2 include_once("../globals.php");
3 include_once("../../library/acl.inc");
4 include_once("$srcdir/md5.js");
5 include_once("$srcdir/sql.inc");
6 require_once(dirname(__FILE__
) . "/../../library/classes/WSProvider.class.php");
10 if (isset($_POST["mode"])) {
11 if ($_POST["mode"] == "facility") {
12 sqlStatement("insert into facility set
13 name='{$_POST['facility']}',
14 phone='{$_POST['phone']}',
15 fax='{$_POST['fax']}',
16 street='{$_POST['street']}',
17 city='{$_POST['city']}',
18 state='{$_POST['state']}',
19 postal_code='{$_POST['postal_code']}',
20 country_code='{$_POST['country_code']}',
21 federal_ein='{$_POST['federal_ein']}',
22 facility_npi='{$_POST['facility_npi']}'");
24 else if ($_POST["mode"] == "new_user") {
25 if ($_POST["authorized"] != "1") {
26 $_POST["authorized"] = 0;
28 $_POST["info"] = addslashes($_POST["info"]);
30 $res = sqlStatement("select distinct username from users where username != ''");
32 while ($row = mysql_fetch_array($res)) {
33 if ($doit == true && $row['username'] == $_POST["username"]) {
39 $prov_id = idSqlStatement("insert into users set " .
40 "username = '" . $_POST["username"] .
41 "', password = '" . $_POST["newauthPass"] .
42 "', fname = '" . $_POST["fname"] .
43 "', mname = '" . $_POST["mname"] .
44 "', lname = '" . $_POST["lname"] .
45 "', federaltaxid = '" . $_POST["federaltaxid"] .
46 "', authorized = '" . $_POST["authorized"] .
47 "', info = '" . $_POST["info"] .
48 "', federaldrugid = '" . $_POST["federaldrugid"] .
49 "', upin = '" . $_POST["upin"] .
50 "', npi = '" . $_POST["npi"].
51 "', taxonomy = '" . $_POST["taxonomy"] .
52 "', facility = '" . $_POST["facility"] .
53 "', specialty = '" . $_POST["specialty"] .
54 "', see_auth = '" . $_POST["see_auth"] .
56 sqlStatement("insert into groups set name = '" . $_POST["groupname"] .
57 "', user = '" . $_POST["username"] . "'");
59 if (isset($phpgacl_location) && acl_check('admin', 'acl') && $_POST["username"]) {
60 // Set the access control group of user
61 set_user_aro($_POST["access_group"], $_POST["username"], $_POST["fname"], $_POST["mname"], $_POST["lname"]);
64 $ws = new WSProvider($prov_id);
67 if ( $GLOBALS['dutchpc'] ) {
68 sqlStatement("INSERT INTO cl_user_beroep SET cl_beroep_userid = ' ".$prov_id." ',
69 cl_beroep_sysid = ' ".$_POST['beroep']." '");
74 $alertmsg .= "User " . $_POST["username"] . " already exists. ";
77 else if ($_POST["mode"] == "new_group") {
78 $res = sqlStatement("select distinct name, user from groups");
79 for ($iter = 0; $row = sqlFetchArray($res); $iter++
)
80 $result[$iter] = $row;
82 foreach ($result as $iter) {
83 if ($doit == 1 && $iter{"name"} == $_POST["groupname"] && $iter{"user"} == $_POST["username"])
87 sqlStatement("insert into groups set name = '" . $_POST["groupname"] .
88 "', user = '" . $_POST["username"] . "'");
90 $alertmsg .= "User " . $_POST["username"] .
91 " is already a member of group " . $_POST["groupname"] . ". ";
96 if (isset($_GET["mode"])) {
98 // This is the code to delete a user. Note that the link which invokes
99 // this is commented out. Somebody must have figured it was too dangerous.
101 if ($_GET["mode"] == "delete") {
102 $res = sqlStatement("select distinct username, id from users where id = '" .
