search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Security fixes.
[openemr.git] / interface / main / messages / messages.php
blob0d4919076125e41bc600fc5bfe5919814d7adff7
1 <?php
2 /**
3 * Copyright (C) 2010 OpenEMR Support LLC
4 * This program is free software; you can redistribute it and/or
5 * modify it under the terms of the GNU General Public License
6 * as published by the Free Software Foundation; either version 2
7 * of the License, or (at your option) any later version.
8 *
9 * 2013/02/08 Minor tweaks by EMR Direct to allow integration with Direct messaging
10 */
11
12 //SANITIZE ALL ESCAPES
13 $sanitize_all_escapes=true;
14
15 //STOP FAKE REGISTER GLOBALS
16 $fake_register_globals=false;
17
18 require_once("../../globals.php");
19 require_once("$srcdir/pnotes.inc");
20 require_once("$srcdir/patient.inc");
21 require_once("$srcdir/acl.inc");
22 require_once("$srcdir/log.inc");
23 require_once("$srcdir/options.inc.php");
24 require_once("$srcdir/formdata.inc.php");
25 require_once("$srcdir/classes/Document.class.php");
26 require_once("$srcdir/gprelations.inc.php");
27 require_once("$srcdir/formatting.inc.php");
28 ?>
29 <html>
30 <head>
31
32 <?php html_header_show();?>
33 <link rel="stylesheet" href="<?php echo $css_header;?>" type="text/css">
34 <script type="text/javascript" src="../../../library/dialog.js"></script>
35 <script type="text/javascript" src="../../../library/textformat.js"></script>
36 <script type="text/javascript" src="<?php echo $GLOBALS['webroot']; ?>/library/js/jquery.js"></script>
37 </head>
38
39 <body class="body_top">
40
41 <span class="title"><?php echo xlt('Message and Reminder Center'); ?></span>
42 <br /><br />
43 <span class="title"><?php echo xlt('Reminders'); ?></span>
44
45 <?php
46
47 // TajEmo Work by CB 2012/01/11 02:51:25 PM adding dated reminders
48 // I am asuming that at this point security checks have been performed
49 require_once '../dated_reminders/dated_reminders.php';
50
51 // Check to see if the user has Admin rights, and if so, allow access to See All.
52 $showall = isset($_GET['show_all']) ? $_GET['show_all'] : "" ;
53 if ($showall == "yes") {
54 $show_all = $showall;
55 }
56 else
57 {
58 $show_all= "no";
59 }
60
61 // Collect active variable and applicable html code for links
62 $form_active = $_REQUEST['form_active'];
63 $form_inactive = $_REQUEST['form_inactive'];
64 if ($form_active) {
65 $active = '1';
66 $activity_string_html = 'form_active=1';
67 }
68 else if ($form_inactive) {
69 $active = '0';
70 $activity_string_html = 'form_inactive=1';
71 }
72 else {
73 $active = 'all';
74 $activity_string_html = '';
75 }
76
77 //collect the task setting
78 $task= isset($_REQUEST['task']) ? $_REQUEST['task'] : "";
79
80 if (acl_check('admin', 'super' )) {
81 if ($show_all=='yes') {
82 $showall = "yes";
83 $lnkvar="'messages.php?show_all=no&$activity_string_html' name='Just Mine' onclick=\"top.restoreSession()\"> (".htmlspecialchars( xl('Just Mine'), ENT_NOQUOTES).")";
84 }
85 else {
86 $showall = "no";
87 $lnkvar="'messages.php?show_all=yes&$activity_string_html' name='See All' onclick=\"top.restoreSession()\"> (".htmlspecialchars( xl('See All'), ENT_NOQUOTES).")";
88 }
89 }
90 ?>
91 <br>
92 <table><tr><td><span class="title"><?php echo htmlspecialchars( xl('Messages'), ENT_NOQUOTES); ?></span> <a class='more' href=<?php echo $lnkvar; ?></a></td></tr></table>
93 <?php
94 //show the activity links
95 if (empty($task) || $task=="add" || $task=="delete") { ?>
96 <?php if ($active == "all") { ?>
97 <span><?php echo xlt('Show All'); ?></span>
98 <?php } else { ?>
99 <a href="messages.php" class="link" onclick="top.restoreSession()"><span><?php echo xlt('Show All'); ?></span></a>
100 <?php } ?>
101 |
102 <?php if ($active == '1') { ?>
103 <span><?php echo xlt('Show Active'); ?></span>
104 <?php } else { ?>
105 <a href="messages.php?form_active=1" class="link" onclick="top.restoreSession()"><span><?php echo xlt('Show Active'); ?></span></a>
106 <?php } ?>
107 |
108 <?php if ($active == '0') { ?>
109 <span><?php echo xlt('Show Inactive'); ?></span>
110 <?php } else { ?>
111 <a href="messages.php?form_inactive=1" class="link" onclick="top.restoreSession()"><span><?php echo xlt('Show Inactive'); ?></span></a>
112 <?php } ?>
113 <?php } ?>
114
115 <?php
116 switch($task) {
117 case "add" :
118 {
119 // Add a new message for a specific patient; the message is documented in Patient Notes.
