2 // +-----------------------------------------------------------------------------+
3 // Copyright (C) 2011 Z&H Consultancy Services Private Limited <sam@zhservices.com>
6 // This program is free software; you can redistribute it and/or
7 // modify it under the terms of the GNU General Public License
8 // as published by the Free Software Foundation; either version 2
9 // of the License, or (at your option) any later version.
12 // This program is distributed in the hope that it will be useful,
13 // but WITHOUT ANY WARRANTY; without even the implied warranty of
14 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 // GNU General Public License for more details.
18 // A copy of the GNU General Public License is included along with this program:
19 // openemr/interface/login/GnuGPL.html
20 // For more information write to the Free Software
21 // Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
23 // Author: Eldho Chacko <eldho@zhservices.com>
24 // Jacob T Paul <jacob@zhservices.com>
26 // +------------------------------------------------------------------------------+
28 //SANITIZE ALL ESCAPES
29 $sanitize_all_escapes=true;
32 //STOP FAKE REGISTER GLOBALS
33 $fake_register_globals=false;
36 require_once("../../interface/globals.php");
38 $templateid = $_REQUEST['templateid'];
39 $Source = $_REQUEST['source'];
40 $list_id = $_REQUEST['list_id'];
41 $item = $_REQUEST['item'];
42 $multi = $_REQUEST['multi'];
43 $content = $_REQUEST['content'];
45 if($Source=="add_template"){
46 $arr = explode("|",$multi);
48 for($i=0;$i<sizeof($arr)-1;$i++
){
49 $sql = sqlStatement("SELECT * FROM customlists AS cl LEFT OUTER JOIN template_users AS tu ON cl.cl_list_slno=tu.tu_template_id
50 WHERE cl_list_item_long=? AND cl_list_type=3 AND cl_deleted=0 AND cl_list_id=? AND tu.tu_user_id=?",array($templateid,$arr[$i],$_SESSION['authId']));
51 $cnt = sqlNumRows($sql);
53 $newid=sqlInsert("INSERT INTO customlists (cl_list_id,cl_list_type,cl_list_item_long,cl_creator) VALUES (?,?,?,?)",array($arr[$i],3,$templateid,$_SESSION['authId']));
54 sqlInsert("INSERT INTO template_users (tu_user_id,tu_template_id) VALUES (?,?)",array($_SESSION['authId'],$newid));
56 echo "<select name='template' id='template' onchange='TemplateSentence(this.value)' style='width:180px'>";
57 echo "<option value=''>".htmlspecialchars(xl('Select category'),ENT_QUOTES
)."</option>";
58 $resTemplates = sqlStatement("SELECT * FROM template_users AS tu LEFT OUTER JOIN customlists AS c ON tu.tu_template_id=c.cl_list_slno WHERE
59 tu.tu_user_id=? AND c.cl_list_type=3 AND cl_list_id=? AND cl_deleted=0 ORDER BY tu.tu_template_order,
60 c.cl_list_item_long",array($_SESSION['authId'],$list_id));
61 while($rowTemplates = sqlFetchArray($resTemplates)){
62 echo "<option value='".htmlspecialchars($rowTemplates['cl_list_slno'],ENT_QUOTES
)."'>".htmlspecialchars($rowTemplates['cl_list_item_long'],ENT_QUOTES
)."</option>";
67 else if($Source=="save_provider"){
68 $arr = explode("|",$multi);
69 for($i=0;$i<sizeof($arr)-1;$i++
){
70 $cnt = sqlNumRows(sqlStatement("SELECT * FROM template_users WHERE tu_user_id=? AND tu_template_id=?",array($arr[$i],$list_id)));
72 sqlInsert("INSERT INTO template_users (tu_user_id,tu_template_id) VALUES (?,?)",array($arr[$i],$list_id));
76 else if($Source=="add_item"){
77 $row = sqlQuery("SELECT max(cl_order)+1 as order1 FROM customlists WHERE cl_list_id=?",array($templateid));
