search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Converted problem_encounter.php to standard security model, take 2.
[openemr.git] / interface / patient_file / problem_encounter.php
blobf604cc655900c79534919b1f5836c5831f888f86
1 <?php
2 /**
3 *
4 * This script add and delete Issues and Encounters relationships.
5 *
6 * Copyright (C) 2005 Rod Roark <rod@sunsetsystems.com>
7 * Copyright (C) 2015 Roberto Vasquez <robertogagliotta@gmail.com>
8 * Copyright (C) 2015 Brady Miller <brady@sparmy.com>
9 *
10 * LICENSE: This program is free software; you can redistribute it and/or
11 * modify it under the terms of the GNU General Public License
12 * as published by the Free Software Foundation; either version 2
13 * of the License, or (at your option) any later version.
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
18 * You should have received a copy of the GNU General Public License
19 * along with this program. If not, see <http://opensource.org/licenses/gpl-license.php>;.
20 *
21 * @package OpenEMR
22 * @author Rod Roark <rod@sunsetsystems.com>
23 * @author Roberto Vasquez <robertogagliotta@gmail.com>
24 * @author Brady Miller <brady@sparmy.com>
25 * @link http://www.open-emr.org
26 */
27
28 $fake_register_globals=false;
29 $sanitize_all_escapes=true;
30
31 include_once("../globals.php");
32 include_once("$srcdir/patient.inc");
33 include_once("$srcdir/acl.inc");
34 include_once("$srcdir/lists.inc");
35
36 $patdata = getPatientData($pid, "fname,lname,squad");
37
38 $thisauth = ((acl_check('encounters','notes','','write') ||
39 acl_check('encounters','notes_a','','write')) &&
40 acl_check('patients','med','','write'));
41
42 if ($patdata['squad'] && ! acl_check('squads', $patdata['squad']))
43 $thisauth = 0;
44
45 if (!$thisauth) {
46 echo "<html>\n<body>\n";
47 echo "<p>" .xlt('You are not authorized for this.'). "</p>\n";
48 echo "</body>\n</html>\n";
49 exit();
50 }
51
52 $alertmsg = ""; // anything here pops up in an alert box
53 $endjs = ""; // holds javascript to write at the end
54
55 // If the Save button was clicked...
56 if ($_POST['form_save']) {
57 $form_pid = $_POST['form_pid'];
58 $form_pelist = $_POST['form_pelist'];
59 // $pattern = '|/(\d+),(\d+),([YN])|';
60 $pattern = '|/(\d+),(\d+)|';
61
62 preg_match_all($pattern, $form_pelist, $matches);
63 $numsets = count($matches[1]);
64
65 $query = "DELETE FROM issue_encounter WHERE pid = ?";
66 sqlQuery($query, array($form_pid));
67 for ($i = 0; $i < $numsets; ++$i) {
68 $list_id = $matches[1][$i];
69 $encounter = $matches[2][$i];
70 $query = "INSERT INTO issue_encounter ( " .
71 "pid, list_id, encounter" .
72 ") VALUES ( " .
73 " ?, ?, ?" .
74 ")";
75 sqlQuery($query, array($form_pid, $list_id, $encounter));
76 }
77
78 echo "<html><body><script language='JavaScript'>\n";
79 if ($alertmsg) echo " alert('" . addslashes($alertmsg) . "');\n";
80 echo " window.close();\n";
81 echo "</script></body></html>\n";
82 exit();
83 }
84
85 // get problems
86 $pres = sqlStatement("SELECT * FROM lists WHERE pid = ? " .
87 "ORDER BY type, date", array($pid));
88
89 // get encounters
90 $eres = sqlStatement("SELECT * FROM form_encounter WHERE pid = ? " .
91 "ORDER BY date DESC", array($pid));
92
93 // get problem/encounter relations
94 $peres = sqlStatement("SELECT * FROM issue_encounter WHERE pid = ?", array($pid));
95 ?>
96 <html>
97 <head>
98 <?php html_header_show();?>
99 <link rel=stylesheet href="<?php echo $css_header; ?>" type="text/css">
100 <title><?php echo xlt('Issues and Encounters'); ?></title>
101
102 <style>
103 tr.head { font-size:10pt; background-color:#cccccc; text-align:center; }
104 tr.detail { font-size:10pt; background-color:#eeeeee; }
105 </style>
106
107 <script type="text/javascript" src="../../library/topdialog.js"></script>
108 <script type="text/javascript" src="../../library/dialog.js"></script>
109
110 <script language="JavaScript">
111
112 // These are the possible colors for table rows.
