search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
update admin users gui (#1339)
[openemr.git] / interface / usergroup / usergroup_admin.php
blobf1f6856bb37f427e6913c454c2950ec49495324b
1 <?php
2 /**
3 * This script Assign acl 'Emergency login'.
4 *
5 * @package OpenEMR
6 * @link http://www.open-emr.org
7 * @author Roberto Vasquez <robertogagliotta@gmail.com>
8 * @author Brady Miller <brady.g.miller@gmail.com>
9 * @copyright Copyright (c) 2015 Roberto Vasquez <robertogagliotta@gmail.com>
10 * @copyright Copyright (c) 2017 Brady Miller <brady.g.miller@gmail.com>
11 * @license https://github.com/openemr/openemr/blob/master/LICENSE GNU General Public License 3
12 */
13
14 require_once("../globals.php");
15 require_once("../../library/acl.inc");
16 require_once("$srcdir/auth.inc");
17
18 use OpenEMR\Core\Header;
19
20 $alertmsg = '';
21 $bg_msg = '';
22 $set_active_msg=0;
23 $show_message=0;
24
25
26 /* Sending a mail to the admin when the breakglass user is activated only if $GLOBALS['Emergency_Login_email'] is set to 1 */
27 $bg_count=count($access_group);
28 $mail_id = explode(".", $SMTP_HOST);
29 for ($i=0; $i<$bg_count; $i++) {
30 if (($_POST['access_group'][$i] == "Emergency Login") && ($_POST['active'] == 'on') && ($_POST['pre_active'] == 0)) {
31 if (($_POST['get_admin_id'] == 1) && ($_POST['admin_id'] != "")) {
32 $res = sqlStatement("select username from users where id= ? ", array($_POST["id"]));
33 $row = sqlFetchArray($res);
34 $uname=$row['username'];
35 $mail = new MyMailer();
36 $mail->From = $GLOBALS["practice_return_email_path"];
37 $mail->FromName = "Administrator OpenEMR";
38 $text_body = "Hello Security Admin,\n\n The Emergency Login user ".$uname.
39 " was activated at ".date('l jS \of F Y h:i:s A')." \n\nThanks,\nAdmin OpenEMR.";
40 $mail->Body = $text_body;
41 $mail->Subject = "Emergency Login User Activated";
42 $mail->AddAddress($_POST['admin_id']);
43 $mail->Send();
44 }
45 }
46 }
47
48 /* To refresh and save variables in mail frame */
49 if (isset($_POST["privatemode"]) && $_POST["privatemode"] =="user_admin") {
50 if ($_POST["mode"] == "update") {
51 if (isset($_POST["username"])) {
52 // $tqvar = addslashes(trim($_POST["username"]));
53 $tqvar = trim(formData('username', 'P'));
54 $user_data = sqlFetchArray(sqlStatement("select * from users where id= ? ", array($_POST["id"])));
55 sqlStatement("update users set username='$tqvar' where id= ? ", array($_POST["id"]));
56 sqlStatement("update groups set user='$tqvar' where user= ?", array($user_data["username"]));
57 //echo "query was: " ."update groups set user='$tqvar' where user='". $user_data["username"] ."'" ;
58 }
59
60 if ($_POST["taxid"]) {
61 $tqvar = formData('taxid', 'P');
62 sqlStatement("update users set federaltaxid='$tqvar' where id= ? ", array($_POST["id"]));
63 }
64
65 if ($_POST["state_license_number"]) {
66 $tqvar = formData('state_license_number', 'P');
67 sqlStatement("update users set state_license_number='$tqvar' where id= ? ", array($_POST["id"]));
68 }
69
70 if ($_POST["drugid"]) {
71 $tqvar = formData('drugid', 'P');
72 sqlStatement("update users set federaldrugid='$tqvar' where id= ? ", array($_POST["id"]));
73 }
74
75 if ($_POST["upin"]) {
76 $tqvar = formData('upin', 'P');
77 sqlStatement("update users set upin='$tqvar' where id= ? ", array($_POST["id"]));
78 }
79
80 if ($_POST["npi"]) {
81 $tqvar = formData('npi', 'P');
82 sqlStatement("update users set npi='$tqvar' where id= ? ", array($_POST["id"]));
83 }
84
85 if ($_POST["taxonomy"]) {
86 $tqvar = formData('taxonomy', 'P');
87 sqlStatement("update users set taxonomy = '$tqvar' where id= ? ", array($_POST["id"]));
88 }
89
90 if ($_POST["lname"]) {
91 $tqvar = formData('lname', 'P');
92 sqlStatement("update users set lname='$tqvar' where id= ? ", array($_POST["id"]));
93 }
94
95 if ($_POST["job"]) {
96 $tqvar = formData('job', 'P');
97 sqlStatement("update users set specialty='$tqvar' where id= ? ", array($_POST["id"]));
98 }
99
100 if ($_POST["mname"]) {
101 $tqvar = formData('mname', 'P');
102 sqlStatement("update users set mname='$tqvar' where id= ? ", array($_POST["id"]));
103 }
104
105 if ($_POST["facility_id"]) {
106 $tqvar = formData('facility_id', 'P');
107 sqlStatement("update users set facility_id = '$tqvar' where id = ? ", array($_POST["id"]));
108 //(CHEMED) Update facility name when changing the id
109 sqlStatement("UPDATE users, facility SET users.facility = facility.name WHERE facility.id = '$tqvar' AND users.id = {$_POST["id"]}");
110 //END (CHEMED)
111 }
112
113 if ($GLOBALS['restrict_user_facility'] && $_POST["schedule_facility"]) {
114 sqlStatement("delete from users_facility
115 where tablename='users'
116 and table_id= ?
