2 // This program is free software; you can redistribute it and/or
3 // modify it under the terms of the GNU General Public License
4 // as published by the Free Software Foundation; either version 2
5 // of the License, or (at your option) any later version.
6 require_once("../globals.php");
7 require_once("../../library/acl.inc");
8 require_once("$srcdir/sha1.js");
9 require_once("$srcdir/sql.inc");
10 require_once("$srcdir/calendar.inc");
11 require_once("$srcdir/formdata.inc.php");
12 require_once("$srcdir/options.inc.php");
13 require_once(dirname(__FILE__
) . "/../../library/classes/WSProvider.class.php");
14 require_once("$srcdir/erx_javascript.inc.php");
16 if (!$_GET["id"] ||
!acl_check('admin', 'users'))
19 if ($_GET["mode"] == "update") {
20 if ($_GET["username"]) {
21 // $tqvar = addslashes(trim($_GET["username"]));
22 $tqvar = trim(formData('username','G'));
23 $user_data = mysql_fetch_array(sqlStatement("select * from users where id={$_GET["id
"]}"));
24 sqlStatement("update users set username='$tqvar' where id={$_GET["id
"]}");
25 sqlStatement("update groups set user='$tqvar' where user='". $user_data["username"] ."'");
26 //echo "query was: " ."update groups set user='$tqvar' where user='". $user_data["username"] ."'" ;
29 $tqvar = formData('taxid','G');
30 sqlStatement("update users set federaltaxid='$tqvar' where id={$_GET["id
"]}");
32 if ($_GET["drugid"]) {
33 $tqvar = formData('drugid','G');
34 sqlStatement("update users set federaldrugid='$tqvar' where id={$_GET["id
"]}");
37 $tqvar = formData('upin','G');
38 sqlStatement("update users set upin='$tqvar' where id={$_GET["id
"]}");
41 $tqvar = formData('npi','G');
42 sqlStatement("update users set npi='$tqvar' where id={$_GET["id
"]}");
44 if ($_GET["taxonomy"]) {
45 $tqvar = formData('taxonomy','G');
46 sqlStatement("update users set taxonomy = '$tqvar' where id= {$_GET["id
"]}");
49 $tqvar = formData('lname','G');
50 sqlStatement("update users set lname='$tqvar' where id={$_GET["id
"]}");
53 $tqvar = formData('job','G');
54 sqlStatement("update users set specialty='$tqvar' where id={$_GET["id
"]}");
57 $tqvar = formData('mname','G');
58 sqlStatement("update users set mname='$tqvar' where id={$_GET["id
"]}");
60 if ($_GET["facility_id"]) {
61 $tqvar = formData('facility_id','G');
62 sqlStatement("update users set facility_id = '$tqvar' where id = {$_GET["id
"]}");
63 //(CHEMED) Update facility name when changing the id
64 sqlStatement("UPDATE users, facility SET users.facility = facility.name WHERE facility.id = '$tqvar' AND users.id = {$_GET["id
"]}");
67 if ($GLOBALS['restrict_user_facility'] && $_GET["schedule_facility"]) {
68 sqlStatement("delete from users_facility
69 where tablename='users'
70 and table_id={$_GET["id
"]}
71 and facility_id not in (" . implode(",", $_GET['schedule_facility']) . ")");
72 foreach($_GET["schedule_facility"] as $tqvar) {
73 sqlStatement("replace into users_facility set
74 facility_id = '$tqvar',
76 table_id = {$_GET["id
"]}");
80 $tqvar = formData('fname','G');
81 sqlStatement("update users set fname='$tqvar' where id={$_GET["id
"]}");
83 //(CHEMED) Calendar UI preference
84 if ($_GET["cal_ui"]) {
85 $tqvar = formData('cal_ui','G');
86 sqlStatement("update users set cal_ui = '$tqvar' where id = {$_GET["id
"]}");
88 // added by bgm to set this session variable if the current user has edited
90 if ($_SESSION['authId'] == $_GET["id"]) {
91 $_SESSION['cal_ui'] = $tqvar;
94 //END (CHEMED) Calendar UI preference
96 if (isset($_GET['default_warehouse'])) {
97 sqlStatement("UPDATE users SET default_warehouse = '" .
98 formData('default_warehouse','G') .
