search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
remove unused calendar styles
[openemr.git] / interface / usergroup / usergroup_admin.php
blobf4ef85a7ee789f1fa434fbf5bfbf5446e1fa9cac
1 <?php
2 /**
3 * This script Assign acl 'Emergency login'.
4 *
5 * Copyright (C) 2015 Roberto Vasquez <robertogagliotta@gmail.com>
6 *
7 * LICENSE: This program is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU General Public License
9 * as published by the Free Software Foundation; either version 2
10 * of the License, or (at your option) any later version.
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
15 * You should have received a copy of the GNU General Public License
16 * along with this program. If not, see <http://opensource.org/licenses/gpl-license.php>;.
17 *
18 * @package OpenEMR
19 * @author Roberto Vasquez <robertogagliotta@gmail.com>
20 * @link http://www.open-emr.org
21 */
22
23 require_once("../globals.php");
24 require_once("../../library/acl.inc");
25 require_once("$srcdir/auth.inc");
26
27 $alertmsg = '';
28 $bg_msg = '';
29 $set_active_msg=0;
30 $show_message=0;
31
32
33 /* Sending a mail to the admin when the breakglass user is activated only if $GLOBALS['Emergency_Login_email'] is set to 1 */
34 $bg_count=count($access_group);
35 $mail_id = explode(".",$SMTP_HOST);
36 for($i=0;$i<$bg_count;$i++){
37 if(($_POST['access_group'][$i] == "Emergency Login") && ($_POST['active'] == 'on') && ($_POST['pre_active'] == 0)){
38 if(($_POST['get_admin_id'] == 1) && ($_POST['admin_id'] != "")){
39 $res = sqlStatement("select username from users where id= ? ", array($_POST["id"]));
40 $row = sqlFetchArray($res);
41 $uname=$row['username'];
42 $mail = new MyMailer();
43 $mail->From = $GLOBALS["practice_return_email_path"];
44 $mail->FromName = "Administrator OpenEMR";
45 $text_body = "Hello Security Admin,\n\n The Emergency Login user ".$uname.
46 " was activated at ".date('l jS \of F Y h:i:s A')." \n\nThanks,\nAdmin OpenEMR.";
47 $mail->Body = $text_body;
48 $mail->Subject = "Emergency Login User Activated";
49 $mail->AddAddress($_POST['admin_id']);
50 $mail->Send();
51 }
52 }
53 }
54 /* To refresh and save variables in mail frame */
55 if (isset($_POST["privatemode"]) && $_POST["privatemode"] =="user_admin") {
56 if ($_POST["mode"] == "update") {
57 if (isset($_POST["username"])) {
58 // $tqvar = addslashes(trim($_POST["username"]));
59 $tqvar = trim(formData('username','P'));
60 $user_data = sqlFetchArray(sqlStatement("select * from users where id= ? ", array($_POST["id"])));
61 sqlStatement("update users set username='$tqvar' where id= ? ", array($_POST["id"]));
62 sqlStatement("update groups set user='$tqvar' where user= ?", array($user_data["username"]));
63 //echo "query was: " ."update groups set user='$tqvar' where user='". $user_data["username"] ."'" ;
64 }
65 if ($_POST["taxid"]) {
66 $tqvar = formData('taxid','P');
67 sqlStatement("update users set federaltaxid='$tqvar' where id= ? ", array($_POST["id"]));
68 }
69 if ($_POST["state_license_number"]) {
70 $tqvar = formData('state_license_number','P');
71 sqlStatement("update users set state_license_number='$tqvar' where id= ? ", array($_POST["id"]));
72 }
