?php
2 /**
3 * delete tool, for logging and removing patient data.
4 *
5 * Called from many different pages.
6 *
7 * Copyright (C) 2005-2013 Rod Roark <rod@sunsetsystems.com>
8 * Copyright (C) 2015 Roberto Vasquez <robertogagliotta@gmail.com>
9 *
10 * LICENSE: This program is free software; you can redistribute it and/or
11 * modify it under the terms of the GNU General Public License
12 * as published by the Free Software Foundation; either version 2
13 * of the License, or (at your option) any later version.
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
18 * You should have received a copy of the GNU General Public License
19 * along with this program. If not, see <http://opensource.org/licenses/gpl-license.php>;.
20 *
21 * @package OpenEMR
22 * @author Rod Roark <rod@sunsetsystems.com>
23 * @author Roberto Vasquez <robertogagliotta@gmail.com>
24 * @link http://www.open-emr.org
25 */
26
27 $fake_register_globals=false;
28 $sanitize_all_escapes=true;
29
30 require_once('../globals.php');
31 require_once($GLOBALS['srcdir'].'/log.inc');
32 require_once($GLOBALS['srcdir'].'/acl.inc');
33 require_once($GLOBALS['srcdir'].'/sl_eob.inc.php');
34
35 $patient = $_REQUEST['patient'];
36 $encounterid = $_REQUEST['encounterid'];
37 $formid = $_REQUEST['formid'];
38 $issue = $_REQUEST['issue'];
39 $document = $_REQUEST['document'];
40 $payment = $_REQUEST['payment'];
41 $billing = $_REQUEST['billing'];
42 $transaction = $_REQUEST['transaction'];
43
44 $info_msg = "";
45
46 // Delete rows, with logging, for the specified table using the
47 // specified WHERE clause.
48 //
49 function row_delete($table, $where) {
50 $tres = sqlStatement("SELECT * FROM $table WHERE $where");
51 $count = 0;
52 while ($trow = sqlFetchArray($tres)) {
53 $logstring = "";
54 foreach ($trow as $key => $value) {
55 if (! $value || $value == '0000-00-00 00:00:00') continue;
56 if ($logstring) $logstring .= " ";
57 $logstring .= $key . "= '" . $value . "' ";
58 }
59 newEvent("delete", $_SESSION['authUser'], $_SESSION['authProvider'], 1, "$table: $logstring");
60 ++$count;
61 }
62 if ($count) {
63 $query = "DELETE FROM $table WHERE $where";
64 if(!$GLOBALS['sql_string_no_show_screen']){
65 echo text($query) . "<br>\n";
66 }
67
68 sqlStatement($query);
69 }
70 }
71
72 // Deactivate rows, with logging, for the specified table using the
73 // specified SET and WHERE clauses.
74 //
75 function row_modify($table, $set, $where) {
76 if (sqlQuery("SELECT * FROM $table WHERE $where")) {
77 newEvent("deactivate", $_SESSION['authUser'], $_SESSION['authProvider'], 1, "$table: $where");
78 $query = "UPDATE $table SET $set WHERE $where";
79 if(!$GLOBALS['sql_string_no_show_screen']) {
80 echo text($query) . "<br>\n";
81 }
82 sqlStatement($query);
83 }
84 }
85
86 // We use this to put dashes, colons, etc. back into a timestamp.
87 //
88 function decorateString($fmt, $str) {
89 $res = '';
90 while ($fmt) {
91 $fc = substr($fmt, 0, 1);
92 $fmt = substr($fmt, 1);
93 if ($fc == '.') {
94 $res .= substr($str, 0, 1);
95 $str = substr($str, 1);
96 } else {
97 $res .= $fc;
98 }
99 }
100 return $res;
101 }
102
103 // Delete and undo product sales for a given patient or visit.
104 // This is special because it has to replace the inventory.