99 "' WHERE id = '" . formData('id','G') . "'");
102 if (isset($_GET['irnpool'])) {
103 sqlStatement("UPDATE users SET irnpool = '" .
104 formData('irnpool','G') .
105 "' WHERE id = '" . formData('id','G') . "'");
108 if ($_GET["newauthPass"] && $_GET["newauthPass"] != "d41d8cd98f00b204e9800998ecf8427e") { // account for empty
109 $tqvar = formData('newauthPass','G');
110 sqlStatement("update users set password='$tqvar' where id={$_GET["id
"]}");
113 // for relay health single sign-on
114 if ($_GET["ssi_relayhealth"]) {
115 $tqvar = formData('ssi_relayhealth','G');
116 sqlStatement("update users set ssi_relayhealth = '$tqvar' where id = {$_GET["id
"]}");
119 $tqvar = $_GET["authorized"] ?
1 : 0;
120 $actvar = $_GET["active"] ?
1 : 0;
121 $calvar = $_GET["calendar"] ?
1 : 0;
123 sqlStatement("UPDATE users SET authorized = $tqvar, active = $actvar, " .
124 "calendar = $calvar, see_auth = '" . $_GET['see_auth'] . "' WHERE " .
125 "id = {$_GET["id
"]}");
127 if ($_GET["comments"]) {
128 $tqvar = formData('comments','G');
129 sqlStatement("update users set info = '$tqvar' where id = {$_GET["id
"]}");
132 if (isset($phpgacl_location) && acl_check('admin', 'acl')) {
133 // Set the access control group of user
134 $user_data = mysql_fetch_array(sqlStatement("select username from users where id={$_GET["id
"]}"));
135 set_user_aro($_GET['access_group'], $user_data["username"],
136 formData('fname','G'), formData('mname','G'), formData('lname','G'));
139 $ws = new WSProvider($_GET['id']);
141 /*Dont move usergroup_admin (1).php just close window
142 // On a successful update, return to the users list.
143 include("usergroup_admin.php");
146 <script type="text/javascript">
148 parent.$.fn.fancybox.close();
155 $res = sqlStatement("select * from users where id={$_GET["id
"]}");
156 for ($iter = 0;$row = sqlFetchArray($res);$iter++
)
157 $result[$iter] = $row;
161 if (isset($_POST["mode"])) {
163 <script type="text/javascript">
165 parent.$.fn.fancybox.close();
178 <link rel
="stylesheet" href
="<?php echo $css_header; ?>" type
="text/css">
179 <script type
="text/javascript" src
="../../library/dialog.js"></script
>
180 <script type
="text/javascript" src
="../../library/js/jquery.1.3.2.js"></script
>
181 <script type
="text/javascript" src
="../../library/js/common.js"></script
>
182 <script src
="checkpwd_validation.js" type
="text/javascript"></script
>
184 <script language
="JavaScript">
185 function checkChange()
187 alert("<?php echo addslashes(xl('If you change e-RX Role for ePrescription, it may affect the ePrescription workflow. If you face any difficulty, contact your ePrescription vendor.'));?>");
189 function submitform() {
190 top
.restoreSession();
192 function trimAll(sString
)
194 while (sString
.substring(0,1) == ' ')
196 sString
= sString
.substring(1, sString
.length
);
198 while (sString
.substring(sString
.length
-1, sString
.length
) == ' ')
200 sString
= sString
.substring(0,sString
.length
-1);
204 if(trimAll(document
.getElementById('fname').value
) == ""){
205 alert("<?php xl('Required field missing: Please enter the First name','e');?>");
206 document
.getElementById('fname').style
.backgroundColor
="red";
207 document
.getElementById('fname').focus();
210 if(trimAll(document
.getElementById('lname').value
) == ""){
211 alert("<?php xl('Required field missing: Please enter the Last name','e');?>");
212 document
.getElementById('lname').style
.backgroundColor
="red";
213 document
.getElementById('lname').focus();
216 if(document
.forms
[0].clearPass
.value
!="")
218 //Checking for the strong password if the 'secure password' feature is enabled
219 if(document
.forms
[0].secure_pwd
.value
== 1)
221 var pwdresult
= passwordvalidate(document
.forms
[0].clearPass
.value
);
224 alert("<?php echo xl('The password must be at least eight characters, and should'); echo '\n'; echo xl('contain at least three of the four following items:'); echo '\n'; echo xl('A number'); echo '\n'; echo xl('A lowercase letter'); echo '\n'; echo xl('An uppercase letter'); echo '\n'; echo xl('A special character');echo '('; echo xl('not a letter or number'); echo ').'; echo '\n'; echo xl('For example:'); echo ' healthCare@09'; ?>");
228 //Checking for password history if the 'password history' feature is enabled.
