another minor security fix related to prior commit
[openemr.git] / patients / add_edit_event_user.php
blob874cd198d128455874d1d67a6e11acb085e08466
1 <?php
2 /**
3 * event editor
5 * @package OpenEMR
6 * @link http://www.open-emr.org
7 * @author Rod Roark <rod@sunsetsystems.com>
8 * @author Brady Miller <brady.g.miller@gmail.com>
9 * @copyright Copyright (c) 2005-2006 Rod Roark <rod@sunsetsystems.com>
10 * @copyright Copyright (c) 2017 Brady Miller <brady.g.miller@gmail.com>
11 * @license https://github.com/openemr/openemr/blob/master/LICENSE GNU General Public License 3
14 // The event editor looks something like this:
16 //------------------------------------------------------------//
17 // Category __________________V O All day event //
18 // Date _____________ [?] O Time ___:___ __V //
19 // Title ___________________ duration ____ minutes //
20 // Patient _(Click_to_select)_ //
21 // Provider __________________V X Repeats ______V ______V //
22 // Status __________________V until __________ [?] //
23 // Comments ________________________________________________ //
24 // //
25 // [Save] [Find Available] [Delete] [Cancel] //
26 //------------------------------------------------------------//
28 // continue session
29 session_start();
31 //landing page definition -- where to go if something goes wrong
32 $landingpage = "index.php?site=".$_SESSION['site_id'];
35 // kick out if patient not authenticated
36 if (isset($_SESSION['pid']) && isset($_SESSION['patient_portal_onsite'])) {
37 $pid = $_SESSION['pid'];
38 } else {
39 session_destroy();
40 header('Location: '.$landingpage.'&w');
41 exit;
46 $ignoreAuth = 1;
47 global $ignoreAuth;
49 require_once("../interface/globals.php");
50 require_once("$srcdir/patient.inc");
51 require_once("$srcdir/forms.inc");
53 // Exit if the modify calendar for portal flag is not set
54 if (!($GLOBALS['portal_onsite_appt_modify'])) {
55 echo htmlspecialchars(xl('You are not authorized to schedule appointments.'), ENT_NOQUOTES);
56 exit;
59 // Things that might be passed by our opener.
61 $eid = $_GET['eid']; // only for existing events
62 $date = $_GET['date']; // this and below only for new events
63 $userid = $_GET['userid'];
64 $default_catid = $_GET['catid'] ? $_GET['catid'] : '5';
65 $patientid = $_GET['patid'];
67 if ($date) {
68 $date = substr($date, 0, 4) . '-' . substr($date, 4, 2) . '-' . substr($date, 6);
69 } else {
70 $date = date("Y-m-d");
74 $starttimem = '00';
75 if (isset($_GET['starttimem'])) {
76 $starttimem = substr('00' . $_GET['starttimem'], -2);
80 if (isset($_GET['starttimeh'])) {
81 $starttimeh = $_GET['starttimeh'];
82 if (isset($_GET['startampm'])) {
83 if ($_GET['startampm'] == '2' && $starttimeh < 12) {
84 $starttimeh += 12;
87 } else {
88 $starttimeh = date("G");
91 $startampm = '';
93 $info_msg = "";
95 // ===========================
96 // EVENTS TO FACILITIES (lemonsoftware)
97 // edit event case - if there is no association made, then insert one with the first facility
98 /*if ( $eid ) {
99 $selfacil = '';
100 $facility = sqlQuery("SELECT pc_facility, pc_multiple FROM openemr_postcalendar_events WHERE pc_eid = $eid");
101 if ( !$facility['pc_facility'] ) {
102 $qmin = sqlQuery("SELECT MIN(id) as minId FROM facility");
103 $min = $qmin['minId'];
105 // multiple providers case
106 if ( $GLOBALS['select_multi_providers'] ) {
107 $mul = $facility['pc_multiple'];
108 sqlStatement("UPDATE openemr_postcalendar_events SET pc_facility = $min WHERE pc_multiple = $mul");
