search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
facility_id bug fix
[openemr.git] / interface / usergroup / usergroup_admin.php
blobc6c6c25dbfb90b5af3c5ec7983c2f28eac37f280
1 <?php
2 require_once("../globals.php");
3 require_once("../../library/acl.inc");
4 require_once("$srcdir/md5.js");
5 require_once("$srcdir/sql.inc");
6 require_once("$srcdir/formdata.inc.php");
7 require_once(dirname(__FILE__) . "/../../library/classes/WSProvider.class.php");
8
9 $alertmsg = '';
10
11 if (isset($_POST["mode"])) {
12 if ($_POST["mode"] == "new_user") {
13 if ($_POST["authorized"] != "1") {
14 $_POST["authorized"] = 0;
15 }
16 // $_POST["info"] = addslashes($_POST["info"]);
17
18 $res = sqlStatement("select distinct username from users where username != ''");
19 $doit = true;
20 while ($row = mysql_fetch_array($res)) {
21 if ($doit == true && $row['username'] == trim(formData('rumple'))) {
22 $doit = false;
23 }
24 }
25
26 if ($doit == true) {
27 $prov_id = idSqlStatement("insert into users set " .
28 "username = '" . trim(formData('rumple' )) .
29 "', password = '" . trim(formData('newauthPass' )) .
30 "', fname = '" . trim(formData('fname' )) .
31 "', mname = '" . trim(formData('mname' )) .
32 "', lname = '" . trim(formData('lname' )) .
33 "', federaltaxid = '" . trim(formData('federaltaxid' )) .
34 "', authorized = '" . trim(formData('authorized' )) .
35 "', info = '" . trim(formData('info' )) .
36 "', federaldrugid = '" . trim(formData('federaldrugid')) .
37 "', upin = '" . trim(formData('upin' )) .
38 "', npi = '" . trim(formData('npi' )).
39 "', taxonomy = '" . trim(formData('taxonomy' )) .
40 "', facility_id = '" . trim(formData('facility_id' )) .
41 "', specialty = '" . trim(formData('specialty' )) .
42 "', see_auth = '" . trim(formData('see_auth' )) .
43 "'");
44 //set the facility name from the selected facility_id
45 sqlStatement("UPDATE users, facility SET users.facility = facility.name WHERE facility.id = '" . trim(formData('facility_id')) . "' AND users.username = '" . trim(formData('rumple')) . "'");
46
47 sqlStatement("insert into groups set name = '" . trim(formData('groupname')) .
48 "', user = '" . trim(formData('rumple')) . "'");
49
50 if (isset($phpgacl_location) && acl_check('admin', 'acl') && trim(formData('rumple'))) {
51 // Set the access control group of user
52 set_user_aro($_POST['access_group'], trim(formData('rumple')),
53 trim(formData('fname')), trim(formData('mname')), trim(formData('lname')));
54 }
55
56 $ws = new WSProvider($prov_id);
57
58 } else {
59 $alertmsg .= xl('User','','',' ') . trim(formData('rumple')) . xl('already exists.','',' ');
60 }
61 }
62 else if ($_POST["mode"] == "new_group") {
63 $res = sqlStatement("select distinct name, user from groups");
64 for ($iter = 0; $row = sqlFetchArray($res); $iter++)
65 $result[$iter] = $row;
66 $doit = 1;
67 foreach ($result as $iter) {
68 if ($doit == 1 && $iter{"name"} == trim(formData('groupname')) && $iter{"user"} == trim(formData('rumple')))
69 $doit--;
70 }
71 if ($doit == 1) {
72 sqlStatement("insert into groups set name = '" . trim(formData('groupname')) .
73 "', user = '" . trim(formData('rumple')) . "'");
74 } else {
75 $alertmsg .= "User " . trim(formData('rumple')) .
76 " is already a member of group " . trim(formData('groupname')) . ". ";
77 }
78 }
79 }
80
81 if (isset($_GET["mode"])) {
82
83 /*******************************************************************
84 // This is the code to delete a user. Note that the link which invokes
85 // this is commented out. Somebody must have figured it was too dangerous.
86 //
87 if ($_GET["mode"] == "delete") {
88 $res = sqlStatement("select distinct username, id from users where id = '" .
89 $_GET["id"] . "'");
90 for ($iter = 0; $row = sqlFetchArray($res); $iter++)
91 $result[$iter] = $row;
92
93 // TBD: Before deleting the user, we should check all tables that
94 // reference users to make sure this user is not referenced!