229 if(document
.forms
[0].pwd_history
.value
== 1){
230 // ViCareplus : As per NIST standard, the SHA1 encryption algorithm is used
231 var p
= SHA1(document
.forms
[0].clearPass
.value
);
232 var p1
= document
.forms
[0].pwd
.value
;
233 var p2
= document
.forms
[0].pwd_history1
.value
;
234 var p3
= document
.forms
[0].pwd_history2
.value
;
235 if((p
== p1
) ||
(p
== p2
) ||
(p
== p3
))
238 document
.getElementById('error_message').innerHTML
="<?php xl('Recent three passwords are not allowed.',e) ?>";
243 }//If pwd null ends here
244 //Request to reset the user password if the user was deactived once the password expired.
245 if((document
.forms
[0].pwd_expires
.value
!= 0) && (document
.forms
[0].clearPass
.value
== "")) {
246 if((document
.forms
[0].user_type
.value
!= "Emergency Login") && (document
.forms
[0].pre_active
.value
== 0) && (document
.forms
[0].active
.checked
== 1) && (document
.forms
[0].grace_time
.value
!= "") && (document
.forms
[0].current_date
.value
) > (document
.forms
[0].grace_time
.value
))
249 document
.getElementById('error_message').innerHTML
="<?php xl('Please reset the password.',e) ?>";
252 var sel
= getSelected(document
.forms
[0].access_group_id
.options
);
253 for (var item in sel
){
254 if(sel
[item
].value
== "Emergency Login"){
255 document
.forms
[0].check_acl
.value
= 1;
258 <?php
if($GLOBALS['erx_enable']){ ?
>
261 for(i
=0;i
<f
.length
;i++
){
262 if(f
[i
].type
=='text' && f
[i
].value
)
264 if(f
[i
].name
== 'fname' || f
[i
].name
== 'mname' || f
[i
].name
== 'lname')
266 alertMsg +
= checkLength(f
[i
].name
,f
[i
].value
,35);
267 alertMsg +
= checkUsername(f
[i
].name
,f
[i
].value
);
269 else if(f
[i
].name
== 'taxid')
271 alertMsg +
= checkLength(f
[i
].name
,f
[i
].value
,10);
272 alertMsg +
= checkFederalEin(f
[i
].name
,f
[i
].value
);
274 else if(f
[i
].name
== 'state_license_number')
276 alertMsg +
= checkLength(f
[i
].name
,f
[i
].value
,10);
277 alertMsg +
= checkStateLicenseNumber(f
[i
].name
,f
[i
].value
);
279 else if(f
[i
].name
== 'npi')
281 alertMsg +
= checkLength(f
[i
].name
,f
[i
].value
,10);
282 alertMsg +
= checkTaxNpiDea(f
[i
].name
,f
[i
].value
);
284 else if(f
[i
].name
== 'drugid')
286 alertMsg +
= checkLength(f
[i
].name
,f
[i
].value
,30);
287 alertMsg +
= checkAlphaNumeric(f
[i
].name
,f
[i
].value
);
298 // ViCareplus : As per NIST standard, SHA1 encryption algorithm is used
299 document
.forms
[0].newauthPass
.value
=SHA1(document
.forms
[0].clearPass
.value
);document
.forms
[0].clearPass
.value
='';
300 document
.forms
[0].submit();
301 parent
.$
.fn
.fancybox
.close();
304 //Getting the list of selected item in ACL
305 function getSelected(opt
) {
306 var selected
= new Array();
308 for (var intLoop
= 0; intLoop
< opt
.length
; intLoop++
) {
309 if ((opt
[intLoop
].selected
) ||
310 (opt
[intLoop
].checked
)) {
311 index
= selected
.length
;
312 selected
[index
] = new Object;
313 selected
[index
].value
= opt
[intLoop
].value
;
314 selected
[index
].index
= intLoop
;
320 function authorized_clicked() {
321 var f
= document
.forms
[0];
322 f
.calendar
.disabled
= !f
.authorized
.checked
;
323 f
.calendar
.checked
= f
.authorized
.checked
;
329 <body
class="body_top">
331 <span
class="title"><?php
xl('Edit User','e'); ?
