search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Openemr fix 4723 module install script uses OpenEMR sql upgrade service (#4724)
[openemr.git] / portal / add_edit_event_user.php
blob2043d7f18d74b1df0862185b281db0164a85b5a4
1 <?php
2
3 /**
4 *
5 * Modified from interface/main/calendar/add_edit_event.php for
6 * the patient portal.
7 *
8 * @package OpenEMR
9 * @link http://www.open-emr.org
10 * @author Rod Roark <rod@sunsetsystems.com>
11 * @author Jerry Padgett <sjpadgett@gmail.com>
12 * @author Brady Miller <brady.g.miller@gmail.com>
13 * @copyright Copyright (C) 2005-2006 Rod Roark <rod@sunsetsystems.com>
14 * @copyright Copyright (C) 2016-2019 Jerry Padgett <sjpadgett@gmail.com>
15 * @copyright Copyright (c) 2019 Brady Miller <brady.g.miller@gmail.com>
16 * @license https://github.com/openemr/openemr/blob/master/LICENSE GNU General Public License 3
17 */
18
19 // Will start the (patient) portal OpenEMR session/cookie.
20 require_once(dirname(__FILE__) . "/../src/Common/Session/SessionUtil.php");
21 OpenEMR\Common\Session\SessionUtil::portalSessionStart();
22
23 require_once("./../library/pnotes.inc");
24
25 //landing page definition -- where to go if something goes wrong
26 $landingpage = "index.php?site=" . urlencode($_SESSION['site_id']);
27 //
28
29 // kick out if patient not authenticated
30 if (isset($_SESSION['pid']) && isset($_SESSION['patient_portal_onsite_two'])) {
31 $pid = $_SESSION['pid'];
32 } else {
33 OpenEMR\Common\Session\SessionUtil::portalSessionCookieDestroy();
34 header('Location: ' . $landingpage . '&w');
35 exit;
36 }
37
38 $ignoreAuth_onsite_portal = true;
39 global $ignoreAuth_onsite_portal;
40
41 require_once("../interface/globals.php");
42 require_once("$srcdir/patient.inc");
43 require_once("$srcdir/forms.inc");
44
45 use OpenEMR\Core\Header;
46
47 // Things that might be passed by our opener.
48 //
49 $eid = $_GET['eid']; // only for existing events
50 $date = $_GET['date']; // this and below only for new events
51 $userid = $_GET['userid'];
52 $default_catid = $_GET['catid'] ? $_GET['catid'] : '5';
53 $patientid = $_GET['patid'];
54 //
55
56 if ($date) {
57 $date = substr($date, 0, 4) . '-' . substr($date, 4, 2) . '-' . substr($date, 6);
58 } else {
59 $date = date("Y-m-d");
60 }
61
62 //
63 $starttimem = '00';
64 if (isset($_GET['starttimem'])) {
65 $starttimem = substr('00' . $_GET['starttimem'], -2);
66 }
67
68 //
69 if (isset($_GET['starttimeh'])) {
70 $starttimeh = $_GET['starttimeh'];
71 if (isset($_GET['startampm'])) {
72 if ($_GET['startampm'] == '2' && $starttimeh < 12) {
73 $starttimeh += 12;
74 }
75 }
76 } else {
77 $starttimeh = date("G");
78 }
79
80 $startampm = '';
81
82 $info_msg = "";
83
84 // EVENTS TO FACILITIES (lemonsoftware)
85 //(CHEMED) get facility name
86 // edit event case - if there is no association made, then insert one with the first facility
87 if ($eid) {
88 $selfacil = '';
89 $facility = sqlQuery("SELECT pc_facility, pc_multiple, pc_aid, facility.name
90 FROM openemr_postcalendar_events
91 LEFT JOIN facility ON (openemr_postcalendar_events.pc_facility = facility.id)
92 WHERE pc_eid = ?", array($eid));
93 if (!$facility['pc_facility']) {
94 $qmin = sqlQuery("SELECT facility_id as minId, facility FROM users WHERE id = ?", array($facility['pc_aid']));
95 $min = $qmin['minId'];
96 $min_name = $qmin['facility'];
97
98 // multiple providers case
99 if ($GLOBALS['select_multi_providers']) {
100 $mul = $facility['pc_multiple'];
101 sqlStatement("UPDATE openemr_postcalendar_events SET pc_facility = ? WHERE pc_multiple = ?", array($min, $mul));
102 }
103
104 // EOS multiple
105
106 sqlStatement("UPDATE openemr_postcalendar_events SET pc_facility = ? WHERE pc_eid = ?", array($min, $eid));
107 $e2f = $min;
108 $e2f_name = $min_name;
109 } else {
110 $e2f = $facility['pc_facility'];
111 $e2f_name = $facility['name'];
112 }
113 }
114
115 // EOS E2F
116 // ===========================
117
118
119 // If we are saving, then save and close the window.
120 //
121 if ($_POST['form_action'] == "save") {
122 //print_r($_POST);
123 //exit();
124 $event_date = fixDate($_POST['form_date']);
125
126 // Compute start and end time strings to be saved.
127 if ($_POST['form_allday']) {
128 $tmph = 0;
129 $tmpm = 0;
130 $duration = 24 * 60;
131 } else {
132 $tmph = $_POST['form_hour'] + 0;
133 $tmpm = $_POST['form_minute'] + 0;
134 if ($_POST['form_ampm'] == '2' && $tmph < 12) {
135 $tmph += 12;
136 }
137
138 $duration = $_POST['form_duration'];
139 }
140
141 $starttime = "$tmph:$tmpm:00";
142 //
143 $tmpm += $duration;
144 while ($tmpm >= 60) {
145 $tmpm -= 60;
146 ++$tmph;
147 }
148
149 $endtime = "$tmph:$tmpm:00";
150
151 // Useless garbage that we must save.