120 // Add a new message; it's treated as a new note in Patient Notes.
121 $note = $_POST['note'];
122 $noteid = $_POST['noteid'];
123 $form_note_type = $_POST['form_note_type'];
124 $assigned_to = $_POST['assigned_to'];
125 $form_message_status = $_POST['form_message_status'];
126 $reply_to = $_POST['reply_to'];
127 $assigned_to_list = explode(';',$assigned_to);
128 foreach($assigned_to_list as $assigned_to){
129 if ($noteid && $assigned_to != '-patient-') {
130 updatePnote($noteid, $note, $form_note_type, $assigned_to, $form_message_status);
131 $noteid = '';
132 }
133 else {
134 if($noteid && $assigned_to == '-patient-'){
135 $row = getPnoteById($noteid);
136 if (! $row) die("getPnoteById() did not find id '".text($noteid)."'");
137 $pres = sqlQuery("SELECT lname, fname " .
138 "FROM patient_data WHERE pid = ?", array($reply_to) );
139 $patientname = $pres['lname'] . ", " . $pres['fname'];
140 $note .= "\n\n$patientname on ".$row['date']." wrote:\n\n";
141 $note .= $row['body'];
142 }
143 addPnote($reply_to, $note, $userauthorized, '1', $form_note_type, $assigned_to, '', $form_message_status);
144 }
145 }
146 } break;
147 case "savePatient":
148 case "save" : {
149 // Update alert.
150 $noteid = $_POST['noteid'];
151 $form_message_status = $_POST['form_message_status'];
152 $reply_to = $_POST['reply_to'];
153 if ($task=="save")
154 updatePnoteMessageStatus($noteid,$form_message_status);
155 else
156 updatePnotePatient($noteid,$reply_to);
157 $task = "edit";
158 $note = $_POST['note'];
159 $title = $_POST['form_note_type'];
160 $assigned_to = $_POST['assigned_to'];
161 }
162 case "edit" : {
163 if ($noteid == "") {
164 $noteid = $_GET['noteid'];
165 }
166 // Update the message if it already exists; it's appended to an existing note in Patient Notes.
167 $result = getPnoteById($noteid);
168 if ($result) {
169 if ($title == ""){
170 $title = $result['title'];
171 }
172 if ($assigned_to == ""){
173 $assigned_to = $result['assigned_to'];
174 }
175 $body = $result['body'];
176 if ($reply_to == ""){
177 $reply_to = $result['pid'];
178 }
179 $form_message_status = $result['message_status'];
180 }
181 } break;
182 case "delete" : {
183 // Delete selected message(s) from the Messages box (only).
184 $delete_id = $_POST['delete_id'];
185 for($i = 0; $i < count($delete_id); $i++) {
186 deletePnote($delete_id[$i]);
187 newEvent("delete", $_SESSION['authUser'], $_SESSION['authProvider'], 1, "pnotes: id ".$delete_id[$i]);
188 }
189 } break;
190 }
191
192 if($task == "addnew" or $task == "edit") {
193 // Display the Messages page layout.
