search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
flexible apache recs to secure multiple sites
[openemr.git] / interface / usergroup / usergroup_admin_add.php
blob959cc97c1341e93ecc8940db8e81ed88e84c5249
1 <?php
2 require_once("../globals.php");
3 require_once("../../library/acl.inc");
4 require_once("$srcdir/sha1.js");
5 require_once("$srcdir/sql.inc");
6 require_once("$srcdir/formdata.inc.php");
7 require_once("$srcdir/options.inc.php");
8 require_once(dirname(__FILE__) . "/../../library/classes/WSProvider.class.php");
9 require_once("$srcdir/erx_javascript.inc.php");
10
11 $alertmsg = '';
12
13 ?>
14 <html>
15 <head>
16
17 <link rel="stylesheet" href="<?php echo $css_header;?>" type="text/css">
18 <link rel="stylesheet" href="<?php echo $css_header;?>" type="text/css">
19 <link rel="stylesheet" type="text/css" href="<?php echo $GLOBALS['webroot'] ?>/library/js/fancybox/jquery.fancybox-1.2.6.css" media="screen" />
20 <script type="text/javascript" src="<?php echo $GLOBALS['webroot'] ?>/library/dialog.js"></script>
21 <script type="text/javascript" src="<?php echo $GLOBALS['webroot'] ?>/library/js/jquery.1.3.2.js"></script>
22 <script type="text/javascript" src="<?php echo $GLOBALS['webroot'] ?>/library/js/common.js"></script>
23 <script type="text/javascript" src="<?php echo $GLOBALS['webroot'] ?>/library/js/fancybox/jquery.fancybox-1.2.6.js"></script>
24 <script src="checkpwd_validation.js" type="text/javascript"></script>
25
26 <script language="JavaScript">
27 function trimAll(sString)
28 {
29 while (sString.substring(0,1) == ' ')
30 {
31 sString = sString.substring(1, sString.length);
32 }
33 while (sString.substring(sString.length-1, sString.length) == ' ')
34 {
35 sString = sString.substring(0,sString.length-1);
36 }
37 return sString;
38 }
39
40 function submitform() {
41 if (document.forms[0].rumple.value.length>0 && document.forms[0].stiltskin.value.length>0 && document.getElementById('fname').value.length >0 && document.getElementById('lname').value.length >0) {
42 top.restoreSession();
43
44 //Checking if secure password is enabled or disabled.
45 //If it is enabled and entered password is a weak password, alert the user to enter strong password.
46 if(document.new_user.secure_pwd.value == 1){
47 var password = trim(document.new_user.stiltskin.value);
48 if(password != "") {
49 var pwdresult = passwordvalidate(password);
50 if(pwdresult == 0){
51 alert("<?php echo xl('The password must be at least eight characters, and should'); echo '\n'; echo xl('contain at least three of the four following items:'); echo '\n'; echo xl('A number'); echo '\n'; echo xl('A lowercase letter'); echo '\n'; echo xl('An uppercase letter'); echo '\n'; echo xl('A special character');echo '('; echo xl('not a letter or number'); echo ').'; echo '\n'; echo xl('For example:'); echo ' healthCare@09'; ?>");
52 return false;
53 }
54 }
55 } //secure_pwd if ends here
56 // ViCareplus : As per NIST standard, SHA1 encryption algorithm is used
57 document.forms[0].newauthPass.value=SHA1(document.forms[0].stiltskin.value);
58 document.forms[0].stiltskin.value='';
59 <?php if($GLOBALS['erx_enable']){ ?>
60 alertMsg='';
61 f=document.forms[0];
62 for(i=0;i<f.length;i++){
63 if(f[i].type=='text' && f[i].value)
64 {
65 if(f[i].name == 'rumple')
66 {
67 alertMsg += checkLength(f[i].name,f[i].value,35);
68 alertMsg += checkUsername(f[i].name,f[i].value);
69 }
70 else if(f[i].name == 'fname' || f[i].name == 'mname' || f[i].name == 'lname')
71 {
72 alertMsg += checkLength(f[i].name,f[i].value,35);
73 alertMsg += checkUsername(f[i].name,f[i].value);
74 }
75 else if(f[i].name == 'federaltaxid')
76 {
77 alertMsg += checkLength(f[i].name,f[i].value,10);
78 alertMsg += checkFederalEin(f[i].name,f[i].value);
79 }
80 else if(f[i].name == 'state_license_number')
81 {
82 alertMsg += checkLength(f[i].name,f[i].value,10);
83 alertMsg += checkStateLicenseNumber(f[i].name,f[i].value);
84 }
85 else if(f[i].name == 'npi')
86 {
87 alertMsg += checkLength(f[i].name,f[i].value,35);
88 alertMsg += checkTaxNpiDea(f[i].name,f[i].value);