152 $locationspec = 'a:6:{s:14:"event_location";N;s:13:"event_street1";N;' .
153 's:13:"event_street2";N;s:10:"event_city";N;s:11:"event_state";N;s:12:"event_postal";N;}';
154
155 // More garbage, but this time 1 character of it is used to save the
156 // repeat type.
157 if ($_POST['form_repeat']) {
158 $recurrspec = 'a:5:{' .
159 's:17:"event_repeat_freq";s:1:"' . $_POST['form_repeat_freq'] . '";' .
160 's:22:"event_repeat_freq_type";s:1:"' . $_POST['form_repeat_type'] . '";' .
161 's:19:"event_repeat_on_num";s:1:"1";' .
162 's:19:"event_repeat_on_day";s:1:"0";' .
163 's:20:"event_repeat_on_freq";s:1:"0";}';
164 } else {
165 $recurrspec = 'a:5:{' .
166 's:17:"event_repeat_freq";N;' .
167 's:22:"event_repeat_freq_type";s:1:"0";' .
168 's:19:"event_repeat_on_num";s:1:"1";' .
169 's:19:"event_repeat_on_day";s:1:"0";' .
170 's:20:"event_repeat_on_freq";s:1:"1";}';
171 }
172
173 //The modification of the start date for events that take place on one day of the week
174 //for example monday, or thursday. We set the start date on the first day of the week
175 //that the event is scheduled. For example if you set the event to repeat on each monday
176 //the start date of the event will be set on the first monday after the day the event is scheduled
177 if ($_POST['form_repeat_type'] == 5) {
178 $exploded_date = explode("-", $event_date);
179 $edate = date("D", mktime(0, 0, 0, $exploded_date[1], $exploded_date[2], $exploded_date[0]));
180 if ($edate == "Tue") {
181 $event_date = date("Y-m-d", mktime(0, 0, 0, $exploded_date[1], $exploded_date[2] + 6, $exploded_date[0]));
182 } elseif ($edate == "Wed") {
183 $event_date = date("Y-m-d", mktime(0, 0, 0, $exploded_date[1], $exploded_date[2] + 5, $exploded_date[0]));
184 } elseif ($edate == "Thu") {
185 $event_date = date("Y-m-d", mktime(0, 0, 0, $exploded_date[1], $exploded_date[2] + 4, $exploded_date[0]));
186 } elseif ($edate == "Fri") {
187 $event_date = date("Y-m-d", mktime(0, 0, 0, $exploded_date[1], $exploded_date[2] + 3, $exploded_date[0]));
188 } elseif ($edate == "Sat") {
189 $event_date = date("Y-m-d", mktime(0, 0, 0, $exploded_date[1], $exploded_date[2] + 2, $exploded_date[0]));
190 } elseif ($edate == "Sun") {
191 $event_date = date("Y-m-d", mktime(0, 0, 0, $exploded_date[1], $exploded_date[2] + 1, $exploded_date[0]));
192 }
193 } elseif ($_POST['form_repeat_type'] == 6) {
194 $exploded_date = explode("-", $event_date);
195 $edate = date("D", mktime(0, 0, 0, $exploded_date[1], $exploded_date[2], $exploded_date[0]));
196 if ($edate == "Wed") {
197 $event_date = date("Y-m-d", mktime(0, 0, 0, $exploded_date[1], $exploded_date[2] + 6, $exploded_date[0]));
198 } elseif ($edate == "Thu") {
199 $event_date = date("Y-m-d", mktime(0, 0, 0, $exploded_date[1], $exploded_date[2] + 5, $exploded_date[0]));
200 } elseif ($edate == "Fri") {
201 $event_date = date("Y-m-d", mktime(0, 0, 0, $exploded_date[1], $exploded_date[2] + 4, $exploded_date[0]));
202 } elseif ($edate == "Sat") {
203 $event_date = date("Y-m-d", mktime(0, 0, 0, $exploded_date[1], $exploded_date[2] + 3, $exploded_date[0]));
204 } elseif ($edate == "Sun") {
205 $event_date = date("Y-m-d", mktime(0, 0, 0, $exploded_date[1], $exploded_date[2] + 2, $exploded_date[0]));
206 } elseif ($edate == "Mon") {
207 $event_date = date("Y-m-d", mktime(0, 0, 0, $exploded_date[1], $exploded_date[2] + 1, $exploded_date[0]));
208 }
209 } elseif ($_POST['form_repeat_type'] == 7) {
210 $exploded_date = explode("-", $event_date);
211 $edate = date("D", mktime(0, 0, 0, $exploded_date[1], $exploded_date[2], $exploded_date[0]));
212 if ($edate == "Thu") {
213 $event_date = date("Y-m-d", mktime(0, 0, 0, $exploded_date[1], $exploded_date[2] + 6, $exploded_date[0]));
214 } elseif ($edate == "Fri") {
215 $event_date = date("Y-m-d", mktime(0, 0, 0, $exploded_date[1], $exploded_date[2] + 5, $exploded_date[0]));
216 } elseif ($edate == "Sat") {
217 $event_date = date("Y-m-d", mktime(0, 0, 0, $exploded_date[1], $exploded_date[2] + 4, $exploded_date[0]));
218 } elseif ($edate == "Sun") {
219 $event_date = date("Y-m-d", mktime(0, 0, 0, $exploded_date[1], $exploded_date[2] + 3, $exploded_date[0]));
220 } elseif ($edate == "Mon") {
221 $event_date = date("Y-m-d", mktime(0, 0, 0, $exploded_date[1], $exploded_date[2] + 2, $exploded_date[0]));
