interface/patient_file/deleter.php

   1 <?php
   2  // Copyright (C) 2005-2013 Rod Roark <rod@sunsetsystems.com>
   3  //
   4  // This program is free software; you can redistribute it and/or
   5  // modify it under the terms of the GNU General Public License
   6  // as published by the Free Software Foundation; either version 2
   7  // of the License, or (at your option) any later version.
   8
   9  require_once("../globals.php");
  10  require_once("$srcdir/log.inc");
  11  require_once("$srcdir/acl.inc");
  12  require_once("$srcdir/sl_eob.inc.php");
  13
  14  $patient     = $_REQUEST['patient'];
  15  $encounterid = $_REQUEST['encounterid'];
  16  $formid      = $_REQUEST['formid'];
  17  $issue       = $_REQUEST['issue'];
  18  $document    = $_REQUEST['document'];
  19  $payment     = $_REQUEST['payment'];
  20  $billing     = $_REQUEST['billing'];
  21  $transaction = $_REQUEST['transaction'];
  22
  23  $info_msg = "";
  24
  25  // Delete rows, with logging, for the specified table using the
  26  // specified WHERE clause.
  27  //
  28  function row_delete($table, $where) {
  29   $tres = sqlStatement("SELECT * FROM $table WHERE $where");
  30   $count = 0;
  31   while ($trow = sqlFetchArray($tres)) {
  32    $logstring = "";
  33    foreach ($trow as $key => $value) {
  34     if (! $value || $value == '0000-00-00 00:00:00') continue;
  35     if ($logstring) $logstring .= " ";
  36     $logstring .= $key . "='" . addslashes($value) . "'";
  37    }
  38    newEvent("delete", $_SESSION['authUser'], $_SESSION['authProvider'], 1, "$table: $logstring");
  39    ++$count;
  40   }
  41   if ($count) {
  42    $query = "DELETE FROM $table WHERE $where";
  43    echo $query . "<br>\n";
  44    sqlStatement($query);
  45   }
  46  }
  47
  48  // Deactivate rows, with logging, for the specified table using the
  49  // specified SET and WHERE clauses.
  50  //
  51  function row_modify($table, $set, $where) {
  52   if (sqlQuery("SELECT * FROM $table WHERE $where")) {
  53    newEvent("deactivate", $_SESSION['authUser'], $_SESSION['authProvider'], 1, "$table: $where");
  54    $query = "UPDATE $table SET $set WHERE $where";
  55    echo $query . "<br>\n";
  56    sqlStatement($query);
  57   }
  58  }
  59
  60 // We use this to put dashes, colons, etc. back into a timestamp.
  61 //
  62 function decorateString($fmt, $str) {
  63   $res = '';
  64   while ($fmt) {
  65     $fc = substr($fmt, 0, 1);
  66     $fmt = substr($fmt, 1);
  67     if ($fc == '.') {
  68       $res .= substr($str, 0, 1);
  69       $str = substr($str, 1);
  70     } else {
  71       $res .= $fc;
  72     }
  73   }
  74   return $res;
  75 }
  76
  77 // Delete and undo product sales for a given patient or visit.
  78 // This is special because it has to replace the inventory.
  79 //
  80 function delete_drug_sales($patient_id, $encounter_id=0) {
  81   $where = $encounter_id ? "ds.encounter = '$encounter_id'" :
  82     "ds.pid = '$patient_id' AND ds.encounter != 0";
  83   sqlStatement("UPDATE drug_sales AS ds, drug_inventory AS di " .
  84     "SET di.on_hand = di.on_hand + ds.quantity " .
  85     "WHERE $where AND di.inventory_id = ds.inventory_id");
  86   if ($encounter_id) {
  87     row_delete("drug_sales", "encounter = '$encounter_id'");
  88   }
  89   else {
  90     row_delete("drug_sales", "pid = '$patient_id'");
  91   }
  92 }
  93
  94 // Delete a form's data from its form-specific table.
  95 //
  96 function form_delete($formdir, $formid) {
  97   $formdir = ($formdir == 'newpatient') ? 'encounter' : $formdir;
  98   if (substr($formdir,0,3) == 'LBF')
  99     row_delete("lbf_data", "form_id = '$formid'");
 100   else
 101     row_delete("form_$formdir", "id = '$formid'");
 102 }
 103
 104 // Delete a specified document including its associated relations and file.