89 }
90 else if(f[i].name == 'federaldrugid')
91 {
92 alertMsg += checkLength(f[i].name,f[i].value,30);
93 alertMsg += checkAlphaNumeric(f[i].name,f[i].value);
94 }
95 }
96 }
97 if(alertMsg)
98 {
99 alert(alertMsg);
100 return false;
101 }
102 <?php } ?>
103 document.forms[0].submit();
104 } else {
105 if (document.forms[0].rumple.value.length<=0)
106 {
107 document.forms[0].rumple.style.backgroundColor="red";
108 alert("<?php xl('Required field missing: Please enter the User Name','e');?>");
109 document.forms[0].rumple.focus();
110 return false;
111 }
112 if (document.forms[0].stiltskin.value.length<=0)
113 {
114 document.forms[0].stiltskin.style.backgroundColor="red";
115 alert("<?php echo xl('Please enter the password'); ?>");
116 document.forms[0].stiltskin.focus();
117 return false;
118 }
119 if(trimAll(document.getElementById('fname').value) == ""){
120 document.getElementById('fname').style.backgroundColor="red";
121 alert("<?php xl('Required field missing: Please enter the First name','e');?>");
122 document.getElementById('fname').focus();
123 return false;
124 }
125 if(trimAll(document.getElementById('lname').value) == ""){
126 document.getElementById('lname').style.backgroundColor="red";
127 alert("<?php xl('Required field missing: Please enter the Last name','e');?>");
128 document.getElementById('lname').focus();
129 return false;
130 }
131 }
132 }
133 function authorized_clicked() {
134 var f = document.forms[0];
135 f.calendar.disabled = !f.authorized.checked;
136 f.calendar.checked = f.authorized.checked;
137 }
138
139 </script>
140
141 </head>
142 <body class="body_top">
143 <table><tr><td>
144 <span class="title"><?php xl('Add User','e'); ?></span>&nbsp;</td>
145 <td>
146 <a class="css_button" name='form_save' id='form_save' href='#' onclick="return submitform()">
147 <span><?php xl('Save','e');?></span></a>
148 <a class="css_button large_button" id='cancel' href='#'>
149 <span class='css_button_span large_button_span'><?php xl('Cancel','e');?></span>
150 </a>
151 </td></tr></table>
152 <br><br>
153
154 <table border=0>
155
156 <tr><td valign=top>
157 <form name='new_user' method='post' target="_parent" action="usergroup_admin.php"
158 onsubmit='return top.restoreSession()'>
159 <input type=hidden name=mode value=new_user>
160 <input type=hidden name=secure_pwd value="<?php echo $GLOBALS['secure_password']; ?>">
161 <span class="bold">&nbsp;</span>
162 </td><td>
163 <table border=0 cellpadding=0 cellspacing=0 style="width:600px;">
164 <tr>
165 <td style="width:150px;"><span class="text"><?php xl('Username','e'); ?>: </span></td><td style="width:220px;"><input type=entry name=rumple style="width:120px;"> <span class="mandatory">&nbsp;*</span></td>
166 <td style="width:150px;"><span class="text"><?php xl('Password','e'); ?>: </span></td><td style="width:250px;"><input type="entry" style="width:120px;" name=stiltskin><span class="mandatory">&nbsp;*</span></td>
167 </tr>
168 <tr>
169 <td><span class="text"<?php if ($GLOBALS['disable_non_default_groups']) echo " style='display:none'"; ?>><?php xl('Groupname','e'); ?>: </span></td>
170 <td>
171 <select name=groupname<?php if ($GLOBALS['disable_non_default_groups']) echo " style='display:none'"; ?>>
172 <?php
173 $res = sqlStatement("select distinct name from groups");
174 $result2 = array();
175 for ($iter = 0;$row = sqlFetchArray($res);$iter++)
176 $result2[$iter] = $row;
177 foreach ($result2 as $iter) {
178 print "<option value='".$iter{"name"}."'>" . $iter{"name"} . "</option>\n";
179 }
180 ?>
181 </select></td>
182 <td><span class="text"><?php xl('Provider','e'); ?>: </span></td><td>
183 <input type='checkbox' name='authorized' value='1' onclick='authorized_clicked()' />
184 &nbsp;&nbsp;<span class='text'><?php xl('Calendar','e'); ?>:
185 <input type='checkbox' name='calendar' disabled />
186 </td>
187 </tr>
188 <tr>
189 <td><span class="text"><?php xl('First Name','e'); ?>: </span></td><td><input type=entry name='fname' id='fname' style="width:120px;"><span class="mandatory">&nbsp;*</span></td>
