search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
csrf ongoing work (#1803)
[openemr.git] / interface / super / layout_service_codes.php
blob79f7c73f7fe55e24f802a96de84225c61c32dcb3
1 <?php
2 /**
3 * Upload designated service codes as "services=" attributes for designated layouts.
4 * This supports specifying related codes to determine the service codes to be used.
5 *
6 * @package OpenEMR
7 * @link http://www.open-emr.org
8 * @author Rod Roark <rod@sunsetsystems.com>
9 * @copyright Copyright (c) 2016 Rod Roark <rod@sunsetsystems.com>
10 * @license https://github.com/openemr/openemr/blob/master/LICENSE GNU General Public License 3
11 */
12
13 require_once('../globals.php');
14 require_once($GLOBALS['srcdir'] . '/acl.inc');
15 require_once($GLOBALS['fileroot'] . '/custom/code_types.inc.php');
16
17 if (!acl_check('admin', 'super')) {
18 die(xlt('Not authorized'));
19 }
20
21 $form_dryrun = !empty($_POST['form_dryrun']);
22
23 function applyCode($layoutid, $codetype, $code, $description)
24 {
25 global $thecodes;
26 if (!isset($thecodes[$layoutid])) {
27 $thecodes[$layoutid] = array();
28 }
29 $thecodes[$layoutid]["$codetype:$code"] = $description;
30 }
31
32 ?>
33 <html>
34
35 <head>
36 <title><?php echo xlt('Install Layout Service Codes'); ?></title>
37 <link rel="stylesheet" href='<?php echo $css_header ?>' type='text/css'>
38
39 <style type="text/css">
40 .dehead { color:#000000; font-family:sans-serif; font-size:10pt; font-weight:bold }
41 .detail { color:#000000; font-family:sans-serif; font-size:10pt; font-weight:normal }
42 </style>
43
44 </head>
45
46 <body class="body_top">
47
48 <?php
49 // Handle uploads.
50 if (!empty($_POST['bn_upload'])) {
51 //verify csrf
52 if (!verifyCsrfToken($_POST["csrf_token_form"])) {
53 die(xlt('Authentication Error'));
54 }
55
56 $thecodes = array();
57 $tmp_name = $_FILES['form_file']['tmp_name'];
58
59 if (is_uploaded_file($tmp_name) && $_FILES['form_file']['size']) {
60 $fhcsv = fopen($tmp_name, 'r');
61 if (empty($fhcsv)) {
62 die(xlt('Cannot open') . text(" '$tmp_name'"));
63 }
64
65 // Columns are:
66 // 0 - Layout ID, e.g. LBFVIA
67 // 1 - Code type, e.g. IPPF2
68 // 2 - Code
69 //
70 while (!feof($fhcsv)) {
71 $codecount = 0;
72 $acsv = fgetcsv($fhcsv, 1024);
73 if (count($acsv) < 3) {
74 continue;
75 }
76 $layoutid = trim($acsv[0]);
77 $codetype = trim($acsv[1]);
78 $code = trim($acsv[2]);
79 if (empty($layoutid) || empty($codetype) || empty($code)) {
80 continue;
81 }
82 // If this is already a Fee Sheet code, add it.
83 if (empty($code_types[$codetype]['nofs'])) {
84 applyCode($layoutid, $codetype, $code, xl('Direct'));
85 ++$codecount;
86 }
87 // Add all Fee Sheet codes that relate to this code.
88 foreach ($code_types as $ct_key => $ct_arr) {
89 if (!$ct_arr['active'] || $ct_arr['nofs']) {
90 continue;
91 }
92 $tmp = "$codetype:$code";
93 $relres = sqlStatement(
94 "SELECT code, code_text FROM codes WHERE code_type = ? AND " .
95 "(related_code LIKE ? OR related_code LIKE ? OR related_code LIKE ? OR related_code LIKE ?) " .
96 "AND active = 1 ORDER BY code",
97 array($ct_arr['id'], $tmp, "$tmp;%", "%;$tmp", "%;$tmp;%")
98 );
99 while ($relrow = sqlFetchArray($relres)) {
100 applyCode($layoutid, $ct_key, $relrow['code'], $relrow['code_text']);
101 ++$codecount;
102 }
103 }
104 if ($codecount == 0) {
105 echo "<p style='color:red'>" . xlt('No matches for') . " '" . text($tmp) . "'.</p>\n";
106 }
107 } // end while
108 fclose($eres);
109
110 // Now zap the found service codes into the parameters for each layout.