 105 //
 106 function delete_document($document) {
 107   $trow = sqlQuery("SELECT url FROM documents WHERE id = '$document'");
 108   $url = $trow['url'];
 109   row_delete("categories_to_documents", "document_id = '$document'");
 110   row_delete("documents", "id = '$document'");
 111   row_delete("gprelations", "type1 = 1 AND id1 = '$document'");
 112   if (substr($url, 0, 7) == 'file://') {
 113     @unlink(substr($url, 7));
 114   }
 115 }
 116 ?>
 117 <html>
 118 <head>
 119 <?php html_header_show();?>
 120 <title><?php xl('Delete Patient, Encounter, Form, Issue, Document, Payment, Billing or Transaction','e'); ?></title>
 121 <link rel="stylesheet" href='<?php echo $css_header ?>' type='text/css'>
 122
 123 <style>
 124 td { font-size:10pt; }
 125 </style>
 126
 127 <script language="javascript">
 128 function submit_form()
 129 {
 130 document.deletefrm.submit();
 131 }
 132 // Java script function for closing the popup
 133 function popup_close() {
 134         if(parent.$==undefined) {
 135                 window.close();
 136          }
 137          else {
 138                 parent.$.fn.fancybox.close();
 139          }
 140 }
 141 </script>
 142 </head>
 143
 144 <body class="body_top">
 145 <?php
 146  // If the delete is confirmed...
 147  //
 148  if ($_POST['form_submit']) {
 149
 150   if ($patient) {
 151    if (!acl_check('admin', 'super')) die("Not authorized!");
 152    row_modify("billing"       , "activity = 0", "pid = '$patient'");
 153    row_modify("pnotes"        , "deleted = 1" , "pid = '$patient'");
 154    // row_modify("prescriptions" , "active = 0"  , "patient_id = '$patient'");
 155    row_delete("prescriptions"  , "patient_id = '$patient'");
 156    row_delete("claims"         , "patient_id = '$patient'");
 157    delete_drug_sales($patient);
 158    row_delete("payments"       , "pid = '$patient'");
 159    row_delete("ar_activity"    , "pid = '$patient'");
 160    row_delete("openemr_postcalendar_events", "pc_pid = '$patient'");
 161    row_delete("immunizations"  , "patient_id = '$patient'");
 162    row_delete("issue_encounter", "pid = '$patient'");
 163    row_delete("lists"          , "pid = '$patient'");
 164    row_delete("transactions"   , "pid = '$patient'");
 165    row_delete("employer_data"  , "pid = '$patient'");
 166    row_delete("history_data"   , "pid = '$patient'");
 167    row_delete("insurance_data" , "pid = '$patient'");
 168
 169    $res = sqlStatement("SELECT * FROM forms WHERE pid = '$patient'");
 170    while ($row = sqlFetchArray($res)) {
 171     form_delete($row['formdir'], $row['form_id']);
 172    }
 173    row_delete("forms", "pid = '$patient'");
 174
 175    // integration_mapping is used for sql-ledger and is virtually obsolete now.
 176    $row = sqlQuery("SELECT id FROM patient_data WHERE pid = '$patient'");
 177    row_delete("integration_mapping", "local_table = 'patient_data' AND " .
 178     "local_id = '" . $row['id'] . "'");
 179
 180    // Delete all documents for the patient.
 181    $res = sqlStatement("SELECT id FROM documents WHERE foreign_id = '$patient'");
 182    while ($row = sqlFetchArray($res)) {
 183     delete_document($row['id']);
 184    }
 185
 186    // This table exists only for athletic teams.
 187    $tmp = sqlQuery("SHOW TABLES LIKE 'daily_fitness'");
 188    if (!empty($tmp)) {
 189     row_delete("daily_fitness", "pid = '$patient'");
 190    }
 191
 192    row_delete("patient_data", "pid = '$patient'");
 193   }
 194   else if ($encounterid) {
 195    if (!acl_check('admin', 'super')) die("Not authorized!");
 196    row_modify("billing", "activity = 0", "encounter = '$encounterid'");
 197    delete_drug_sales(0, $encounterid);
 198    row_delete("ar_activity", "encounter = '$encounterid'");
 199    row_delete("claims", "encounter_id = '$encounterid'");
 200    row_delete("issue_encounter", "encounter = '$encounterid'");
 201    $res = sqlStatement("SELECT * FROM forms WHERE encounter = '$encounterid'");
 202    while ($row = sqlFetchArray($res)) {
 203     form_delete($row['formdir'], $row['form_id']);
 204    }
 205    row_delete("forms", "encounter = '$encounterid'");
 206   }
 207   else if ($formid) {
 208    if (!acl_check('admin', 'super')) die("Not authorized!");
 209    $row = sqlQuery("SELECT * FROM forms WHERE id = '$formid'");
 210    $formdir = $row['formdir'];
 211    if (! $formdir) die("There is no form with id '$formid'");
 212    form_delete($formdir, $row['form_id']);
 213    row_delete("forms", "id = '$formid'");
 214   }
 215   else if ($issue) {
 216    if (!acl_check('admin', 'super')) die("Not authorized!");
 217    row_delete("issue_encounter", "list_id = '$issue'");
 218    row_delete("lists", "id = '$issue'");
 219   }
 220   else if ($document) {
 221    if (!acl_check('admin', 'super')) die("Not authorized!");
 222    delete_document($document);
 223   }
 224   else if ($payment) {
 225    if (!acl_check('admin', 'super')) die("Not authorized!");
 226     list($patient_id, $timestamp, $ref_id) = explode(".", $payment);
 227     // if (empty($ref_id)) $ref_id = -1;
 228     $timestamp = decorateString('....-..-.. ..:..:..', $timestamp);
 229     $payres = sqlStatement("SELECT * FROM payments WHERE " .
