full_report.php is not reachable via the user interface, and does not check any ACLs...
[openemr.git] / interface / drugs / add_edit_drug.php
blob21ae20bb7c77f30d56e61861ad789b1a9738d2b6
1 <?php
2 // Copyright (C) 2006-2011 Rod Roark <rod@sunsetsystems.com>
3 //
4 // This program is free software; you can redistribute it and/or
5 // modify it under the terms of the GNU General Public License
6 // as published by the Free Software Foundation; either version 2
7 // of the License, or (at your option) any later version.
9 $sanitize_all_escapes = true;
10 $fake_register_globals = false;
12 require_once("../globals.php");
13 require_once("$srcdir/acl.inc");
14 require_once("drugs.inc.php");
15 require_once("$srcdir/options.inc.php");
16 require_once("$srcdir/formdata.inc.php");
17 require_once("$srcdir/htmlspecialchars.inc.php");
19 $alertmsg = '';
20 $drug_id = $_REQUEST['drug'];
21 $info_msg = "";
22 $tmpl_line_no = 0;
24 if (!acl_check('admin', 'drugs')) die(xlt('Not authorized'));
26 // Format dollars for display.
28 function bucks($amount) {
29 if ($amount) {
30 $amount = sprintf("%.2f", $amount);
31 if ($amount != 0.00) return $amount;
33 return '';
36 // Write a line of data for one template to the form.
38 function writeTemplateLine($selector, $dosage, $period, $quantity, $refills, $prices, $taxrates) {
39 global $tmpl_line_no;
40 ++$tmpl_line_no;
42 echo " <tr>\n";
43 echo " <td class='tmplcell drugsonly'>";
44 echo "<input type='text' name='form_tmpl[$tmpl_line_no][selector]' value='" . attr($selector) . "' size='8' maxlength='100'>";
45 echo "</td>\n";
46 echo " <td class='tmplcell drugsonly'>";
47 echo "<input type='text' name='form_tmpl[$tmpl_line_no][dosage]' value='" . attr($dosage) . "' size='6' maxlength='10'>";
48 echo "</td>\n";
49 echo " <td class='tmplcell drugsonly'>";
50 generate_form_field(array(
51 'data_type' => 1,
52 'field_id' => 'tmpl[' . $tmpl_line_no . '][period]',
53 'list_id' => 'drug_interval',
54 'empty_title' => 'SKIP'
55 ), $period);
56 echo "</td>\n";
57 echo " <td class='tmplcell drugsonly'>";
58 echo "<input type='text' name='form_tmpl[$tmpl_line_no][quantity]' value='" . attr($quantity) . "' size='3' maxlength='7'>";
59 echo "</td>\n";
60 echo " <td class='tmplcell drugsonly'>";
61 echo "<input type='text' name='form_tmpl[$tmpl_line_no][refills]' value='" . attr($refills) . "' size='3' maxlength='5'>";
62 echo "</td>\n";
63 foreach ($prices as $pricelevel => $price) {
64 echo " <td class='tmplcell'>";
65 echo "<input type='text' name='form_tmpl[$tmpl_line_no][price][" . attr($pricelevel) . "]' value='" . attr($price) . "' size='6' maxlength='12'>";
66 echo "</td>\n";
68 $pres = sqlStatement("SELECT option_id FROM list_options " .
69 "WHERE list_id = 'taxrate' ORDER BY seq");
70 while ($prow = sqlFetchArray($pres)) {
71 echo " <td class='tmplcell'>";
72 echo "<input type='checkbox' name='form_tmpl[$tmpl_line_no][taxrate][" . attr($prow['option_id']) . "]' value='1'";
73 if (strpos(":$taxrates", $prow['option_id']) !== false) echo " checked";
74 echo " /></td>\n";
76 echo " </tr>\n";
79 // Translation for form fields used in SQL queries.