105 //
106 function delete_drug_sales($patient_id, $encounter_id=0) {
107 $where = $encounter_id ? "ds.encounter = '" . add_escape_custom($encounter_id) . "'" :
108 "ds.pid = '" . add_escape_custom($patient_id) . "' AND ds.encounter != 0";
109 sqlStatement("UPDATE drug_sales AS ds, drug_inventory AS di " .
110 "SET di.on_hand = di.on_hand + ds.quantity " .
111 "WHERE $where AND di.inventory_id = ds.inventory_id");
112 if ($encounter_id) {
113 row_delete("drug_sales", "encounter = '" . add_escape_custom($encounter_id) . "'");
114 }
115 else {
116 row_delete("drug_sales", "pid = '" . add_escape_custom($patient_id ) . "'");
117 }
118 }
119
120 // Delete a form's data from its form-specific table.
121 //
122 function form_delete($formdir, $formid) {
123 $formdir = ($formdir == 'newpatient') ? 'encounter' : $formdir;
124 $formdir = ($formdir == 'newGroupEncounter') ? 'groups_encounter' : $formdir;
125 if (substr($formdir,0,3) == 'LBF') {
126 row_delete("lbf_data", "form_id = '" . add_escape_custom($formid) . "'");
127 }
128 else if ($formdir == 'procedure_order') {
129 $tres = sqlStatement("SELECT procedure_report_id FROM procedure_report " .
130 "WHERE procedure_order_id = ?", array($formid));
131 while ($trow = sqlFetchArray($tres)) {
132 $reportid = 0 + $trow['procedure_report_id'];
133 row_delete("procedure_result", "procedure_report_id = '" . add_escape_custom($reportid) . "'");
134 }
135 row_delete("procedure_report", "procedure_order_id = '" . add_escape_custom($formid) . "'");
136 row_delete("procedure_order_code", "procedure_order_id = '" . add_escape_custom($formid) . "'");
137 row_delete("procedure_order", "procedure_order_id = '" . add_escape_custom($formid) . "'");
138 }
139 else if ($formdir == 'physical_exam') {
140 row_delete("form_$formdir", "forms_id = '" . add_escape_custom($formid) . "'");
141 }
142 else {
143 row_delete("form_$formdir", "id = '" . add_escape_custom($formid) . "'");
144 }
145 }
146
147 // Delete a specified document including its associated relations and file.
148 //
149 function delete_document($document) {
150 $trow = sqlQuery("SELECT url, thumb_url, storagemethod, couch_docid, couch_revid FROM documents WHERE id = ?", array($document));
151 $url = $trow['url'];
152 $thumb_url = $trow['thumb_url'];
153 row_delete("categories_to_documents", "document_id = '" . add_escape_custom($document) . "'");
154 row_delete("documents", "id = '" . add_escape_custom($document) . "'");
155 row_delete("gprelations", "type1 = 1 AND id1 = '" . add_escape_custom($document) . "'");
156
157 switch((int)$trow['storagemethod']) {
158 //for hard disk store
159 case 0:
160 @unlink(substr($url, 7));
161
162 if(!is_null($thumb_url)){
163 @unlink(substr($thumb_url, 7));
164 }
165 break;
166 //for CouchDB store
167 case 1:
168 $couchDB = new CouchDB();
169 $couchDB->DeleteDoc($GLOBALS['couchdb_dbase'], $trow['couch_docid'], $trow['couch_revid']);
170 break;
171 }
172
173 }
174 ?>
175 <html>
176 <head>
177 <?php html_header_show();?>
178 <title><?php echo xlt('Delete Patient, Encounter, Form, Issue, Document, Payment, Billing or Transaction'); ?></title>
179 <link rel="stylesheet" href='<?php echo $css_header ?>' type='text/css'>
180 <script type="text/javascript" src="<?php echo $webroot ?>/interface/main/tabs/js/include_opener.js"></script>
181
182 <style>
183 td { font-size:10pt; }
184 </style>
185
186 <script language="javascript">
187 function submit_form()
188 {
189 document.deletefrm.submit();
190 }
191 // Java script function for closing the popup
192 function popup_close() {
193 if(parent.$==undefined) {
194 window.close();
195 }
196 else {
197 parent.$.fn.fancybox.close();
198 }
199 }
200 </script>
201 </head>
202
203 <body class="body_top">
204 <?php
205 // If the delete is confirmed...