95
96 foreach($result as $iter) {
97 sqlStatement("delete from groups where user = '" . $iter{"username"} . "'");
98 }
99 sqlStatement("delete from users where id = '" . $_GET["id"] . "'");
100 }
101 *******************************************************************/
102
103 if ($_GET["mode"] == "delete_group") {
104 $res = sqlStatement("select distinct user from groups where id = '" .
105 $_GET["id"] . "'");
106 for ($iter = 0; $row = sqlFetchArray($res); $iter++)
107 $result[$iter] = $row;
108 foreach($result as $iter)
109 $un = $iter{"user"};
110 $res = sqlStatement("select name, user from groups where user = '$un' " .
111 "and id != '" . $_GET["id"] . "'");
112
113 // Remove the user only if they are also in some other group. I.e. every
114 // user must be a member of at least one group.
115 if (sqlFetchArray($res) != FALSE) {
116 sqlStatement("delete from groups where id = '" . $_GET["id"] . "'");
117 } else {
118 $alertmsg .= "You must add this user to some other group before " .
119 "removing them from this group. ";
120 }
121 }
122 }
123
124 $form_inactive = empty($_REQUEST['form_inactive']) ? false : true;
125
126 ?>
127 <html>
128 <head>
129
130 <link rel="stylesheet" href="<?php echo $css_header;?>" type="text/css">
131
132 </head>
133 <body class="body_top">
134
135 <span class="title"><?php xl('User and Group Administration','e'); ?></span>
136
137 <br><br>
138
139 <table width=100%>
140
141 <tr><td valign=top>
142 <form name='new_user' method='post' action="usergroup_admin.php"
143 onsubmit='return top.restoreSession()'>
144 <input type=hidden name=mode value=new_user>
145 <span class="bold"><?php xl('New User','e'); ?>:</span>
146 </td><td>
147 <table border=0 cellpadding=0 cellspacing=0>
148 <tr>
149 <td><span class="text"><?php xl('Username','e'); ?>: </span></td><td><input type=entry name=rumple size=20> &nbsp;</td>
150 <td><span class="text"><?php xl('Password','e'); ?>: </span></td><td><input type="entry" size=20 name=stiltskin></td>
151 </tr>
152 <tr>
153 <td><span class="text"><?php xl('Groupname','e'); ?>: </span></td><td>
154 <select name=groupname>
155 <?php
156 $res = sqlStatement("select distinct name from groups");
157 $result2 = array();
158 for ($iter = 0;$row = sqlFetchArray($res);$iter++)
159 $result2[$iter] = $row;
160 foreach ($result2 as $iter) {
161 print "<option value='".$iter{"name"}."'>" . $iter{"name"} . "</option>\n";
162 }
163 ?>
164 </select></td>
165 <td><span class="text"><?php xl('Authorized','e'); ?>: </span></td><td><input type=checkbox name='authorized' value="1"></td>
166 </tr>
167 <tr>
168 <td><span class="text"><?php xl('First Name','e'); ?>: </span></td><td><input type=entry name='fname' size=20></td>
169 <td><span class="text"><?php xl('Middle Name','e'); ?>: </span></td><td><input type=entry name='mname' size=20></td>
170 </tr>
171 <tr>
172 <td><span class="text"><?php xl('Last Name','e'); ?>: </span></td><td><input type=entry name='lname' size=20></td>
173 <td><span class="text"><?php xl('Default Facility','e'); ?>: </span></td><td><select name=facility_id>
174 <?php
175 $fres = sqlStatement("select * from facility where service_location != 0 order by name");
176 if ($fres) {
177 for ($iter = 0;$frow = sqlFetchArray($fres);$iter++)
178 $result[$iter] = $frow;
179 foreach($result as $iter) {
180 ?>
181 <option value="<?php echo $iter{id};?>"><?php echo $iter{name};?></option>
182 <?php
183 }
184 }
185 ?>
186 </select></td>
187 </tr>
188 <tr>
189 <td><span class="text"><?php xl('Federal Tax ID','e'); ?>: </span></td><td><input type=entry name='federaltaxid' size=20></td>
190 <td><span class="text"><?php xl('Federal Drug ID','e'); ?>: </span></td><td><input type=entry name='federaldrugid' size=20></td>
191 </tr>
192 <tr>