117 and facility_id not in (" . implode(",", $_POST['schedule_facility']) . ")", array($_POST["id"]));
118 foreach ($_POST["schedule_facility"] as $tqvar) {
119 sqlStatement("replace into users_facility set
120 facility_id = '$tqvar',
121 tablename='users',
122 table_id = {$_POST["id"]}");
123 }
124 }
125
126 if ($_POST["fname"]) {
127 $tqvar = formData('fname', 'P');
128 sqlStatement("update users set fname='$tqvar' where id= ? ", array($_POST["id"]));
129 }
130
131 if (isset($_POST['default_warehouse'])) {
132 sqlStatement("UPDATE users SET default_warehouse = '" .
133 formData('default_warehouse', 'P') .
134 "' WHERE id = '" . formData('id', 'P') . "'");
135 }
136
137 if (isset($_POST['irnpool'])) {
138 sqlStatement("UPDATE users SET irnpool = '" .
139 formData('irnpool', 'P') .
140 "' WHERE id = '" . formData('id', 'P') . "'");
141 }
142
143 if ($_POST["adminPass"] && $_POST["clearPass"]) {
144 require_once("$srcdir/authentication/password_change.php");
145 $clearAdminPass=$_POST['adminPass'];
146 $clearUserPass=$_POST['clearPass'];
147 $password_err_msg="";
148 $success=update_password($_SESSION['authId'], $_POST['id'], $clearAdminPass, $clearUserPass, $password_err_msg);
149 if (!$success) {
150 error_log($password_err_msg);
151 $alertmsg.=$password_err_msg;
152 }
153 }
154
155 $tqvar = $_POST["authorized"] ? 1 : 0;
156 $actvar = $_POST["active"] ? 1 : 0;
157 $calvar = $_POST["calendar"] ? 1 : 0;
158
159 sqlStatement("UPDATE users SET authorized = $tqvar, active = $actvar, " .
160 "calendar = $calvar, see_auth = ? WHERE " .
161 "id = ? ", array($_POST['see_auth'], $_POST["id"]));
162 //Display message when Emergency Login user was activated
163 $bg_count=count($_POST['access_group']);
164 for ($i=0; $i<$bg_count; $i++) {
165 if (($_POST['access_group'][$i] == "Emergency Login") && ($_POST['pre_active'] == 0) && ($actvar == 1)) {
166 $show_message = 1;
167 }
168 }
169
170 if (($_POST['access_group'])) {
171 for ($i=0; $i<$bg_count; $i++) {
172 if (($_POST['access_group'][$i] == "Emergency Login") && ($_POST['user_type']) == "" && ($_POST['check_acl'] == 1) && ($_POST['active']) != "") {
173 $set_active_msg=1;
174 }
175 }
176 }
177
178 if ($_POST["comments"]) {
179 $tqvar = formData('comments', 'P');
180 sqlStatement("update users set info = '$tqvar' where id = ? ", array($_POST["id"]));
181 }
182
183 $erxrole = formData('erxrole', 'P');
184 sqlStatement("update users set newcrop_user_role = '$erxrole' where id = ? ", array($_POST["id"]));
185
186 if ($_POST["physician_type"]) {
187 $physician_type = formData('physician_type');
188 sqlStatement("update users set physician_type = '$physician_type' where id = ? ", array($_POST["id"]));
189 }
190
191 if ($_POST["main_menu_role"]) {
192 $mainMenuRole = filter_input(INPUT_POST, 'main_menu_role');
193 sqlStatement("update `users` set `main_menu_role` = ? where `id` = ? ", array($mainMenuRole, $_POST["id"]));
194 }
195
196 if ($_POST["erxprid"]) {
197 $erxprid = formData('erxprid', 'P');
198 sqlStatement("update users set weno_prov_id = '$erxprid' where id = ? ", array($_POST["id"]));
199 }
200
201 if (isset($phpgacl_location) && acl_check('admin', 'acl')) {
202 // Set the access control group of user
203 $user_data = sqlFetchArray(sqlStatement("select username from users where id= ?", array($_POST["id"])));