222 } elseif ($edate == "Tue") {
223 $event_date = date("Y-m-d", mktime(0, 0, 0, $exploded_date[1], $exploded_date[2] + 1, $exploded_date[0]));
224 }
225 } elseif ($_POST['form_repeat_type'] == 8) {
226 $exploded_date = explode("-", $event_date);
227 $edate = date("D", mktime(0, 0, 0, $exploded_date[1], $exploded_date[2], $exploded_date[0]));
228 if ($edate == "Fri") {
229 $event_date = date("Y-m-d", mktime(0, 0, 0, $exploded_date[1], $exploded_date[2] + 6, $exploded_date[0]));
230 } elseif ($edate == "Sat") {
231 $event_date = date("Y-m-d", mktime(0, 0, 0, $exploded_date[1], $exploded_date[2] + 5, $exploded_date[0]));
232 } elseif ($edate == "Sun") {
233 $event_date = date("Y-m-d", mktime(0, 0, 0, $exploded_date[1], $exploded_date[2] + 4, $exploded_date[0]));
234 } elseif ($edate == "Mon") {
235 $event_date = date("Y-m-d", mktime(0, 0, 0, $exploded_date[1], $exploded_date[2] + 3, $exploded_date[0]));
236 } elseif ($edate == "Tue") {
237 $event_date = date("Y-m-d", mktime(0, 0, 0, $exploded_date[1], $exploded_date[2] + 2, $exploded_date[0]));
238 } elseif ($edate == "Wed") {
239 $event_date = date("Y-m-d", mktime(0, 0, 0, $exploded_date[1], $exploded_date[2] + 1, $exploded_date[0]));
240 }
241 } elseif ($_POST['form_repeat_type'] == 9) {
242 $exploded_date = explode("-", $event_date);
243 $edate = date("D", mktime(0, 0, 0, $exploded_date[1], $exploded_date[2], $exploded_date[0]));
244 if ($edate == "Sat") {
245 $event_date = date("Y-m-d", mktime(0, 0, 0, $exploded_date[1], $exploded_date[2] + 6, $exploded_date[0]));
246 } elseif ($edate == "Sun") {
247 $event_date = date("Y-m-d", mktime(0, 0, 0, $exploded_date[1], $exploded_date[2] + 5, $exploded_date[0]));
248 } elseif ($edate == "Mon") {
249 $event_date = date("Y-m-d", mktime(0, 0, 0, $exploded_date[1], $exploded_date[2] + 4, $exploded_date[0]));
250 } elseif ($edate == "Tue") {
251 $event_date = date("Y-m-d", mktime(0, 0, 0, $exploded_date[1], $exploded_date[2] + 3, $exploded_date[0]));
252 } elseif ($edate == "Wed") {
253 $event_date = date("Y-m-d", mktime(0, 0, 0, $exploded_date[1], $exploded_date[2] + 2, $exploded_date[0]));
254 } elseif ($edate == "Thu") {
255 $event_date = date("Y-m-d", mktime(0, 0, 0, $exploded_date[1], $exploded_date[2] + 1, $exploded_date[0]));
256 }
257 }//if end
258 /* =======================================================
259 // UPDATE EVENTS
260 ========================================================*/
261 if ($eid) {
262 // what is multiple key around this $eid?
263 $row = sqlQuery("SELECT pc_multiple FROM openemr_postcalendar_events WHERE pc_eid = ?", array($eid));
264
265 if ($GLOBALS['select_multi_providers'] && $row['pc_multiple']) {
266 /* ==========================================
267 // multi providers BOS
268 ==========================================*/
269
270 // obtain current list of providers regarding the multiple key
271 $up = sqlStatement("SELECT pc_aid FROM openemr_postcalendar_events WHERE pc_multiple = ?", array($row['pc_multiple']));
272 while ($current = sqlFetchArray($up)) {
273 $providers_current[] = $current['pc_aid'];
274 }
275
276 $providers_new = $_POST['form_provider_ae'];
277
278 // this difference means that some providers from current was UNCHECKED
279 // so we must delete this event for them
280 $r1 = array_diff($providers_current, $providers_new);
281 if (count($r1)) {
282 foreach ($r1 as $to_be_removed) {
283 sqlQuery("DELETE FROM openemr_postcalendar_events WHERE pc_aid = ? AND pc_multiple = ?", array($to_be_removed, $row['pc_multiple']));
284 }
285 }
286
287 // this difference means that some providers was added
288 // so we must insert this event for them
289 $r2 = array_diff($providers_new, $providers_current);
290 if (count($r2)) {
291 foreach ($r2 as $to_be_inserted) {
292 sqlStatement("INSERT INTO openemr_postcalendar_events ( pc_catid, pc_multiple, pc_aid, pc_pid, pc_title, pc_time, pc_hometext, pc_informant, pc_eventDate, pc_endDate, pc_duration, pc_recurrtype, pc_recurrspec, pc_startTime, pc_endTime, pc_alldayevent, pc_apptstatus, pc_prefcatid, pc_location, pc_eventstatus, pc_sharing, pc_facility)
293 VALUES ( " .
294 "'" . add_escape_custom($_POST['form_category']) . "', " .
295 "'" . add_escape_custom($row['pc_multiple']) . "', " .