81 function escapedff($name) {
82 return add_escape_custom(trim($_POST[$name]));
84 function numericff($name) {
85 $field = trim($_POST[$name]) + 0;
86 return add_escape_custom($field);
89 <html>
90 <head>
91 <?php html_header_show(); ?>
92 <title><?php echo $drug_id ? xlt("Edit") : xlt("Add New"); echo ' ' . xlt('Drug'); ?></title>
93 <link rel="stylesheet" href='<?php echo $css_header ?>' type='text/css'>
95 <style>
96 td { font-size:10pt; }
98 <?php if ($GLOBALS['sell_non_drug_products'] == 2) { ?>
99 .drugsonly { display:none; }
100 <?php } else { ?>
101 .drugsonly { }
102 <?php } ?>
104 <?php if (empty($GLOBALS['ippf_specific'])) { ?>
105 .ippfonly { display:none; }
106 <?php } else { ?>
107 .ippfonly { }
108 <?php } ?>
110 </style>
112 <script type="text/javascript" src="../../library/topdialog.js"></script>
113 <script type="text/javascript" src="../../library/dialog.js"></script>
114 <script type="text/javascript" src="../../library/textformat.js"></script>
116 <script language="JavaScript">
118 <?php require($GLOBALS['srcdir'] . "/restoreSession.php"); ?>
120 // This is for callback by the find-code popup.
121 // Appends to or erases the current list of related codes.
122 function set_related(codetype, code, selector, codedesc) {
123 var f = document.forms[0];
124 var s = f.form_related_code.value;
125 if (code) {
126 if (s.length > 0) s += ';';
127 s += codetype + ':' + code;
128 } else {
129 s = '';
131 f.form_related_code.value = s;
134 // This invokes the find-code popup.
135 function sel_related() {
136 dlgopen('../patient_file/encounter/find_code_popup.php', '_blank', 500, 400);
139 </script>
141 </head>
143 <body class="body_top">
144 <?php
145 // If we are saving, then save and close the window.
146 // First check for duplicates.
148 if ($_POST['form_save']) {
149 $crow = sqlQuery("SELECT COUNT(*) AS count FROM drugs WHERE " .
150 "name = '" . escapedff('form_name') . "' AND " .
151 "form = '" . escapedff('form_form') . "' AND " .
152 "size = '" . escapedff('form_size') . "' AND " .
153 "unit = '" . escapedff('form_unit') . "' AND " .
154 "route = '" . escapedff('form_route') . "' AND " .
155 "drug_id != ?", array($drug_id));
156 if ($crow['count']) {
157 $alertmsg = addslashes(xl('Cannot add this entry because it already exists!'));
161 if (($_POST['form_save'] || $_POST['form_delete']) && !$alertmsg) {
162 $new_drug = false;
163 if ($drug_id) {
164 if ($_POST['form_save']) { // updating an existing drug
165 sqlStatement("UPDATE drugs SET " .
166 "name = '" . escapedff('form_name') . "', " .
167 "ndc_number = '" . escapedff('form_ndc_number') . "', " .
168 "on_order = '" . escapedff('form_on_order') . "', " .
169 "reorder_point = '" . escapedff('form_reorder_point') . "', " .
170 "max_level = '" . escapedff('form_max_level') . "', " .
171 "form = '" . escapedff('form_form') . "', " .
172 "size = '" . escapedff('form_size') . "', " .
173 "unit = '" . escapedff('form_unit') . "', " .
174 "route = '" . escapedff('form_route') . "', " .
175 "cyp_factor = '" . numericff('form_cyp_factor') . "', " .
176 "related_code = '" . escapedff('form_related_code') . "', " .
177 "allow_multiple = " . (empty($_POST['form_allow_multiple' ]) ? 0 : 1) . ", " .
178 "allow_combining = " . (empty($_POST['form_allow_combining']) ? 0 : 1) . ", " .
179 "active = " . (empty($_POST['form_active']) ? 0 : 1) . " " .