206 //
207 if ($_POST['form_submit']) {
208
209 if ($patient) {
210 if (!acl_check('admin', 'super') || !$GLOBALS['allow_pat_delete']) die("Not authorized!");
211 row_modify("billing" , "activity = 0", "pid = '" . add_escape_custom($patient) . "'");
212 row_modify("pnotes" , "deleted = 1" , "pid = '" . add_escape_custom($patient) . "'");
213 // row_modify("prescriptions" , "active = 0" , "patient_id = '$patient'");
214 row_delete("prescriptions" , "patient_id = '" . add_escape_custom($patient) . "'");
215 row_delete("claims" , "patient_id = '" . add_escape_custom($patient) . "'");
216 delete_drug_sales($patient);
217 row_delete("payments" , "pid = '" . add_escape_custom($patient) . "'");
218 row_delete("ar_activity" , "pid = '" . add_escape_custom($patient) . "'");
219 row_delete("openemr_postcalendar_events", "pc_pid = '" . add_escape_custom($patient) . "'");
220 row_delete("immunizations" , "patient_id = '" . add_escape_custom($patient) . "'");
221 row_delete("issue_encounter", "pid = '" . add_escape_custom($patient) . "'");
222 row_delete("lists" , "pid = '" . add_escape_custom($patient) . "'");
223 row_delete("transactions" , "pid = '" . add_escape_custom($patient) . "'");
224 row_delete("employer_data" , "pid = '" . add_escape_custom($patient) . "'");
225 row_delete("history_data" , "pid = '" . add_escape_custom($patient) . "'");
226 row_delete("insurance_data" , "pid = '" . add_escape_custom($patient) . "'");
227
228 $res = sqlStatement("SELECT * FROM forms WHERE pid = ?", array($patient));
229 while ($row = sqlFetchArray($res)) {
230 form_delete($row['formdir'], $row['form_id']);
231 }
232 row_delete("forms", "pid = '" . add_escape_custom($patient) . "'");
233
234 // Delete all documents for the patient.
235 $res = sqlStatement("SELECT id FROM documents WHERE foreign_id = ?", array($patient));
236 while ($row = sqlFetchArray($res)) {
237 delete_document($row['id']);
238 }
239
240 row_delete("patient_data", "pid = '" . add_escape_custom($patient) . "'");
241 }
242 else if ($encounterid) {
243 if (!acl_check('admin', 'super')) die("Not authorized!");
244 row_modify("billing", "activity = 0", "encounter = '" . add_escape_custom($encounterid) . "'");
245 delete_drug_sales(0, $encounterid);
246 row_delete("ar_activity", "encounter = '" . add_escape_custom($encounterid) . "'");
247 row_delete("claims", "encounter_id = '" . add_escape_custom($encounterid) . "'");
248 row_delete("issue_encounter", "encounter = '" . add_escape_custom($encounterid) . "'");
249 $res = sqlStatement("SELECT * FROM forms WHERE encounter = ?", array($encounterid));
250 while ($row = sqlFetchArray($res)) {
251 form_delete($row['formdir'], $row['form_id']);
252 }
253 row_delete("forms", "encounter = '" . add_escape_custom($encounterid) . "'");
254 }
255 else if ($formid) {
256 if (!acl_check('admin', 'super')) die("Not authorized!");
257 $row = sqlQuery("SELECT * FROM forms WHERE id = ?", array($formid));
258 $formdir = $row['formdir'];
259 if (! $formdir) die("There is no form with id '" . text($formid) . "'");
260 form_delete($formdir, $row['form_id']);
261 row_delete("forms", "id = '" . add_escape_custom($formid) . "'");
262 }
263 else if ($issue) {
264 if (!acl_check('admin', 'super')) die("Not authorized!");
265 row_delete("issue_encounter", "list_id = '" . add_escape_custom($issue) ."'");
266 row_delete("lists", "id = '" . add_escape_custom($issue) ."'");
267 }
268 else if ($document) {
269 if (!acl_check('admin', 'super')) die("Not authorized!");
270 delete_document($document);
271 }
272 else if ($payment) {
273 if (!acl_check('admin', 'super')) die("Not authorized!");
274 list($patient_id, $timestamp, $ref_id) = explode(".", $payment);
275 // if (empty($ref_id)) $ref_id = -1;
276 $timestamp = decorateString('....-..-.. ..:..:..', $timestamp);
277 $payres = sqlStatement("SELECT * FROM payments WHERE " .