194 echo "
195 <form name=new_note id=new_note action=\"messages.php?showall=".attr($showall)."&sortby=".attr($sortby)."&sortorder=".attr($sortorder)."&begin=".attr($begin)."&$activity_string_html\" method=post>
196 <input type=hidden name=noteid id=noteid value=".htmlspecialchars( $noteid, ENT_QUOTES).">
197 <input type=hidden name=task id=task value=add>";
198 ?>
199 <div id="pnotes"><center>
200 <table border='0' cellspacing='8'>
201 <tr>
202 <td class='text' align='center'>
203 <b><?php echo htmlspecialchars( xl('Type'), ENT_NOQUOTES); ?>:</b>
204 <?php
205 if ($title == "") {
206 $title = "Unassigned";
207 }
208 // Added 6/2009 by BM to incorporate the patient notes into the list_options listings.
209 generate_form_field(array('data_type'=>1,'field_id'=>'note_type','list_id'=>'note_type','empty_title'=>'SKIP','order_by'=>'title'), $title);
210 ?>
211 &nbsp; &nbsp;
212 <b><?php echo htmlspecialchars( xl('To'), ENT_QUOTES); ?>:</b>
213 <input type='textbox' name='assigned_to_text' id='assigned_to_text' size='50' readonly='readonly' value='<?php echo htmlspecialchars(xl("Select Users From The Dropdown List"), ENT_QUOTES)?>' >
214 <input type='hidden' name='assigned_to' id='assigned_to' >
215 <select name='users' id='users' onchange='addtolist(this);' >
216
217 <?php
218 echo "<option value='" . htmlspecialchars( '--', ENT_QUOTES) . "'";
219 echo ">" . htmlspecialchars( xl('Select User'), ENT_NOQUOTES);
220 echo "</option>\n";
221 $ures = sqlStatement("SELECT username, fname, lname FROM users " .
222 "WHERE username != '' AND active = 1 AND " .
223 "( info IS NULL OR info NOT LIKE '%Inactive%' ) " .
224 "ORDER BY lname, fname");
225 while ($urow = sqlFetchArray($ures)) {
226 echo " <option value='" . htmlspecialchars( $urow['username'], ENT_QUOTES) . "'";
227 if ($urow['username'] == $assigned_to) echo " selected";
228 echo ">" . htmlspecialchars( $urow['lname'], ENT_NOQUOTES);
229 if ($urow['fname']) echo ", " . htmlspecialchars( $urow['fname'], ENT_NOQUOTES);
230 echo "</option>\n";
231 }
232 echo "<option value='" . htmlspecialchars( '-patient-', ENT_QUOTES) . "'";
233 if ($assigned_to == '-patient-') echo " selected";
234 echo ">" . htmlspecialchars( '-Patient-', ENT_NOQUOTES);
235 echo "</option>\n";
236 ?>
237 </select>
238 </td>
239 </tr>
240 <tr>
241 <td class='text' align='center'>
242 <?php if ($task != "addnew" && $result['pid']!=0) { ?>
243 <a class="patLink" onclick="goPid('<?php echo attr($result['pid']);?>')"><?php echo htmlspecialchars( xl('Patient'), ENT_NOQUOTES); ?>:</a>
244 <?php } else { ?>
245 <b class='<?php echo ($task=="addnew"?"required":"") ?>'><?php echo htmlspecialchars( xl('Patient'), ENT_NOQUOTES); ?>:</b>
246 <?php
247 }
248 if ($reply_to) {
249 $prow = sqlQuery("SELECT lname, fname " .
