3 * Authorizations script.
5 * LICENSE: This program is free software; you can redistribute it and/or
6 * modify it under the terms of the GNU General Public License
7 * as published by the Free Software Foundation; either version 2
8 * of the License, or (at your option) any later version.
9 * This program is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU General Public License for more details.
13 * You should have received a copy of the GNU General Public License
14 * along with this program. If not, see <http://opensource.org/licenses/gpl-license.php>;.
17 * @author Brady Miller <brady@sparmy.com>
18 * @link http://www.open-emr.org
21 //SANITIZE ALL ESCAPES
22 $sanitize_all_escapes=true;
25 //STOP FAKE REGISTER GLOBALS
26 $fake_register_globals=false;
29 include_once("../../globals.php");
30 include_once("$srcdir/log.inc");
31 include_once("$srcdir/billing.inc");
32 include_once("$srcdir/forms.inc");
33 include_once("$srcdir/transactions.inc");
34 include_once("$srcdir/lists.inc");
35 include_once("$srcdir/patient.inc");
36 include_once("$srcdir/options.inc.php");
38 // The number of authorizations to display in the quick view:
39 // MAR 20041008 the full authorizations screen sucks... no links to the patient charts
40 // increase to a high number to make the mini frame more useful.
43 $atemp = sqlQuery("SELECT see_auth FROM users WHERE username = ?", array($_SESSION['authUser']) );
44 $see_auth = $atemp['see_auth'];
46 $imauthorized = $_SESSION['userauthorized'] ||
$see_auth > 2;
48 // This authorizes everything for the specified patient.
49 if (isset($_GET["mode"]) && $_GET["mode"] == "authorize" && $imauthorized) {
50 $retVal = getProviderId($_SESSION['authUser']);
51 newEvent("authorize", $_SESSION["authUser"], $_SESSION["authProvider"], 1, $_GET["pid"]);
52 sqlStatement("update billing set authorized=1 where pid=?", array($_GET["pid"]) );
53 sqlStatement("update forms set authorized=1 where pid=?", array($_GET["pid"]) );
54 sqlStatement("update pnotes set authorized=1 where pid=?", array($_GET["pid"]) );
55 sqlStatement("update transactions set authorized=1 where pid=?", array($_GET["pid"]) );
60 <?php
html_header_show();?
>
61 <link rel
='stylesheet' href
="<?php echo $css_header;?>" type
="text/css">
62 <script type
="text/javascript" src
="<?php echo $GLOBALS['webroot'] ?>/library/js/jquery-1.2.2.min.js"></script
>
64 /* min & max buttons are hidden in the newer concurrent layout */
69 cursor
: pointer
; cursor
: hand
;
70 <?php
if ($GLOBALS['concurrent_layout']) echo "display: none;"; ?
>
76 cursor
: pointer
; cursor
: hand
;
77 <?php
if ($GLOBALS['concurrent_layout']) echo "display: none;"; ?
>
81 <body
class="body_bottom">
83 <!-- 'buttons' to min
/max the bottom frame
-JRM
-->
84 <div id
="max" title
="Restore this information">
85 <img src
="<?php echo $GLOBALS['webroot']; ?>/images/max.gif">
87 <div id
="min" title
="Minimize this information">
88 <img src
="<?php echo $GLOBALS['webroot']; ?>/images/min.gif">
91 <?php
if ($imauthorized) { ?
>
93 <?php
if ($GLOBALS['concurrent_layout']) { ?
>
94 <a href
='authorizations_full.php' onclick
='top.restoreSession()'>
96 <a href
='authorizations_full.php' target
='Main'>
98 <?php
echo htmlspecialchars(xl('Authorizations'),ENT_NOQUOTES
); ?
> <span
class='more'><?php
echo htmlspecialchars($tmore,ENT_NOQUOTES
); ?
></span
></a
>
104 <?php
if (!$GLOBALS['concurrent_layout']) { ?
>
105 <span
class='more'>  
;
106 <a href
="#" id
="findpatients" name
='Find Patients'>(<?php
echo htmlspecialchars(xl('Find Patient'),ENT_NOQUOTES
); ?
