3 use OpenEMR\Common\Acl\AclMain;
5 $GLOBALS['form_exit_url'] = "javascript:parent.closeTab(window.name, false)";
7 function getFormByEncounter(
10 $cols = "form_id, form_name",
12 $orderby = "FIND_IN_SET(formdir,'vitals') DESC, date DESC"
15 global $attendant_type;
16 $arraySqlBind = array();
17 $sql = "select " . escape_sql_column_name(process_cols_escape($cols), array('forms')) . " from forms where encounter = ? and deleted = 0 ";
18 array_push($arraySqlBind, $encounter);
20 $sql .= "and form_name=? ";
21 array_push($arraySqlBind, $name);
24 if ($attendant_type == 'pid') {
25 $sql .= " and pid=? and therapy_group_id IS NULL ";
27 $sql .= " and therapy_group_id = ? and pid IS NULL ";
30 array_push($arraySqlBind, $attendant_id);
32 // Default $orderby puts vitals first in the list, and newpatient last:
33 $sql .= "ORDER BY $orderby";
35 $res = sqlStatement($sql, $arraySqlBind);
37 for ($iter = 0; $row = sqlFetchArray($res); $iter++) {
54 $therapy_group = 'not_given'
57 global $attendant_type;
59 $user = $_SESSION['authUser'];
63 $group = $_SESSION['authProvider'];
66 if ($therapy_group == 'not_given') {
67 $therapy_group = $attendant_type == 'pid' ? null : $_SESSION['therapy_group'];
70 //print_r($_SESSION['therapy_group']);die;
71 $arraySqlBind = array();
72 $sql = "insert into forms (date, encounter, form_name, form_id, pid, " .
73 "user, groupname, authorized, formdir, therapy_group_id) values (";
74 if ($date == "NOW()") {
78 array_push($arraySqlBind, $date);
81 $sql .= ", ?, ?, ?, ?, ?, ?, ?, ?, ?)";
82 array_push($arraySqlBind, $encounter, $form_name, $form_id, $pid, $user, $group, $authorized, $formdir, $therapy_group);
83 return sqlInsert($sql, $arraySqlBind);
86 function authorizeForm($id, $authorized = "1")
88 sqlQuery("UPDATE forms SET authorized = ? WHERE id = ? AND deleted = 0", array($authorized, $id));
91 function getEncounters($pid, $dateStart = '', $dateEnd = '', $encounterRuleType = '')
93 $arraySqlBind = array();
95 if ($encounterRuleType) {
96 // Only collect certain type of encounters (list_options item from the rule_enc_types list that is mapped via enc_category_map table)
97 $from = "form_encounter LEFT JOIN enc_category_map ON (form_encounter.pc_catid = enc_category_map.main_cat_id)";
98 $where = "enc_category_map.rule_enc_id = ? and ";
99 array_push($arraySqlBind, $encounterRuleType);
101 // Collect all encounters
102 $from = "form_encounter";
105 if ($dateStart && $dateEnd) {
106 $where .= "form_encounter.pid = ? and form_encounter.date >= ? and form_encounter.date <= ?";
107 array_push($arraySqlBind, $pid, $dateStart, $dateEnd);
108 } elseif ($dateStart && !$dateEnd) {
109 $where .= "form_encounter.pid = ? and form_encounter.date >= ?";
110 array_push($arraySqlBind, $pid, $dateStart);
111 } elseif (!$dateStart && $dateEnd) {
112 $where .= "form_encounter.pid = ? and form_encounter.date <= ?";
113 array_push($arraySqlBind, $pid, $dateEnd);
115 $where .= "form_encounter.pid = ?";
116 array_push($arraySqlBind, $pid);
119 //Not table escaping $from since this is hard-coded above and can include more than just a table name
120 $res = sqlStatement("SELECT distinct encounter FROM " . $from . " WHERE " . $where . " ORDER by date desc", $arraySqlBind);
123 for ($iter = 0; $row = sqlFetchArray($res); $iter++) {
130 function getEncounterDateByEncounter($encounter)
132 global $attendant_type;
133 $table = $attendant_type == 'pid' ? 'form_encounter' : 'form_groups_encounter';
134 // $sql = "select date from forms where encounter='$encounter' order by date";
135 $sql = "SELECT date FROM " . escape_table_name($table) . " WHERE encounter = ? ORDER BY date";
136 return sqlQuery($sql, array($encounter));
139 function getProviderIdOfEncounter($encounter)
141 global $attendant_type;
142 $table = $attendant_type == 'pid' ? 'form_encounter' : 'form_groups_encounter';
143 $sql = "SELECT provider_id FROM " . escape_table_name($table) . " WHERE encounter=? ORDER BY date";
144 $res = sqlQuery($sql, array($encounter));
145 return $res['provider_id'];
148 function getFormNameByFormdirAndFormid($formdir, $form_id)
150 return sqlQuery("SELECT form_name FROM forms WHERE formdir = ? AND form_id = ? AND deleted = 0", array($formdir, $form_id));
153 function getFormIdByFormdirAndFormid($formdir, $form_id)
155 $result = sqlQuery("select id from forms where formdir = ? and form_id = ? and deleted = 0 ", array( $formdir, $form_id ));
156 return $result['id'];
159 function getFormNameByFormdir($formdir)
161 return sqlQuery("SELECT form_name FROM forms WHERE formdir = ? AND deleted = 0", array($formdir));
164 function getDocumentsByEncounter($patientID = null, $encounterID = null)
166 $allDocuments = null;
167 $currentEncounter = ( $encounterID ) ? $encounterID : $_SESSION['encounter'];
168 $currentPatient = ( $patientID ) ? $patientID : $_SESSION['pid'];
170 if ($currentPatient != "" && $currentEncounter != "") {
171 $sql = "SELECT d.id, d.type, d.url, d.name as document_name, d.docdate, d.list_id, c.name, d.encounter_id FROM documents AS d, categories_to_documents AS cd,
172 categories AS c WHERE d.foreign_id = ? AND d.encounter_id=? AND cd.document_id = d.id AND c.id = cd.category_id ORDER BY d.docdate DESC, d.id DESC";
173 $res = sqlStatement($sql, array($currentPatient,$currentEncounter));
175 while ($row = sqlFetchArray($res)) {
176 $allDocuments[] = $row;
180 return $allDocuments;
183 function hasFormPermission($formDir)
185 // get the aco spec from registry table
186 $formRow = sqlQuery("SELECT aco_spec FROM registry WHERE directory = ?", array($formDir));
187 $permission = explode('|', $formRow['aco_spec']);
188 return AclMain::aclCheckCore($permission[0], $permission[1]);