></span
> 
;
333 <a
class="css_button" name
='form_save' id
='form_save' href
='#' onclick
='return submitform()'> <span
><?php
xl('Save','e');?
></span
> </a
>
334 <a
class="css_button" id
='cancel' href
='#'><span
><?php
xl('Cancel','e');?
></span
></a
>
338 <FORM NAME
="user_form" METHOD
="GET" ACTION
="usergroup_admin.php" target
="_parent" onsubmit
='return top.restoreSession()'>
339 <input type
=hidden name
="pwd_history" value
="<? echo $GLOBALS['password_history']; ?>" >
340 <input type
=hidden name
="pwd_history1" value
="<? echo $iter["pwd_history1
"]; ?>" >
341 <input type
=hidden name
="pwd_history2" value
="<? echo $iter["pwd_history2
"]; ?>" >
342 <input type
=hidden name
="pwd" value
="<? echo $iter["password
"]; ?>" >
344 <input type
=hidden name
="pwd_expires" value
="<? echo $GLOBALS['password_expiration_days']; ?>" >
345 <input type
=hidden name
="pre_active" value
="<? echo $iter["active
"]; ?>" >
346 <input type
=hidden name
="exp_date" value
="<? echo $iter["pwd_expiration_date
"]; ?>" >
347 <input type
=hidden name
="get_admin_id" value
="<? echo $GLOBALS['Emergency_Login_email']; ?>" >
348 <input type
=hidden name
="admin_id" value
="<? echo $GLOBALS['Emergency_Login_email_id']; ?>" >
349 <input type
=hidden name
="check_acl" value
="">
351 //Calculating the grace time
352 $current_date = date("Y-m-d");
353 $password_exp=$iter["pwd_expiration_date"];
354 if($password_exp != "0000-00-00")
356 $grace_time1 = date("Y-m-d", strtotime($password_exp . "+".$GLOBALS['password_grace_time'] ."days"));
359 <input type
=hidden name
="current_date" value
="<? echo strtotime($current_date); ?>" >
360 <input type
=hidden name
="grace_time" value
="<? echo strtotime($grace_time1); ?>" >
361 <!-- Get the
list ACL
for the user
-->
363 $acl_name=acl_get_group_titles($iter["username"]);
364 $bg_count=count($acl_name);
365 for($i=0;$i<$bg_count;$i++
){
366 if($acl_name[$i] == "Emergency Login")
367 $bg_name=$acl_name[$i];
370 <input type
=hidden name
="user_type" value
="<? echo $bg_name; ?>" >
372 <TABLE border
=0 cellpadding
=0 cellspacing
=0>
374 <TD style
="width:180px;"><span
class=text
><?php
xl('Username','e'); ?
>: </span
></TD
><TD style
="width:270px;"><input type
=entry name
=username style
="width:150px;" value
="<?php echo $iter["username
"]; ?>" disabled
></td
>
375 <TD style
="width:200px;"><span
class=text
><?php
xl('Password','e'); ?
>: </span
></TD
><TD
class='text' style
="width:280px;"><input type
=entry name
=clearPass style
="width:150px;" value
=""><font
class="mandatory">*</font
></td
>
378 <TR height
="30" style
="valign:middle;">
379 <td
><span
class="text"> 
;</span
></td
><td
> 
;</td
>
380 <td colspan
="2"><span
class=text
><?php
xl('Provider','e'); ?
>:
381 <input type
="checkbox" name
="authorized" onclick
="authorized_clicked()"<?php
382 if ($iter["authorized"]) echo " checked"; ?
> />
383  
; 
;<span
class='text'><?php
xl('Calendar','e'); ?
>:
384 <input type
="checkbox" name
="calendar"<?php
385 if ($iter["calendar"]) echo " checked";
386 if (!$iter["authorized"]) echo " disabled"; ?
> />
387  
; 
;<span
class='text'><?php
xl('Active','e'); ?
