7 * @link http://www.open-emr.org
8 * @author Brady Miller <brady.g.miller@gmail.com>
9 * @author Rod Roark <rod@sunsetsystems.com>
10 * @copyright Copyright (c) 2017-2018 Brady Miller <brady.g.miller@gmail.com>
11 * @license https://github.com/openemr/openemr/blob/master/LICENSE GNU General Public License 3
14 require_once("../globals.php");
15 require_once("$srcdir/calendar.inc");
16 require_once("$srcdir/options.inc.php");
17 require_once("$srcdir/erx_javascript.inc.php");
19 use OpenEMR\Common\Acl\AclExtended
;
20 use OpenEMR\Common\Acl\AclMain
;
21 use OpenEMR\Common\Csrf\CsrfUtils
;
22 use OpenEMR\Core\Header
;
23 use OpenEMR\Menu\MainMenuRole
;
24 use OpenEMR\Menu\PatientMenuRole
;
25 use OpenEMR\Services\FacilityService
;
26 use OpenEMR\Services\UserService
;
28 $facilityService = new FacilityService();
30 if (!AclMain
::aclCheckCore('admin', 'users')) {
40 <?php Header
::setupHeader(['common','opener']); ?
>
42 <script src
="checkpwd_validation.js"></script
>
44 <!-- validation library
-->
45 <!--//Not lbf forms use the new validation, please make sure you have the corresponding values in the list Page validation-->
46 <?php
$use_validate_js = 1;?
>
47 <?php
require_once($GLOBALS['srcdir'] . "/validation/validation_script.js.php"); ?
>
49 //Gets validation rules from Page Validation list.
50 //Note that for technical reasons, we are bypassing the standard validateUsingPageRules() call.
51 $collectthis = collectValidationPageRules("/interface/usergroup/usergroup_admin_add.php");
52 if (empty($collectthis)) {
53 $collectthis = "undefined";
55 $collectthis = json_sanitize($collectthis["new_user"]["rules"]);
61 * validation on the form with new client side validation (using validate.js).
62 * this enable to add new rules for this form in the pageValidation list.
64 var collectvalidation
= <?php
echo $collectthis; ?
>;
66 function trimAll(sString
)
68 while (sString
.substring(0,1) == ' ')
70 sString
= sString
.substring(1, sString
.length
);
72 while (sString
.substring(sString
.length
-1, sString
.length
) == ' ')
74 sString
= sString
.substring(0,sString
.length
-1);
79 function submitform() {
81 var valid
= submitme(1, undefined
, 'new_user', collectvalidation
);
86 //Checking if secure password is enabled or disabled.
87 //If it is enabled and entered password is a weak password, alert the user to enter strong password.
88 if(document
.new_user
.secure_pwd
.value
== 1){
89 var password
= trim(document
.new_user
.stiltskin
.value
);
91 var pwdresult
= passwordvalidate(password
);
94 <?php
echo xlj('The password must be at least eight characters, and should'); ?
> +
96 <?php
echo xlj('contain at least three of the four following items:'); ?
> +
98 <?php
echo xlj('A number'); ?
> +
100 <?php
echo xlj('A lowercase letter'); ?
> +
102 <?php
echo xlj('An uppercase letter'); ?
> +
104 <?php
echo xlj('A special character'); ?
> +
107 <?php
echo xlj('not a letter or number'); ?
> +
110 <?php
echo xlj('For example:'); ?
> +
116 } //secure_pwd if ends here
118 <?php
if ($GLOBALS['erx_enable']) { ?