73 if ($_POST["drugid"]) {
74 $tqvar = formData('drugid','P');
75 sqlStatement("update users set federaldrugid='$tqvar' where id= ? ", array($_POST["id"]));
76 }
77 if ($_POST["upin"]) {
78 $tqvar = formData('upin','P');
79 sqlStatement("update users set upin='$tqvar' where id= ? ", array($_POST["id"]));
80 }
81 if ($_POST["npi"]) {
82 $tqvar = formData('npi','P');
83 sqlStatement("update users set npi='$tqvar' where id= ? ", array($_POST["id"]));
84 }
85 if ($_POST["taxonomy"]) {
86 $tqvar = formData('taxonomy','P');
87 sqlStatement("update users set taxonomy = '$tqvar' where id= ? ", array($_POST["id"]));
88 }
89 if ($_POST["lname"]) {
90 $tqvar = formData('lname','P');
91 sqlStatement("update users set lname='$tqvar' where id= ? ", array($_POST["id"]));
92 }
93 if ($_POST["job"]) {
94 $tqvar = formData('job','P');
95 sqlStatement("update users set specialty='$tqvar' where id= ? ", array($_POST["id"]));
96 }
97 if ($_POST["mname"]) {
98 $tqvar = formData('mname','P');
99 sqlStatement("update users set mname='$tqvar' where id= ? ", array($_POST["id"]));
100 }
101 if ($_POST["facility_id"]) {
102 $tqvar = formData('facility_id','P');
103 sqlStatement("update users set facility_id = '$tqvar' where id = ? ", array($_POST["id"]));
104 //(CHEMED) Update facility name when changing the id
105 sqlStatement("UPDATE users, facility SET users.facility = facility.name WHERE facility.id = '$tqvar' AND users.id = {$_POST["id"]}");
106 //END (CHEMED)
107 }
108 if ($GLOBALS['restrict_user_facility'] && $_POST["schedule_facility"]) {
109 sqlStatement("delete from users_facility
110 where tablename='users'
111 and table_id= ?
112 and facility_id not in (" . implode(",", $_POST['schedule_facility']) . ")", array($_POST["id"]));
113 foreach($_POST["schedule_facility"] as $tqvar) {
114 sqlStatement("replace into users_facility set
115 facility_id = '$tqvar',
116 tablename='users',
117 table_id = {$_POST["id"]}");
118 }
119 }
120 if ($_POST["fname"]) {
121 $tqvar = formData('fname','P');
122 sqlStatement("update users set fname='$tqvar' where id= ? ", array($_POST["id"]));
123 }
124
125 if (isset($_POST['default_warehouse'])) {
126 sqlStatement("UPDATE users SET default_warehouse = '" .
127 formData('default_warehouse','P') .
128 "' WHERE id = '" . formData('id','P') . "'");
129 }
130
131 if (isset($_POST['irnpool'])) {
132 sqlStatement("UPDATE users SET irnpool = '" .
133 formData('irnpool','P') .
134 "' WHERE id = '" . formData('id','P') . "'");
135 }
136
137 if ($_POST["adminPass"] && $_POST["clearPass"]) {
138 require_once("$srcdir/authentication/password_change.php");
139 $clearAdminPass=$_POST['adminPass'];
140 $clearUserPass=$_POST['clearPass'];
141 $password_err_msg="";
142 $success=update_password($_SESSION['authId'],$_POST['id'],$clearAdminPass,$clearUserPass,$password_err_msg);
143 if(!$success)
144 {
145 error_log($password_err_msg);
146 $alertmsg.=$password_err_msg;
147 }
148 }
149
150 $tqvar = $_POST["authorized"] ? 1 : 0;
151 $actvar = $_POST["active"] ? 1 : 0;
152 $calvar = $_POST["calendar"] ? 1 : 0;
153
154 sqlStatement("UPDATE users SET authorized = $tqvar, active = $actvar, " .
155 "calendar = $calvar, see_auth = ? WHERE " .