78 $order = $row['order1'];
79 $newid = sqlInsert("INSERT INTO customlists (cl_list_id,cl_list_type,cl_list_item_long,cl_order,cl_creator) VALUES (?,?,?,?,?)",array($templateid,4,$item,$order,$_SESSION['authId']));
80 sqlInsert("INSERT INTO template_users (tu_user_id,tu_template_id,tu_template_order) VALUES (?,?,?)",array($_SESSION['authId'],$newid,$order));
82 else if($Source=="delete_item"){
83 sqlStatement("DELETE FROM template_users WHERE tu_template_id=? AND tu_user_id=?",array($item,$_SESSION['authId']));
85 else if($Source=="update_item"){
86 $row = sqlQuery("SELECT max(cl_order)+1 as order1 FROM customlists WHERE cl_list_id=?",array($templateid));
87 $order = $row['order1'];
88 $newid = sqlInsert("INSERT INTO customlists (cl_list_id,cl_list_type,cl_list_item_long,cl_order,cl_creator) VALUES (?,?,?,?,?)",array($templateid,4,$content,$order,$_SESSION['authId']));
89 sqlStatement("UPDATE template_users SET tu_template_id=? WHERE tu_template_id=? AND tu_user_id=?",array($newid,$item,$_SESSION['authId']));
91 else if($Source=='item_show'){
92 $sql = "SELECT * FROM customlists WHERE cl_list_id=? AND cl_list_type=4 AND cl_deleted=0";
93 $res = sqlStatement($sql,array($list_id));
94 $selcat = sqlQuery("SELECT * FROM customlists WHERE cl_list_slno=? AND cl_list_type=3 AND cl_deleted=0",array($list_id));
95 $selcont = sqlQuery("SELECT * FROM customlists WHERE cl_list_slno=? AND cl_list_type=2 AND cl_deleted=0",array($selcat['cl_list_id']));
96 $cnt =sqlNumRows($res);
98 echo "<table width='100%'>";
99 echo "<tr class='text'><th colspan=2 style='background-color:#ffffff'>".htmlspecialchars(xl('Preview of')," ".$selcat['cl_list_item_long']."(".$selcont['cl_list_item_long'].")",ENT_QUOTES
)."</th></tr>";
101 while($row=sqlFetchArray($res)){
103 $class = ($class=='reportTableOddRow') ?
'reportTableEvenRow' : 'reportTableOddRow';
104 echo "<tr class='text'><td style='background-color:#ffffff'>".$i."</td><td style='background-color:#ffffff'>".htmlspecialchars($row['cl_list_item_long'],ENT_QUOTES
)."</td></tr>";
109 echo "<table width='100%'>";
110 echo "<tr class='text'><th colspan=2 style='background-color:#ffffff'>".htmlspecialchars(xl('No items under selected category'),ENT_QUOTES
)."</th></tr>";
113 $Source="add_template";
115 else if($Source=='check_item'){
116 $sql=sqlStatement("SELECT * FROM template_users WHERE tu_template_id=? AND tu_user_id=?",array($item,$list_id));
117 $cnt=sqlNumRows($sql);
119 echo htmlspecialchars(xl("OK"),ENT_QUOTES
);
122 echo htmlspecialchars(xl("FAIL"),ENT_QUOTES
);
124 $Source="add_template";
126 else if($Source=='display_item'){
127 $multi = preg_replace('/\|$/','',$multi);
128 $val = str_replace("|",",",$multi);
129 echo "<select multiple name='topersonalizeditem[]' id='topersonalizeditem' size='6' style='width:220px' onchange='display_item()'>";
130 $resTemplates = sqlStatement("SELECT * FROM customlists WHERE cl_list_type=4 AND cl_deleted=0 AND cl_list_id IN ($val) ORDER BY cl_list_item_long");
131 while($rowTemplates = sqlFetchArray($resTemplates)){
132 echo "<option value='".htmlspecialchars($rowTemplates['cl_list_slno'],ENT_QUOTES
)."'>".htmlspecialchars($rowTemplates['cl_list_item_long'],ENT_QUOTES
)."</option>";
135 $Source="add_template";
137 else if($Source=='delete_category'){
138 $res = sqlStatement("SELECT * FROM template_users AS tu LEFT OUTER JOIN users AS u ON tu.tu_user_id=u.id WHERE tu_template_id=? AND tu.tu_user_id!=?",array($templateid,$_SESSION['authId']));