180 "WHERE drug_id = ?", array($drug_id));
181 sqlStatement("DELETE FROM drug_templates WHERE drug_id = ?", array($drug_id));
183 else { // deleting
184 if (acl_check('admin', 'super')) {
185 sqlStatement("DELETE FROM drug_inventory WHERE drug_id = ?", array($drug_id));
186 sqlStatement("DELETE FROM drug_templates WHERE drug_id = ?", array($drug_id));
187 sqlStatement("DELETE FROM drugs WHERE drug_id = ?", array($drug_id));
188 sqlStatement("DELETE FROM prices WHERE pr_id = ? AND pr_selector != ''", array($drug_id));
192 else if ($_POST['form_save']) { // saving a new drug
193 $new_drug = true;
194 $drug_id = sqlInsert("INSERT INTO drugs ( " .
195 "name, ndc_number, on_order, reorder_point, max_level, form, " .
196 "size, unit, route, cyp_factor, related_code, " .
197 "allow_multiple, allow_combining, active " .
198 ") VALUES ( " .
199 "'" . escapedff('form_name') . "', " .
200 "'" . escapedff('form_ndc_number') . "', " .
201 "'" . escapedff('form_on_order') . "', " .
202 "'" . escapedff('form_reorder_point') . "', " .
203 "'" . escapedff('form_max_level') . "', " .
204 "'" . escapedff('form_form') . "', " .
205 "'" . escapedff('form_size') . "', " .
206 "'" . escapedff('form_unit') . "', " .
207 "'" . escapedff('form_route') . "', " .
208 "'" . numericff('form_cyp_factor') . "', " .
209 "'" . escapedff('form_related_code') . "', " .
210 (empty($_POST['form_allow_multiple' ]) ? 0 : 1) . ", " .
211 (empty($_POST['form_allow_combining']) ? 0 : 1) . ", " .
212 (empty($_POST['form_active']) ? 0 : 1) .
213 ")");
216 if ($_POST['form_save'] && $drug_id) {
217 $tmpl = $_POST['form_tmpl'];
218 // If using the simplified drug form, then force the one and only
219 // selector name to be the same as the product name.
220 if ($GLOBALS['sell_non_drug_products'] == 2) {
221 $tmpl["1"]['selector'] = $_POST['form_name'];
223 sqlStatement("DELETE FROM prices WHERE pr_id = ? AND pr_selector != ''", array($drug_id));
224 for ($lino = 1; isset($tmpl["$lino"]['selector']); ++$lino) {
225 $iter = $tmpl["$lino"];
226 $selector = trim($iter['selector']);
227 if ($selector) {
228 $taxrates = "";
229 if (!empty($iter['taxrate'])) {
230 foreach ($iter['taxrate'] as $key => $value) {
231 $taxrates .= "$key:";
234 sqlInsert("INSERT INTO drug_templates ( " .
235 "drug_id, selector, dosage, period, quantity, refills, taxrates " .
236 ") VALUES ( ?, ?, ?, ?, ?, ?, ? )",
237 array($drug_id, $selector, trim($iter['dosage']), trim($iter['period']),
238 trim($iter['quantity']), trim($iter['refills']), $taxrates));
240 // Add prices for this drug ID and selector.
241 foreach ($iter['price'] as $key => $value) {
242 $value = $value + 0;
243 if ($value) {
244 sqlStatement("INSERT INTO prices ( " .
245 "pr_id, pr_selector, pr_level, pr_price ) VALUES ( " .
246 "?, ?, ?, ? )",
247 array($drug_id, $selector, $key, $value));
249 } // end foreach price
250 } // end if selector is present
251 } // end for each selector
252 // Save warehouse-specific mins and maxes for this drug.
253 sqlStatement("DELETE FROM product_warehouse WHERE pw_drug_id = ?", array($drug_id));
254 foreach ($_POST['form_wh_min'] as $whid => $whmin) {
255 $whmin = 0 + $whmin;
256 $whmax = 0 + $_POST['form_wh_max'][$whid];
257 if ($whmin != 0 || $whmax != 0) {
258 sqlStatement("INSERT INTO product_warehouse ( " .
259 "pw_drug_id, pw_warehouse, pw_min_level, pw_max_level ) VALUES ( " .
260 "?, ?, ?, ? )", array($drug_id, $whid, $whmin, $whmax));
263 } // end if saving a drug
265 // Close this window and redisplay the updated list of drugs.