250 "FROM patient_data WHERE pid = ?", array($reply_to) );
251 $patientname = $prow['lname'] . ", " . $prow['fname'];
252 }
253 if ($patientname == '') {
254 $patientname = xl('Click to select');
255 } ?>
256 <input type='text' size='10' name='form_patient' style='width:150px;<?php
257 echo ($task=="addnew"?"cursor:pointer;cursor:hand;":"") ?>' value='<?php
258 echo htmlspecialchars($patientname, ENT_QUOTES); ?>' <?php
259 echo (($task=="addnew" || $result['pid']==0) ? "onclick='sel_patient()' readonly":"disabled") ?> title='<?php
260 echo ($task=="addnew"?(htmlspecialchars( xl('Click to select patient'), ENT_QUOTES)):"") ?>' />
261 <input type='hidden' name='reply_to' id='reply_to' value='<?php echo htmlspecialchars( $reply_to, ENT_QUOTES) ?>' />
262 &nbsp; &nbsp;
263 <b><?php echo htmlspecialchars( xl('Status'), ENT_NOQUOTES); ?>:</b>
264 <?php
265 if ($form_message_status == "") {
266 $form_message_status = 'New';
267 }
268 generate_form_field(array('data_type'=>1,'field_id'=>'message_status','list_id'=>'message_status','empty_title'=>'SKIP','order_by'=>'title'), $form_message_status); ?>
269 </td>
270 </tr>
271 <tr>
272 <td>
273
274 <?php
275
276 if ($noteid) {
277 $body = preg_replace('/(:\d{2}\s\()'.$result['pid'].'(\sto\s)/','${1}'.$patientname.'${2}',$body);
278 $body = nl2br(htmlspecialchars( $body, ENT_NOQUOTES));
279 echo "<div class='text' style='background-color:white; color: gray; border:1px solid #999; padding: 5px; width: 640px;'>".$body."</div>";
280 }
281
282 ?>
283 <textarea name='note' id='note' rows='8' style="width: 660px; "><?php echo htmlspecialchars( $note, ENT_NOQUOTES) ?></textarea>
284 </td>
285 </tr>
286 </table>
287
288 <?php if ($noteid) { ?>
289 <!-- This is for displaying an existing note. -->
290 <input type="button" id="newnote" value="<?php echo htmlspecialchars( xl('Send message'), ENT_QUOTES); ?>">
291 <input type="button" id="printnote" value="<?php echo htmlspecialchars( xl('Print message'), ENT_QUOTES); ?>">
292 <input type="button" id="cancel" value="<?php echo htmlspecialchars( xl('Cancel'), ENT_QUOTES); ?>">
293 <?php } else { ?>
294 <!-- This is for displaying a new note. -->
295 <input type="button" id="newnote" value="<?php echo htmlspecialchars( xl('Send message'), ENT_QUOTES); ?>">
296 <input type="button" id="cancel" value="<?php echo htmlspecialchars( xl('Cancel'), ENT_QUOTES); ?>">
297 <?php }
298 ?>
299
300 <br>
301 </form></center></div>
302 <script language="javascript">
303
304 // jQuery stuff to make the page a little easier to use
305
306 $(document).ready(function(){
307 $("#newnote").click(function() { NewNote(); });
308 $("#printnote").click(function() { PrintNote(); });
309 obj = document.getElementById("form_message_status");
310 obj.onchange = function(){SaveNote();};
311 $("#cancel").click(function() { CancelNote(); });
312 $("#note").focus();
313
314 var NewNote = function () {
315 top.restoreSession();
316 if (document.forms[0].reply_to.value.length == 0 || document.forms[0].reply_to.value == '0') {
317 alert('<?php echo htmlspecialchars( xl('Please choose a patient'), ENT_QUOTES); ?>');
318 }
319 else if (document.forms[0].assigned_to.value.length == 0) {
320 alert('<?php echo addslashes(xl('Recipient List Is Empty')); ?>');
321 }
322 else
323 {
324 $("#new_note").submit();
325 }
326 }
327
328 var PrintNote = function () {
329 top.restoreSession();
330 window.open('../../patient_file/summary/pnotes_print.php?noteid=<?php echo htmlspecialchars( $noteid, ENT_QUOTES); ?>', '_blank', 'resizable=1,scrollbars=1,width=600,height=500');
331 }
332
333 var SaveNote = function () {
334 <?php if ($noteid) { ?>
335 top.restoreSession();
336 $("#task").val("save");
337 $("#new_note").submit();
338 <?php } ?>
339 }
340
341 var CancelNote = function () {
342 top.restoreSession();
343 $("#task").val("");
344 $("#new_note").submit();
345 }
346 });
347 // This is for callback by the find-patient popup.