>
121 for(i
=0;i
<f
.length
;i++
){
122 if(f
[i
].type
=='text' && f
[i
].value
)
124 if(f
[i
].name
== 'rumple')
126 alertMsg +
= checkLength(f
[i
].name
,f
[i
].value
,35);
127 alertMsg +
= checkUsername(f
[i
].name
,f
[i
].value
);
129 else if(f
[i
].name
== 'fname' || f
[i
].name
== 'mname' || f
[i
].name
== 'lname')
131 alertMsg +
= checkLength(f
[i
].name
,f
[i
].value
,35);
132 alertMsg +
= checkUsername(f
[i
].name
,f
[i
].value
);
134 else if(f
[i
].name
== 'federaltaxid')
136 alertMsg +
= checkLength(f
[i
].name
,f
[i
].value
,10);
137 alertMsg +
= checkFederalEin(f
[i
].name
,f
[i
].value
);
139 else if(f
[i
].name
== 'state_license_number')
141 alertMsg +
= checkLength(f
[i
].name
,f
[i
].value
,10);
142 alertMsg +
= checkStateLicenseNumber(f
[i
].name
,f
[i
].value
);
144 else if(f
[i
].name
== 'npi')
146 alertMsg +
= checkLength(f
[i
].name
,f
[i
].value
,35);
147 alertMsg +
= checkTaxNpiDea(f
[i
].name
,f
[i
].value
);
149 else if(f
[i
].name
== 'federaldrugid')
151 alertMsg +
= checkLength(f
[i
].name
,f
[i
].value
,30);
152 alertMsg +
= checkAlphaNumeric(f
[i
].name
,f
[i
].value
);
161 <?php
} // End erx_enable only include block?>
163 let post_url
= $
("#new_user").attr("action");
164 let request_method
= $
("#new_user").attr("method");
165 let form_data
= $
("#new_user").serialize();
169 type
: request_method
,
171 }).done(function (r
) {
175 dlgclose('reload', false);
181 function authorized_clicked() {
182 var f
= document
.forms
[0];
183 f
.calendar
.disabled
= !f
.authorized
.checked
;
184 f
.calendar
.checked
= f
.authorized
.checked
;
189 .physician_type_class
{
190 width
: 120px
!important
;
193 width
: 120px
!important
;
197 <body
class="body_top">
199 <div
class="container">
202 <span
class="title"><?php
echo xlt('Add User'); ?
></span
> 
;</td
>
204 <a
class="btn btn-secondary btn-save" name
='form_save' id
='form_save' href
='#' onclick
="return submitform()">
205 <span
><?php
echo xlt('Save'); ?
></span
></a
>
206 <a
class="btn btn-link btn-cancel" id
='cancel' href
='#'>
207 <span
><?php
echo xlt('Cancel');?
></span
>
216 <form name
='new_user' id
="new_user" method
='post' action
="usergroup_admin.php">
217 <input type
="hidden" name
="csrf_token_form" value
="<?php echo attr(CsrfUtils::collectCsrfToken()); ?>" />
219 <input type
='hidden' name
='mode' value
='new_user'>
220 <input type
='hidden' name
='secure_pwd' value
="<?php echo attr($GLOBALS['secure_password']); ?>">
222 <span
class="font-weight-bold"> 
;</span
>
223 <table
class="border-0" cellpadding
='0' cellspacing
='0' style
="width:600px;">
225 <td style
="width:150px;"><span
class="text"><?php
echo xlt('Username'); ?
>: </span
></td
><td style
="width:220px;"><input type
="text" name
="rumple" style
="width:120px;" class="form-control"><span
class="mandatory"></span
></td
>
226 <?php
if (empty($GLOBALS['gbl_ldap_enabled']) ||
empty($GLOBALS['gbl_ldap_exclusions'])) { ?
>
227 <td style
="width:150px;"><span
class="text"><?php
echo xlt('Password'); ?
>: </span
></td
><td style
="width:250px;"><input type
="password" style
="width:120px;" name
="stiltskin" class="form-control"><span
class="mandatory"></span
></td
>
229 <td
><input type
="hidden" value
="124" name
="stiltskin" /></td
>
233 <td style
="width:150px;"></td
><td style
="width:220px;"></td
>
234 <td style
="width:200px;"><span
class='text'><?php
echo xlt('Your Password'); ?
>: </span
></td
>
235 <td
class='text' style
="width:280px;"><input type
='password' name
=adminPass style
="width:120px;" value
="" autocomplete
='off' class="form-control"><font
class="mandatory"></font
></td
>
239 <td
><span
class="text"<?php
echo ($GLOBALS['disable_non_default_groups']) ?
" style='display: none'" : ""; ?
>><?php
echo xlt('Groupname'); ?
>: </span
></td
>
241 <select name
="groupname" class="form-control"<?php
echo ($GLOBALS['disable_non_default_groups']) ?
" style='display:none'" : ""; ?
>>
243 $res = sqlStatement("select distinct name from `groups`");
245 for ($iter = 0; $row = sqlFetchArray($res); $iter++
) {
246 $result2[$iter] = $row;
249 foreach ($result2 as $iter) {
250 print "<option value='" . attr($iter["name"]) . "'>" . text($iter["name"]) . "</option>\n";
254 <td colspan
="2"><span
class="text"><?php
echo xlt('Provider'); ?