>:
388 <input type
="checkbox" name
="active"<?php
if ($iter["active"]) echo " checked"; ?
> />
393 <TD
><span
class=text
><?php
xl('First Name','e'); ?
>: </span
></TD
>
394 <TD
><input type
=entry name
=fname id
=fname style
="width:150px;" value
="<?php echo $iter["fname
"]; ?>"><span
class="mandatory"> 
;*</span
></td
>
395 <td
><span
class=text
><?php
xl('Middle Name','e'); ?
>: </span
></TD
><td
><input type
=entry name
=mname style
="width:150px;" value
="<?php echo $iter["mname
"]; ?>"></td
>
399 <td
><span
class=text
><?php
xl('Last Name','e'); ?
>: </span
></td
><td
><input type
=entry name
=lname id
=lname style
="width:150px;" value
="<?php echo $iter["lname
"]; ?>"><span
class="mandatory"> 
;*</span
></td
>
400 <td
><span
class=text
><?php
xl('Default Facility','e'); ?
>: </span
></td
><td
><select name
=facility_id style
="width:150px;" >
402 $fres = sqlStatement("select * from facility where service_location != 0 order by name");
404 for ($iter2 = 0; $frow = sqlFetchArray($fres); $iter2++
)
405 $result[$iter2] = $frow;
406 foreach($result as $iter2) {
408 <option value
="<?php echo $iter2['id']; ?>" <?php
if ($iter['facility_id'] == $iter2['id']) echo "selected"; ?
>><?php
echo htmlspecialchars($iter2['name']); ?
></option
>
416 <?php
if ($GLOBALS['restrict_user_facility']) { ?
>
418 <td colspan
=2> 
;</td
>
419 <td
><span
class=text
><?php
xl('Schedule Facilities:', 'e');?
></td
>
421 <select name
="schedule_facility[]" multiple style
="width:150px;" >
423 $userFacilities = getUserFacilities($_GET['id']);
425 foreach($userFacilities as $uf)
427 $fres = sqlStatement("select * from facility where service_location != 0 order by name");
429 while($frow = sqlFetchArray($fres)):
431 <option
<?php
echo in_array($frow['id'], $ufid) ||
$frow['id'] == $iter['facility_id'] ?
"selected" : null ?
>
432 value
="<?php echo $frow['id'] ?>"><?php
echo htmlspecialchars($frow['name']) ?
></option
>
443 <TD
><span
class=text
><?php
xl('Federal Tax ID','e'); ?
>: </span
></TD
><TD
><input type
=text name
=taxid style
="width:150px;" value
="<?php echo $iter["federaltaxid
"]?>"></td
>
444 <TD
><span
class=text
><?php
xl('Federal Drug ID','e'); ?
>: </span
></TD
><TD
><input type
=text name
=drugid style
="width:150px;" value
="<?php echo $iter["federaldrugid
"]?>"></td
>
448 <td
><span
class="text"><?php
xl('UPIN','e'); ?
>: </span
></td
><td
><input type
="text" name
="upin" style
="width:150px;" value
="<?php echo $iter["upin
"]?>"></td
>
449 <td
class='text'><?php
xl('See Authorizations','e'); ?
>: </td
>
450 <td
><select name
="see_auth" style
="width:150px;" >
452 foreach (array(1 => xl('None'), 2 => xl('Only Mine'), 3 => xl('All')) as $key => $value)
454 echo " <option value='$key'";
455 if ($key == $iter['see_auth']) echo " selected";
456 echo ">$value</option>\n";
463 <td
><span
class="text"><?php
xl('NPI','e'); ?
>: </span
></td
><td
><input type
="text" name
="npi" style
="width:150px;" value
="<?php echo $iter["npi
"]?>"></td
>
464 <td
><span
class="text"><?php
xl('Job Description','e'); ?
>: </span
></td
><td
><input type
="text" name
="job" style
="width:150px;" value
="<?php echo $iter["specialty
"]?>"></td
>
467 <?php
if (!empty($GLOBALS['ssi']['rh'])) { ?
>
469 <td
><span
class="text"><?php
xl('Relay Health ID', 'e'); ?