296 "'" . add_escape_custom($to_be_inserted) . "', " .
297 "'" . add_escape_custom($_POST['form_pid']) . "', " .
298 "'" . add_escape_custom($_POST['form_title']) . "', " .
299 "NOW(), " .
300 "'" . add_escape_custom($_POST['form_comments']) . "', " .
301 "'" . add_escape_custom($_SESSION['providerId']) . "', " .
302 "'" . add_escape_custom($event_date) . "', " .
303 "'" . add_escape_custom(fixDate($_POST['form_enddate'])) . "', " .
304 "'" . add_escape_custom(($duration * 60)) . "', " .
305 "'" . ($_POST['form_repeat'] ? '1' : '0') . "', " .
306 "'" . add_escape_custom($recurrspec) . "', " .
307 "'" . add_escape_custom($starttime) . "', " .
308 "'" . add_escape_custom($endtime) . "', " .
309 "'" . add_escape_custom($_POST['form_allday']) . "', " .
310 "'" . add_escape_custom($_POST['form_apptstatus']) . "', " .
311 "'" . add_escape_custom($_POST['form_prefcat']) . "', " .
312 "'" . add_escape_custom($locationspec) . "', " .
313 "1, " .
314 "1, " . (int)$_POST['facility'] . " )"); // FF stuff
315 } // foreach
316 } //if count
317
318
319 // after the two diffs above, we must update for remaining providers
320 // those who are intersected in $providers_current and $providers_new
321 foreach ($_POST['form_provider_ae'] as $provider) {
322 sqlStatement("UPDATE openemr_postcalendar_events SET " .
323 "pc_catid = '" . add_escape_custom($_POST['form_category']) . "', " .
324 "pc_pid = '" . add_escape_custom($_POST['form_pid']) . "', " .
325 "pc_title = '" . add_escape_custom($_POST['form_title']) . "', " .
326 "pc_time = NOW(), " .
327 "pc_hometext = '" . add_escape_custom($_POST['form_comments']) . "', " .
328 "pc_informant = '" . add_escape_custom($_SESSION['providerId']) . "', " .
329 "pc_eventDate = '" . add_escape_custom($event_date) . "', " .
330 "pc_endDate = '" . add_escape_custom(fixDate($_POST['form_enddate'])) . "', " .
331 "pc_duration = '" . add_escape_custom(($duration * 60)) . "', " .
332 "pc_recurrtype = '" . ($_POST['form_repeat'] ? '1' : '0') . "', " .
333 "pc_recurrspec = '" . add_escape_custom($recurrspec) . "', " .
334 "pc_startTime = '" . add_escape_custom($starttime) . "', " .
335 "pc_endTime = '" . add_escape_custom($endtime) . "', " .
336 "pc_alldayevent = '" . add_escape_custom($_POST['form_allday']) . "', " .
337 "pc_apptstatus = '" . add_escape_custom($_POST['form_apptstatus']) . "', " .
338 "pc_prefcatid = '" . add_escape_custom($_POST['form_prefcat']) . "', " .
339 "pc_facility = '" . (int)$_POST['facility'] . "' " . // FF stuff
340 "WHERE pc_aid = '" . add_escape_custom($provider) . "' AND pc_multiple='" . add_escape_custom($row['pc_multiple']) . "'");
341 } // foreach
342
343 /* ==========================================
344 // multi providers EOS
345 ==========================================*/
346 } elseif (!$row['pc_multiple']) {
347 if ($GLOBALS['select_multi_providers']) {
348 $prov = $_POST['form_provider_ae'][0];
349 } else {
350 $prov = $_POST['form_provider_ae'];
351 }
352 $insert = false;
353 // simple provider case
354 sqlStatement("UPDATE openemr_postcalendar_events SET " .
355 "pc_catid = '" . add_escape_custom($_POST['form_category']) . "', " .
356 "pc_aid = '" . add_escape_custom($prov) . "', " .
357 "pc_pid = '" . add_escape_custom($_POST['form_pid']) . "', " .
358 "pc_title = '" . add_escape_custom($_POST['form_title']) . "', " .
359 "pc_time = NOW(), " .
360 "pc_hometext = '" . add_escape_custom($_POST['form_comments']) . "', " .
361 "pc_informant = '" . add_escape_custom($_SESSION['providerId']) . "', " .
362 "pc_eventDate = '" . add_escape_custom($event_date) . "', " .
363 "pc_endDate = '" . add_escape_custom(fixDate($_POST['form_enddate'])) . "', " .
364 "pc_duration = '" . add_escape_custom(($duration * 60)) . "', " .
365 "pc_recurrtype = '" . ($_POST['form_repeat'] ? '1' : '0') . "', " .
366 "pc_recurrspec = '" . add_escape_custom($recurrspec) . "', " .
367 "pc_startTime = '" . add_escape_custom($starttime) . "', " .
368 "pc_endTime = '" . add_escape_custom($endtime) . "', " .
369 "pc_alldayevent = '" . add_escape_custom($_POST['form_allday']) . "', " .
370 "pc_apptstatus = '" . add_escape_custom($_POST['form_apptstatus']) . "', " .
371 "pc_prefcatid = '" . add_escape_custom($_POST['form_prefcat']) . "', " .