111 foreach ($thecodes as $layoutid => $arr) {
112 $services = '';
113 foreach ($arr as $key => $description) {
114 if ($services) {
115 $services .= ';';
116 }
117 $services .= $key;
118 }
119 if (!$form_dryrun) {
120 sqlStatement(
121 "UPDATE layout_group_properties SET grp_services = ? WHERE " .
122 "grp_form_id = ? AND grp_group_id = ''",
123 array($services, $layoutid)
124 );
125 }
126 }
127 } // end upload logic
128 }
129
130 ?>
131 <form method='post' action='layout_service_codes.php' enctype='multipart/form-data'
132 onsubmit='return top.restoreSession()'>
133 <input type="hidden" name="csrf_token_form" value="<?php echo attr($_SESSION['csrf_token']); ?>" />
134
135 <center>
136
137 <p class='text'>
138 <table border='1' cellpadding='4'>
139 <tr bgcolor='#dddddd' class='dehead'>
140 <td align='center' colspan='2'>
141 <?php echo xlt('Install Layout Service Codes'); ?>
142 </td>
143 </tr>
144 <tr>
145 <td class='detail' nowrap>
146 <?php echo xlt('Source CSV File'); ?>
147 <input type="hidden" name="MAX_FILE_SIZE" value="350000000" />
148 </td>
149 <td class='detail' nowrap>
150 <input type="file" name="form_file" size="40" />
151 </td>
152 </tr>
153 <tr>
154 <td class='detail' nowrap>
155 <?php echo xlt('Test only, skip updates'); ?>
156 </td>
157 <td class='detail' >
158 <input type='checkbox' name='form_dryrun' value='1' checked />
159 </td>
160 </tr>
161 <tr bgcolor='#dddddd'>
162 <td align='center' class='detail' colspan='2'>
163 <input type='submit' name='bn_upload' value='<?php echo xla('Upload and Apply') ?>' />
164 </td>
165 </tr>
166 </table>
167 </p>
168
169 <p>
170 <?php echo xlt('The input should be a CSV file with 3 columns: layout ID, code type and code.'); ?>
171 </p>
172
173 <p class='text'>
174 <table border='1' cellpadding='4'>
175 <tr bgcolor='#dddddd' class='dehead'>
176 <td><?php echo xlt('Category'); ?></td>
177 <td><?php echo xlt('Layout'); ?></td>
178 <td><?php echo xlt('Code'); ?></td>
179 <td><?php echo xlt('Description'); ?></td>
180 </tr>
181 <?php
182 $lastcat = '';
183 $lastlayout = '';
184
185 $res = sqlStatement("SELECT grp_form_id, grp_title, grp_mapping, grp_services FROM layout_group_properties " .
186 "WHERE grp_group_id = '' AND grp_activity = 1 AND grp_services != '' ORDER BY grp_mapping, grp_title, grp_form_id");
187
188 while ($row = sqlFetchArray($res)) {
189 // $jobj = json_decode($row['notes'], true);
190 if ($row['grp_services'] == '*') {
191 $row['grp_services'] = '';
192 }
193 $codes = explode(';', $row['grp_services']);
194 foreach ($codes as $codestring) {
195 echo " <tr>\n";
196
197 echo " <td class='detail'>";
198 if ($row['grp_mapping'] != $lastcat) {
199 $lastcat = $row['grp_mapping'];
200 echo text($lastcat);
201 }
202 echo "&nbsp;</td>\n";
203
204 echo " <td class='detail'>";
205 if ($row['grp_form_id'] != $lastlayout) {
206 $lastlayout = $row['grp_form_id'];
207 echo text($row['grp_title']);
208 }
209 echo "&nbsp;</td>\n";
210
211 echo " <td class='detail'>";
212 echo text($codestring);
213 echo "</td>\n";
214
215 echo " <td class='detail'>\n";
216 list ($codetype, $code) = explode(':', $codestring);
217 $crow = sqlQuery(
218 "SELECT code_text FROM codes WHERE " .
219 "code_type = ? AND code = ? AND active = 1 " .
220 "ORDER BY id LIMIT 1",
221 array($code_types[$codetype]['id'], $code)
222 );
223 echo text($crow['code_text']);
224 echo "&nbsp;</td>\n";
225 echo " </tr>\n";
226 }
227 }
228 ?>
229 </table>
230 </p>
231
232 </center>
233
234 </form>
235 </body>
236 </html>
Mirror of official OpenEMR Sourceforge repository