>)</a
>
111 if ($imauthorized && $see_auth > 1) {
119 //fetch billing information:
120 if ($res = sqlStatement("select *, concat(u.fname,' ', u.lname) as user " .
121 "from billing LEFT JOIN users as u on billing.user = u.id where " .
122 "billing.authorized = 0 and billing.activity = 1 and " .
123 "groupname = ?", array($groupname) ))
125 for ($iter = 0;$row = sqlFetchArray($res);$iter++
)
126 $result1[$iter] = $row;
128 foreach ($result1 as $iter) {
129 $authorize{$iter{"pid"}}{"billing"} .= "<span class=text>" .
130 htmlspecialchars($iter{"code_text"} . " " . date("n/j/Y",strtotime($iter{"date"})),ENT_NOQUOTES
) .
136 //fetch transaction information:
137 if ($res = sqlStatement("select * from transactions where " .
138 "authorized = 0 and groupname = ?", array($groupname) ))
140 for ($iter = 0;$row = sqlFetchArray($res);$iter++
)
141 $result2[$iter] = $row;
143 foreach ($result2 as $iter) {
144 $authorize{$iter{"pid"}}{"transaction"} .= "<span class=text>" .
145 htmlspecialchars($iter{"title"} . ": " . (strterm($iter{"body"},25)) . " " . date("n/j/Y",strtotime($iter{"date"})),ENT_NOQUOTES
) .
151 if (empty($GLOBALS['ignore_pnotes_authorization'])) {
152 //fetch pnotes information:
153 if ($res = sqlStatement("select * from pnotes where authorized = 0 and " .
154 "groupname = ?", array($groupname) ))
156 for ($iter = 0;$row = sqlFetchArray($res);$iter++
)
157 $result3[$iter] = $row;
159 foreach ($result3 as $iter) {
160 $authorize{$iter{"pid"}}{"pnotes"} .= "<span class=text>" .
161 htmlspecialchars((strterm($iter{"body"},25)) . " " . date("n/j/Y",strtotime($iter{"date"})),ENT_NOQUOTES
) .
168 //fetch forms information:
169 if ($res = sqlStatement("select * from forms where authorized = 0 and " .
170 "groupname = ?", array($groupname) ))
172 for ($iter = 0;$row = sqlFetchArray($res);$iter++
)
173 $result4[$iter] = $row;
175 foreach ($result4 as $iter) {
176 $authorize{$iter{"pid"}}{"forms"} .= "<span class=text>" .
177 htmlspecialchars($iter{"form_name"} . " " . date("n/j/Y",strtotime($iter{"date"})),ENT_NOQUOTES
) .
184 <table border
='0' cellpadding
='0' cellspacing
='2' width
='100%'>
192 while (list($ppid,$patient) = each($authorize)) {
193 $name = getPatientData($ppid);
195 // If I want to see mine only and this patient is not mine, skip it.
196 if ($see_auth == 2 && $_SESSION['authUserID'] != $name['id'])
200 print "<tr><td colspan='5' align='center'><a" .
201 ($GLOBALS['concurrent_layout'] ?
"" : " target='Main'") .
202 " href='authorizations_full.php?active=1' class='alert' onclick='top.restoreSession()'>" .
203 htmlspecialchars(xl('Some authorizations were not displayed. Click here to view all'),ENT_NOQUOTES
) .
208 echo "<tr><td valign='top'>";
209 if ($GLOBALS['concurrent_layout']) {
210 // Clicking the patient name will load both frames for that patient,
211 // as demographics.php takes care of loading the bottom frame.
213 echo "<a href='$rootdir/patient_file/summary/demographics.php?set_pid=" .
214 htmlspecialchars($ppid,ENT_QUOTES
) . "' target='RTop' onclick='top.restoreSession()'>";
217 echo "<a href='$rootdir/patient_file/patient_file.php?set_pid=" .
218 htmlspecialchars($ppid,ENT_QUOTES
) . "' target='_top' onclick='top.restoreSession()'>";
220 echo "<span class='bold'>" . htmlspecialchars($name{"fname"},ENT_NOQUOTES
) . " " .
221 htmlspecialchars($name{"lname"},ENT_NOQUOTES
) . "</span></a><br>" .