104 for ($iter = 0; $row = sqlFetchArray($res); $iter++
)
105 $result[$iter] = $row;
107 // TBD: Before deleting the user, we should check all tables that
108 // reference users to make sure this user is not referenced!
110 foreach($result as $iter) {
111 sqlStatement("delete from groups where user = '" . $iter{"username"} . "'");
113 sqlStatement("delete from users where id = '" . $_GET["id"] . "'");
116 elseif ($_GET["mode"] == "delete_group") {
117 $res = sqlStatement("select distinct user from groups where id = '" .
119 for ($iter = 0; $row = sqlFetchArray($res); $iter++
)
120 $result[$iter] = $row;
121 foreach($result as $iter)
123 // $res = sqlStatement("select name,user from groups where user = '" .
124 // $iter{"user"} . "' and id != {$_GET["id"]}\n");
125 $res = sqlStatement("select name, user from groups where user = '$un' " .
126 "and id != '" . $_GET["id"] . "'");
128 // Remove the user only if they are also in some other group. I.e. every
129 // user must be a member of at least one group.
130 if (sqlFetchArray($res) != FALSE) {
131 sqlStatement("delete from groups where id = '" . $_GET["id"] . "'");
133 $alertmsg .= "You must add this user to some other group before " .
134 "removing them from this group. ";
139 $form_inactive = empty($_REQUEST['form_inactive']) ?
false : true;
145 <link rel
="stylesheet" href
="<?php echo $css_header;?>" type
="text/css">
148 <body
class="body_top">
150 <span
class="title"><?php
xl('User and Facility Administration','e'); ?
></span
>
159 <form name
='facility' method
='post' action
="usergroup_admin.php"
160 onsubmit
='return top.restoreSession()'>
161 <input type
=hidden name
=mode value
="facility">
162 <span
class="bold"><?php
xl('New Facility Information','e'); ?
>: </span
>
165 <table border
=0 cellpadding
=0 cellspacing
=0>
167 <td
><span
class="text"><?php
xl('Name','e'); ?
>: </span
></td
><td
><input type
=entry name
=facility size
=20 value
=""></td
>
168 <td
><span
class="text"><?php
xl('Phone','e'); ?
>: </span
></td
><td
><input type
=entry name
=phone size
=20 value
=""></td
>
171 <td
> 
;</td
><td
> 
;</td
>
172 <td
><span
class="text"><?php
xl('Fax','e'); ?
>: </span
></td
><td
><input type
=entry name
=fax size
=20 value
=""></td
>
175 <td
><span
class="text"><?php
xl('Address','e'); ?
>: </span
></td
><td
><input type
=entry size
=20 name
=street value
=""></td
>
176 <td
><span
class="text"><?php
xl('City','e'); ?
>: </span
></td
><td
><input type
=entry size
=20 name
=city value
=""></td
>
179 <td
><span
class="text"><?php
xl('State','e'); ?
>: </span
></td
><td
><input type
=entry size
=20 name
=state value
=""></td
>
180 <td
><span
class="text"><?php
xl('Zip Code','e'); ?
>: </span
></td
><td
><input type
=entry size
=20 name
=postal_code value
=""></td
>
183 <td height
="22"><span
class="text"><?php
xl('Country','e'); ?
>: </span
></td
>
184 <td
><input type
=entry size
=20 name
=country_code value
=""></td
>
185 <td
><span
class="text"><?php
xl('Federal EIN','e'); ?
>: </span
></td
><td
><input type
=entry size
=20 name
=federal_ein value
=""></td
>
188 <td
> 
;</td
><td
> 
;</td
>
190 <td
><span
class="text"><?php
xl('Facility NPI','e'); ?
>: </span
></td
><td
><input type
=entry size
=20 name
=facility_npi value
=""></td
>
194 <td
> 
;</td
><td
> 
;</td
>
195 <td
> 
;</td
><td
><input type
="submit" value
=<?php
xl('Add Facility','e'); ?
