2 require_once("../globals.php");
3 require_once("../../library/acl.inc");
4 require_once("$srcdir/md5.js");
5 require_once("$srcdir/sql.inc");
6 require_once("$srcdir/formdata.inc.php");
7 require_once(dirname(__FILE__
) . "/../../library/classes/WSProvider.class.php");
11 if (isset($_POST["mode"])) {
12 if ($_POST["mode"] == "new_user") {
13 if ($_POST["authorized"] != "1") {
14 $_POST["authorized"] = 0;
16 // $_POST["info"] = addslashes($_POST["info"]);
18 $res = sqlStatement("select distinct username from users where username != ''");
20 while ($row = mysql_fetch_array($res)) {
21 if ($doit == true && $row['username'] == trim(formData('rumple'))) {
27 $prov_id = idSqlStatement("insert into users set " .
28 "username = '" . trim(formData('rumple' )) .
29 "', password = '" . trim(formData('newauthPass' )) .
30 "', fname = '" . trim(formData('fname' )) .
31 "', mname = '" . trim(formData('mname' )) .
32 "', lname = '" . trim(formData('lname' )) .
33 "', federaltaxid = '" . trim(formData('federaltaxid' )) .
34 "', authorized = '" . trim(formData('authorized' )) .
35 "', info = '" . trim(formData('info' )) .
36 "', federaldrugid = '" . trim(formData('federaldrugid')) .
37 "', upin = '" . trim(formData('upin' )) .
38 "', npi = '" . trim(formData('npi' )).
39 "', taxonomy = '" . trim(formData('taxonomy' )) .
40 "', facility_id = '" . trim(formData('facility_id' )) .
41 "', specialty = '" . trim(formData('specialty' )) .
42 "', see_auth = '" . trim(formData('see_auth' )) .
44 //set the facility name from the selected facility_id
45 sqlStatement("UPDATE users, facility SET users.facility = facility.name WHERE facility.id = '" . trim(formData('facility_id')) . "' AND users.username = '" . trim(formData('rumple')) . "'");
47 sqlStatement("insert into groups set name = '" . trim(formData('groupname')) .
48 "', user = '" . trim(formData('rumple')) . "'");
50 if (isset($phpgacl_location) && acl_check('admin', 'acl') && trim(formData('rumple'))) {
51 // Set the access control group of user
52 set_user_aro($_POST['access_group'], trim(formData('rumple')),
53 trim(formData('fname')), trim(formData('mname')), trim(formData('lname')));
56 $ws = new WSProvider($prov_id);
59 $alertmsg .= xl('User','','',' ') . trim(formData('rumple')) . xl('already exists.','',' ');
62 else if ($_POST["mode"] == "new_group") {
63 $res = sqlStatement("select distinct name, user from groups");
64 for ($iter = 0; $row = sqlFetchArray($res); $iter++
)
65 $result[$iter] = $row;
67 foreach ($result as $iter) {
68 if ($doit == 1 && $iter{"name"} == trim(formData('groupname')) && $iter{"user"} == trim(formData('rumple')))
72 sqlStatement("insert into groups set name = '" . trim(formData('groupname')) .
73 "', user = '" . trim(formData('rumple')) . "'");
75 $alertmsg .= "User " . trim(formData('rumple')) .
76 " is already a member of group " . trim(formData('groupname')) . ". ";
81 if (isset($_GET["mode"])) {
83 /*******************************************************************
84 // This is the code to delete a user. Note that the link which invokes
85 // this is commented out. Somebody must have figured it was too dangerous.
87 if ($_GET["mode"] == "delete") {
88 $res = sqlStatement("select distinct username, id from users where id = '" .
90 for ($iter = 0; $row = sqlFetchArray($res); $iter++)
91 $result[$iter] = $row;
93 // TBD: Before deleting the user, we should check all tables that
94 // reference users to make sure this user is not referenced!