222 "<a class=link_submit href='authorizations.php?mode=authorize" .
223 "&pid=" . htmlspecialchars($ppid,ENT_QUOTES
) . "' onclick='top.restoreSession()'>" .
224 htmlspecialchars(xl('Authorize'),ENT_NOQUOTES
) . "</a></td>\n";
227 //Michael A Rowley MD 20041012.
228 // added below 4 lines to add provider to authorizations for ez reference.
229 $providerID = sqlFetchArray(sqlStatement(
230 "select providerID from patient_data where pid=?", array($ppid) ));
231 $userID=$providerID{"providerID"};
232 $providerName = sqlFetchArray(sqlStatement(
233 "select lname from users where id=?", array($userID) ));
235 // Don't use sqlQuery because there might be no match.
236 $providerName = sqlFetchArray(sqlStatement(
237 "select lname from users where id = ?", array($name['providerID']) ));
239 echo "<td valign=top><span class=bold>".htmlspecialchars(xl('Provider'),ENT_NOQUOTES
).":</span><span class=text><br>" .
240 htmlspecialchars($providerName{"lname"},ENT_NOQUOTES
) . "</td>\n";
241 echo "<td valign=top><span class=bold>".htmlspecialchars(xl('Billing'),ENT_NOQUOTES
).":</span><span class=text><br>" .
242 $patient{"billing"} . "</td>\n";
243 echo "<td valign=top><span class=bold>".htmlspecialchars(xl('Transactions'),ENT_NOQUOTES
).":</span><span class=text><br>" .
244 $patient{"transaction"} . "</td>\n";
245 echo "<td valign=top><span class=bold>".htmlspecialchars(xl('Patient Notes'),ENT_NOQUOTES
).":</span><span class=text><br>" .
246 $patient{"pnotes"} . "</td>\n";
247 echo "<td valign=top><span class=bold>".htmlspecialchars(xl('Encounter Forms'),ENT_NOQUOTES
).":</span><span class=text><br>" .
248 $patient{"forms"} . "</td>\n";
264 <script language
='JavaScript'>
266 /* added to adjust the height of this frame by the min/max buttons */
268 $
(document
).ready(function(){
269 $
("#findpatients").click(function() { RestoreFrame(this
); document
.location
.href
='../calendar/find_patient.php?no_nav=1&mode=reset'; return true; });
271 $
(".noterow").mouseover(function() { $
(this
).toggleClass("highlight"); });
272 $
(".noterow").mouseout(function() { $
(this
).toggleClass("highlight"); });
273 $
(".noterow").click(function() { EditNote(this
); });
275 <?php
if ($GLOBALS['concurrent_layout'] == 0) : ?
>
276 $
("#min").click(function() { MinimizeFrame(this
); });
277 $
("#max").click(function() { RestoreFrame(this
); });
278 var frmset
= parent
.document
.getElementById('Main');
279 origRows
= frmset
.rows
; // save the original frameset sizes
283 <?php
if ($GLOBALS['concurrent_layout'] == 0) : ?
>
284 var MinimizeFrame
= function(eventObject
) {
285 var frmset
= parent
.document
.getElementById('Main');
286 origRows
= frmset
.rows
; // save the original frameset sizes
287 frmset
.rows
= "*, 10%";
289 var RestoreFrame
= function(eventObject
) {
290 // restore the original frameset size
291 var frmset
= parent
.document
.getElementById('Main');
292 if (origRows
!= null) { frmset
.rows
= origRows
; }
296 var EditNote
= function(note
) {
297 var parts
= note
.id
.split("~");
299 top
.restoreSession();
300 <?php
if ($GLOBALS['concurrent_layout']): ?
>
301 location
.href
= "<?php echo $GLOBALS['webroot']; ?>/interface/patient_file/summary/pnotes_full.php?noteid=" + parts
[1] +
"&set_pid=" + parts
[0] +
"&active=1";
303 top
.location
.href
= "<?php echo $GLOBALS['webroot']; ?>/interface/patient_file/patient_file.php?noteid=" + parts
[1] +
"&set_pid=" + parts
[0];
307 alert("<?php echo htmlspecialchars(xl('You do not have access to view/edit this note'),ENT_QUOTES); ?>");