>></td
>
204 <!-- Why is this here???
- Rod
205 <form name
='facility' method
='post' action
="usergroup_admin.php"
206 onsubmit
='return top.restoreSession()'>
207 <input type
=hidden name
=mode value
=<?php
xl('facility','e'); ?
>>
210 <span
class="bold"><?php
xl('Edit Facilities','e'); ?
>: </span
>
214 $fres = sqlStatement("select * from facility order by name");
217 for ($iter3 = 0;$frow = sqlFetchArray($fres);$iter3++
)
218 $result2[$iter3] = $frow;
219 foreach($result2 as $iter3) {
221 <span
class="text"><?php
echo $iter3{name
};?
></span
>
222 <a href
="facility_admin.php?fid=<?php echo $iter3{id};?>" class="link_submit"
223 onclick
="top.restoreSession()">(Edit
)</a
><br
>
232 <form name
='new_user' method
='post' action
="usergroup_admin.php"
233 onsubmit
='return top.restoreSession()'>
234 <input type
=hidden name
=mode value
=new_user
>
235 <span
class="bold"><?php
xl('New User','e'); ?
>:</span
>
237 <table border
=0 cellpadding
=0 cellspacing
=0>
239 <td
><span
class="text"><?php
xl('Username','e'); ?
>: </span
></td
><td
><input type
=entry name
=username size
=20>  
;</td
>
240 <td
><span
class="text"><?php
xl('Password','e'); ?
>: </span
></td
><td
><input type
="password" size
=20 name
=clearPass
></td
>
243 <td
><span
class="text"><?php
xl('Groupname','e'); ?
>: </span
></td
><td
>
244 <select name
=groupname
>
246 $res = sqlStatement("select distinct name from groups");
248 for ($iter = 0;$row = sqlFetchArray($res);$iter++
)
249 $result2[$iter] = $row;
250 foreach ($result2 as $iter) {
251 print "<option value='".$iter{"name"}."'>" . $iter{"name"} . "</option>\n";
255 <td
><span
class="text"><?php
xl('Authorized','e'); ?
>: </span
></td
><td
><input type
=checkbox name
='authorized' value
="1"></td
>
258 <td
><span
class="text"><?php
xl('First Name','e'); ?
>: </span
></td
><td
><input type
=entry name
='fname' size
=20></td
>
259 <td
><span
class="text"><?php
xl('Middle Name','e'); ?
>: </span
></td
><td
><input type
=entry name
='mname' size
=20></td
>
262 <td
><span
class="text"><?php
xl('Last Name','e'); ?
>: </span
></td
><td
><input type
=entry name
='lname' size
=20></td
>
263 <td
><span
class="text"><?php
xl('Default Facility','e'); ?
>: </span
></td
><td
><select name
=facility
>
265 $fres = sqlStatement("select * from facility order by name");
267 for ($iter = 0;$frow = sqlFetchArray($fres);$iter++
)
268 $result[$iter] = $frow;
269 foreach($result as $iter) {
271 <option value
="<?php echo $iter{name};?>"><?php
echo $iter{name
};?
></option
>
279 <td
><span
class="text"><?php
xl('Federal Tax ID','e'); ?
>: </span
></td
><td
><input type
=entry name
='federaltaxid' size
=20></td
>
280 <td
><span
class="text"><?php
xl('Federal Drug ID','e'); ?
>: </span
></td
><td
><input type
=entry name
='federaldrugid' size
=20></td
>
283 <td
><span
class="text"><?php
xl('UPIN','e'); ?
>: </span
></td
><td
><input type
="entry" name
="upin" size
="20"></td
>
284 <td
class='text'><?php
xl('See Authorizations','e'); ?
>: </td
>
285 <td
><select name
="see_auth">
287 foreach (array(1 => xl('None'), 2 => xl('Only Mine'), 3 => xl('All')) as $key => $value)
289 echo " <option value='$key'";
290 echo ">$value</option>\n";
296 <td
><span
class="text"><?php
xl('NPI','e'); ?