372 "pc_facility = '" . (int)$_POST['facility'] . "' " . // FF stuff
373 "WHERE pc_eid = '" . add_escape_custom($eid) . "'");
374 }
375
376 // =======================================
377 // EOS multi providers case
378 // =======================================
379
380 // EVENTS TO FACILITIES
381
382 $e2f = (int)$eid;
383
384 /* =======================================================
385 // INSERT EVENTS
386 ========================================================*/
387 } else {
388 // =======================================
389 // multi providers case
390 // =======================================
391
392 if (is_array($_POST['form_provider_ae'])) {
393 // obtain the next available unique key to group multiple providers around some event
394 $q = sqlStatement("SELECT MAX(pc_multiple) as max FROM openemr_postcalendar_events");
395 $max = sqlFetchArray($q);
396 $new_multiple_value = $max['max'] + 1;
397
398 foreach ($_POST['form_provider_ae'] as $provider) {
399 sqlStatement("INSERT INTO openemr_postcalendar_events ( " .
400 "pc_catid, pc_multiple, pc_aid, pc_pid, pc_title, pc_time, pc_hometext, " .
401 "pc_informant, pc_eventDate, pc_endDate, pc_duration, pc_recurrtype, " .
402 "pc_recurrspec, pc_startTime, pc_endTime, pc_alldayevent, " .
403 "pc_apptstatus, pc_prefcatid, pc_location, pc_eventstatus, pc_sharing, pc_facility " .
404 ") VALUES ( " .
405 "'" . add_escape_custom($_POST['form_category']) . "', " .
406 "'" . add_escape_custom($new_multiple_value) . "', " .
407 "'" . add_escape_custom($provider) . "', " .
408 "'" . add_escape_custom($_POST['form_pid']) . "', " .
409 "'" . add_escape_custom($_POST['form_title']) . "', " .
410 "NOW(), " .
411 "'" . add_escape_custom($_POST['form_comments']) . "', " .
412 "'" . add_escape_custom($_SESSION['providerId']) . "', " .
413 "'" . add_escape_custom($event_date) . "', " .
414 "'" . add_escape_custom(fixDate($_POST['form_enddate'])) . "', " .
415 "'" . add_escape_custom(($duration * 60)) . "', " .
416 "'" . ($_POST['form_repeat'] ? '1' : '0') . "', " .
417 "'" . add_escape_custom($recurrspec) . "', " .
418 "'" . add_escape_custom($starttime) . "', " .
419 "'" . add_escape_custom($endtime) . "', " .
420 "'" . add_escape_custom($_POST['form_allday']) . "', " .
421 "'" . add_escape_custom($_POST['form_apptstatus']) . "', " .
422 "'" . add_escape_custom($_POST['form_prefcat']) . "', " .
423 "'" . add_escape_custom($locationspec) . "', " .
424 "1, " .
425 "1, " . (int)$_POST['facility'] . " )"); // FF stuff
426 } // foreach
427 } else {
428 $_POST['form_apptstatus'] = '^';
429 $insert = true;
430 sqlStatement("INSERT INTO openemr_postcalendar_events ( " .
431 "pc_catid, pc_aid, pc_pid, pc_title, pc_time, pc_hometext, " .
432 "pc_informant, pc_eventDate, pc_endDate, pc_duration, pc_recurrtype, " .
433 "pc_recurrspec, pc_startTime, pc_endTime, pc_alldayevent, " .
434 "pc_apptstatus, pc_prefcatid, pc_location, pc_eventstatus, pc_sharing, pc_facility " .
435 ") VALUES ( " .
436 "'" . add_escape_custom($_POST['form_category']) . "', " .
437 "'" . add_escape_custom($_POST['form_provider_ae']) . "', " .
438 "'" . add_escape_custom($_POST['form_pid']) . "', " .
439 "'" . add_escape_custom($_POST['form_title']) . "', " .
440 "NOW(), " .
441 "'" . add_escape_custom($_POST['form_comments']) . "', " .
442 "'" . add_escape_custom($_SESSION['providerId']) . "', " .
443 "'" . add_escape_custom($event_date) . "', " .
444 "'" . add_escape_custom(fixDate($_POST['form_enddate'])) . "', " .
445 "'" . add_escape_custom(($duration * 60)) . "', " .
446 "'" . ($_POST['form_repeat'] ? '1' : '0') . "', " .
447 "'" . add_escape_custom($recurrspec) . "', " .
448 "'" . add_escape_custom($starttime) . "', " .
449 "'" . add_escape_custom($endtime) . "', " .
450 "'" . add_escape_custom($_POST['form_allday']) . "', " .
451 "'" . add_escape_custom($_POST['form_apptstatus']) . "', " .
452 "'" . add_escape_custom($_POST['form_prefcat']) . "', " .
453 "'" . add_escape_custom($locationspec) . "', " .
454 "1, " .
455 "1, " . (int)$_POST['facility'] . ")"); // FF stuff
456 } // INSERT single
457 } // else - insert
458 } elseif ($_POST['form_action'] == "delete") {
459 // =======================================
460 // multi providers case
461 // =======================================
462 if ($GLOBALS['select_multi_providers']) {
463 // what is multiple key around this $eid?