>: </span
>
255 <input type
='checkbox' name
='authorized' value
='1' onclick
='authorized_clicked()' />
256 <span
class='text'><?php
echo xlt('Calendar'); ?
>:
257 <input type
='checkbox' name
='calendar' disabled
/></span
>
258 <span
class=text
><?php
echo xlt('Portal'); ?
>:
259 <input type
="checkbox" name
="portal_user" /></span
>
263 <td
><span
class="text"><?php
echo xlt('First Name'); ?
>: </span
></td
><td
><input type
="text" name
='fname' id
='fname' style
="width:120px;" class="form-control"><span
class="mandatory"></span
></td
>
264 <td
><span
class="text"><?php
echo xlt('Middle Name'); ?
>: </span
></td
><td
><input type
="text" name
='mname' style
="width:120px;" class="form-control"></td
>
267 <td
><span
class="text"><?php
echo xlt('Last Name'); ?
>: </span
></td
><td
><input type
="text" name
='lname' id
='lname' style
="width:120px;" class="form-control"><span
class="mandatory"></span
></td
>
268 <td
><span
class="text"><?php
echo xlt('Default Facility'); ?
>: </span
></td
>
270 <select style
="width:120px;" name
=facility_id
class="form-control">
272 $fres = $facilityService->getAllServiceLocations();
274 for ($iter = 0; $iter < sizeof($fres); $iter++
) {
275 $result[$iter] = $fres[$iter];
278 foreach ($result as $iter) {
280 <option value
="<?php echo attr($iter['id']); ?>"><?php
echo text($iter['name']); ?
></option
>
288 <td
><span
class="text"><?php
echo xlt('Federal Tax ID'); ?
>: </span
></td
><td
><input type
="text" name
='federaltaxid' style
="width:120px;" class="form-control"></td
>
289 <td
><span
class="text"><?php
echo xlt('DEA number'); ?
>: </span
></td
><td
><input type
="text" name
='federaldrugid' style
="width:120px;" class="form-control"></td
>
292 <td
><span
class="text"><?php
echo xlt('UPIN'); ?
>: </span
></td
><td
><input type
="text" name
="upin" style
="width:120px;" class="form-control"></td
>
293 <td
class='text'><?php
echo xlt('See Authorizations'); ?
>: </td
>
294 <td
><select name
="see_auth" style
="width:120px;" class="form-control">
296 foreach (array(1 => xl('None{{Authorization}}'), 2 => xl('Only Mine'), 3 => xl('All')) as $key => $value) {
297 echo " <option value='" . attr($key) . "'";
298 echo ">" . text($value) . "</option>\n";
304 <td
><span
class="text"><?php
echo xlt('NPI'); ?
>: </span
></td
><td
><input type
="text" name
="npi" style
="width:120px;" class="form-control"></td
>
305 <td
><span
class="text"><?php
echo xlt('Job Description'); ?
>: </span
></td
><td
><input type
="text" name
="specialty" style
="width:120px;" class="form-control"></td
>
310 <span
class="text"><?php
echo xlt('Provider Type'); ?
>: </span
>
313 <?php
echo generate_select_list("physician_type", "physician_type", '', '', xl('Select Type'), 'physician_type_class', '', '', ''); ?
>
318 <span
class="text"><?php
echo xlt('Main Menu Role'); ?
>: </span
>
322 $menuMain = new MainMenuRole($GLOBALS['kernel']->getEventDispatcher());
323 echo $menuMain->displayMenuRoleSelector();
327 <span
class="text"><?php
echo xlt('Patient Menu Role'); ?
>: </span
>
331 $menuPatient = new PatientMenuRole();
332 echo $menuPatient->displayMenuRoleSelector();
338 <td
><span
class="text"><?php
echo xlt('Taxonomy'); ?
>: </span
></td
>
339 <td
><input type
="text" name
="taxonomy" style
="width:120px;" class="form-control" value
="207Q00000X"></td
>
340 <td
><span
class="text"><?php
echo xlt('Supervisor'); ?
>: </span
></td
>
342 <select name
="supervisor_id" style
="width:150px;" class="form-control">
343 <option value
=""><?php
echo xlt("Select Supervisor") ?
></option
>
345 $userService = new UserService();
346 $users = $userService->getActiveUsers();
347 foreach ($users as $activeUser) {
348 $p_id = (int)$activeUser['id'];
349 if ($activeUser['authorized'] != 1) {
352 echo "<option value='" . attr($p_id) . "'";
353 if ((int)($iter["supervisor_id"] ??
null) === $p_id) {
356 echo ">" . text($activeUser['lname']) . ' ' .