278 "pid = ? AND dtime = ?", array($patient_id, $timestamp));
279 while ($payrow = sqlFetchArray($payres)) {
280 if ($payrow['encounter']) {
281 $ref_id = -1;
282 // The session ID passed in is useless. Look for the most recent
283 // patient payment session with pay total matching pay amount and with
284 // no adjustments. The resulting session ID may be 0 (no session) which
285 // is why we start with -1.
286 $tpmt = $payrow['amount1'] + $payrow['amount2'];
287 $seres = sqlStatement("SELECT " .
288 "SUM(pay_amount) AS pay_amount, session_id " .
289 "FROM ar_activity WHERE " .
290 "pid = ? AND " .
291 "encounter = ? AND " .
292 "payer_type = 0 AND " .
293 "adj_amount = 0.00 " .
294 "GROUP BY session_id ORDER BY session_id DESC", array($patient_id, $payrow['encounter']));
295 while ($serow = sqlFetchArray($seres)) {
296 if (sprintf("%01.2f", $serow['adj_amount']) != 0.00) continue;
297 if (sprintf("%01.2f", $serow['pay_amount'] - $tpmt) == 0.00) {
298 $ref_id = $serow['session_id'];
299 break;
300 }
301 }
302 if ($ref_id == -1) {
303 die(xlt('Unable to match this payment in ar_activity') . ": " . text($tpmt));
304 }
305 // Delete the payment.
306 row_delete("ar_activity",
307 "pid = '" . add_escape_custom($patient_id) . "' AND " .
308 "encounter = '" . add_escape_custom($payrow['encounter']) . "' AND " .
309 "payer_type = 0 AND " .
310 "pay_amount != 0.00 AND " .
311 "adj_amount = 0.00 AND " .
312 "session_id = '" . add_escape_custom($ref_id) . "'");
313 if ($ref_id) {
314 row_delete("ar_session",
315 "patient_id = '" . add_escape_custom($patient_id) ."' AND " .
316 "session_id = '" . add_escape_custom($ref_id) . "'");
317 }
318 }
319 else {
320 // Encounter is 0! Seems this happens for pre-payments.
321 $tpmt = sprintf("%01.2f", $payrow['amount1'] + $payrow['amount2']);
322 row_delete("ar_session",
323 "patient_id = '" . add_escape_custom($patient_id) . "' AND " .
324 "payer_id = 0 AND " .
325 "reference = '" . add_escape_custom($payrow['source']) . "' AND " .
326 "pay_total = '" . add_escape_custom($tpmt) . "' AND " .
327 "(SELECT COUNT(*) FROM ar_activity where ar_activity.session_id = ar_session.session_id) = 0 " .
328 "ORDER BY session_id DESC LIMIT 1");
329 }
330 row_delete("payments", "id = '" . add_escape_custom($payrow['id']) . "'");
331 }
332 }
333 else if ($billing) {
334 if (!acl_check('acct','disc')) die("Not authorized!");
335 list($patient_id, $encounter_id) = explode(".", $billing);
336 sqlStatement("DELETE FROM ar_activity WHERE " .
337 "pid = ? AND encounter = ? ", array($patient_id, $encounter_id) );
338 sqlStatement("DELETE ar_session FROM ar_session LEFT JOIN " .
