interface/cmsportal/upload_form.php

   1 <?php
   2 /**
   3  * Handles file uploads from the WordPress Patient Portal.
   4  *
   5  * Copyright (C) 2014 Rod Roark <rod@sunsetsystems.com>
   6  *
   7  * LICENSE: This program is free software; you can redistribute it and/or
   8  * modify it under the terms of the GNU General Public License
   9  * as published by the Free Software Foundation; either version 2
  10  * of the License, or (at your option) any later version.
  11  * This program is distributed in the hope that it will be useful,
  12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  14  * GNU General Public License for more details.
  15  * You should have received a copy of the GNU General Public License
  16  * along with this program. If not, see <http://opensource.org/licenses/gpl-license.php>;.
  17  *
  18  * @package OpenEMR
  19  * @author  Rod Roark <rod@sunsetsystems.com>
  20  */
  21
  22 $sanitize_all_escapes = true;
  23 $fake_register_globals = false;
  24
  25 require_once("../globals.php");
  26 require_once("portal.inc.php");
  27
  28 // This function builds an array of document categories recursively.
  29 // Borrowed from interface/fax/fax_dispatch.php.
  30 //
  31 function getKittens($catid, $catstring, &$categories) {
  32   $cres = sqlStatement("SELECT id, name FROM categories " .
  33     "WHERE parent = ? ORDER BY name", array($catid));
  34   $childcount = 0;
  35   while ($crow = sqlFetchArray($cres)) {
  36     ++$childcount;
  37     getKittens($crow['id'], ($catstring ? "$catstring / " : "") .
  38       ($catid ? $crow['name'] : ''), $categories);
  39   }
  40   // If no kitties, then this is a leaf node and should be listed.
  41   if (!$childcount) $categories[$catid] = $catstring;
  42 }
  43
  44 $postid    = empty($_REQUEST['postid'   ]) ? 0 : intval($_REQUEST['postid'   ]);
  45 $messageid = empty($_REQUEST['messageid']) ? 0 : intval($_REQUEST['messageid']);
  46
  47 if ($_POST['bn_save']) {
  48   $ptid = intval($_POST['ptid']);
  49   echo "<html><body>\n";
  50   if (is_array($_POST['form_filename'])) {
  51     foreach ($_POST['form_filename'] as $uploadid => $filename) {
  52       $catid = $_POST['form_category'][$uploadid];
  53       if (!$catid) continue;
  54       echo xlt('Fetching following file from portal') . ": " . $filename . " ...<br />\n";
  55       flush();
  56       if ($messageid) {
  57         $result = cms_portal_call(array('action' => 'getmsgup', 'uploadid' => $uploadid));
  58       }
  59       else {
  60         $result = cms_portal_call(array('action' => 'getupload', 'uploadid' => $uploadid));
  61       }
  62       if ($result['errmsg']) die(text($result['errmsg']));
  63       $d = new Document();
  64       // With JSON-over-HTTP we would need to base64_decode the contents.
  65       $rc = $d->createDocument($ptid, $catid, $filename, $result['mimetype'],
  66         $result['contents']);
  67       if ($rc) die(text(xl('Error saving document') . ": $rc"));
  68     }
  69   }
  70   // Finally, delete the request or message from the portal.
  71   if ($messageid) {
  72     $result = cms_portal_call(array('action' => 'delmessage', 'messageid' => $messageid));
  73   }
  74   else {
  75     $result = cms_portal_call(array('action' => 'delpost', 'postid' => $postid));
  76   }
  77   if ($result['errmsg']) {
  78     die(text($result['errmsg']));
  79   }
  80   echo "<script language='JavaScript'>\n";
  81   echo "if (top.restoreSession) top.restoreSession(); else opener.top.restoreSession();\n";
  82   echo "document.location.href = 'list_requests.php';\n";
  83   echo "</script></body></html>\n";
  84   exit();
  85 }
  86
  87 // Get the document categories list.
  88 $categories = array();
  89 getKittens(0, '', $categories);
  90
  91 // Get the portal request data.
  92 if (!$postid && !$messageid) die(xlt('Request ID is missing!'));
  93 if ($messageid) {
  94   $result = cms_portal_call(array('action' => 'getmessage', 'messageid' => $messageid));
  95 }
  96 else {
  97   $result = cms_portal_call(array('action' => 'getpost', 'postid' => $postid));
  98 }
  99 if ($result['errmsg']) {
 100   die(text($result['errmsg']));
 101 }
 102
 103 // Look up the patient in OpenEMR.