 230       "pid = '$patient_id' AND dtime = '$timestamp'");
 231     while ($payrow = sqlFetchArray($payres)) {
 232       if ($payrow['encounter']) {
 233         $ref_id = -1;
 234         // The session ID passed in is useless. Look for the most recent
 235         // patient payment session with pay total matching pay amount and with
 236         // no adjustments. The resulting session ID may be 0 (no session) which
 237         // is why we start with -1.
 238         $tpmt = $payrow['amount1'] + $payrow['amount2'];
 239         $seres = sqlStatement("SELECT " .
 240           "SUM(pay_amount) AS pay_amount, session_id " .
 241           "FROM ar_activity WHERE " .
 242           "pid = '$patient_id' AND " .
 243           "encounter = '" . $payrow['encounter'] . "' AND " .
 244           "payer_type = 0 AND " .
 245           "adj_amount = 0.00 " .
 246           "GROUP BY session_id ORDER BY session_id DESC");
 247         while ($serow = sqlFetchArray($seres)) {
 248           if (sprintf("%01.2f", $serow['adj_amount']) != 0.00) continue;
 249           if (sprintf("%01.2f", $serow['pay_amount'] - $tpmt) == 0.00) {
 250             $ref_id = $serow['session_id'];
 251             break;
 252           }
 253         }
 254         if ($ref_id == -1) {
 255           die(xlt('Unable to match this payment in ar_activity') . ": $tpmt");
 256         }
 257         // Delete the payment.
 258         row_delete("ar_activity",
 259           "pid = '$patient_id' AND " .
 260           "encounter = '" . $payrow['encounter'] . "' AND " .
 261           "payer_type = 0 AND " .
 262           "pay_amount != 0.00 AND " .
 263           "adj_amount = 0.00 AND " .
 264           "session_id = '$ref_id'");
 265         if ($ref_id) {
 266           row_delete("ar_session",
 267             "patient_id = '$patient_id' AND " .
 268             "session_id = '$ref_id'");
 269         }
 270       }
 271       else {
 272         // Encounter is 0! Seems this happens for pre-payments.
 273         $tpmt = sprintf("%01.2f", $payrow['amount1'] + $payrow['amount2']);
 274         row_delete("ar_session",
 275           "patient_id = '$patient_id' AND " .
 276           "payer_id = 0 AND " .
 277           "reference = '" . add_escape_custom($payrow['source']) . "' AND " .
 278           "pay_total = '$tpmt' AND " .
 279           "(SELECT COUNT(*) FROM ar_activity where ar_activity.session_id = ar_session.session_id) = 0 " .
 280           "ORDER BY session_id DESC LIMIT 1");
 281       }
 282       row_delete("payments", "id = '" . $payrow['id'] . "'");
 283     }
 284   }
 285   else if ($billing) {
 286     if (!acl_check('acct','disc')) die("Not authorized!");
 287     list($patient_id, $encounter_id) = explode(".", $billing);
 288     if ($GLOBALS['oer_config']['ws_accounting']['enabled'] === 2) {
 289       sqlStatement("DELETE FROM ar_activity WHERE " .
 290         "pid = '$patient_id' AND encounter = '$encounter_id'");
 291       sqlStatement("DELETE ar_session FROM ar_session LEFT JOIN " .
 292         "ar_activity ON ar_session.session_id = ar_activity.session_id " .
 293         "WHERE ar_activity.session_id IS NULL");
 294       row_modify("billing", "activity = 0",
 295         "pid = '$patient_id' AND " .
