library/deletedrug.php

   1 <?php
   2
   3 /**
   4  *  @package   OpenEMR
   5  *  @link      http://www.open-emr.org
   6  *  @author    Sherwin Gaddis <sherwingaddis@gmail.com>
   7  *  @copyright Copyright (c )2020. Sherwin Gaddis <sherwingaddis@gmail.com>
   8  *  @license   https://github.com/openemr/openemr/blob/master/LICENSE GNU General Public License 3
   9  *
  10  *
  11  */
  12
  13 require_once "../interface/globals.php";
  14
  15 use OpenEMR\Common\Acl\AclMain;
  16 use OpenEMR\Common\Csrf\CsrfUtils;
  17 use OpenEMR\Common\Logging\EventAuditLogger;
  18
  19 //ensure user has proper access
  20 if (!AclMain::aclCheckCore('patient', 'rx', '', 'write')) {
  21     echo xlt('ACL Administration Not Authorized');
  22     exit;
  23 }
  24
  25 $id = (isset($_POST['drugid'])) ? (int)$_POST['drugid'] : '';
  26 if ((!empty($id)) && ($id > 0)) {
  27     if (!CsrfUtils::verifyCsrfToken($_POST["csrf_token_form"])) {
  28         CsrfUtils::csrfNotVerified();
  29     }
  30
  31     /**
  32      * find the drug name in the prescription table
  33      */
  34     try {
  35         $drug_name = "SELECT patient_id, drug FROM prescriptions WHERE id = ?";
  36         $dn = sqlQuery($drug_name, [$id]);
  37     } catch (Exception $e) {
  38         echo 'Caught exception ', text($e->getMessage()), "\n";
  39         if ($e->getMessage()) {
  40             exit;
  41         }
  42     }
  43
  44     /**
  45      * remove drug from the medication list if exist
  46      */
  47     try {
  48         $pid = $dn['patient_id'];
  49         $drugname = $dn['drug'];
  50         if (!empty($drugname)) {
  51             $medicationlist = "DELETE FROM lists WHERE pid = ? AND type = 'medication' AND title = ?";
  52             sqlStatement($medicationlist, [$pid, $drugname]);
  53             EventAuditLogger::instance()->newEvent("delete", $_SESSION['authUser'], $_SESSION['authProvider'], 1, $drugname . " prescription/medication removed", $pid);
  54         }
  55     } catch (Exception $e) {
  56         echo 'Caught exception ', text($e->getMessage()), "\n";
  57         if ($e->getMessage()) {
  58             exit;
  59         }
  60     }
  61
  62     /**
  63      * remove drug from the prescription
  64      */
  65     try {
  66         $sql = "delete from prescriptions where id = ?";
  67         sqlQuery($sql, [$id]);
  68     } catch (Exception $e) {
  69         echo 'Caught exception ', text($e->getMessage()), "\n";
  70         if ($e->getMessage()) {
  71             exit;
  72         }
  73     }
  74 }
  75 echo xlt("Finished Deleting");