113 var trcolors = new Object();
114 // Colors for: Foreground Background
115 trcolors['U'] = new Array('#000000', '#eeeeee'); // unselected
116 trcolors['K'] = new Array('#000000', '#eeee00'); // selected key
117 // trcolors['Y'] = new Array('#000000', '#99ff99'); // selected value resolved=Y
118 // trcolors['N'] = new Array('#000000', '#ff9999'); // selected value resolved=N
119 trcolors['V'] = new Array('#000000', '#9999ff'); // selected value
120
121 var pselected = new Object();
122 var eselected = new Object();
123 var keyid = null; // id of currently hilited key, if any
124
125 <?php require($GLOBALS['srcdir'] . "/restoreSession.php"); ?>
126
127 // callback from add_edit_issue.php:
128 function refreshIssue(issue, title) {
129 top.restoreSession();
130 location.reload();
131 }
132
133 // New Issue button is clicked.
134 function newIssue() {
135 var f = document.forms[0];
136 var tmp = (keyid && f.form_key[1].checked) ? ('?enclink=' + keyid) : '';
137 dlgopen('summary/add_edit_issue.php' + tmp, '_blank', 600, 475);
138 }
139
140 // New Encounter button is clicked.
141 function newEncounter() {
142 var f = document.forms[0];
143 if (!f.form_save.disabled) {
144 if (!confirm('<?php echo xls('This will abandon your unsaved changes. Are you sure?'); ?>'))
145 return;
146 }
147 top.restoreSession();
148 var tmp = (keyid && f.form_key[0].checked) ? ('&issue=' + keyid) : '';
149 opener.top.Title.location.href='encounter/encounter_title.php';
150 opener.top.Main.location.href='encounter/patient_encounter.php?mode=new' + tmp;
151 window.close();
152 }
153
154 // Determine if a given problem/encounter pair is currently linked.
155 // If yes, return the "resolved" character (Y or N), else an empty string.
156 function isPair(problem, encounter) {
157 var pelist = document.forms[0].form_pelist;
158 // var frag = '/' + problem + ',' + encounter + ',';
159 var frag = '/' + problem + ',' + encounter + '/';
160 var i = pelist.value.indexOf(frag);
161 if (i < 0) return '';
162 // return pelist.value.charAt(i + frag.length);
163 return 'V';
164 }
165
166 // Unlink a problem/encounter pair.
167 function removePair(problem, encounter) {
168 var pelist = document.forms[0].form_pelist;
169 // var frag = '/' + problem + ',' + encounter + ',';
170 var frag = '/' + problem + ',' + encounter + '/';
171 var i = pelist.value.indexOf(frag);
172 if (i >= 0) {
173 // pelist.value = pelist.value.substring(0, i) + pelist.value.substring(i + frag.length + 1);
174 pelist.value = pelist.value.substring(0, i) + pelist.value.substring(i + frag.length - 1);
175 document.forms[0].form_save.disabled = false;
176 }
177 }
178
179 // Link a new or modified problem/encounter pair.
180 // function addPair(problem, encounter, resolved) {
181 function addPair(problem, encounter) {
182 removePair(problem, encounter);
183 var pelist = document.forms[0].form_pelist;
184 // pelist.value += '' + problem + ',' + encounter + ',' + resolved + '/';
185 pelist.value += '' + problem + ',' + encounter + '/';
186 document.forms[0].form_save.disabled = false;
187 }
188
189 // Clear displayed highlights.
190 function doclearall(pfx) {
191 var thisarr = (pfx == 'p') ? pselected : eselected;
192 for (var id in thisarr) {
193 var thistr = document.getElementById(pfx + '_' + id);
194 if (thisarr[id]) {
195 thisarr[id] = '';
196 thistr.style.color = trcolors['U'][0];
197 thistr.style.backgroundColor = trcolors['U'][1];
198 }
199 }
200 }
201
202 function clearall() {
203 doclearall('p');
204 doclearall('e');
205 keyid = null;
206 }
207
208 // Process clicks on table rows.