>: </span
></td
>
470 <td
><input type
="password" name
="ssi_relayhealth" style
="width:150px;" value
="<?php echo $iter["ssi_relayhealth
"]; ?>"></td
>
474 <!-- (CHEMED
) Calendar UI preference
-->
476 <td
><span
class="text"><?php
xl('Taxonomy','e'); ?
>: </span
></td
>
477 <td
><input type
="text" name
="taxonomy" style
="width:150px;" value
="<?php echo $iter["taxonomy
"]?>"></td
>
478 <td
><span
class="text"><?php
xl('Calendar UI','e'); ?
>: </span
></td
><td
><select name
="cal_ui" style
="width:150px;" >
480 foreach (array(3 => xl('Outlook'), 1 => xl('Original'), 2 => xl('Fancy')) as $key => $value)
482 echo " <option value='$key'";
483 if ($key == $iter['cal_ui']) echo " selected";
484 echo ">$value</option>\n";
489 <!-- END (CHEMED
) Calendar UI preference
-->
492 <td
><span
class="text"><?php
xl('State License Number','e'); ?
>: </span
></td
>
493 <td
><input type
="text" name
="state_license_number" style
="width:150px;" value
="<?php echo $iter["state_license_number
"]?>"></td
>
494 <td
class='text'><?php
xl('NewCrop eRX Role','e'); ?
>:</td
>
496 <?php
echo generate_select_list("erxrole", "newcrop_erx_role", $iter['newcrop_user_role'],'','--Select Role--','','','',array('style'=>'width:150px')); ?
>
500 <?php
if ($GLOBALS['inhouse_pharmacy']) { ?
>
502 <td
class="text"><?php
xl('Default Warehouse','e'); ?
>: </td
>
505 echo generate_select_list('default_warehouse', 'warehouse',
506 $iter['default_warehouse'], '');
509 <td
class="text"><?php
xl('Invoice Refno Pool','e'); ?
>: </td
>
512 echo generate_select_list('irnpool', 'irnpool', $iter['irnpool'],
513 xl('Invoice reference number pool, if used'));
520 // Collect the access control group of user
521 if (isset($phpgacl_location) && acl_check('admin', 'acl')) {
524 <td
class='text'><?php
xl('Access Control','e'); ?
>:</td
>
525 <td
><select id
="access_group_id" name
="access_group[]" multiple style
="width:150px;" >
527 $list_acl_groups = acl_get_group_title_list();
528 $username_acl_groups = acl_get_group_titles($iter["username"]);
529 foreach ($list_acl_groups as $value) {
530 if (($username_acl_groups) && in_array($value,$username_acl_groups)) {
531 // Modified 6-2009 by BM - Translate group name if applicable
532 echo " <option value='$value' selected>" . xl_gacl_group($value) . "</option>\n";
535 // Modified 6-2009 by BM - Translate group name if applicable
536 echo " <option value='$value'>" . xl_gacl_group($value) . "</option>\n";
541 <td
><span
class=text
><?php
xl('Additional Info','e'); ?
>:</span
></td
>
542 <td
><textarea style
="width:150px;" name
="comments" wrap
=auto rows
=4 cols
=25><?php
echo $iter["info"];?
></textarea
></td
>
545 <tr height
="20" valign
="bottom">
546 <td colspan
="4" class="text">
547 <font
class="mandatory">*</font
> <?php
xl('Leave blank to keep password unchanged.','e'); ?
>
549 Display red alert
if entered password matched one of last three passwords
/Display red alert
if user password was expired
and the user was inactivated previously
551 <div
class="redtext" id
="error_message"> 
;</div
>
559 <INPUT TYPE
="HIDDEN" NAME
="id" VALUE
="<?php echo $_GET["id
"]; ?>">
560 <INPUT TYPE
="HIDDEN" NAME
="mode" VALUE
="update">
561 <INPUT TYPE
="HIDDEN" NAME
="privatemode" VALUE
="user_admin">
562 <INPUT TYPE
="HIDDEN" NAME
="newauthPass" VALUE
="">
563 <INPUT TYPE
="HIDDEN" NAME
="secure_pwd" VALUE
="<? echo $GLOBALS['secure_password']; ?>">
565 <script language
="JavaScript">
566 $
(document
).ready(function(){
567 $
("#cancel").click(function() {
568 parent
.$
.fn
.fancybox
.close();
578 // d41d8cd98f00b204e9800998ecf8427e == blank