190 <td><span class="text"><?php xl('Middle Name','e'); ?>: </span></td><td><input type=entry name='mname' style="width:120px;"></td>
191 </tr>
192 <tr>
193 <td><span class="text"><?php xl('Last Name','e'); ?>: </span></td><td><input type=entry name='lname' id='lname' style="width:120px;"><span class="mandatory">&nbsp;*</span></td>
194 <td><span class="text"><?php xl('Default Facility','e'); ?>: </span></td><td><select style="width:120px;" name=facility_id>
195 <?php
196 $fres = sqlStatement("select * from facility where service_location != 0 order by name");
197 if ($fres) {
198 for ($iter = 0;$frow = sqlFetchArray($fres);$iter++)
199 $result[$iter] = $frow;
200 foreach($result as $iter) {
201 ?>
202 <option value="<?php echo $iter{id};?>"><?php echo $iter{name};?></option>
203 <?php
204 }
205 }
206 ?>
207 </select></td>
208 </tr>
209 <tr>
210 <td><span class="text"><?php xl('Federal Tax ID','e'); ?>: </span></td><td><input type=entry name='federaltaxid' style="width:120px;"></td>
211 <td><span class="text"><?php xl('Federal Drug ID','e'); ?>: </span></td><td><input type=entry name='federaldrugid' style="width:120px;"></td>
212 </tr>
213 <tr>
214 <td><span class="text"><?php xl('UPIN','e'); ?>: </span></td><td><input type="entry" name="upin" style="width:120px;"></td>
215 <td class='text'><?php xl('See Authorizations','e'); ?>: </td>
216 <td><select name="see_auth" style="width:120px;">
217 <?php
218 foreach (array(1 => xl('None'), 2 => xl('Only Mine'), 3 => xl('All')) as $key => $value)
219 {
220 echo " <option value='$key'";
221 echo ">$value</option>\n";
222 }
223 ?>
224 </select></td>
225
226 <tr>
227 <td><span class="text"><?php xl('NPI','e'); ?>: </span></td><td><input type="entry" name="npi" style="width:120px;"></td>
228 <td><span class="text"><?php xl('Job Description','e'); ?>: </span></td><td><input type="entry" name="specialty" style="width:120px;"></td>
229 </tr>
230
231 <!-- (CHEMED) Calendar UI preference -->
232 <tr>
233 <td><span class="text"><?php xl('Taxonomy','e'); ?>: </span></td>
234 <td><input type="entry" name="taxonomy" style="width:120px;" value="207Q00000X"></td>
235 <td><span class="text"><?php xl('Calendar UI','e'); ?>: </span></td><td><select name="cal_ui" style="width:120px;">
236 <?php
237 foreach (array(3 => xl('Outlook'), 1 => xl('Original'), 2 => xl('Fancy')) as $key => $value)
238 {
239 echo " <option value='$key'";
240 if ($key == $iter['cal_ui']) echo " selected";
241 echo ">$value</option>\n";
242 }
243 ?>
244 </select></td>
245 </tr>
246 <!-- END (CHEMED) Calendar UI preference -->
247
248 <tr>
249 <td><span class="text"><?php xl('State License Number','e'); ?>: </span></td>
250 <td><input type="text" name="state_license_number" style="width:120px;"></td>
251 <td class='text'><?php xl('NewCrop eRX Role','e'); ?>:</td>
252 <td>
253 <?php echo generate_select_list("erxrole", "newcrop_erx_role", $iter['newcrop_user_role'],'','--Select Role--','','','',array('style'=>'width:120px')); ?>
254 </td>
255 </tr>
256
257 <?php if ($GLOBALS['inhouse_pharmacy']) { ?>
258 <tr>
259 <td class="text"><?php xl('Default Warehouse','e'); ?>: </td>
260 <td class='text'>
261 <?php
262 echo generate_select_list('default_warehouse', 'warehouse',
263 '', '');
264 ?>
265 </td>
266 <td class="text"><?php xl('Invoice Refno Pool','e'); ?>: </td>
267 <td class='text'>
268 <?php
269 echo generate_select_list('irnpool', 'irnpool', '',
270 xl('Invoice reference number pool, if used'));
271 ?>
272 </td>
273 </tr>
274 <?php } ?>
275
276 <?php
277 // List the access control groups if phpgacl installed
278 if (isset($phpgacl_location) && acl_check('admin', 'acl')) {
279 ?>
280 <tr>
281 <td class='text'><?php xl('Access Control','e'); ?>:</td>
282 <td><select name="access_group[]" multiple style="width:120px;">
283 <?php
284 $list_acl_groups = acl_get_group_title_list();
285 $default_acl_group = 'Administrators';
286 foreach ($list_acl_groups as $value) {
287 if ($default_acl_group == $value) {
288 // Modified 6-2009 by BM - Translate group name if applicable
