2 // Copyright (C) 2006-2010 Rod Roark <rod@sunsetsystems.com>
4 // This program is free software; you can redistribute it and/or
5 // modify it under the terms of the GNU General Public License
6 // as published by the Free Software Foundation; either version 2
7 // of the License, or (at your option) any later version.
9 // Improved slightly by tony@mi-squared.com 2011, added organization to view
12 //SANITIZE ALL ESCAPES
13 $sanitize_all_escapes=true;
16 //STOP FAKE REGISTER GLOBALS
17 $fake_register_globals=false;
20 require_once("../globals.php");
21 require_once("$srcdir/acl.inc");
22 require_once("$srcdir/formdata.inc.php");
23 require_once("$srcdir/options.inc.php");
24 require_once("$srcdir/htmlspecialchars.inc.php");
26 $popup = empty($_GET['popup']) ?
0 : 1;
28 $form_fname = trim($_POST['form_fname']);
29 $form_lname = trim($_POST['form_lname']);
30 $form_specialty = trim($_POST['form_specialty']);
31 $form_organization = trim($_POST['form_organization']);
32 $form_abook_type = trim($_REQUEST['form_abook_type']);
33 $form_external = $_POST['form_external'] ?
1 : 0;
35 $sqlBindArray = array();
36 $query = "SELECT u.*, lo.option_id AS ab_name, lo.option_value as ab_option FROM users AS u " .
37 "LEFT JOIN list_options AS lo ON " .
38 "list_id = 'abook_type' AND option_id = u.abook_type " .
39 "WHERE u.active = 1 AND ( u.authorized = 1 OR u.username = '' ) ";
40 if ($form_organization) {
41 $query .= "AND u.organization LIKE ? ";
42 array_push($sqlBindArray,$form_organization."%");
45 $query .= "AND u.lname LIKE ? ";
46 array_push($sqlBindArray,$form_lname."%");
49 $query .= "AND u.fname LIKE ? ";
50 array_push($sqlBindArray,$form_fname."%");
52 if ($form_specialty) {
53 $query .= "AND u.specialty LIKE ? ";
54 array_push($sqlBindArray,"%".$form_specialty."%");
56 if ($form_abook_type) {
57 $query .= "AND u.abook_type LIKE ? ";
58 array_push($sqlBindArray,$form_abook_type);
61 $query .= "AND u.username = '' ";
64 $query .= "ORDER BY u.lname, u.fname, u.mname";
65 } else if ($form_organization) {
66 $query .= "ORDER BY u.organization";
68 $query .= "ORDER BY u.organization, u.lname, u.fname";
70 $query .= " LIMIT 500";
71 $res = sqlStatement($query,$sqlBindArray);
77 <link rel
="stylesheet" href
='<?php echo $css_header ?>' type
='text/css'>
78 <title
><?php
echo xlt('Address Book'); ?
></title
>
80 <!-- style tag moved into proper CSS file
-->
82 <?php
if ($popup) { ?
>
83 <script type
="text/javascript" src
="../../library/topdialog.js"></script
>
85 <script type
="text/javascript" src
="../../library/dialog.js"></script
>
87 <script language
="JavaScript">
89 <?php
if ($popup) require($GLOBALS['srcdir'] . "/restoreSession.php"); ?
>
91 // Callback from popups to refresh this display.
92 function refreshme() {
94 document
.forms
[0].submit();
97 // Process click to pop up the add window.
98 function doedclick_add(type
) {
100 dlgopen('addrbook_edit.php?type=' + type
, '_blank', 700, 550);
103 // Process click to pop up the edit window.
104 function doedclick_edit(userid
) {
105 top
.restoreSession();
106 dlgopen('addrbook_edit.php?userid=' + userid
, '_blank', 700, 550);
113 <body
class="body_top">
115 <div id
="addressbook_list">
116 <form method
='post' action
='addrbook_list.php'>
119 <tr
class='search'> <!-- bgcolor
='#ddddff' -->
121 <?php
echo xlt('Organization')?
>:
122 <input type
='text' name
='form_organization' size
='10' value
='<?php echo attr($_POST['form_organization
']); ?>'
123 class='inputtext' title
='<?php echo xla("All or part of the organization") ?>' /> 
;
124 <?php
echo xlt('First Name')?
>:
125 <input type
='text' name
='form_fname' size
='10' value
='<?php echo attr($_POST['form_fname
']); ?>'
126 class='inputtext' title
='<?php echo xla("All or part of the first name") ?>' /> 
;
127 <?php
echo xlt('Last Name')?