>: </span
></td
><td
><input type
="entry" name
="npi" size
="20"></td
>
299 // ===========================
301 // if DBC don't show Job Description; show instead Beroep Box
302 if ( !$GLOBALS['dutchpc']) { ?
>
303 <td
><span
class="text"><?php
xl('Job Description','e'); ?
>: </span
></td
><td
><input type
="entry" name
="specialty" size
="20"></td
>
305 <td
><span
class="text">Beroep
</span
></td
>
306 <td
><?php
beroep_dropdown() ?
></td
>
308 // ===========================
312 <td
><span
class="text"><?php
xl('Taxonomy','e'); ?
>: </span
></td
>
313 <td
><input type
="entry" name
="taxonomy" size
="20" value
="207Q00000X"></td
>
314 <!-- (CHEMED
) Calendar UI preference
-->
316 <td
><span
class="text"><?php
xl('Calendar UI','e'); ?
>: </span
></td
><td
><select name
="cal_ui">
318 foreach (array(1 => xl('Default'), 2 => xl('Fancy'), 3 => xl('Outlook')) as $key => $value)
320 echo " <option value='$key'";
321 if ($key == $iter['cal_ui']) echo " selected";
322 echo ">$value</option>\n";
327 <!-- END (CHEMED
) Calendar UI preference
-->
330 // List the access control groups if phpgacl installed
331 if (isset($phpgacl_location) && acl_check('admin', 'acl')) {
334 <td
class='text'><?php
xl('Access Control','e'); ?
>:</td
>
335 <td
><select name
="access_group[]" multiple
>
337 $list_acl_groups = acl_get_group_title_list();
338 $default_acl_group = 'Administrators';
339 foreach ($list_acl_groups as $value) {
340 if ($default_acl_group == $value) {
341 echo " <option selected>$value</option>\n";
344 echo " <option>$value</option>\n";
354 <span
class="text"><?php
xl('Additional Info','e'); ?
>: </span
><br
>
355 <textarea name
=info cols
=40 rows
=4 wrap
=auto
></textarea
>
356 <br
><input type
="hidden" name
="newauthPass">
357 <input type
="submit" onClick
="javascript:this.form.newauthPass.value=MD5(this.form.clearPass.value);this.form.clearPass.value='';" value
=<?php
xl('Add User','e'); ?
>>
363 <tr
<?php
if ($GLOBALS['disable_non_default_groups']) echo " style='display:none'"; ?
>>
366 <form name
='new_group' method
='post' action
="usergroup_admin.php"
367 onsubmit
='return top.restoreSession()'>
369 <input type
=hidden name
=mode value
=new_group
>
370 <span
class="bold"><?php
xl('New Group','e'); ?
>:</span
>
372 <span
class="text"><?php
xl('Groupname','e'); ?
>: </span
><input type
=entry name
=groupname size
=10>
374 <span
class="text"><?php
xl('Initial User','e'); ?
>: </span
>
375 <select name
=username
>
377 $res = sqlStatement("select distinct username from users where username != ''");
378 for ($iter = 0;$row = sqlFetchArray($res);$iter++
)
379 $result[$iter] = $row;
380 foreach ($result as $iter) {
381 print "<option value='".$iter{"username"}."'>" . $iter{"username"} . "</option>\n";
386 <input type
="submit" value
=<?php
xl('Add Group','e'); ?
>>
392 <tr
<?php
if ($GLOBALS['disable_non_default_groups']) echo " style='display:none'"; ?
>>
395 <form name
='new_group' method
='post' action
="usergroup_admin.php"
396 onsubmit
='return top.restoreSession()'>
397 <input type
=hidden name
=mode value
=new_group
>
398 <span
class="bold"><?php
xl('Add User To Group','e'); ?
>:</span
>
401 <?php
xl('User','e'); ?