204 set_user_aro(
205 $_POST['access_group'],
206 $user_data["username"],
207 formData('fname', 'P'),
208 formData('mname', 'P'),
209 formData('lname', 'P')
210 );
211 }
212 }
213 }
214
215 /* To refresh and save variables in mail frame - Arb*/
216 if (isset($_POST["mode"])) {
217 if ($_POST["mode"] == "new_user") {
218 if ($_POST["authorized"] != "1") {
219 $_POST["authorized"] = 0;
220 }
221
222 // $_POST["info"] = addslashes($_POST["info"]);
223
224 $calvar = $_POST["calendar"] ? 1 : 0;
225
226 $res = sqlStatement("select distinct username from users where username != ''");
227 $doit = true;
228 while ($row = sqlFetchArray($res)) {
229 if ($doit == true && $row['username'] == trim(formData('rumple'))) {
230 $doit = false;
231 }
232 }
233
234 if ($doit == true) {
235 require_once("$srcdir/authentication/password_change.php");
236
237 //if password expiration option is enabled, calculate the expiration date of the password
238 if ($GLOBALS['password_expiration_days'] != 0) {
239 $exp_days = $GLOBALS['password_expiration_days'];
240 $exp_date = date('Y-m-d', strtotime("+$exp_days days"));
241 }
242
243 $insertUserSQL=
244 "insert into users set " .
245 "username = '" . trim(formData('rumple')) .
246 "', password = '" . 'NoLongerUsed' .
247 "', fname = '" . trim(formData('fname')) .
248 "', mname = '" . trim(formData('mname')) .
249 "', lname = '" . trim(formData('lname')) .
250 "', federaltaxid = '" . trim(formData('federaltaxid')) .
251 "', state_license_number = '" . trim(formData('state_license_number')) .
252 "', newcrop_user_role = '" . trim(formData('erxrole')) .
253 "', physician_type = '" . trim(formData('physician_type')) .
254 "', main_menu_role = '" . trim(formData('main_menu_role')) .
255 "', weno_prov_id = '" . trim(formData('erxprid')) .
256 "', authorized = '" . trim(formData('authorized')) .
257 "', info = '" . trim(formData('info')) .
258 "', federaldrugid = '" . trim(formData('federaldrugid')) .
259 "', upin = '" . trim(formData('upin')) .
260 "', npi = '" . trim(formData('npi')).
261 "', taxonomy = '" . trim(formData('taxonomy')) .
262 "', facility_id = '" . trim(formData('facility_id')) .
263 "', specialty = '" . trim(formData('specialty')) .
264 "', see_auth = '" . trim(formData('see_auth')) .
265 "', default_warehouse = '" . trim(formData('default_warehouse')) .
266 "', irnpool = '" . trim(formData('irnpool')) .
267 "', calendar = '" . $calvar .
268 "', pwd_expiration_date = '" . trim("$exp_date") .
269 "'";
270
271 $clearAdminPass=$_POST['adminPass'];
272 $clearUserPass=$_POST['stiltskin'];
273 $password_err_msg="";
274 $prov_id="";
275 $success = update_password(
276 $_SESSION['authId'],
277 0,
278 $clearAdminPass,
279 $clearUserPass,
280 $password_err_msg,
281 true,
282 $insertUserSQL,
283 trim(formData('rumple')),
284 $prov_id
285 );
286 error_log($password_err_msg);
287 $alertmsg .=$password_err_msg;
288 if ($success) {
289 //set the facility name from the selected facility_id
290 sqlStatement("UPDATE users, facility SET users.facility = facility.name WHERE facility.id = '" . trim(formData('facility_id')) . "' AND users.username = '" . trim(formData('rumple')) . "'");
291
292 sqlStatement("insert into groups set name = '" . trim(formData('groupname')) .