193 <td><span class="text"><?php xl('UPIN','e'); ?>: </span></td><td><input type="entry" name="upin" size="20"></td>
194 <td class='text'><?php xl('See Authorizations','e'); ?>: </td>
195 <td><select name="see_auth">
196 <?php
197 foreach (array(1 => xl('None'), 2 => xl('Only Mine'), 3 => xl('All')) as $key => $value)
198 {
199 echo " <option value='$key'";
200 echo ">$value</option>\n";
201 }
202 ?>
203 </select></td>
204
205 <tr>
206 <td><span class="text"><?php xl('NPI','e'); ?>: </span></td><td><input type="entry" name="npi" size="20"></td>
207 <td><span class="text"><?php xl('Job Description','e'); ?>: </span></td><td><input type="entry" name="specialty" size="20"></td>
208 </tr>
209
210 <!-- (CHEMED) Calendar UI preference -->
211 <tr>
212 <td><span class="text"><?php xl('Taxonomy','e'); ?>: </span></td>
213 <td><input type="entry" name="taxonomy" size="20" value="207Q00000X"></td>
214 <td><span class="text"><?php xl('Calendar UI','e'); ?>: </span></td><td><select name="cal_ui">
215 <?php
216 foreach (array(1 => xl('Default'), 2 => xl('Fancy'), 3 => xl('Outlook')) as $key => $value)
217 {
218 echo " <option value='$key'";
219 if ($key == $iter['cal_ui']) echo " selected";
220 echo ">$value</option>\n";
221 }
222 ?>
223 </select></td>
224 </tr>
225 <!-- END (CHEMED) Calendar UI preference -->
226
227 <?php
228 // List the access control groups if phpgacl installed
229 if (isset($phpgacl_location) && acl_check('admin', 'acl')) {
230 ?>
231 <tr>
232 <td class='text'><?php xl('Access Control','e'); ?>:</td>
233 <td><select name="access_group[]" multiple>
234 <?php
235 $list_acl_groups = acl_get_group_title_list();
236 $default_acl_group = 'Administrators';
237 foreach ($list_acl_groups as $value) {
238 if ($default_acl_group == $value) {
239 // Modified 6-2009 by BM - Translate group name if applicable
240 echo " <option value='$value' selected>" . xl_gacl_group($value) . "</option>\n";
241 }
242 else {
243 // Modified 6-2009 by BM - Translate group name if applicable
244 echo " <option value='$value'>" . xl_gacl_group($value) . "</option>\n";
245 }
246 }
247 ?>
248 </select></td></tr>
249 <?php
250 }
251 ?>
252
253 </table>
254 <span class="text"><?php xl('Additional Info','e'); ?>: </span><br>
255 <textarea name=info cols=40 rows=4 wrap=auto></textarea>
256 <br><input type="hidden" name="newauthPass">
257 <input type="submit" onClick="javascript:this.form.newauthPass.value=MD5(this.form.stiltskin.value);this.form.stiltskin.value='';" value=<?php xl('Add User','e'); ?>>
258 </form>
259 </td>
260
261 </tr>
262
263 <tr<?php if ($GLOBALS['disable_non_default_groups']) echo " style='display:none'"; ?>>
264
265 <td valign=top>
266 <form name='new_group' method='post' action="usergroup_admin.php"
267 onsubmit='return top.restoreSession()'>
268 <br>
269 <input type=hidden name=mode value=new_group>
270 <span class="bold"><?php xl('New Group','e'); ?>:</span>
271 </td><td>
272 <span class="text"><?php xl('Groupname','e'); ?>: </span><input type=entry name=groupname size=10>
273 &nbsp;&nbsp;&nbsp;
274 <span class="text"><?php xl('Initial User','e'); ?>: </span>
275 <select name=rumple>
276 <?php
277 $res = sqlStatement("select distinct username from users where username != ''");
278 for ($iter = 0;$row = sqlFetchArray($res);$iter++)
279 $result[$iter] = $row;
280 foreach ($result as $iter) {
281 print "<option value='".$iter{"username"}."'>" . $iter{"username"} . "</option>\n";
282 }
283 ?>
284 </select>
285 &nbsp;&nbsp;&nbsp;
286 <input type="submit" value=<?php xl('Add Group','e'); ?>>
287 </form>
288 </td>
289
290 </tr>
291
292 <tr<?php if ($GLOBALS['disable_non_default_groups']) echo " style='display:none'"; ?>>
293
294 <td valign=top>
295 <form name='new_group' method='post' action="usergroup_admin.php"
296 onsubmit='return top.restoreSession()'>