348 function setpatient(pid, lname, fname, dob) {
349 var f = document.forms[0];
350 f.form_patient.value = lname + ', ' + fname;
351 f.reply_to.value = pid;
352 <?php if ($noteid) { ?>
353 //used when direct messaging service inserts a pnote with indeterminate patient
354 //to allow the user to assign the message to a patient.
355 top.restoreSession();
356 $("#task").val("savePatient");
357 $("#new_note").submit();
358 <?php } ?>
359 }
360
361 // This invokes the find-patient popup.
362 function sel_patient() {
363 dlgopen('../../main/calendar/find_patient_popup.php', '_blank', 500, 400);
364 }
365
366 function addtolist(sel){
367 var itemtext = document.getElementById('assigned_to_text');
368 var item = document.getElementById('assigned_to');
369 if(sel.value != '--'){
370 if(item.value){
371 if(item.value.indexOf(sel.value) == -1){
372 itemtext.value = itemtext.value +' ; '+ sel.options[sel.selectedIndex].text;
373 item.value = item.value +';'+ sel.value;
374 }
375 }else{
376 itemtext.value = sel.options[sel.selectedIndex].text;
377 item.value = sel.value;
378 }
379 }
380 }
381
382 </script><?php
383 }
384 else {
385
386 // This is for sorting the records.
387 $sort = array("users.lname", "patient_data.lname", "pnotes.title", "pnotes.date", "pnotes.message_status");
388 $sortby = (isset($_REQUEST['sortby']) && ($_REQUEST['sortby']!="")) ? $_REQUEST['sortby'] : $sort[0];
389 $sortorder = (isset($_REQUEST['sortorder']) && ($_REQUEST['sortorder']!="")) ? $_REQUEST['sortorder'] : "asc";
390 $begin = isset($_REQUEST['begin']) ? $_REQUEST['begin'] : 0;
391
392 for($i = 0; $i < count($sort); $i++) {
393 $sortlink[$i] = "<a href=\"messages.php?show_all=".attr($showall)."&sortby=".attr($sort[$i])."&sortorder=asc&$activity_string_html\" onclick=\"top.restoreSession()\"><img src=\"../../../images/sortdown.gif\" border=0 alt=\"".htmlspecialchars( xl('Sort Up'), ENT_QUOTES)."\"></a>";
394 }
395 for($i = 0; $i < count($sort); $i++) {
396 if($sortby == $sort[$i]) {
397 switch($sortorder) {
398 case "asc" : $sortlink[$i] = "<a href=\"messages.php?show_all=".attr($showall)."&sortby=".attr($sortby)."&sortorder=desc&$activity_string_html\" onclick=\"top.restoreSession()\"><img src=\"../../../images/sortup.gif\" border=0 alt=\"".htmlspecialchars( xl('Sort Up'), ENT_QUOTES)."\"></a>"; break;
399 case "desc" : $sortlink[$i] = "<a href=\"messages.php?show_all=".attr($showall)."&sortby=".attr($sortby)."&sortorder=asc&$activity_string_html\" onclick=\"top.restoreSession()\"><img src=\"../../../images/sortdown.gif\" border=0 alt=\"".htmlspecialchars( xl('Sort Down'), ENT_QUOTES)."\"></a>"; break;
400 } break;
401 }
402 }
403 // Manage page numbering and display beneath the Messages table.
404 $listnumber = 25;
405 $total = getPnotesByUser($active,$show_all,$_SESSION['authUser'],true);
406 if($begin == "" or $begin == 0) {
407 $begin = 0;
408 }
409 $prev = $begin - $listnumber;
410 $next = $begin + $listnumber;
411 $start = $begin + 1;
412 $end = $listnumber + $start - 1;
413 if($end >= $total) {
414 $end = $total;
415 }
416 if($end < $start) {
417 $start = 0;
418 }
419 if($prev >= 0) {
420 $prevlink = "<a href=\"messages.php?show_all=".attr($showall)."&sortby=".attr($sortby)."&sortorder=".attr($sortorder)."&begin=".attr($prev)."&$activity_string_html\" onclick=\"top.restoreSession()\"><<</a>";
421 }
422 else {
423 $prevlink = "<<";
424 }
425
426 if($next < $total) {
427 $nextlink = "<a href=\"messages.php?show_all=".attr($showall)."&sortby=".attr($sortby)."&sortorder=".attr($sortorder)."&begin=".attr($next)."&$activity_string_html\" onclick=\"top.restoreSession()\">>></a>";
428 }
429 else {
430 $nextlink = ">>";
431 }
432 // Display the Messages table header.