293 "', user = '" . trim(formData('rumple')) . "'");
294
295 if (isset($phpgacl_location) && acl_check('admin', 'acl') && trim(formData('rumple'))) {
296 // Set the access control group of user
297 set_user_aro(
298 $_POST['access_group'],
299 trim(formData('rumple')),
300 trim(formData('fname')),
301 trim(formData('mname')),
302 trim(formData('lname'))
303 );
304 }
305 }
306 } else {
307 $alertmsg .= xl('User', '', '', ' ') . trim(formData('rumple')) . xl('already exists.', '', ' ');
308 }
309
310 if ($_POST['access_group']) {
311 $bg_count=count($_POST['access_group']);
312 for ($i=0; $i<$bg_count; $i++) {
313 if ($_POST['access_group'][$i] == "Emergency Login") {
314 $set_active_msg=1;
315 }
316 }
317 }
318 } else if ($_POST["mode"] == "new_group") {
319 $res = sqlStatement("select distinct name, user from groups");
320 for ($iter = 0; $row = sqlFetchArray($res); $iter++) {
321 $result[$iter] = $row;
322 }
323
324 $doit = 1;
325 foreach ($result as $iter) {
326 if ($doit == 1 && $iter{"name"} == trim(formData('groupname')) && $iter{"user"} == trim(formData('rumple'))) {
327 $doit--;
328 }
329 }
330
331 if ($doit == 1) {
332 sqlStatement("insert into groups set name = '" . trim(formData('groupname')) .
333 "', user = '" . trim(formData('rumple')) . "'");
334 } else {
335 $alertmsg .= "User " . trim(formData('rumple')) .
336 " is already a member of group " . trim(formData('groupname')) . ". ";
337 }
338 }
339 }
340
341 if (isset($_GET["mode"])) {
342 /*******************************************************************
343 // This is the code to delete a user. Note that the link which invokes
344 // this is commented out. Somebody must have figured it was too dangerous.
345 //
346 if ($_GET["mode"] == "delete") {
347 $res = sqlStatement("select distinct username, id from users where id = '" .
348 $_GET["id"] . "'");
349 for ($iter = 0; $row = sqlFetchArray($res); $iter++)
350 $result[$iter] = $row;
351
352 // TBD: Before deleting the user, we should check all tables that
353 // reference users to make sure this user is not referenced!
354
355 foreach($result as $iter) {
356 sqlStatement("delete from groups where user = '" . $iter{"username"} . "'");
357 }
358 sqlStatement("delete from users where id = '" . $_GET["id"] . "'");
359 }
360 *******************************************************************/
361
362 if ($_GET["mode"] == "delete_group") {
363 $res = sqlStatement("select distinct user from groups where id = ?", array($_GET["id"]));
364 for ($iter = 0; $row = sqlFetchArray($res); $iter++) {
365 $result[$iter] = $row;
366 }
367
368 foreach ($result as $iter) {
369 $un = $iter{"user"};
370 }
371
372 $res = sqlStatement("select name, user from groups where user = '$un' " .
373 "and id != ?", array($_GET["id"]));
374
375 // Remove the user only if they are also in some other group. I.e. every
376 // user must be a member of at least one group.
377 if (sqlFetchArray($res) != false) {
378 sqlStatement("delete from groups where id = ?", array($_GET["id"]));
379 } else {
380 $alertmsg .= "You must add this user to some other group before " .
381 "removing them from this group. ";
382 }
383 }
384 }
385
386 $form_inactive = empty($_REQUEST['form_inactive']) ? false : true;
387
388 ?>
389 <html>
390 <head>
391 <title><?php echo xlt('User / Group');?></title>
392
393 <?php Header::setupHeader(['common','jquery-ui']); ?>
394
395 <script type="text/javascript">
396
397 $(document).ready(function(){
398
399 tabbify();
400
401 $(".medium_modal").on('click', function(e) {
402 e.preventDefault();e.stopPropagation();
403 dlgopen('', '', 660, 450, '', '', {
404 //onClosed: 'refreshme',
405 sizeHeight: 'auto',
406 allowResize: true,
407 allowDrag: true,
408 dialogId: '',
409 type: 'iframe',
410 url: $(this).attr('href')
411 });
412 });
413
414 });
415
416 function authorized_clicked() {
417 var f = document.forms[0];
418 f.calendar.disabled = !f.authorized.checked;
419 f.calendar.checked = f.authorized.checked;
420 }
421
422 </script>
423
424 </head>
425 <body class="body_top">
426
427 <div class="container">
428 <div class="row">
429 <div class="col-xs-12">