96 foreach($result as $iter) {
97 sqlStatement("delete from groups where user = '" . $iter{"username"} . "'");
99 sqlStatement("delete from users where id = '" . $_GET["id"] . "'");
101 *******************************************************************/
103 if ($_GET["mode"] == "delete_group") {
104 $res = sqlStatement("select distinct user from groups where id = '" .
106 for ($iter = 0; $row = sqlFetchArray($res); $iter++
)
107 $result[$iter] = $row;
108 foreach($result as $iter)
110 $res = sqlStatement("select name, user from groups where user = '$un' " .
111 "and id != '" . $_GET["id"] . "'");
113 // Remove the user only if they are also in some other group. I.e. every
114 // user must be a member of at least one group.
115 if (sqlFetchArray($res) != FALSE) {
116 sqlStatement("delete from groups where id = '" . $_GET["id"] . "'");
118 $alertmsg .= "You must add this user to some other group before " .
119 "removing them from this group. ";
124 $form_inactive = empty($_REQUEST['form_inactive']) ?
false : true;
130 <link rel
="stylesheet" href
="<?php echo $css_header;?>" type
="text/css">
133 <body
class="body_top">
135 <span
class="title"><?php
xl('User and Group Administration','e'); ?
></span
>
142 <form name
='new_user' method
='post' action
="usergroup_admin.php"
143 onsubmit
='return top.restoreSession()'>
144 <input type
=hidden name
=mode value
=new_user
>
145 <span
class="bold"><?php
xl('New User','e'); ?
>:</span
>
147 <table border
=0 cellpadding
=0 cellspacing
=0>
149 <td
><span
class="text"><?php
xl('Username','e'); ?
>: </span
></td
><td
><input type
=entry name
=rumple size
=20>  
;</td
>
150 <td
><span
class="text"><?php
xl('Password','e'); ?
>: </span
></td
><td
><input type
="entry" size
=20 name
=stiltskin
></td
>
153 <td
><span
class="text"><?php
xl('Groupname','e'); ?
>: </span
></td
><td
>
154 <select name
=groupname
>
156 $res = sqlStatement("select distinct name from groups");
158 for ($iter = 0;$row = sqlFetchArray($res);$iter++
)
159 $result2[$iter] = $row;
160 foreach ($result2 as $iter) {
161 print "<option value='".$iter{"name"}."'>" . $iter{"name"} . "</option>\n";
165 <td
><span
class="text"><?php
xl('Authorized','e'); ?
>: </span
></td
><td
><input type
=checkbox name
='authorized' value
="1"></td
>
168 <td
><span
class="text"><?php
xl('First Name','e'); ?
>: </span
></td
><td
><input type
=entry name
='fname' size
=20></td
>
169 <td
><span
class="text"><?php
xl('Middle Name','e'); ?
>: </span
></td
><td
><input type
=entry name
='mname' size
=20></td
>
172 <td
><span
class="text"><?php
xl('Last Name','e'); ?
>: </span
></td
><td
><input type
=entry name
='lname' size
=20></td
>
173 <td
><span
class="text"><?php
xl('Default Facility','e'); ?
>: </span
></td
><td
><select name
=facility_id
>
175 $fres = sqlStatement("select * from facility where service_location != 0 order by name");
177 for ($iter = 0;$frow = sqlFetchArray($fres);$iter++
)
178 $result[$iter] = $frow;
179 foreach($result as $iter) {
181 <option value
="<?php echo $iter{id};?>"><?php
echo $iter{name
};?
></option
>
189 <td
><span
class="text"><?php
xl('Federal Tax ID','e'); ?
>: </span
></td
><td
><input type
=entry name
='federaltaxid' size
=20></td
>
190 <td
><span
class="text"><?php
xl('Federal Drug ID','e'); ?
>: </span
></td
><td
><input type
=entry name
='federaldrugid' size
=20></td
>
193 <td
><span
class="text"><?php
xl('UPIN','e'); ?
>: </span
></td
><td
><input type
="entry" name
="upin" size
="20"></td
>
194 <td
class='text'><?php
xl('See Authorizations','e'); ?