433 echo "
434 <table width=100%><tr><td><table border=0 cellpadding=1 cellspacing=0 width=90% style=\"border-left: 1px #000000 solid; border-right: 1px #000000 solid; border-top: 1px #000000 solid;\">
435 <form name=MessageList action=\"messages.php?showall=".attr($showall)."&sortby=".attr($sortby)."&sortorder=".attr($sortorder)."&begin=".attr($begin)."&$activity_string_html\" method=post>
436 <input type=hidden name=task value=delete>
437 <tr height=\"24\" style=\"background:lightgrey\">
438 <td align=\"center\" width=\"25\" style=\"border-bottom: 1px #000000 solid; border-right: 1px #000000 solid;\"><input type=checkbox id=\"checkAll\" onclick=\"selectAll()\"></td>
439 <td width=\"20%\" style=\"border-bottom: 1px #000000 solid; border-right: 1px #000000 solid;\" class=bold>&nbsp;<b>" .
440 htmlspecialchars( xl('From'), ENT_NOQUOTES) . "</b> $sortlink[0]</td>
441 <td width=\"20%\" style=\"border-bottom: 1px #000000 solid; border-right: 1px #000000 solid;\" class=bold>&nbsp;<b>" .
442 htmlspecialchars( xl('Patient'), ENT_NOQUOTES) . "</b> $sortlink[1]</td>
443 <td style=\"border-bottom: 1px #000000 solid; border-right: 1px #000000 solid;\" class=bold>&nbsp;<b>" .
444 htmlspecialchars( xl('Type'), ENT_NOQUOTES) . "</b> $sortlink[2]</td>
445 <td width=\"15%\" style=\"border-bottom: 1px #000000 solid; border-right: 1px #000000 solid;\" class=bold>&nbsp;<b>" .
446 htmlspecialchars( xl('Date'), ENT_NOQUOTES) . "</b> $sortlink[3]</td>
447 <td width=\"15%\" style=\"border-bottom: 1px #000000 solid; \" class=bold>&nbsp;<b>" .
448 htmlspecialchars( xl('Status'), ENT_NOQUOTES) . "</b> $sortlink[4]</td>
449 </tr>";
450 // Display the Messages table body.
451 $count = 0;
452 $result = getPnotesByUser($active,$show_all,$_SESSION['authUser'],false,$sortby,$sortorder,$begin,$listnumber);
453 while ($myrow = sqlFetchArray($result)) {
454 $name = $myrow['user'];
455 $name = $myrow['users_lname'];
456 if ($myrow['users_fname']) {
457 $name .= ", " . $myrow['users_fname'];
458 }
459 $patient = $myrow['pid'];
460 if ($patient>0) {
461 $patient = $myrow['patient_data_lname'];
462 if ($myrow['patient_data_fname']) {
463 $patient .= ", " . $myrow['patient_data_fname'];
464 }
465 } else {
466 $patient = "* Patient must be set manually *";
467 }
468 $count++;
469 echo "
470 <tr id=\"row$count\" style=\"background:white\" height=\"24\">
471 <td align=\"center\" style=\"border-bottom: 1px #000000 solid; border-right: 1px #000000 solid;\"><input type=checkbox id=\"check$count\" name=\"delete_id[]\" value=\"" .
472 htmlspecialchars( $myrow['id'], ENT_QUOTES) . "\" onclick=\"if(this.checked==true){ selectRow('row$count'); }else{ deselectRow('row$count'); }\"></td>
473 <td style=\"border-bottom: 1px #000000 solid; border-right: 1px #000000 solid;\"><table cellspacing=0 cellpadding=0 width=100%><tr><td width=5></td><td class=\"text\">" .