141 while($row=sqlFetchArray($res)){
143 $users .= $i.")".$row['fname']." ".$row['lname']."\n";
145 echo htmlspecialchars($users,ENT_QUOTES
);
146 $Source="add_template";
148 else if($Source=='delete_full_category'){
149 sqlStatement("UPDATE customlists SET cl_deleted=? WHERE cl_list_slno=?",array(1,$templateid));
150 sqlStatement("DELETE template_users WHERE tu_template_id=?",array($templateid));
151 $res = sqlStatement("SELECT * FROM customlists AS cl WHERE cl_list_id=?",array($templateid));
152 while($row=sqlFetchArray($res)){
153 sqlStatement("UPDATE customlists SET cl_deleted=1 WHERE cl_list_slno=?",array($row['cl_list_slno']));
154 sqlStatement("DELETE template_users WHERE tu_template_id=?",array($row['cl_list_slno']));
157 $Source="add_template";
159 else if($Source=='checkcontext'){
160 $res = sqlStatement("SELECT * FROM customlists WHERE cl_deleted=0 AND cl_list_type=3 AND cl_list_id=?",array($list_id));
161 if(sqlNumRows($res)){
167 $Source="add_template";
169 if($Source!="add_template"){
170 $res= sqlStatement("SELECT * FROM customlists AS cl LEFT OUTER JOIN template_users AS tu ON cl.cl_list_slno=tu.tu_template_id
171 WHERE cl_list_type=4 AND cl_list_id=? AND cl_deleted=0 AND tu.tu_user_id=? ORDER BY tu.tu_template_order",
172 array($templateid,$_SESSION['authId']));
174 while($row = sqlFetchArray($res)){
176 echo "<li id='clorder_".htmlspecialchars($row['cl_list_slno'],ENT_QUOTES
)."' style='cursor:pointer'><span>";
177 if(acl_check('nationnotes', 'nn_configure')){
178 echo "<img src='../../images/b_edit.png' onclick=update_item_div('".htmlspecialchars($row['cl_list_slno'],ENT_QUOTES
)."')>";
180 echo "<div style='display:inline' id='".htmlspecialchars($row['cl_list_slno'],ENT_QUOTES
)."' onclick=\"moveOptions_11('".htmlspecialchars($row['cl_list_slno'],ENT_QUOTES
)."', 'textarea1');\">".htmlspecialchars($row['cl_list_item_long'],ENT_QUOTES
)."</div>";
181 if(acl_check('nationnotes', 'nn_configure')){
182 echo "<img src='../../images/deleteBtn.png' onclick=\"delete_item('".htmlspecialchars($row['cl_list_slno'],ENT_QUOTES
)."')\">";
183 echo "<div id='update_item".htmlspecialchars($row['cl_list_slno'],ENT_QUOTES
)."' style='display:none'><textarea name='update_item_txt".htmlspecialchars($row['cl_list_slno'],ENT_QUOTES
)."' id='update_item_txt".htmlspecialchars($row['cl_list_slno'],ENT_QUOTES
)."'>".htmlspecialchars($row['cl_list_item_long'],ENT_QUOTES
)."</textarea></br>";
184 echo "<input type='button' name='update' onclick=update_item('".$row['cl_list_slno']."') value='".htmlspecialchars(xl('Update'),ENT_QUOTES
)."'><input type='button' name='cancel' value='". htmlspecialchars(xl('Cancel'),ENT_QUOTES
)."' onclick=cancel_item('".htmlspecialchars($row['cl_list_slno'],ENT_QUOTES
)."')></div>";
188 if(acl_check('nationnotes', 'nn_configure') && $templateid){
189 echo "<li style='cursor:pointer'><span onclick='add_item()'>".htmlspecialchars(xl('Click to add new components'),ENT_QUOTES
);
190 echo "</span><div id='new_item' style='display:none'>";
191 echo "<textarea name='item' id='item'></textarea></br>";
192 echo "<input type='button' name='save' value='". htmlspecialchars(xl('Save'),ENT_QUOTES
)."' onclick='save_item()'><input type='button' name='cancel' value='". htmlspecialchars(xl('Cancel'),ENT_QUOTES
)."' onclick=cancel_item('".htmlspecialchars($row['cl_list_slno'],ENT_QUOTES
)."')></div></li>";