430 <div class="page-title">
431 <h2><?php echo xlt('User / Groups');?></h2>
432 </div>
433 </div>
434 </div>
435 <div class="row">
436 <div class="col-xs-12">
437 <div class="btn-group">
438 <a href="usergroup_admin_add.php" class="medium_modal btn btn-default btn-add"><?php echo xlt('Add User'); ?></a>
439 <a href="facility_user.php" class="btn btn-default btn-show"><?php echo xlt('View Facility Specific User Information'); ?></a>
440 </div>
441 <form name='userlist' method='post' style="display: inline;" class="form-inline" class="pull-right" action='usergroup_admin.php' onsubmit='return top.restoreSession()'>
442 <div class="checkbox">
443 <label for="form_inactive">
444 <input type='checkbox' class="form-control" id="form_inactive" name='form_inactive' value='1' onclick='submit()' <?php echo ($form_inactive) ? 'checked ' : ''; ?>>
445 <?php echo xlt('Include inactive users'); ?>
446 </label>
447 </div>
448 </form>
449 </div>
450 </div>
451 <div class="row">
452 <div class="col-xs-12">
453 <?php
454 if ($set_active_msg == 1) {
455 echo "<div class='alert alert-danger'>".xlt('Emergency Login ACL is chosen. The user is still in active state, please de-activate the user and activate the same when required during emergency situations. Visit Administration->Users for activation or de-activation.')."</div><br>";
456 }
457
458 if ($show_message == 1) {
459 echo "<div class='alert alert-danger'>".xlt('The following Emergency Login User is activated:')." "."<b>".text($_GET['fname'])."</b>"."</div><br>";
460 echo "<div class='alert alert-danger'>".xlt('Emergency Login activation email will be circulated only if following settings in the interface/globals.php file are configured:')." \$GLOBALS['Emergency_Login_email'], \$GLOBALS['Emergency_Login_email_id']</div>";
461 }
462
463 ?>
464 <div class="table-responsive">
465 <table class="table table-striped">
466 <thead>
467 <tr>
468 <th><?php echo xlt('Username'); ?></th>
469 <th><?php echo xlt('Real Name'); ?></th>
470 <th><?php echo xlt('Additional Info'); ?></th>
471 <th><?php echo xlt('Authorized'); ?>?</th>
472 <th></th>
473 </tr>
474 <tbody>
475 <?php
476 $query = "SELECT * FROM users WHERE username != '' ";
477 if (!$form_inactive) {
478 $query .= "AND active = '1' ";
479 }
480
481 $query .= "ORDER BY username";
482 $res = sqlStatement($query);
483 for ($iter = 0; $row = sqlFetchArray($res); $iter++) {
484 $result4[$iter] = $row;
485 }
486
487 foreach ($result4 as $iter) {
488 if ($iter{"authorized"}) {
489 $iter{"authorized"} = xl('yes');
490 } else {
491 $iter{"authorized"} = "";
492 }
493
494 print "<tr>
495 <td><b><a href='user_admin.php?id=" . attr($iter{"id"}) .
496 "' class='medium_modal' onclick='top.restoreSession()'>" . text($iter{"username"}) . "</a></b>" ."&nbsp;</td>
497 <td>" . text($iter{"fname"}) . ' ' . text($iter{"lname"}) ."&nbsp;</td>
498 <td>" . text($iter{"info"}) . "&nbsp;</td>
499 <td align='left'><span>" .text($iter{"authorized"}) . "&nbsp;</td>";
500 print "<td><!--<a href='usergroup_admin.php?mode=delete&id=" . attr($iter{"id"}) .
501 "' class='link_submit'>[Delete]</a>--></td>";
502 print "</tr>\n";
503 }
504 ?>
505 </tbody>
506 </table>
507 </div>
508 <?php
509 if (empty($GLOBALS['disable_non_default_groups'])) {
510 $res = sqlStatement("select * from groups order by name");
511 for ($iter = 0; $row = sqlFetchArray($res); $iter++) {
512 $result5[$iter] = $row;
513 }
514
515 foreach ($result5 as $iter) {
516 $grouplist{$iter{"name"}} .= $iter{"user"} .
517 "(<a class='link_submit' href='usergroup_admin.php?mode=delete_group&id=" .
518 attr($iter{"id"}) . "' onclick='top.restoreSession()'>" . xlt('Remove') . "</a>), ";
519 }
520
521 foreach ($grouplist as $groupname => $list) {
522 print "<span class='bold'>" . text($groupname) . "</span><br>\n<span>" .
523 text(substr($list, 0, strlen($list)-2)) . "</span><br>\n";
524 }
525 }
526 ?>
527 </div>
528 </div>
529 </div>
530 <script language="JavaScript">
531 <?php
532 if ($alertmsg = trim($alertmsg)) {
533 echo "alert('$alertmsg');\n";
534 }
535 ?>
536 </script>
537 </body>
538 </html>
Mirror of official OpenEMR Sourceforge repository