 296         "encounter = '$encounter_id' AND " .
 297         "code_type = 'COPAY' AND " .
 298         "activity = 1");
 299       sqlStatement("UPDATE form_encounter SET last_level_billed = 0, " .
 300         "last_level_closed = 0, stmt_count = 0, last_stmt_date = NULL " .
 301         "WHERE pid = '$patient_id' AND encounter = '$encounter_id'");
 302     }
 303     else {
 304       slInitialize();
 305       $trans_id = SLQueryValue("SELECT id FROM ar WHERE ar.invnumber = '$billing' LIMIT 1");
 306       if ($trans_id) {
 307         newEvent("delete", $_SESSION['authUser'], $_SESSION['authProvider'], 1, "Invoice $billing from SQL-Ledger");
 308         SLQuery("DELETE FROM acc_trans WHERE trans_id = '$trans_id'");
 309         if ($sl_err) die($sl_err);
 310         SLQuery("DELETE FROM invoice WHERE trans_id = '$trans_id'");
 311         if ($sl_err) die($sl_err);
 312         SLQuery("DELETE FROM ar WHERE id = '$trans_id'");
 313         if ($sl_err) die($sl_err);
 314       } else {
 315         $info_msg .= "Invoice '$billing' not found!";
 316       }
 317       SLClose();
 318     }
 319     sqlStatement("UPDATE drug_sales SET billed = 0 WHERE " .
 320       "pid = '$patient_id' AND encounter = '$encounter_id'");
 321     updateClaim(true, $patient_id, $encounter_id, -1, -1, 1, 0, ''); // clears for rebilling
 322   }
 323   else if ($transaction) {
 324    if (!acl_check('admin', 'super')) die("Not authorized!");
 325    row_delete("transactions", "id = '$transaction'");
 326   }
 327   else {
 328    die("Nothing was recognized to delete!");
 329   }
 330
 331   if (! $info_msg) $info_msg = xl('Delete successful.');
 332
 333   // Close this window and tell our opener that it's done.
 334   //
 335   echo "<script language='JavaScript'>\n";
 336   if ($info_msg) echo " alert('$info_msg');\n";
 337   if ($encounterid) //this code need to be same as 'parent.imdeleted($encounterid)' when the popup is div like
 338   {
 339     echo "window.opener.imdeleted($encounterid);\n";
 340   }
 341   else
 342   {
 343     echo " if (opener && opener.imdeleted) opener.imdeleted(); else parent.imdeleted();\n";
 344   }
 345   echo " window.close();\n";
 346   echo "</script></body></html>\n";
 347   exit();
 348  }
 349 ?>
 350
 351 <form method='post' name="deletefrm" action='deleter.php?patient=<?php echo $patient ?>&encounterid=<?php echo $encounterid ?>&formid=<?php echo $formid ?>&issue=<?php echo $issue ?>&document=<?php echo $document ?>&payment=<?php echo $payment ?>&billing=<?php echo $billing ?>&transaction=<?php echo $transaction ?>' onsubmit="javascript:alert('1');document.deleform.submit();">
 352
 353 <p class="text">&nbsp;<br><?php xl('Do you really want to delete','e'); ?>
 354
 355 <?php
 356  if ($patient) {
 357   echo xl('patient') . " $patient";
 358  } else if ($encounterid) {
 359   echo xl('encounter') . " $encounterid";
 360  } else if ($formid) {
 361   echo xl('form') . " $formid";
 362  } else if ($issue) {
 363   echo xl('issue') . " $issue";
 364  } else if ($document) {
 365   echo xl('document') . " $document";
 366  } else if ($payment) {
 367   echo xl('payment') . " $payment";
 368  } else if ($billing) {
 369   echo xl('invoice') . " $billing";
 370  } else if ($transaction) {
 371   echo xl('transaction') . " $transaction";
 372  }
 373 ?> <?php xl('and all subordinate data? This action will be logged','e'); ?>!</p>
 374
 375 <center>
 376
 377 <p class="text">&nbsp;<br>
 378 <a href="#" onclick="submit_form()" class="css_button"><span><?php xl('Yes, Delete and Log','e'); ?></span></a>
 379 <input type='hidden' name='form_submit' value=<?php xl('Yes, Delete and Log','e','\'','\''); ?>/>
 380 <a href='#' class="css_button" onclick=popup_close();><span><?php echo xl('No, Cancel');?></span></a>
 381 </p>
 382
 383 </center>
 384 </form>
 385 </body>
 386 </html>