357 text($activeUser['fname']) . ' ' . text($activeUser['mname']) . "</option>\n";
363 <td
><span
class="text"><?php
echo xlt('State License Number'); ?
>: </span
></td
>
364 <td
><input type
="text" name
="state_license_number" style
="width:120px;" class="form-control"></td
>
365 <td
class='text'><?php
echo xlt('NewCrop eRX Role'); ?
>:</td
>
367 <?php
echo generate_select_list("erxrole", "newcrop_erx_role", '', '', '--Select Role--', '', '', '', array('style' => 'width:120px')); ?
>
371 <td
><span
class="text"><?php
echo xlt('Weno Provider ID'); ?
>: </span
></td
><td
><input type
="text" name
="erxprid" style
="width:120px;" class="form-control" value
="<?php echo attr($iter["weno_prov_id
"] ?? ''); ?>"></td
>
372 <td
><span
class="text"><?php
echo xlt('Google Email for Login'); ?
>: </span
></td
><td
><input type
="text" name
="google_signin_email" style
="width:150px;" class="form-control" value
="<?php echo attr($iter["google_signin_email
"]); ?>"></td
>
374 <?php
if ($GLOBALS['inhouse_pharmacy']) { ?
>
376 <td
class="text"><?php
echo xlt('Default Warehouse'); ?
>: </td
>
379 echo generate_select_list(
387 <td
class="text"><?php
echo xlt('Invoice Refno Pool'); ?
>: </td
>
390 echo generate_select_list(
394 xl('Invoice reference number pool, if used')
401 <!-- facility
and warehouse restrictions
, optional
-->
402 <?php
if (!empty($GLOBALS['gbl_fac_warehouse_restrictions']) ||
!empty($GLOBALS['restrict_user_facility'])) { ?
>
403 <tr title
="<?php echo xla('If nothing is selected here then all are permitted.'); ?>">
404 <td
class="text"><?php
echo !empty($GLOBALS['gbl_fac_warehouse_restrictions']) ?
405 xlt('Facility and warehouse permissions') : xlt('Facility permissions'); ?
>:</td
>
407 <select name
="schedule_facility[]" multiple style
="width:490px;">
409 $user_id = 0; // in user_admin.php this is intval($_GET["id"]).
410 $userFacilities = getUserFacilities($user_id, 'id', $GLOBALS['gbl_fac_warehouse_restrictions']);
412 foreach ($userFacilities as $uf) {
415 $fres = sqlStatement("select * from facility order by name");
417 while ($frow = sqlFetchArray($fres)) {
418 // Get the warehouses that are linked to this user and facility.
419 $whids = getUserFacWH($user_id, $frow['id']); // from calendar.inc
420 // Generate an option for just the facility with no warehouse restriction.
422 if (empty($whids) && in_array($frow['id'], $ufid)) {
425 echo " value='" . attr($frow['id']) . "'>" . text($frow['name']) . "</option>\n";
426 // Then generate an option for each of the facility's warehouses.
427 // Does not apply if the site does not use warehouse restrictions.
428 if (!empty($GLOBALS['gbl_fac_warehouse_restrictions'])) {
429 $lres = sqlStatement(
430 "SELECT option_id, title FROM list_options WHERE " .
431 "list_id = ? AND option_value = ? ORDER BY seq, title",
432 array('warehouse', $frow['id'])
434 while ($lrow = sqlFetchArray($lres)) {
436 if (in_array($lrow['option_id'], $whids)) {
439 echo " value='" . attr($frow['id']) . "/" . attr($lrow['option_id']) . "'> " .
440 text(xl_list_label($lrow['title'])) . "</option>\n";
452 <td
class='text'><?php
echo xlt('Access Control'); ?
>:</td
>
453 <td
><select name
="access_group[]" multiple style
="width:120px;" class="form-control">
455 // List the access control groups
456 $is_super_user = AclMain
::aclCheckCore('admin', 'super');
457 $list_acl_groups = AclExtended
::aclGetGroupTitleList($is_super_user ?
true : false);
458 $default_acl_group = 'Administrators';
459 foreach ($list_acl_groups as $value) {
460 if ($is_super_user && $default_acl_group == $value) {
461 // Modified 6-2009 by BM - Translate group name if applicable
462 echo " <option value='" . attr($value) . "' selected>" . text(xl_gacl_group($value)) . "</option>\n";
464 // Modified 6-2009 by BM - Translate group name if applicable
465 echo " <option value='" . attr($value) . "'>" . text(xl_gacl_group($value)) . "</option>\n";
470 <td
><span
class="text"><?php
echo xlt('Additional Info'); ?