156 "id = ? ", array($_POST['see_auth'], $_POST["id"]));
157 //Display message when Emergency Login user was activated
158 $bg_count=count($_POST['access_group']);
159 for($i=0;$i<$bg_count;$i++){
160 if(($_POST['access_group'][$i] == "Emergency Login") && ($_POST['pre_active'] == 0) && ($actvar == 1)){
161 $show_message = 1;
162 }
163 }
164 if(($_POST['access_group'])){
165 for($i=0;$i<$bg_count;$i++){
166 if(($_POST['access_group'][$i] == "Emergency Login") && ($_POST['user_type']) == "" && ($_POST['check_acl'] == 1) && ($_POST['active']) != ""){
167 $set_active_msg=1;
168 }
169 }
170 }
171 if ($_POST["comments"]) {
172 $tqvar = formData('comments','P');
173 sqlStatement("update users set info = '$tqvar' where id = ? ", array($_POST["id"]));
174 }
175 $erxrole = formData('erxrole','P');
176 sqlStatement("update users set newcrop_user_role = '$erxrole' where id = ? ", array($_POST["id"]));
177
178 if ($_POST["physician_type"]) {
179 $physician_type = formData('physician_type');
180 sqlStatement("update users set physician_type = '$physician_type' where id = ? ", array($_POST["id"]));
181 }
182
183 if (isset($phpgacl_location) && acl_check('admin', 'acl')) {
184 // Set the access control group of user
185 $user_data = sqlFetchArray(sqlStatement("select username from users where id= ?", array($_POST["id"])));
186 set_user_aro($_POST['access_group'], $user_data["username"],
187 formData('fname','P'), formData('mname','P'), formData('lname','P'));
188 }
189 }
190 }
191
192 /* To refresh and save variables in mail frame - Arb*/
193 if (isset($_POST["mode"])) {
194 if ($_POST["mode"] == "new_user") {
195 if ($_POST["authorized"] != "1") {
196 $_POST["authorized"] = 0;
197 }
198 // $_POST["info"] = addslashes($_POST["info"]);
199
200 $calvar = $_POST["calendar"] ? 1 : 0;
201
202 $res = sqlStatement("select distinct username from users where username != ''");
203 $doit = true;
204 while ($row = sqlFetchArray($res)) {
205 if ($doit == true && $row['username'] == trim(formData('rumple'))) {
206 $doit = false;
207 }
208 }
209
210 if ($doit == true) {
211 require_once("$srcdir/authentication/password_change.php");
212
213 //if password expiration option is enabled, calculate the expiration date of the password
214 if($GLOBALS['password_expiration_days'] != 0){
215 $exp_days = $GLOBALS['password_expiration_days'];
216 $exp_date = date('Y-m-d', strtotime("+$exp_days days"));
217 }
218
219 $insertUserSQL=
220 "insert into users set " .
221 "username = '" . trim(formData('rumple' )) .
222 "', password = '" . 'NoLongerUsed' .
223 "', fname = '" . trim(formData('fname' )) .
224 "', mname = '" . trim(formData('mname' )) .
225 "', lname = '" . trim(formData('lname' )) .
226 "', federaltaxid = '" . trim(formData('federaltaxid' )) .
227 "', state_license_number = '" . trim(formData('state_license_number' )) .
228 "', newcrop_user_role = '" . trim(formData('erxrole' )) .
229 "', physician_type = '" . trim(formData('physician_type' )) .
230 "', authorized = '" . trim(formData('authorized' )) .
231 "', info = '" . trim(formData('info' )) .
232 "', federaldrugid = '" . trim(formData('federaldrugid')) .
233 "', upin = '" . trim(formData('upin' )) .
234 "', npi = '" . trim(formData('npi' )).
235 "', taxonomy = '" . trim(formData('taxonomy' )) .
236 "', facility_id = '" . trim(formData('facility_id' )) .
237 "', specialty = '" . trim(formData('specialty' )) .
238 "', see_auth = '" . trim(formData('see_auth' )) .
239 "', default_warehouse = '" . trim(formData('default_warehouse')) .
240 "', irnpool = '" . trim(formData('irnpool' )) .
241 "', calendar = '" . $calvar .