464 $row = sqlQuery("SELECT pc_multiple FROM openemr_postcalendar_events WHERE pc_eid = ?", array($eid));
465 if ($row['pc_multiple']) {
466 sqlStatement("DELETE FROM openemr_postcalendar_events WHERE pc_multiple = ?", array($row['pc_multiple']));
467 } else {
468 sqlStatement("DELETE FROM openemr_postcalendar_events WHERE pc_eid = ?", array($eid));
469 }
470
471 // =======================================
472 // EOS multi providers case
473 // =======================================
474 } else {
475 sqlStatement("DELETE FROM openemr_postcalendar_events WHERE pc_eid = ?", array($eid));
476 }
477 }
478
479 if ($_POST['form_action'] != "") {
480 // Leave
481 $type = $insert ? xl("A New Appointment") : xl("An Updated Appointment");
482 $note = $type . " " . xl("request was received from portal patient") . " ";
483 $note .= $_SESSION['ptName'] . " " . xl("regarding appointment dated") . " " . $event_date . " " . $starttime . ". ";
484 $note .= !empty($_POST['form_comments']) ? (xl("Reason") . " " . $_POST['form_comments']) : "";
485 $note .= ". " . xl("Use Portal Dashboard to confirm with patient.");
486 $title = xl("Patient Reminders");
487 $user = sqlQueryNoLog("SELECT users.username FROM users WHERE authorized = 1 And id = ?", array($_POST['form_provider_ae']));
488 $rtn = addPnote($_POST['form_pid'], $note, 1, 1, $title, $user['username'], '', 'New');
489
490 $_SESSION['whereto'] = 'appointmentcard';
491 header('Location:./home.php#appointmentpanel');
492 exit();
493 }
494
495 // If we get this far then we are displaying the form.
496
497 $statuses = array(
498 '-' => '',
499 '*' => xl('* Reminder done'),
500 '+' => xl('+ Chart pulled'),
501 'x' => xl('x Cancelled'), // added Apr 2008 by JRM
502 '?' => xl('? No show'),
503 '@' => xl('@ Arrived'),
504 '~' => xl('~ Arrived late'),
505 '!' => xl('! Left w/o visit'),
506 '#' => xl('# Ins/fin issue'),
507 '<' => xl('< In exam room'),
508 '>' => xl('> Checked out'),
509 '$' => xl('$ Coding done'),
510 '^' => xl('^ Pending'),
511 );
512
513 $repeats = 0; // if the event repeats
514 $repeattype = '0';
515 $repeatfreq = '0';
516 $patienttitle = "";
517 $hometext = "";
518 $row = array();
519
520 // If we are editing an existing event, then get its data.
521 if ($eid) {
522 $row = sqlQuery("SELECT * FROM openemr_postcalendar_events WHERE pc_eid = ?", array($eid));
523 $date = $row['pc_eventDate'];
524 $userid = $row['pc_aid'];
525 $patientid = $row['pc_pid'];
526 $starttimeh = substr($row['pc_startTime'], 0, 2) + 0;
527 $starttimem = substr($row['pc_startTime'], 3, 2);
528 $repeats = $row['pc_recurrtype'];
529 $multiple_value = $row['pc_multiple'];
530
531 if (preg_match('/"event_repeat_freq_type";s:1:"(\d)"/', $row['pc_recurrspec'], $matches)) {
532 $repeattype = $matches[1];
533 }
534
535 if (preg_match('/"event_repeat_freq";s:1:"(\d)"/', $row['pc_recurrspec'], $matches)) {
536 $repeatfreq = $matches[1];
537 }
538
539 $hometext = $row['pc_hometext'];
540 if (substr($hometext, 0, 6) == ':text:') {
541 $hometext = substr($hometext, 6);
542 }
543 } else {
544 $patientid = $_GET['pid'];
545 }
546
547 // If we have a patient ID, get the name and phone numbers to display.
548 if ($patientid) {
549 $prow = sqlQuery("SELECT lname, fname, phone_home, phone_biz, DOB " .
550 "FROM patient_data WHERE pid = ?", array($patientid));
551 $patientname = $prow['lname'] . ", " . $prow['fname'];
552 if ($prow['phone_home']) {
553 $patienttitle .= " H=" . $prow['phone_home'];
554 }
555
556 if ($prow['phone_biz']) {
557 $patienttitle .= " W=" . $prow['phone_biz'];
558 }
559 }
560
561 // Get the providers list.
562 $ures = sqlStatement("SELECT id, username, fname, lname FROM users WHERE " .
563 "authorized != 0 AND active = 1 ORDER BY lname, fname");
564
565 //Set default facility for a new event based on the given 'userid'
566 if ($userid) {
567 $pref_facility = sqlFetchArray(sqlStatement("SELECT facility_id, facility FROM users WHERE id = ?", array($userid)));
568 $e2f = $pref_facility['facility_id'];
569 $e2f_name = $pref_facility['facility'];
570 }
571 ?>
572 <!DOCTYPE html>
573 <html>
574 <head>
575 <title><?php echo $eid ? xlt("Edit Event") : xlt("Add New Event"); ?></title>
576 <?php // no header necessary. scope is home.php ?>
577 </head>
578 <script>
579 var durations = Array();
580 <?php
581 // Read the event categories, generate their options list, and get
582 // the default event duration from them if this is a new event.
583 $cattype = 0;
584
585 // Get event categories.
586 $cres = sqlStatement("SELECT pc_catid, pc_cattype, pc_catname, " .
587 "pc_recurrtype, pc_duration, pc_end_all_day " .