209 function doclick(pfx, id) {
210 var thisstyle = document.getElementById(pfx + '_' + id).style;
211 var thisarr = (pfx == 'p') ? pselected : eselected;
212 var piskey = document.forms[0].form_key[0].checked;
213 var thisiskey = (pfx == 'p') ? piskey : !piskey;
214 var wasset = thisarr[id];
215 if (thisiskey) { // they clicked in the key table
216 clearall();
217 if (!wasset) { // this item is not already hilited
218 keyid = id;
219 thisarr[id] = 'K';
220 thisstyle.color = trcolors['K'][0];
221 thisstyle.backgroundColor = trcolors['K'][1];
222 // Now hilite the related value table entries:
223 if (pfx == 'p') { // key is problems, values are encounters
224 for (key in eselected) {
225 var resolved = isPair(id, key);
226 if (resolved.length > 0) {
227 eselected[key] = resolved;
228 var valstyle = document.getElementById('e_' + key).style;
229 valstyle.color = trcolors[resolved][0];
230 valstyle.backgroundColor = trcolors[resolved][1];
231 }
232 }
233 } else { // key is encounters, values are problems
234 for (key in pselected) {
235 var resolved = isPair(key, id);
236 if (resolved.length > 0) {
237 pselected[key] = resolved;
238 var valstyle = document.getElementById('p_' + key).style;
239 valstyle.color = trcolors[resolved][0];
240 valstyle.backgroundColor = trcolors[resolved][1];
241 }
242 }
243 }
244 }
245 } else { // they clicked in the value table
246 if (keyid) {
247 var resolved = thisarr[id];
248 // if (resolved == 'Y') { // it was hilited and resolved, change to unresolved
249 // thisarr[id] = 'N';
250 // thisstyle.color = trcolors['N'][0];
251 // thisstyle.backgroundColor = trcolors['N'][1];
252 // if (pfx == 'p') addPair(id, keyid, 'N'); else addPair(keyid, id, 'N');
253 // } else if (resolved == 'N') { // it was hilited and unresolved, remove it
254 if (resolved != '') { // hilited, so remove it
255 thisarr[id] = '';
256 thisstyle.color = trcolors['U'][0];
257 thisstyle.backgroundColor = trcolors['U'][1];
258 if (pfx == 'p') removePair(id, keyid); else removePair(keyid, id);
259 // } else { // not hilited, change to hilited and resolved
260 // thisarr[id] = 'Y';
261 // thisstyle.color = trcolors['Y'][0];
262 // thisstyle.backgroundColor = trcolors['Y'][1];
263 // if (pfx == 'p') addPair(id, keyid, 'Y'); else addPair(keyid, id, 'Y');
264 } else { // not hilited, change to hilited
265 thisarr[id] = 'V';
266 thisstyle.color = trcolors['V'][0];
267 thisstyle.backgroundColor = trcolors['V'][1];
268 if (pfx == 'p') addPair(id, keyid); else addPair(keyid, id);
269 }
270 } else {
271 alert('<?php echo xls('You must first select an item in the section whose radio button is checked.') ;?>');
272 }
273 }
274 }
275
276 </script>
277
278 </head>
279 <body leftmargin='0' topmargin='0' marginwidth='0' marginheight='0'
280 bgcolor='#ffffff' onunload='imclosing()'>
281 <form method='post' action='problem_encounter.php' onsubmit='return top.restoreSession()'>
282 <?php
283 echo "<input type='hidden' name='form_pid' value='" . attr($pid) . "' />\n";
284 // pelist looks like /problem,encounter/problem,encounter/[...].
285 echo "<input type='hidden' name='form_pelist' value='/";
286 while ($row = sqlFetchArray($peres)) {
287 // echo $row['list_id'] . "," . $row['encounter'] . "," .