>
403 <select name
=username
>
405 $res = sqlStatement("select distinct username from users where username != ''");
406 for ($iter = 0;$row = sqlFetchArray($res);$iter++
)
407 $result3[$iter] = $row;
408 foreach ($result3 as $iter) {
409 print "<option value='".$iter{"username"}."'>" . $iter{"username"} . "</option>\n";
414 <span
class="text"><?php
xl('Groupname','e'); ?
>: </span
>
415 <select name
=groupname
>
417 $res = sqlStatement("select distinct name from groups");
419 for ($iter = 0;$row = sqlFetchArray($res);$iter++
)
420 $result2[$iter] = $row;
421 foreach ($result2 as $iter) {
422 print "<option value='".$iter{"name"}."'>" . $iter{"name"} . "</option>\n";
427 <input type
="submit" value
=<?php
xl('Add User To Group','e'); ?
>>
437 <form name
='userlist' method
='post' action
='usergroup_admin.php'
438 onsubmit
='return top.restoreSession()'>
440 <input type
='checkbox' name
='form_inactive' value
='1' onclick
='submit()'
441 <?php
if ($form_inactive) echo 'checked '; ?
>/>
442 Include inactive users
446 <table border
=0 cellpadding
=1 cellspacing
=2>
447 <tr
><td
><span
class="bold"><?php
xl('Username','e'); ?
></span
></td
><td
><span
class="bold"><?php
xl('Real Name','e'); ?
></span
></td
><td
><span
class="bold"><?php
xl('Info','e'); ?
></span
></td
><td
><span
class="bold"><?php
xl('Authorized','e'); ?
>?
</span
></td
></tr
>
449 $query = "SELECT * FROM users WHERE username != '' ";
450 if (!$form_inactive) $query .= "AND active = '1' ";
451 $query .= "ORDER BY username";
452 $res = sqlStatement($query);
453 for ($iter = 0;$row = sqlFetchArray($res);$iter++
)
454 $result4[$iter] = $row;
455 foreach ($result4 as $iter) {
456 if ($iter{"authorized"}) {
457 $iter{"authorized"} = xl('yes');
459 $iter{"authorized"} = "";
462 // ===========================
464 // overwrite 'info' field with dutch job description
466 if ( $GLOBALS['dutchpc'] ) $iter{"info"} = what_beroep($iter{"id"});
468 // ===========================
470 print "<tr><td><span class='text'>" . $iter{"username"} .
471 "</span><a href='user_admin.php?id=" . $iter{"id"} .
472 "' class='link_submit' onclick='top.restoreSession()'>(Edit)</a>" .
473 "</td><td><span class='text'>" .
474 $iter{"fname"} . ' ' . $iter{"lname"}."</span></td><td><span class='text'>" .
475 $iter{"info"} . "</span></td><td align='center'><span class='text'>" .
476 $iter{"authorized"} . "</span></td>";
477 print "<td><!--<a href='usergroup_admin.php?mode=delete&id=" . $iter{"id"} .
478 "' class='link_submit'>[Delete]</a>--></td>";
488 if (empty($GLOBALS['disable_non_default_groups'])) {
489 $res = sqlStatement("select * from groups order by name");
490 for ($iter = 0;$row = sqlFetchArray($res);$iter++
)
491 $result5[$iter] = $row;
493 foreach ($result5 as $iter) {
494 $grouplist{$iter{"name"}} .= $iter{"user"} .
495 "(<a class='link_submit' href='usergroup_admin.php?mode=delete_group&id=" .
496 $iter{"id"} . "' onclick='top.restoreSession()'>Remove</a>), ";
499 foreach ($grouplist as $groupname => $list) {
500 print "<span class='bold'>" . $groupname . "</span><br>\n<span class='text'>" .
501 substr($list,0,strlen($list)-2) . "</span><br>\n";
506 <script language
="JavaScript">
508 if ($alertmsg = trim($alertmsg)) {
509 echo "alert('$alertmsg');\n";