297 <input type=hidden name=mode value=new_group>
298 <span class="bold"><?php xl('Add User To Group','e'); ?>:</span>
299 </td><td>
300 <span class="text">
301 <?php xl('User','e'); ?>
302 : </span>
303 <select name=rumple>
304 <?php
305 $res = sqlStatement("select distinct username from users where username != ''");
306 for ($iter = 0;$row = sqlFetchArray($res);$iter++)
307 $result3[$iter] = $row;
308 foreach ($result3 as $iter) {
309 print "<option value='".$iter{"username"}."'>" . $iter{"username"} . "</option>\n";
310 }
311 ?>
312 </select>
313 &nbsp;&nbsp;&nbsp;
314 <span class="text"><?php xl('Groupname','e'); ?>: </span>
315 <select name=groupname>
316 <?php
317 $res = sqlStatement("select distinct name from groups");
318 $result2 = array();
319 for ($iter = 0;$row = sqlFetchArray($res);$iter++)
320 $result2[$iter] = $row;
321 foreach ($result2 as $iter) {
322 print "<option value='".$iter{"name"}."'>" . $iter{"name"} . "</option>\n";
323 }
324 ?>
325 </select>
326 &nbsp;&nbsp;&nbsp;
327 <input type="submit" value=<?php xl('Add User To Group','e'); ?>>
328 </form>
329 </td>
330
331 </tr>
332
333 </table>
334
335 <hr>
336
337 <form name='userlist' method='post' action='usergroup_admin.php'
338 onsubmit='return top.restoreSession()'>
339 <span class='bold'>
340 <input type='checkbox' name='form_inactive' value='1' onclick='submit()'
341 <?php if ($form_inactive) echo 'checked '; ?>/>
342 <?php xl('Include inactive users','e'); ?>
343 </span>
344 </form>
345
346 <table border=0 cellpadding=1 cellspacing=2>
347 <tr><td><span class="bold"><?php xl('Username','e'); ?></span></td><td><span class="bold"><?php xl('Real Name','e'); ?></span></td><td><span class="bold"><?php xl('Info','e'); ?></span></td><td><span class="bold"><?php xl('Authorized','e'); ?>?</span></td></tr>
348 <?php
349 $query = "SELECT * FROM users WHERE username != '' ";
350 if (!$form_inactive) $query .= "AND active = '1' ";
351 $query .= "ORDER BY username";
352 $res = sqlStatement($query);
353 for ($iter = 0;$row = sqlFetchArray($res);$iter++)
354 $result4[$iter] = $row;
355 foreach ($result4 as $iter) {
356 if ($iter{"authorized"}) {
357 $iter{"authorized"} = xl('yes');
358 } else {
359 $iter{"authorized"} = "";
360 }
361
362 print "<tr><td><span class='text'>" . $iter{"username"} .
363 "</span><a href='user_admin.php?id=" . $iter{"id"} .
364 "' class='link_submit' onclick='top.restoreSession()'>(" . xl('Edit') . ")</a>" .
365 "</td><td><span class='text'>" .
366 $iter{"fname"} . ' ' . $iter{"lname"}."</span></td><td><span class='text'>" .
367 $iter{"info"} . "</span></td><td align='center'><span class='text'>" .
368 $iter{"authorized"} . "</span></td>";
369 print "<td><!--<a href='usergroup_admin.php?mode=delete&id=" . $iter{"id"} .
370 "' class='link_submit'>[Delete]</a>--></td>";
371 print "</tr>\n";
372 }
373 ?>
374
375 </table>
376
377 <hr>
378
379 <?php
380 if (empty($GLOBALS['disable_non_default_groups'])) {
381 $res = sqlStatement("select * from groups order by name");
382 for ($iter = 0;$row = sqlFetchArray($res);$iter++)
383 $result5[$iter] = $row;
384
385 foreach ($result5 as $iter) {
386 $grouplist{$iter{"name"}} .= $iter{"user"} .
387 "(<a class='link_submit' href='usergroup_admin.php?mode=delete_group&id=" .
388 $iter{"id"} . "' onclick='top.restoreSession()'>Remove</a>), ";
389 }
390
391 foreach ($grouplist as $groupname => $list) {
392 print "<span class='bold'>" . $groupname . "</span><br>\n<span class='text'>" .
393 substr($list,0,strlen($list)-2) . "</span><br>\n";
394 }
395 }
396 ?>
397
398 <script language="JavaScript">
399 <?php
400 if ($alertmsg = trim($alertmsg)) {
401 echo "alert('$alertmsg');\n";
402 }
403 ?>
404 </script>
405
406 </body>
407 </html>
Mirror of official OpenEMR Sourceforge repository