>: </span
></td
>
471 <td
><textarea name
=info style
="width:120px;" cols
='27' rows
='4' wrap
='auto' class="form-control"></textarea
></td
>
474 <tr height
="25"><td colspan
="4"> 
;</td
></tr
>
479 <input type
="hidden" name
="newauthPass">
485 <tr
<?php
echo ($GLOBALS['disable_non_default_groups']) ?
" style='display:none'" : ""; ?
>>
488 <form name
='new_group' method
='post' action
="usergroup_admin.php"
489 onsubmit
='return top.restoreSession()'>
490 <input type
="hidden" name
="csrf_token_form" value
="<?php echo attr(CsrfUtils::collectCsrfToken()); ?>" />
492 <input type
='hidden' name
='mode' value
='new_group' />
493 <span
class="bold"><?php
echo xlt('New Group'); ?
>:</span
>
496 <span
class="text"><?php
echo xlt('Groupname'); ?
>: </span
><input type
="text" name
='groupname' size
='10'>
498 <span
class="text"><?php
echo xlt('Initial User'); ?
>: </span
>
499 <select name
='rumple'>
501 $res = sqlStatement("select distinct username from users where username != ''");
502 for ($iter = 0; $row = sqlFetchArray($res); $iter++
) {
503 $result[$iter] = $row;
506 foreach ($result as $iter) {
507 print "<option value='" . attr($iter["username"]) . "'>" . text($iter["username"]) . "</option>\n";
512 <input type
="submit" value
="<?php echo xla('Save'); ?>" />
518 <tr
<?php
echo ($GLOBALS['disable_non_default_groups']) ?
" style='display:none'" : ""; ?
>>
521 <form name
='new_group' method
='post' action
="usergroup_admin.php"
522 onsubmit
='return top.restoreSession()'>
523 <input type
="hidden" name
="csrf_token_form" value
="<?php echo attr(CsrfUtils::collectCsrfToken()); ?>" />
524 <input type
='hidden' name
='mode' value
='new_group' />
525 <span
class="bold"><?php
echo xlt('Add User To Group'); ?
>:</span
>
529 <?php
echo xlt('User'); ?
>
531 <select name
='rumple'>
533 $res = sqlStatement("select distinct username from users where username != ''");
534 for ($iter = 0; $row = sqlFetchArray($res); $iter++
) {
535 $result3[$iter] = $row;
538 foreach ($result3 as $iter) {
539 print "<option value='" . attr($iter["username"]) . "'>" . text($iter["username"]) . "</option>\n";
544 <span
class="text"><?php
echo xlt('Groupname'); ?
>: </span
>
545 <select name
='groupname'>
547 $res = sqlStatement("select distinct name from `groups`");
549 for ($iter = 0; $row = sqlFetchArray($res); $iter++
) {
550 $result2[$iter] = $row;
553 foreach ($result2 as $iter) {
554 print "<option value='" . attr($iter["name"]) . "'>" . text($iter["name"]) . "</option>\n";
559 <input type
="submit" value
="<?php echo xla('Add User To Group'); ?>" />
567 if (empty($GLOBALS['disable_non_default_groups'])) {
568 $res = sqlStatement("select * from `groups` order by name");
569 for ($iter = 0; $row = sqlFetchArray($res); $iter++
) {
570 $result5[$iter] = $row;
573 foreach ($result5 as $iter) {
574 $grouplist[$iter["name"]] .= $iter["user"] .
575 "(<a class='link_submit' href='usergroup_admin.php?mode=delete_group&id=" .
576 attr_url($iter["id"]) . "&csrf_token_form=" . attr_url(CsrfUtils
::collectCsrfToken()) . "' onclick='top.restoreSession()'>" . xlt("Remove") . "</a>), ";
579 foreach ($grouplist as $groupname => $list) {
580 print "<span class='font-weight-bold'>" . text($groupname) . "</span><br />\n<span class='text'>" .
581 text(substr($list, 0, strlen($list) - 2)) . "</span><br />\n";
588 if ($alertmsg = trim($alertmsg)) {
589 echo "alert('" . js_escape($alertmsg) . "');\n";
593 $
("#cancel").click(function() {