>: </td
>
195 <td
><select name
="see_auth">
197 foreach (array(1 => xl('None'), 2 => xl('Only Mine'), 3 => xl('All')) as $key => $value)
199 echo " <option value='$key'";
200 echo ">$value</option>\n";
206 <td
><span
class="text"><?php
xl('NPI','e'); ?
>: </span
></td
><td
><input type
="entry" name
="npi" size
="20"></td
>
207 <td
><span
class="text"><?php
xl('Job Description','e'); ?
>: </span
></td
><td
><input type
="entry" name
="specialty" size
="20"></td
>
210 <!-- (CHEMED
) Calendar UI preference
-->
212 <td
><span
class="text"><?php
xl('Taxonomy','e'); ?
>: </span
></td
>
213 <td
><input type
="entry" name
="taxonomy" size
="20" value
="207Q00000X"></td
>
214 <td
><span
class="text"><?php
xl('Calendar UI','e'); ?
>: </span
></td
><td
><select name
="cal_ui">
216 foreach (array(1 => xl('Default'), 2 => xl('Fancy'), 3 => xl('Outlook')) as $key => $value)
218 echo " <option value='$key'";
219 if ($key == $iter['cal_ui']) echo " selected";
220 echo ">$value</option>\n";
225 <!-- END (CHEMED
) Calendar UI preference
-->
228 // List the access control groups if phpgacl installed
229 if (isset($phpgacl_location) && acl_check('admin', 'acl')) {
232 <td
class='text'><?php
xl('Access Control','e'); ?
>:</td
>
233 <td
><select name
="access_group[]" multiple
>
235 $list_acl_groups = acl_get_group_title_list();
236 $default_acl_group = 'Administrators';
237 foreach ($list_acl_groups as $value) {
238 if ($default_acl_group == $value) {
239 // Modified 6-2009 by BM - Translate group name if applicable
240 echo " <option value='$value' selected>" . xl_gacl_group($value) . "</option>\n";
243 // Modified 6-2009 by BM - Translate group name if applicable
244 echo " <option value='$value'>" . xl_gacl_group($value) . "</option>\n";
254 <span
class="text"><?php
xl('Additional Info','e'); ?
>: </span
><br
>
255 <textarea name
=info cols
=40 rows
=4 wrap
=auto
></textarea
>
256 <br
><input type
="hidden" name
="newauthPass">
257 <input type
="submit" onClick
="javascript:this.form.newauthPass.value=MD5(this.form.stiltskin.value);this.form.stiltskin.value='';" value
=<?php
xl('Add User','e'); ?
>>
263 <tr
<?php
if ($GLOBALS['disable_non_default_groups']) echo " style='display:none'"; ?
>>
266 <form name
='new_group' method
='post' action
="usergroup_admin.php"
267 onsubmit
='return top.restoreSession()'>
269 <input type
=hidden name
=mode value
=new_group
>
270 <span
class="bold"><?php
xl('New Group','e'); ?
>:</span
>
272 <span
class="text"><?php
xl('Groupname','e'); ?
>: </span
><input type
=entry name
=groupname size
=10>
274 <span
class="text"><?php
xl('Initial User','e'); ?
>: </span
>
277 $res = sqlStatement("select distinct username from users where username != ''");
278 for ($iter = 0;$row = sqlFetchArray($res);$iter++
)
279 $result[$iter] = $row;
280 foreach ($result as $iter) {
281 print "<option value='".$iter{"username"}."'>" . $iter{"username"} . "</option>\n";
286 <input type
="submit" value
=<?php
xl('Add Group','e'); ?
>>
292 <tr
<?php
if ($GLOBALS['disable_non_default_groups']) echo " style='display:none'"; ?
>>
295 <form name
='new_group' method
='post' action
="usergroup_admin.php"
296 onsubmit
='return top.restoreSession()'>
297 <input type
=hidden name
=mode value
=new_group
>
298 <span
class="bold"><?php
xl('Add User To Group','e'); ?