588 "FROM openemr_postcalendar_categories where pc_active = 1 ORDER BY pc_seq");
589 $catoptions = "";
590 $prefcat_options = " <option value='0'>-- " . xlt("None{{Category}}") . " --</option>\n";
591 $thisduration = 0;
592 if ($eid) {
593 $thisduration = $row['pc_alldayevent'] ? 1440 : round($row['pc_duration'] / 60);
594 }
595 while ($crow = sqlFetchArray($cres)) {
596 $duration = round($crow['pc_duration'] / 60);
597 if ($crow['pc_end_all_day']) {
598 $duration = 1440;
599 }
600
601 // This section is to build the list of preferred categories:
602 if ($duration) {
603 $prefcat_options .= " <option value='" . attr($crow['pc_catid']) . "'";
604 if ($eid) {
605 if ($crow['pc_catid'] == $row['pc_prefcatid']) {
606 $prefcat_options .= " selected";
607 }
608 }
609
610 $prefcat_options .= ">" . text(xl_appt_category($crow['pc_catname'])) . "</option>\n";
611 }
612
613 if ($crow['pc_cattype'] != $cattype) {
614 continue;
615 }
616
617 echo " durations[" . attr($crow['pc_catid']) . "] = " . attr($duration) . ";\n";
618 // echo " rectypes[" . $crow['pc_catid'] . "] = " . $crow['pc_recurrtype'] . "\n";
619 $catoptions .= " <option value='" . attr($crow['pc_catid']) . "'";
620 if ($eid) {
621 if ($crow['pc_catid'] == $row['pc_catid']) {
622 $catoptions .= " selected";
623 }
624 } else {
625 if ($crow['pc_catid'] == $default_catid) {
626 $catoptions .= " selected";
627 $thisduration = $duration;
628 }
629 }
630
631 $catoptions .= ">" . text(xl_appt_category($crow['pc_catname'])) . "</option>\n";
632 }
633 // Fix up the time format for AM/PM.
634 $startampm = '1';
635 if ($starttimeh >= 12) { // p.m. starts at noon and not 12:01
636 $startampm = '2';
637 if ($starttimeh > 12) {
638 $starttimeh -= 12;
639 }
640 }
641
642 ?>
643 </script>
644 <body class="skin-blue">
645 <div class="card">
646 <form method='post' name='theaddform' id='theaddform' action='add_edit_event_user.php?eid=<?php echo attr_url($eid); ?>'>
647 <input type="hidden" name="form_action" id="form_action" value="" />
648 <input type='hidden' name='form_title' id='form_title' value='<?php echo $row['pc_catid'] ? attr($row['pc_title']) : xla("Office Visit"); ?>' />
649 <input type='hidden' name='form_apptstatus' id='form_apptstatus' value='<?php echo $row['pc_apptstatus'] ? attr($row['pc_apptstatus']) : "^" ?>' />
650
651 <div class="form-row my-1">
652 <label for="form_category" class="col-2 col-form-label"><?php echo xlt('Visit'); ?>:</label>
653 <div class="col">
654 <select class="form-control" onchange='set_category()' id='form_category' name='form_category' value='<?php echo ($row['pc_catid'] > "") ? attr($row['pc_catid']) : '5'; ?>'>
655 <?php echo $catoptions ?>
656 </select>
657 </div>
658 <label for="form_date" class="col-1 col-form-label"><?php echo xlt('Date'); ?>:</label>
659 <div class="col">
660 <input class="form-control" type='text' name='form_date' readonly id='form_date' value='<?php echo (isset($eid) && $eid) ? attr($row['pc_eventDate']) : attr($date); ?>' />
661 </div>
662 </div>
663 <div class="form-row my-1">
664 <label class="col-2 col-form-label"><?php echo xlt('Time'); ?>:</label>
665 <div class="col form-inline">
666 <input class="form-control" type='text' name='form_hour' size='2' value='<?php echo (isset($eid)) ? $starttimeh : ''; ?>' title='<?php echo xla('Event start time'); ?>' readonly />
667 <span>:</span>
668 <input class="form-control" type='text' name='form_minute' size='2' value='<?php echo (isset($eid)) ? $starttimem : ''; ?>' title='<?php echo xla('Event start time'); ?>' readonly />
669 <select class="form-control" name='form_ampm' title='Note: 12:00 noon is PM, not AM' readonly>
670 <option value='1'><?php echo xlt('AM'); ?></option>
671 <option value='2'<?php echo ($startampm == '2') ? " selected" : ""; ?>><?php echo xlt('PM'); ?></option>
672 </select>
673 </div>
674 <label for="form_patient" class="col-1 col-form-label"><?php echo xlt('Patient'); ?>:</label>
675 <div class="col">
676 <input class="form-control" type='text' id='form_patient' name='form_patient' value='<?php echo attr($patientname); ?>' title='Patient' readonly />
677 <input type='hidden' name='form_pid' value='<?php echo attr($patientid); ?>' />
678 </div>
679 </div>
680 <div class="form-row my-1">
681 <label for="form_duration" class="col-2 col-form-label"><?php echo xlt('Duration'); ?></label>
682 <div class="col">
683 <div class="input-group">
684 <input class="form-control" type='text' size='1' id='form_duration' name='form_duration' value='<?php echo $row['pc_duration'] ? ($row['pc_duration'] * 1 / 60) : attr($thisduration) ?>' readonly />
685 <div class="input-group-append">
686 <span class="input-group-text"><?php echo "&nbsp;" . xlt('minutes'); ?></span>
687 </div>
688 </div>
689 </div>
690 </div>
691 <div class="form-row my-1">
692 <label for="form_provider_ae" class="col-2 col-form-label"><?php echo xlt('Provider'); ?>:</label>
693 <div class="col-8">
694 <select class="form-control" name='form_provider_ae' id='form_provider_ae' onchange='change_provider();'>
695 <?php
696 // present a list of providers to choose from
697 // default to the currently logged-in user
698 while ($urow = sqlFetchArray($ures)) {