 104 $userlogin = $messageid ? $result['message']['user'] : $result['post']['user'];
 105 $ptid = lookup_openemr_patient($userlogin);
 106 ?>
 107 <html>
 108 <head>
 109 <?php html_header_show(); ?>
 110 <link rel=stylesheet href="<?php echo $css_header; ?>" type="text/css">
 111
 112 <style type="text/css">@import url(../../library/dynarch_calendar.css);</style>
 113 <style>
 114
 115 tr.head   { font-size:10pt; background-color:#cccccc; text-align:center; }
 116 tr.detail { font-size:10pt; background-color:#ddddff; }
 117 td input  { background-color:transparent; }
 118
 119 </style>
 120
 121 <script type="text/javascript" src="../../library/textformat.js"></script>
 122 <script type="text/javascript" src="<?php echo $GLOBALS['assets_static_relative']; ?>/jquery-min-1-2-2/index.js"></script>
 123
 124 <script language="JavaScript">
 125
 126 var mypcc = '<?php echo $GLOBALS['phone_country_code'] ?>';
 127
 128 function myRestoreSession() {
 129  if (top.restoreSession) top.restoreSession(); else opener.top.restoreSession();
 130  return true;
 131 }
 132
 133 </script>
 134 </head>
 135
 136 <body class="body_top">
 137 <center>
 138
 139 <form method='post' action='upload_form.php'>
 140
 141 <?php
 142 if ($messageid) {
 143   echo "<p class='text'><b>" . xlt('Message Title') . ":</b> ";
 144   echo htmlspecialchars($result['message']['title']);
 145   echo "</p>\n";
 146   echo "<textarea style='width:90%;height:144pt;' readonly>";
 147   echo htmlspecialchars($result['message']['contents']);
 148   echo "</textarea>\n";
 149   echo "<p class='text'><i>";
 150   echo xlt('This message text is not saved automatically. Copy and save it as appropriate for the content.');
 151   echo "</i></p>\n";
 152 }
 153 ?>
 154
 155 <input type='hidden' name='ptid'      value='<?php echo attr($ptid);      ?>' />
 156 <input type='hidden' name='postid'    value='<?php echo attr($postid);    ?>' />
 157 <input type='hidden' name='messageid' value='<?php echo attr($messageid); ?>' />
 158
 159 <table width='100%' cellpadding='1' cellspacing='2'>
 160  <tr class='head'>
 161   <th align='left'><?php echo xlt('MIME Type'); ?></th>
 162   <th align='left'><?php echo xlt('Desired Filename'); ?></th>
 163   <th align='left'><?php echo xlt('Document Category or Discard'); ?></th>
 164  </tr>
 165 <?php
 166 if (is_array($result['uploads'])) {
 167   foreach ($result['uploads'] as $upload) {
 168     $id = intval($upload['id']);
 169     echo " <tr class='detail'>\n";
 170     // MIME type and view link
 171     echo "  <td><a href='upload_form_show.php?id=$id&messageid=$messageid'>" .
 172       text($upload['mimetype']) . "</a></td>\n";
 173     // Desired file name
 174     echo "  <td><input type='text' name='form_filename[$id]' value='" .
 175       attr($upload['filename']) . "' size='20' /></td>";
 176     // Desired document category with option to discard the file
 177     echo "  <td><select name='form_category[$id]'>\n";
 178     echo "<option value='0'>-- " . xlt('Discard') . " --</option>\n";
 179     $i = 0;
 180     foreach ($categories as $catkey => $catname) {
 181       echo "<option value='" . attr($catkey) . "'";
 182       if (++$i == 1) echo " selected";
 183       echo ">" . text($catname) . "</option>\n";
 184     }
 185     echo "</select></td>\n";
 186     //
 187     echo " </tr>\n";
 188   }
 189 }
 190 ?>
 191 </table>
 192
 193 <p>
 194 <input type='submit' name='bn_save' value='<?php echo xla('Submit and Delete Request'); ?>' />
 195 &nbsp;
 196 <input type='button' value='<?php echo xla('Back'); ?>'
 197  onclick="myRestoreSession();location='list_requests.php'" />
 198 </p>
 199
 200 </form>
 201 </center>
 202 </body>
 203 </html>
 204