>:</span
>
301 <?php
xl('User','e'); ?
>
305 $res = sqlStatement("select distinct username from users where username != ''");
306 for ($iter = 0;$row = sqlFetchArray($res);$iter++
)
307 $result3[$iter] = $row;
308 foreach ($result3 as $iter) {
309 print "<option value='".$iter{"username"}."'>" . $iter{"username"} . "</option>\n";
314 <span
class="text"><?php
xl('Groupname','e'); ?
>: </span
>
315 <select name
=groupname
>
317 $res = sqlStatement("select distinct name from groups");
319 for ($iter = 0;$row = sqlFetchArray($res);$iter++
)
320 $result2[$iter] = $row;
321 foreach ($result2 as $iter) {
322 print "<option value='".$iter{"name"}."'>" . $iter{"name"} . "</option>\n";
327 <input type
="submit" value
=<?php
xl('Add User To Group','e'); ?
>>
337 <form name
='userlist' method
='post' action
='usergroup_admin.php'
338 onsubmit
='return top.restoreSession()'>
340 <input type
='checkbox' name
='form_inactive' value
='1' onclick
='submit()'
341 <?php
if ($form_inactive) echo 'checked '; ?
>/>
342 <?php
xl('Include inactive users','e'); ?
>
346 <table border
=0 cellpadding
=1 cellspacing
=2>
347 <tr
><td
><span
class="bold"><?php
xl('Username','e'); ?
></span
></td
><td
><span
class="bold"><?php
xl('Real Name','e'); ?
></span
></td
><td
><span
class="bold"><?php
xl('Info','e'); ?
></span
></td
><td
><span
class="bold"><?php
xl('Authorized','e'); ?
>?
</span
></td
></tr
>
349 $query = "SELECT * FROM users WHERE username != '' ";
350 if (!$form_inactive) $query .= "AND active = '1' ";
351 $query .= "ORDER BY username";
352 $res = sqlStatement($query);
353 for ($iter = 0;$row = sqlFetchArray($res);$iter++
)
354 $result4[$iter] = $row;
355 foreach ($result4 as $iter) {
356 if ($iter{"authorized"}) {
357 $iter{"authorized"} = xl('yes');
359 $iter{"authorized"} = "";
362 print "<tr><td><span class='text'>" . $iter{"username"} .
363 "</span><a href='user_admin.php?id=" . $iter{"id"} .
364 "' class='link_submit' onclick='top.restoreSession()'>(" . xl('Edit') . ")</a>" .
365 "</td><td><span class='text'>" .
366 $iter{"fname"} . ' ' . $iter{"lname"}."</span></td><td><span class='text'>" .
367 $iter{"info"} . "</span></td><td align='center'><span class='text'>" .
368 $iter{"authorized"} . "</span></td>";
369 print "<td><!--<a href='usergroup_admin.php?mode=delete&id=" . $iter{"id"} .
370 "' class='link_submit'>[Delete]</a>--></td>";
380 if (empty($GLOBALS['disable_non_default_groups'])) {
381 $res = sqlStatement("select * from groups order by name");
382 for ($iter = 0;$row = sqlFetchArray($res);$iter++
)
383 $result5[$iter] = $row;
385 foreach ($result5 as $iter) {
386 $grouplist{$iter{"name"}} .= $iter{"user"} .
387 "(<a class='link_submit' href='usergroup_admin.php?mode=delete_group&id=" .
388 $iter{"id"} . "' onclick='top.restoreSession()'>Remove</a>), ";
391 foreach ($grouplist as $groupname => $list) {
392 print "<span class='bold'>" . $groupname . "</span><br>\n<span class='text'>" .
393 substr($list,0,strlen($list)-2) . "</span><br>\n";
398 <script language
="JavaScript">
400 if ($alertmsg = trim($alertmsg)) {
401 echo "alert('$alertmsg');\n";