242 "', pwd_expiration_date = '" . trim("$exp_date") .
243 "'";
244
245 $clearAdminPass=$_POST['adminPass'];
246 $clearUserPass=$_POST['stiltskin'];
247 $password_err_msg="";
248 $prov_id="";
249 $success = update_password($_SESSION['authId'], 0, $clearAdminPass, $clearUserPass,
250 $password_err_msg, true, $insertUserSQL, trim(formData('rumple')), $prov_id);
251 error_log($password_err_msg);
252 $alertmsg .=$password_err_msg;
253 if($success)
254 {
255 //set the facility name from the selected facility_id
256 sqlStatement("UPDATE users, facility SET users.facility = facility.name WHERE facility.id = '" . trim(formData('facility_id')) . "' AND users.username = '" . trim(formData('rumple')) . "'");
257
258 sqlStatement("insert into groups set name = '" . trim(formData('groupname')) .
259 "', user = '" . trim(formData('rumple')) . "'");
260
261 if (isset($phpgacl_location) && acl_check('admin', 'acl') && trim(formData('rumple'))) {
262 // Set the access control group of user
263 set_user_aro($_POST['access_group'], trim(formData('rumple')),
264 trim(formData('fname')), trim(formData('mname')), trim(formData('lname')));
265 }
266 }
267
268
269
270 } else {
271 $alertmsg .= xl('User','','',' ') . trim(formData('rumple')) . xl('already exists.','',' ');
272 }
273 if($_POST['access_group']){
274 $bg_count=count($_POST['access_group']);
275 for($i=0;$i<$bg_count;$i++){
276 if($_POST['access_group'][$i] == "Emergency Login"){
277 $set_active_msg=1;
278 }
279 }
280 }
281 }
282 else if ($_POST["mode"] == "new_group") {
283 $res = sqlStatement("select distinct name, user from groups");
284 for ($iter = 0; $row = sqlFetchArray($res); $iter++)
285 $result[$iter] = $row;
286 $doit = 1;
287 foreach ($result as $iter) {
288 if ($doit == 1 && $iter{"name"} == trim(formData('groupname')) && $iter{"user"} == trim(formData('rumple')))
289 $doit--;
290 }
291 if ($doit == 1) {
292 sqlStatement("insert into groups set name = '" . trim(formData('groupname')) .
293 "', user = '" . trim(formData('rumple')) . "'");
294 } else {
295 $alertmsg .= "User " . trim(formData('rumple')) .
296 " is already a member of group " . trim(formData('groupname')) . ". ";
297 }
298 }
299 }
300
301 if (isset($_GET["mode"])) {
302
303 /*******************************************************************
304 // This is the code to delete a user. Note that the link which invokes
305 // this is commented out. Somebody must have figured it was too dangerous.
306 //
307 if ($_GET["mode"] == "delete") {
308 $res = sqlStatement("select distinct username, id from users where id = '" .
309 $_GET["id"] . "'");
310 for ($iter = 0; $row = sqlFetchArray($res); $iter++)
311 $result[$iter] = $row;
312
313 // TBD: Before deleting the user, we should check all tables that
314 // reference users to make sure this user is not referenced!
315
316 foreach($result as $iter) {
317 sqlStatement("delete from groups where user = '" . $iter{"username"} . "'");
318 }
319 sqlStatement("delete from users where id = '" . $_GET["id"] . "'");
320 }
321 *******************************************************************/
322
323 if ($_GET["mode"] == "delete_group") {
324 $res = sqlStatement("select distinct user from groups where id = ?", array($_GET["id"]));
325 for ($iter = 0; $row = sqlFetchArray($res); $iter++)
326 $result[$iter] = $row;
327 foreach($result as $iter)
328 $un = $iter{"user"};
329 $res = sqlStatement("select name, user from groups where user = '$un' " .