288 // ($row['resolved'] ? "Y" : "N") . "/";
289 echo text($row['list_id']) . "," . text($row['encounter']) . "/";
290 }
291 echo "' />\n";
292 ?>
293
294 <table border='0' cellpadding='5' cellspacing='0' width='100%'>
295
296 <tr>
297 <td colspan='2' align='center'>
298 <b><?php echo xlt('Issues and Encounters for'); ?> <?php echo text($patdata['fname']) . " " . text($patdata['lname']) . " (" . text($pid) . ")</b>\n"; ?>
299 </td>
300 </tr>
301
302 <tr>
303 <td align='center' valign='top'>
304 <table width='100%' cellpadding='1' cellspacing='2'>
305 <tr class='head'>
306 <td colspan='3' align='center'>
307 <input type='radio' name='form_key' value='p' onclick='clearall()' checked />
308 <b><?php echo xlt('Issues Section'); ?></b>
309 </td>
310 </tr>
311 <tr class='head'>
312 <td><?php echo xlt('Type'); ?></td>
313 <td><?php echo xlt('Title'); ?></td>
314 <td><?php echo xlt('Description'); ?></td>
315 </tr>
316 <?php
317 while ($row = sqlFetchArray($pres)) {
318 $rowid = $row['id'];
319 echo " <tr class='detail' id='p_" . attr($rowid) . "' onclick='doclick(\"p\", " . attr(addslashes($rowid)) . ")'>\n";
320 echo " <td valign='top'>" . text($ISSUE_TYPES[($row['type'])][1]) . "</td>\n";
321 echo " <td valign='top'>" . text($row['title']) . "</td>\n";
322 echo " <td valign='top'>" . text($row['comments']) . "</td>\n";
323 echo " </tr>\n";
324 $endjs .= "pselected['" . attr($rowid) . "'] = '';\n";
325 }
326 ?>
327 </table>
328 </td>
329 <td align='center' valign='top'>
330 <table width='100%' cellpadding='1' cellspacing='2'>
331 <tr class='head'>
332 <td colspan='2' align='center'>
333 <input type='radio' name='form_key' value='e' onclick='clearall()' />
334 <b><?php echo xlt('Encounters Section'); ?></b>
335 </td>
336 </tr>
337 <tr class='head'>
338 <td><?php echo xlt('Date'); ?></td>
339 <td><?php echo xlt('Presenting Complaint'); ?></td>
340 </tr>
341 <?php
342 while ($row = sqlFetchArray($eres)) {
343 $rowid = $row['encounter'];
344 echo " <tr class='detail' id='e_" . attr($rowid) . "' onclick='doclick(\"e\", " . attr(addslashes($rowid)) . ")'>\n";
345 echo " <td valign='top'>" . text(substr($row['date'], 0, 10)) . "</td>\n";
346 echo " <td valign='top'>" . text($row['reason']) . "</td>\n";
347 echo " </tr>\n";
348 $endjs .= "eselected['" . attr($rowid) . "'] = '';\n";
349 }
350 ?>
351 </table>
352 </td>
353 </tr>
354
355 <tr>
356 <td colspan='2' align='center'>
357 <input type='submit' name='form_save' value='<?php echo xla('Save'); ?>' disabled /> &nbsp;
358 <input type='button' value='<?php echo xla('Add Issue'); ?>' onclick='newIssue()' />
359 <?php if (!$GLOBALS['concurrent_layout']) { ?>
360 <input type='button' value='<?php echo xla('Add Encounter'); ?>' onclick='newEncounter()' />
361 <?php } ?>
362 <input type='button' value='<?php echo xla('Cancel'); ?>' onclick='window.close()' />
363 </td>
364 </tr>
365
366 </table>
367
368 </form>
369
370 <p><b><?php echo xlt('Instructions:'); ?></b> <?php echo xlt('Choose a section and click an item within it; then in
371 the other section you will see the related items highlighted, and you can click
372 in that section to add and delete relationships.'); ?>
373 </p>
374
375 <script>
376 <?php
377 echo $endjs;
378 if ($_REQUEST['issue']) {
379 echo "doclick('p', " . attr(addslashes($_REQUEST['issue'])) . ");\n";
380 }
381 if ($alertmsg) echo "alert('" . addslashes($alertmsg) . "');\n";
382 ?>
383 </script>
384 </body>
385 </html>
Mirror of official OpenEMR Sourceforge repository