289 echo " <option value='$value' selected>" . xl_gacl_group($value) . "</option>\n";
290 }
291 else {
292 // Modified 6-2009 by BM - Translate group name if applicable
293 echo " <option value='$value'>" . xl_gacl_group($value) . "</option>\n";
294 }
295 }
296 ?>
297 </select></td>
298 <td><span class="text"><?php xl('Additional Info','e'); ?>: </span></td>
299 <td><textarea name=info style="width:120px;" cols=27 rows=4 wrap=auto></textarea></td>
300
301 </tr>
302 <tr height="25"><td colspan="4">&nbsp;</td></tr>
303 <?php
304 }
305 ?>
306
307 </table>
308
309 <br>
310 <input type="hidden" name="newauthPass">
311 </form>
312 </td>
313
314 </tr>
315
316 <tr<?php if ($GLOBALS['disable_non_default_groups']) echo " style='display:none'"; ?>>
317
318 <td valign=top>
319 <form name='new_group' method='post' action="usergroup_admin.php"
320 onsubmit='return top.restoreSession()'>
321 <br>
322 <input type=hidden name=mode value=new_group>
323 <span class="bold"><?php xl('New Group','e'); ?>:</span>
324 </td><td>
325 <span class="text"><?php xl('Groupname','e'); ?>: </span><input type=entry name=groupname size=10>
326 &nbsp;&nbsp;&nbsp;
327 <span class="text"><?php xl('Initial User','e'); ?>: </span>
328 <select name=rumple>
329 <?php
330 $res = sqlStatement("select distinct username from users where username != ''");
331 for ($iter = 0;$row = sqlFetchArray($res);$iter++)
332 $result[$iter] = $row;
333 foreach ($result as $iter) {
334 print "<option value='".$iter{"username"}."'>" . $iter{"username"} . "</option>\n";
335 }
336 ?>
337 </select>
338 &nbsp;&nbsp;&nbsp;
339 <input type="submit" value=<?php xl('Save','e'); ?>>
340 </form>
341 </td>
342
343 </tr>
344
345 <tr <?php if ($GLOBALS['disable_non_default_groups']) echo " style='display:none'"; ?>>
346
347 <td valign=top>
348 <form name='new_group' method='post' action="usergroup_admin.php"
349 onsubmit='return top.restoreSession()'>
350 <input type=hidden name=mode value=new_group>
351 <span class="bold"><?php xl('Add User To Group','e'); ?>:</span>
352 </td><td>
353 <span class="text">
354 <?php xl('User','e'); ?>
355 : </span>
356 <select name=rumple>
357 <?php
358 $res = sqlStatement("select distinct username from users where username != ''");
359 for ($iter = 0;$row = sqlFetchArray($res);$iter++)
360 $result3[$iter] = $row;
361 foreach ($result3 as $iter) {
362 print "<option value='".$iter{"username"}."'>" . $iter{"username"} . "</option>\n";
363 }
364 ?>
365 </select>
366 &nbsp;&nbsp;&nbsp;
367 <span class="text"><?php xl('Groupname','e'); ?>: </span>
368 <select name=groupname>
369 <?php
370 $res = sqlStatement("select distinct name from groups");
371 $result2 = array();
372 for ($iter = 0;$row = sqlFetchArray($res);$iter++)
373 $result2[$iter] = $row;
374 foreach ($result2 as $iter) {
375 print "<option value='".$iter{"name"}."'>" . $iter{"name"} . "</option>\n";
376 }
377 ?>
378 </select>
379 &nbsp;&nbsp;&nbsp;
380 <input type="submit" value=<?php xl('Add User To Group','e'); ?>>
381 </form>
382 </td>
383 </tr>
384
385 </table>
386
387 <?php
388 if (empty($GLOBALS['disable_non_default_groups'])) {
389 $res = sqlStatement("select * from groups order by name");
390 for ($iter = 0;$row = sqlFetchArray($res);$iter++)
391 $result5[$iter] = $row;
392
393 foreach ($result5 as $iter) {
394 $grouplist{$iter{"name"}} .= $iter{"user"} .
395 "(<a class='link_submit' href='usergroup_admin.php?mode=delete_group&id=" .
396 $iter{"id"} . "' onclick='top.restoreSession()'>Remove</a>), ";
397 }
398
399 foreach ($grouplist as $groupname => $list) {
400 print "<span class='bold'>" . $groupname . "</span><br>\n<span class='text'>" .
401 substr($list,0,strlen($list)-2) . "</span><br>\n";
402 }
403 }
404 ?>
405
406 <script language="JavaScript">
407 <?php
408 if ($alertmsg = trim($alertmsg)) {
409 echo "alert('$alertmsg');\n";
410 }
411 ?>
412 $(document).ready(function(){
413 $("#cancel").click(function() {
414 parent.$.fn.fancybox.close();
415 });
416
417 });
418 </script>
419 <table>
420
421 </table>
422
423 </body>
424 </html>
Mirror of official OpenEMR Sourceforge repository