474 htmlspecialchars( $name, ENT_NOQUOTES) . "</td><td width=5></td></tr></table></td>
475 <td style=\"border-bottom: 1px #000000 solid; border-right: 1px #000000 solid;\"><table cellspacing=0 cellpadding=0 width=100%><tr><td width=5></td><td class=\"text\"><a href=\"messages.php?showall=".attr($showall)."&sortby=".attr($sortby)."&sortorder=".attr($sortorder)."&begin=".attr($begin)."&task=edit&noteid=" .
476 htmlspecialchars( $myrow['id'], ENT_QUOTES) . "&$activity_string_html\" onclick=\"top.restoreSession()\">" .
477 htmlspecialchars( $patient, ENT_NOQUOTES) . "</a></td><td width=5></td></tr></table></td>
478 <td style=\"border-bottom: 1px #000000 solid; border-right: 1px #000000 solid;\"><table cellspacing=0 cellpadding=0 width=100%><tr><td width=5></td><td class=\"text\">" .
479 htmlspecialchars( $myrow['title'], ENT_NOQUOTES) . "</td><td width=5></td></tr></table></td>
480 <td style=\"border-bottom: 1px #000000 solid; border-right: 1px #000000 solid;\"><table cellspacing=0 cellpadding=0 width=100%><tr><td width=5></td><td class=\"text\">" .
481 htmlspecialchars( oeFormatShortDate(substr($myrow['date'], 0, strpos($myrow['date'], " "))), ENT_NOQUOTES) . "</td><td width=5></td></tr></table></td>
482 <td style=\"border-bottom: 1px #000000 solid;\"><table cellspacing=0 cellpadding=0 width=100%><tr><td width=5></td><td class=\"text\">" .
483 htmlspecialchars( $myrow['message_status'], ENT_NOQUOTES) . "</td><td width=5></td></tr></table></td>
484 </tr>";
485 }
486 // Display the Messages table footer.
487 echo "
488 </form></table>
489 <table border=0 cellpadding=5 cellspacing=0 width=90%>
490 <tr>
491 <td class=\"text\"><a href=\"messages.php?showall=".attr($showall)."&sortby=".attr($sortby)."&sortorder=".attr($sortorder)."&begin=".attr($begin)."&task=addnew&$activity_string_html\" onclick=\"top.restoreSession()\">" .
492 htmlspecialchars( xl('Add New'), ENT_NOQUOTES) . "</a> &nbsp; <a href=\"javascript:confirmDeleteSelected()\" onclick=\"top.restoreSession()\">" .
493 htmlspecialchars( xl('Delete'), ENT_NOQUOTES) . "</a></td>
494 <td align=right class=\"text\">$prevlink &nbsp; $end of $total &nbsp; $nextlink</td>
495 </tr>
496 </table></td></tr></table><br>";
497 ?>
498 <script language="javascript">
499 // This is to confirm delete action.
500 function confirmDeleteSelected() {
501 if(confirm("<?php echo htmlspecialchars( xl('Do you really want to delete the selection?'), ENT_QUOTES); ?>")) {
502 document.MessageList.submit();
503 }
504 }
505 // This is to allow selection of all items in Messages table for deletion.
506 function selectAll() {
507 if(document.getElementById("checkAll").checked==true) {
508 document.getElementById("checkAll").checked=true;<?php
509 for($i = 1; $i <= $count; $i++) {
510 echo "document.getElementById(\"check$i\").checked=true; document.getElementById(\"row$i\").style.background='#E7E7E7'; ";
511 } ?>
512 }
513 else {
514 document.getElementById("checkAll").checked=false;<?php
515 for($i = 1; $i <= $count; $i++) {
516 echo "document.getElementById(\"check$i\").checked=false; document.getElementById(\"row$i\").style.background='#F7F7F7'; ";
517 } ?>
518 }
519 }
520 // The two functions below are for managing row styles in Messages table.
521 function selectRow(row) {
522 document.getElementById(row).style.background = "#E7E7E7";
523 }
524 function deselectRow(row) {
525 document.getElementById(row).style.background = "#F7F7F7";
526 }
527 </script><?php
528 }
529 ?>
530
531 </body>
532 </html>
Mirror of official OpenEMR Sourceforge repository