267 echo "<script language='JavaScript'>\n";
268 if ($info_msg) echo " alert('$info_msg');\n";
269 echo " if (opener.refreshme) opener.refreshme();\n";
270 if ($new_drug) {
271 echo " window.location.href='add_edit_lot.php?drug=$drug_id&lot=0'\n";
272 } else {
273 echo " window.close();\n";
275 echo "</script></body></html>\n";
276 exit();
279 if ($drug_id) {
280 $row = sqlQuery("SELECT * FROM drugs WHERE drug_id = ?", array($drug_id));
281 $tres = sqlStatement("SELECT * FROM drug_templates WHERE " .
282 "drug_id = ? ORDER BY selector", array($drug_id));
284 else {
285 $row = array(
286 'name' => '',
287 'active' => '1',
288 'allow_multiple' => '1',
289 'allow_combining' => '',
290 'ndc_number' => '',
291 'on_order' => '0',
292 'reorder_point' => '0',
293 'max_level' => '0',
294 'form' => '',
295 'size' => '',
296 'unit' => '',
297 'route' => '',
298 'cyp_factor' => '',
299 'related_code' => '',
304 <form method='post' name='theform' action='add_edit_drug.php?drug=<?php echo $drug_id; ?>'>
305 <center>
307 <table border='0' width='100%'>
309 <tr>
310 <td valign='top' nowrap><b><?php echo xlt('Name'); ?>:</b></td>
311 <td>
312 <input type='text' size='40' name='form_name' maxlength='80' value='<?php echo attr($row['name']) ?>' style='width:100%' />
313 </td>
314 </tr>
316 <tr>
317 <td valign='top' nowrap><b><?php echo xlt('Active'); ?>:</b></td>
318 <td>
319 <input type='checkbox' name='form_active' value='1'<?php if ($row['active']) echo ' checked'; ?> />
320 </td>
321 </tr>
323 <tr>
324 <td valign='top' nowrap><b><?php echo xlt('Allow'); ?>:</b></td>
325 <td>
326 <input type='checkbox' name='form_allow_multiple' value='1'<?php if ($row['allow_multiple']) echo ' checked'; ?> />
327 <?php echo xlt('Multiple Lots'); ?> &nbsp;
328 <input type='checkbox' name='form_allow_combining' value='1'<?php if ($row['allow_combining']) echo ' checked'; ?> />
329 <?php echo xlt('Combining Lots'); ?>
330 </td>
331 </tr>
333 <tr>
334 <td valign='top' nowrap><b><?php echo xlt('NDC Number'); ?>:</b></td>
335 <td>
336 <input type='text' size='40' name='form_ndc_number' maxlength='20'
337 value='<?php echo attr($row['ndc_number']) ?>' style='width:100%'
338 onkeyup='maskkeyup(this,"<?php echo addslashes($GLOBALS['gbl_mask_product_id']); ?>")'
339 onblur='maskblur(this,"<?php echo addslashes($GLOBALS['gbl_mask_product_id']); ?>")'
341 </td>
342 </tr>
344 <tr>
345 <td valign='top' nowrap><b><?php echo xlt('On Order'); ?>:</b></td>
346 <td>
347 <input type='text' size='5' name='form_on_order' maxlength='7' value='<?php echo attr($row['on_order']) ?>' />
348 </td>
349 </tr>
351 <tr>
352 <td valign='top' nowrap><b><?php echo xlt('Limits'); ?>:</b></td>
353 <td>
354 <table>
355 <tr>
356 <td valign='top' nowrap>&nbsp;</td>
357 <td valign='top' nowrap><?php echo xlt('Global'); ?></td>
358 <?php
359 // One column header per warehouse title.
360 $pwarr = array();
361 $pwres = sqlStatement("SELECT lo.option_id, lo.title, " .
362 "pw.pw_min_level, pw.pw_max_level " .
363 "FROM list_options AS lo " .
364 "LEFT JOIN product_warehouse AS pw ON " .
365 "pw.pw_drug_id = ? AND " .