699 echo " <option value='" . attr($urow['id']) . "'";
700 if (($urow['id'] == $_GET['userid']) || ($urow['id'] == $userid)) {
701 echo " selected";
702 }
703
704 echo ">" . text($urow['lname']);
705 if ($urow['fname']) {
706 echo ", " . text($urow['fname']);
707 }
708
709 echo "</option>\n";
710 }
711 ?>
712 </select>
713 </div>
714 <div class="col text-right">
715 <input type='button' class='btn btn-success' value='<?php echo xla('Openings'); ?>' onclick='find_available()' />
716 </div>
717 </div>
718 <div class="form-row my-1">
719 <label class="col-2 col-form-label"><?php echo xlt('Reason'); ?>:</label>
720 <div class="col">
721 <input class="form-control" type='text' size='40' name='form_comments' value='<?php echo attr($hometext); ?>' title='<?php echo xla('Optional information about this event'); ?>' />
722 </div>
723 </div>
724
725 <div class="form-group">
726 <br />
727 <?php if ($_GET['eid'] && $row['pc_apptstatus'] !== 'x') { ?>
728 <input type='button' id='form_cancel' class='btn btn-danger' onsubmit='return false' value='<?php echo xla('Cancel Appointment'); ?>' onclick="cancel_appointment()" />
729 <?php } ?>
730 <input type='button' name='form_save' class='btn btn-success' onsubmit='return false' value='<?php echo xla('Save'); ?>' onclick="validate()" />
731
732 </div>
733 </form>
734 <script>
735 function change_provider() {
736 var f = document.forms.namedItem("theaddform");
737 f.form_date.value = '';
738 f.form_hour.value = '';
739 f.form_minute.value = '';
740 }
741
742 function set_display() {
743 var f = document.forms.namedItem("theaddform");
744 var si = document.getElementById('form_category');
745 if (si.selectedIndex >= 0) {
746 var catid = si.options[si.selectedIndex].value;
747 //var style_apptstatus = document.getElementById('title_apptstatus').style;
748 //var style_prefcat = document.getElementById('title_prefcat').style;
749 // will keep this for future. not needed now.
750 }
751 }
752
753 function cancel_appointment() {
754 let f = document.forms.namedItem("theaddform");
755 let msg = <?php echo xlj("Click Okay if you are sure you want to cancel this appointment?") . "\n" .
756 xlj("It is prudent to follow up with provider if not contacted.") ?>;
757 let msg_reason = <?php echo xlj("You must enter a reason to cancel this appointment?") . "\n" .
758 xlj("Reason must be at least 10 characters!") ?>;
759 if (f.form_comments.value.length <= 10) {
760 alert(msg_reason);
761 return false;
762 }
763 let yn = confirm(msg);
764 if (!yn) {
765 return false;
766 }
767 document.getElementById('form_apptstatus').value = "x";
768 validate();
769 }
770
771 // Do whatever is needed when a new event category is selected.
772 // For now this means changing the event title and duration.
773 function set_category() {
774 var f = document.forms.namedItem("theaddform");
775 var s = f.form_category;
776 if (s.selectedIndex >= 0) {
777 var catid = s.options[s.selectedIndex].value;
778 f.form_title.value = s.options[s.selectedIndex].text;
779 f.form_duration.value = durations[catid];
780 set_display();
781 }
782 }
783
784 // This is for callback by the find-available popup.
785 function setappt(year, mon, mday, hours, minutes) {
786 var f = document.forms.namedItem("theaddform");
787 f.form_date.value = '' + year + '-' +
788 ('' + (mon + 100)).substring(1) + '-' +
789 ('' + (mday + 100)).substring(1);
790 f.form_ampm.selectedIndex = (hours > 12) ? 1 : 0;
791 if (hours == 0) {
792 f.form_hour.value = 12;
793 } else {
794 f.form_hour.value = (hours >= 13) ? hours - 12 : hours;
795 }
796 f.form_minute.value = minutes;
797 }
798
799 // Invoke the find-available popup.
800 function find_available() {
801 // when making an appointment for a specific provider
802 var se = document.getElementById('form_provider_ae');
803 <?php if ($userid != 0) { ?>
804 s = se.value;
805 <?php } else {?>
806 s = se.options[se.selectedIndex].value;
807 <?php }?>
808 var formDate = document.getElementById('form_date');
809 var url = 'find_appt_popup_user.php?bypatient&providerid=' + encodeURIComponent(s) + '&catid=5' + '&startdate=' + encodeURIComponent(formDate.value);
810 var params = {
811 buttons: [
812 {text: <?php echo xlj('Cancel'); ?>, close: true, style: 'danger btn-sm'}
813
814 ],
815 allowResize: true,
816 dialogId: 'apptDialog',
817 type: 'iframe'
818 };
819 dlgopen(url, 'apptFind', 'modal-md', 300, '', 'Find Date', params);
820 }
821
822 // Check for errors when the form is submitted.
823 function validate() {
824 var f = document.getElementById('theaddform');
825 if (!f.form_date.value || !f.form_hour.value || !f.form_minute.value) {
826 alert(<?php echo xlj('Please click on Openings to select a time.'); ?>);
827 return false;
828 }
829
830 if (f.form_patient.value == '') {
831 alert(<?php echo xlj('Your Id is missing. Cancel and try again.'); ?>);
832 return false;
833 }
834
835 var form_action = document.getElementById('form_action');
836 form_action.value = "save";
837 f.submit();
838 return false;
839 }
840
841 <?php if ($eid) { ?>
842 set_display();
843 <?php } ?>
844 $(function () {
845
846 });
847 </script>
848 </div>
849 </body>
850 </html>
Mirror of official OpenEMR Sourceforge repository