330 "and id != ?", array($_GET["id"]));
331
332 // Remove the user only if they are also in some other group. I.e. every
333 // user must be a member of at least one group.
334 if (sqlFetchArray($res) != FALSE) {
335 sqlStatement("delete from groups where id = ?", array($_GET["id"]));
336 } else {
337 $alertmsg .= "You must add this user to some other group before " .
338 "removing them from this group. ";
339 }
340 }
341 }
342
343 $form_inactive = empty($_REQUEST['form_inactive']) ? false : true;
344
345 ?>
346 <html>
347 <head>
348 <title><?php xl('User / Group', 'e');?></title>
349 <link rel="stylesheet" href="<?php echo $css_header;?>" type="text/css">
350 <link rel="stylesheet" href="<?php echo $GLOBALS['assets_static_relative'];?>/bootstrap-3-3-4/dist/css/bootstrap.css" type="text/css">
351 <?php if ($_SESSION['language_direction'] == 'rtl'): ?>
352 <link rel="stylesheet" href="<?php echo $GLOBALS['assets_static_relative'];?>/bootstrap-rtl-3-3-4/dist/css/bootstrap-rtl.css" type="text/css">
353 <?php endif; ?>
354 <link rel="stylesheet" type="text/css" href="<?php echo $GLOBALS['webroot'] ?>/library/js/fancybox/jquery.fancybox-1.2.6.css" media="screen" />
355 <script type="text/javascript" src="<?php echo $GLOBALS['webroot'] ?>/library/dialog.js?v=<?php echo $v_js_includes; ?>"></script>
356 <script type="text/javascript" src="<?php echo $GLOBALS['assets_static_relative']; ?>/jquery-min-1-3-2/index.js"></script>
357 <script type="text/javascript" src="<?php echo $GLOBALS['webroot'] ?>/library/js/common.js"></script>
358 <script type="text/javascript" src="<?php echo $GLOBALS['webroot'] ?>/library/js/fancybox/jquery.fancybox-1.2.6.js"></script>
359 <script type="text/javascript" src="<?php echo $GLOBALS['webroot'] ?>/library/js/jquery-ui.js"></script>
360 <script type="text/javascript" src="<?php echo $GLOBALS['webroot'] ?>/library/js/jquery.easydrag.handler.beta2.js"></script>
361 <script type="text/javascript">
362
363 $(document).ready(function(){
364
365 // fancy box
366 enable_modals();
367
368 tabbify();
369
370 // special size for
371 $(".iframe_medium").fancybox( {
372 'overlayOpacity' : 0.0,
373 'showCloseButton' : true,
374 'frameHeight' : 450,
375 'frameWidth' : 660
376 });
377
378 $(function(){
379 // add drag and drop functionality to fancybox
380 $("#fancy_outer").easydrag();
381 });
382 });
383
384 function authorized_clicked() {
385 var f = document.forms[0];
386 f.calendar.disabled = !f.authorized.checked;
387 f.calendar.checked = f.authorized.checked;
388 }
389
390 </script>
391
392 </head>
393 <body class="body_top">
394
395 <div class="container">
396 <div class="row">
397 <div class="col-xs-12">
398 <div class="page-title">
399 <h1><?php xl('User / Groups', 'e');?></h1>
400 </div>
401 </div>
402 </div>
403 <div class="row">
404 <div class="col-xs-12">
405 <div class="btn-group">
406 <a href="usergroup_admin_add.php" class="iframe_medium btn btn-default btn-add"><?php xl('Add User','e'); ?></a>
407 <a href="facility_user.php" class="btn btn-default"><?php xl('View Facility Specific User Information','e'); ?></a>
408 </div>
409 <form name='userlist' method='post' style="display: inline;" class="form-inline" class="pull-right" action='usergroup_admin.php' onsubmit='return top.restoreSession()'>
410 <div class="checkbox">