366 "pw.pw_warehouse = lo.option_id WHERE " .
367 "lo.list_id = 'warehouse' ORDER BY lo.seq, lo.title",
368 array($drug_id));
369 while ($pwrow = sqlFetchArray($pwres)) {
370 $pwarr[] = $pwrow;
371 echo " <td valign='top' nowrap>" .
372 text($pwrow['title']) . "</td>\n";
375 </tr>
376 <tr>
377 <td valign='top' nowrap><?php echo xlt('Min'); ?>&nbsp;</td>
378 <td valign='top'>
379 <input type='text' size='5' name='form_reorder_point' maxlength='7'
380 value='<?php echo attr($row['reorder_point']) ?>'
381 title='<?php echo xla('Reorder point, 0 if not applicable'); ?>'
382 />&nbsp;&nbsp;
383 </td>
384 <?php
385 foreach ($pwarr as $pwrow) {
386 echo " <td valign='top'>";
387 echo "<input type='text' name='form_wh_min[" .
388 attr($pwrow['option_id']) .
389 "]' value='" . attr(0 + $pwrow['pw_min_level']) . "' size='5' " .
390 "title='" . xla('Warehouse minimum, 0 if not applicable') . "' />";
391 echo "&nbsp;&nbsp;</td>\n";
394 </tr>
395 <tr>
396 <td valign='top' nowrap><?php echo xlt('Max'); ?>&nbsp;</td>
397 <td>
398 <input type='text' size='5' name='form_max_level' maxlength='7'
399 value='<?php echo attr($row['max_level']) ?>'
400 title='<?php echo xla('Maximum reasonable inventory, 0 if not applicable'); ?>'
402 </td>
403 <?php
404 foreach ($pwarr as $pwrow) {
405 echo " <td valign='top'>";
406 echo "<input type='text' name='form_wh_max[" .
407 htmlspecialchars($pwrow['option_id']) .
408 "]' value='" . attr(0 + $pwrow['pw_max_level']) . "' size='5' " .
409 "title='" . xla('Warehouse maximum, 0 if not applicable') . "' />";
410 echo "</td>\n";
413 </tr>
414 </table>
415 </td>
416 </tr>
418 <tr class='drugsonly'>
419 <td valign='top' nowrap><b><?php echo xlt('Form'); ?>:</b></td>
420 <td>
421 <?php
422 generate_form_field(array('data_type'=>1,'field_id'=>'form','list_id'=>'drug_form','empty_title'=>'SKIP'), $row['form']);
424 </td>
425 </tr>
427 <tr class='drugsonly'>
428 <td valign='top' nowrap><b><?php echo xlt('Pill Size'); ?>:</b></td>
429 <td>
430 <input type='text' size='5' name='form_size' maxlength='7' value='<?php echo attr($row['size']) ?>' />
431 </td>
432 </tr>
434 <tr class='drugsonly'>
435 <td valign='top' nowrap><b><?php echo xlt('Units'); ?>:</b></td>
436 <td>
437 <?php
438 generate_form_field(array('data_type'=>1,'field_id'=>'unit','list_id'=>'drug_units','empty_title'=>'SKIP'), $row['unit']);
440 </td>
441 </tr>
443 <tr class='drugsonly'>
444 <td valign='top' nowrap><b><?php echo xlt('Route'); ?>:</b></td>
445 <td>
446 <?php
447 generate_form_field(array('data_type'=>1,'field_id'=>'route','list_id'=>'drug_route','empty_title'=>'SKIP'), $row['route']);
449 </td>
450 </tr>
452 <tr class='ippfonly'>
453 <td valign='top' nowrap><b><?php echo xlt('CYP Factor'); ?>:</b></td>
454 <td>
455 <input type='text' size='10' name='form_cyp_factor' maxlength='20' value='<?php echo attr($row['cyp_factor']) ?>' />
456 </td>
457 </tr>
459 <tr>
460 <td valign='top' nowrap><b><?php echo xlt('Relate To'); ?>:</b></td>
461 <td>
462 <input type='text' size='50' name='form_related_code'
463 value='<?php echo attr($row['related_code']) ?>' onclick='sel_related()'
464 title='<?php echo xla('Click to select related code'); ?>'
465 style='width:100%' readonly />
466 </td>
467 </tr>
469 <tr>
470 <td valign='top' nowrap>
471 <b><?php echo $GLOBALS['sell_non_drug_products'] == 2 ? xlt('Fees') : xlt('Templates'); ?>:</b>
472 </td>
473 <td>
474 <table border='0' width='100%'>
475 <tr>
476 <td class='drugsonly'><b><?php echo xlt('Name' ); ?></b></td>
477 <td class='drugsonly'><b><?php echo xlt('Schedule'); ?></b></td>
478 <td class='drugsonly'><b><?php echo xlt('Interval'); ?></b></td>
479 <td class='drugsonly'><b><?php echo xlt('Qty' ); ?></b></td>
480 <td class='drugsonly'><b><?php echo xlt('Refills' ); ?></b></td>
481 <?php
482 // Show a heading for each price level. Also create an array of prices
483 // for new template lines.