>:
128 <input type
='text' name
='form_lname' size
='10' value
='<?php echo attr($_POST['form_lname
']); ?>'
129 class='inputtext' title
='<?php echo xla("All or part of the last name") ?>' /> 
;
130 <?php
echo xlt('Specialty')?
>:
131 <input type
='text' name
='form_specialty' size
='10' value
='<?php echo attr($_POST['form_specialty
']); ?>'
132 class='inputtext' title
='<?php echo xla("Any part of the desired specialty") ?>' /> 
;
134 echo xlt('Type') . ": ";
135 // Generates a select list named form_abook_type:
136 echo generate_select_list("form_abook_type", "abook_type", $_REQUEST['form_abook_type'], '', 'All');
138 <input type
='checkbox' name
='form_external' value
='1'<?php
if ($form_external) echo ' checked'; ?
>
139 title
='<?php echo xla("Omit internal users?") ?>' />
140 <?php
echo xlt('External Only')?
> 
; 
;
141 <input type
='submit' title
='<?php echo xla("Use % alone in a field to just sort on that column") ?>' class='button' name
='form_search' value
='<?php echo xla("Search")?>' />
142 <input type
='button' class='button' value
='<?php echo xla("Add New"); ?>' onclick
='doedclick_add(document.forms[0].form_abook_type.value)' />
149 <td title
='<?php echo xla('Click to view
or edit
'); ?>'><?php
echo xlt('Organization'); ?
></td
>
150 <td
><?php
echo xlt('Name'); ?
></td
>
151 <td
><?php
echo xlt('Local'); ?
></td
><!-- empty for external
-->
152 <td
><?php
echo xlt('Type'); ?
></td
>
153 <td
><?php
echo xlt('Specialty'); ?
></td
>
154 <td
><?php
echo xlt('Phone'); ?
></td
>
155 <td
><?php
echo xlt('Mobile'); ?
></td
>
156 <td
><?php
echo xlt('Fax'); ?
></td
>
157 <td
><?php
echo xlt('Email'); ?
></td
>
158 <td
><?php
echo xlt('Street'); ?
></td
>
159 <td
><?php
echo xlt('City'); ?
></td
>
160 <td
><?php
echo xlt('State'); ?
></td
>
161 <td
><?php
echo xlt('Postal'); ?
></td
>
166 while ($row = sqlFetchArray($res)) {
168 //$bgcolor = "#" . (($encount & 1) ? "ddddff" : "ffdddd");
169 $bgclass = (($encount & 1) ?
"evenrow" : "oddrow");
170 $username = $row['username'];
171 if (! $row['active']) $username = '--';
173 $displayName = $row['fname'] . ' ' . $row['mname'] . ' ' . $row['lname']; // Person Name
175 if ( acl_check('admin', 'practice' ) ||
(empty($username) && empty($row['ab_name'])) ) {
176 // Allow edit, since have access or (no item type and not a local user)
177 $trTitle = xl('Edit'). ' ' . $displayName;
178 echo " <tr class='detail $bgclass' style='cursor:pointer' " .
179 "onclick='doedclick_edit(" . $row['id'] . ")' title='".attr($trTitle)."'>\n";
182 // Do not allow edit, since no access and (item is a type or is a local user)
183 $trTitle = $displayName . " (" . xl("Not Allowed to Edit") . ")";
184 echo " <tr class='detail $bgclass' title='".attr($trTitle)."'>\n";
186 echo " <td>" . text($row['organization']) . "</td>\n";
187 echo " <td>" . text($displayName) . "</td>\n";
188 echo " <td>" . ($username ?
'*' : '') . "</td>\n";
189 echo " <td>" . generate_display_field(array('data_type'=>'1','list_id'=>'abook_type'),$row['ab_name']) . "</td>\n";
190 echo " <td>" . text($row['specialty']) . "</td>\n";
191 echo " <td>" . text($row['phonew1']) . "</td>\n";
192 echo " <td>" . text($row['phonecell']) . "</td>\n";
193 echo " <td>" . text($row['fax']) . "</td>\n";
194 echo " <td>" . text($row['email']) . "</td>\n";
195 echo " <td>" . text($row['street']) . "</td>\n";
196 echo " <td>" . text($row['city']) . "</td>\n";
197 echo " <td>" . text($row['state']) . "</td>\n";
198 echo " <td>" . text($row['zip']) . "</td>\n";