339 "ar_activity ON ar_session.session_id = ar_activity.session_id " .
340 "WHERE ar_activity.session_id IS NULL");
341 row_modify("billing", "activity = 0",
342 "pid = '" . add_escape_custom($patient_id) . "' AND " .
343 "encounter = '" . add_escape_custom($encounter_id) . "' AND " .
344 "code_type = 'COPAY' AND " .
345 "activity = 1");
346 sqlStatement("UPDATE form_encounter SET last_level_billed = 0, " .
347 "last_level_closed = 0, stmt_count = 0, last_stmt_date = NULL " .
348 "WHERE pid = ? AND encounter = ?", array($patient_id, $encounter_id));
349 sqlStatement("UPDATE drug_sales SET billed = 0 WHERE " .
350 "pid = ? AND encounter = ?", array($patient_id, $encounter_id));
351 updateClaim(true, $patient_id, $encounter_id, -1, -1, 1, 0, ''); // clears for rebilling
352 }
353 else if ($transaction) {
354 if (!acl_check('admin', 'super')) die("Not authorized!");
355 row_delete("transactions", "id = '" . add_escape_custom($transaction) . "'");
356 }
357 else {
358 die("Nothing was recognized to delete!");
359 }
360
361 if (! $info_msg) $info_msg = xl('Delete successful.');
362
363 // Close this window and tell our opener that it's done.
364 //
365 echo "<script language='JavaScript'>\n";
366 if ($info_msg) echo " alert('" . addslashes($info_msg) . "');\n";
367 if ($encounterid) //this code need to be same as 'parent.imdeleted($encounterid)' when the popup is div like
368 {
369 echo "window.opener.imdeleted(" . attr($encounterid) . ");\n";
370 }
371 else
372 {
373 echo " if (opener && opener.imdeleted) opener.imdeleted(); else parent.imdeleted();\n";
374 }
375 echo " window.close();\n";
376 echo "</script></body></html>\n";
377 exit();
378 }
379 ?>
380
381 <form method='post' name="deletefrm" action='deleter.php?patient=<?php echo attr($patient) ?>&encounterid=<?php echo attr($encounterid) ?>&formid=<?php echo attr($formid) ?>&issue=<?php echo attr($issue) ?>&document=<?php echo attr($document) ?>&payment=<?php echo attr($payment) ?>&billing=<?php echo attr($billing) ?>&transaction=<?php echo attr($transaction) ?>' onsubmit="javascript:alert('1');document.deleform.submit();">
382
383 <p class="text">&nbsp;<br><?php echo xlt('Do you really want to delete'); ?>
384
385 <?php
386 if ($patient) {
387 echo xlt('patient') . " " . text($patient);
388 } else if ($encounterid) {
389 echo xlt('encounter') . " " . text($encounterid);
390 } else if ($formid) {
391 echo xlt('form') . " " . text($formid);
392 } else if ($issue) {
393 echo xlt('issue') . " " .text($issue);
394 } else if ($document) {
395 echo xlt('document') . " " . text($document);
396 } else if ($payment) {
397 echo xlt('payment') . " " .text($payment);
398 } else if ($billing) {
399 echo xlt('invoice') . " " . text($billing);
400 } else if ($transaction) {
401 echo xlt('transaction') . " " . text($transaction);
402 }
403 ?> <?php echo xlt('and all subordinate data? This action will be logged'); ?>!</p>
404
405 <center>
406
407 <p class="text">&nbsp;<br>
408 <a href="#" onclick="submit_form()" class="css_button"><span><?php echo xlt('Yes, Delete and Log'); ?></span></a>
409 <input type='hidden' name='form_submit' value='<?php echo xla('Yes, Delete and Log'); ?>'/>
410 <a href='#' class="css_button" onclick=popup_close();><span><?php echo xlt('No, Cancel');?></span></a>
411 </p>
412
413 </center>
414 </form>
415 </body>
416 </html>
Mirror of official OpenEMR Sourceforge repository