484 $emptyPrices = array();
485 $pres = sqlStatement("SELECT option_id, title FROM list_options " .
486 "WHERE list_id = 'pricelevel' ORDER BY seq");
487 while ($prow = sqlFetchArray($pres)) {
488 $emptyPrices[$prow['option_id']] = '';
489 echo " <td><b>" .
490 generate_display_field(array('data_type'=>'1','list_id'=>'pricelevel'), $prow['option_id']) .
491 "</b></td>\n";
493 // Show a heading for each tax rate.
494 $pres = sqlStatement("SELECT option_id, title FROM list_options " .
495 "WHERE list_id = 'taxrate' ORDER BY seq");
496 while ($prow = sqlFetchArray($pres)) {
497 echo " <td><b>" .
498 generate_display_field(array('data_type'=>'1','list_id'=>'taxrate'), $prow['option_id']) .
499 "</b></td>\n";
502 </tr>
503 <?php
504 $blank_lines = $GLOBALS['sell_non_drug_products'] == 2 ? 1 : 3;
505 if ($tres) {
506 while ($trow = sqlFetchArray($tres)) {
507 $blank_lines = $GLOBALS['sell_non_drug_products'] == 2 ? 0 : 1;
508 $selector = $trow['selector'];
509 // Get array of prices.
510 $prices = array();
511 $pres = sqlStatement("SELECT lo.option_id, p.pr_price " .
512 "FROM list_options AS lo LEFT OUTER JOIN prices AS p ON " .
513 "p.pr_id = ? AND p.pr_selector = ? AND " .
514 "p.pr_level = lo.option_id " .
515 "WHERE list_id = 'pricelevel' ORDER BY lo.seq",
516 array($drug_id, $selector));
517 while ($prow = sqlFetchArray($pres)) {
518 $prices[$prow['option_id']] = $prow['pr_price'];
520 writeTemplateLine($selector, $trow['dosage'], $trow['period'],
521 $trow['quantity'], $trow['refills'], $prices, $trow['taxrates']);
524 for ($i = 0; $i < $blank_lines; ++$i) {
525 $selector = $GLOBALS['sell_non_drug_products'] == 2 ? $row['name'] : '';
526 writeTemplateLine($selector, '', '', '', '', $emptyPrices, '');
529 </table>
530 </td>
531 </tr>
533 </table>
536 <input type='submit' name='form_save' value='<?php echo xla('Save'); ?>' />
538 <?php if (acl_check('admin', 'super')) { ?>
539 &nbsp;
540 <input type='submit' name='form_delete' value='<?php echo xla('Delete'); ?>' style='color:red' />
541 <?php } ?>
543 &nbsp;
544 <input type='button' value='<?php echo xla('Cancel'); ?>' onclick='window.close()' />
546 </p>
548 </center>
549 </form>
551 <script language="JavaScript">
552 <?php
553 if ($alertmsg) {
554 echo "alert('" . htmlentities($alertmsg) . "');\n";
557 </script>
559 </body>
560 </html>