411 <label for="form_inactive">
412 <input type='checkbox' class="form-control" id="form_inactive" name='form_inactive' value='1' onclick='submit()' <?php if ($form_inactive) echo 'checked '; ?>>
413 <?php xl('Include inactive users','e'); ?>
414 </label>
415 </div>
416 </form>
417 </div>
418 </div>
419 <div class="row">
420 <div class="col-xs-12">
421 <?php
422 if ($set_active_msg == 1) {
423 echo "<div class='alert alert-danger'>".xl('Emergency Login ACL is chosen. The user is still in active state, please de-activate the user and activate the same when required during emergency situations. Visit Administration->Users for activation or de-activation.')."</div><br>";
424 }
425 if ($show_message == 1) {
426 echo "<div class='alert alert-danger'>".xl('The following Emergency Login User is activated:')." "."<b>".$_GET['fname']."</b>"."</div><br>";
427 echo "<div class='alert alert-danger'>".xl('Emergency Login activation email will be circulated only if following settings in the interface/globals.php file are configured:')." \$GLOBALS['Emergency_Login_email'], \$GLOBALS['Emergency_Login_email_id']</div>";
428 }
429
430 ?>
431 <table class="table table-striped">
432 <thead>
433 <tr>
434 <th><?php xl('Username','e'); ?></th>
435 <th><?php xl('Real Name','e'); ?></th>
436 <th><?php xl('Additional Info','e'); ?></th>
437 <th><?php xl('Authorized','e'); ?>?</th>
438 </tr>
439 <tbody>
440 <?php
441 $query = "SELECT * FROM users WHERE username != '' ";
442 if (!$form_inactive) $query .= "AND active = '1' ";
443 $query .= "ORDER BY username";
444 $res = sqlStatement($query);
445 for ($iter = 0;$row = sqlFetchArray($res);$iter++)
446 $result4[$iter] = $row;
447 foreach ($result4 as $iter) {
448 if ($iter{"authorized"}) {
449 $iter{"authorized"} = xl('yes');
450 } else {
451 $iter{"authorized"} = "";
452 }
453 print "<tr>
454 <td><b><a href='user_admin.php?id=" . $iter{"id"} .
455 "' class='iframe_medium' onclick='top.restoreSession()'>" . $iter{"username"} . "</a></b>" ."&nbsp;</td>
456 <td>" . attr($iter{"fname"}) . ' ' . attr($iter{"lname"}) ."&nbsp;</td>
457 <td>" . attr($iter{"info"}) . "&nbsp;</td>
458 <td align='left'><span>" .$iter{"authorized"} . "&nbsp;</td>";
459 print "<td><!--<a href='usergroup_admin.php?mode=delete&id=" . $iter{"id"} .
460 "' class='link_submit'>[Delete]</a>--></td>";
461 print "</tr>\n";
462 }
463 ?>
464 </tbody>
465 </table>
466 <?php
467 if (empty($GLOBALS['disable_non_default_groups'])) {
468 $res = sqlStatement("select * from groups order by name");
469 for ($iter = 0;$row = sqlFetchArray($res);$iter++)
470 $result5[$iter] = $row;
471
472 foreach ($result5 as $iter) {
473 $grouplist{$iter{"name"}} .= $iter{"user"} .
474 "(<a class='link_submit' href='usergroup_admin.php?mode=delete_group&id=" .
475 $iter{"id"} . "' onclick='top.restoreSession()'>Remove</a>), ";
476 }
477
478 foreach ($grouplist as $groupname => $list) {
479 print "<span class='bold'>" . $groupname . "</span><br>\n<span>" .
480 substr($list,0,strlen($list)-2) . "</span><br>\n";
481 }
482 }
483 ?>
484 </div>
485 </div>
486 </div>
487 <script language="JavaScript">
488 <?php
489 if ($alertmsg = trim($alertmsg)) {
490 echo "alert('$alertmsg');\n";
491 }
492 ?>
493 </script>
494 </body>
495 </html>
Mirror of official OpenEMR Sourceforge repository