110 // EOS multiple
112 sqlStatement("UPDATE openemr_postcalendar_events SET pc_facility = $min WHERE pc_eid = $eid");
113 $e2f = $minId;
114 } else {
115 $e2f = $facility['pc_facility'];
118 // EOS E2F
119 // ===========================
120 // ===========================
122 // EVENTS TO FACILITIES (lemonsoftware)
123 //(CHEMED) get facility name
124 // edit event case - if there is no association made, then insert one with the first facility
125 if ($eid) {
126 $selfacil = '';
127 $facility = sqlQuery("SELECT pc_facility, pc_multiple, pc_aid, facility.name
128 FROM openemr_postcalendar_events
129 LEFT JOIN facility ON (openemr_postcalendar_events.pc_facility = facility.id)
130 WHERE pc_eid = $eid");
131 if (!$facility['pc_facility']) {
132 $qmin = sqlQuery("SELECT facility_id as minId, facility FROM users WHERE id = ".$facility['pc_aid']);
133 $min = $qmin['minId'];
134 $min_name = $qmin['facility'];
136 // multiple providers case
137 if ($GLOBALS['select_multi_providers']) {
138 $mul = $facility['pc_multiple'];
139 sqlStatement("UPDATE openemr_postcalendar_events SET pc_facility = $min WHERE pc_multiple = $mul");
142 // EOS multiple
144 sqlStatement("UPDATE openemr_postcalendar_events SET pc_facility = $min WHERE pc_eid = $eid");
145 $e2f = $min;
146 $e2f_name = $min_name;
147 } else {
148 $e2f = $facility['pc_facility'];
149 $e2f_name = $facility['name'];
153 // EOS E2F
154 // ===========================
157 // If we are saving, then save and close the window.
159 if ($_POST['form_action'] == "save") {
160 //print_r($_POST);
161 //exit();
162 $event_date = fixDate($_POST['form_date']);
164 // Compute start and end time strings to be saved.
165 if ($_POST['form_allday']) {
166 $tmph = 0;
167 $tmpm = 0;
168 $duration = 24 * 60;
169 } else {
170 $tmph = $_POST['form_hour'] + 0;
171 $tmpm = $_POST['form_minute'] + 0;
172 if ($_POST['form_ampm'] == '2' && $tmph < 12) {
173 $tmph += 12;
176 $duration = $_POST['form_duration'];
179 $starttime = "$tmph:$tmpm:00";
181 $tmpm += $duration;
182 while ($tmpm >= 60) {
183 $tmpm -= 60;
184 ++$tmph;
187 $endtime = "$tmph:$tmpm:00";
189 // Useless garbage that we must save.
190 $locationspec = 'a:6:{s:14:"event_location";N;s:13:"event_street1";N;' .
191 's:13:"event_street2";N;s:10:"event_city";N;s:11:"event_state";N;s:12:"event_postal";N;}';
193 // More garbage, but this time 1 character of it is used to save the
194 // repeat type.
195 if ($_POST['form_repeat']) {
196 $recurrspec = 'a:5:{' .
197 's:17:"event_repeat_freq";s:1:"' . $_POST['form_repeat_freq'] . '";' .
198 's:22:"event_repeat_freq_type";s:1:"' . $_POST['form_repeat_type'] . '";' .
199 's:19:"event_repeat_on_num";s:1:"1";' .
200 's:19:"event_repeat_on_day";s:1:"0";' .
201 's:20:"event_repeat_on_freq";s:1:"0";}';
202 } else {
203 $recurrspec = 'a:5:{' .
204 's:17:"event_repeat_freq";N;' .
205 's:22:"event_repeat_freq_type";s:1:"0";' .
206 's:19:"event_repeat_on_num";s:1:"1";' .
207 's:19:"event_repeat_on_day";s:1:"0";' .
208 's:20:"event_repeat_on_freq";s:1:"1";}';
211 //The modification of the start date for events that take place on one day of the week
212 //for example monday, or thursday. We set the start date on the first day of the week
213 //that the event is scheduled. For example if you set the event to repeat on each monday
214 //the start date of the event will be set on the first monday after the day the event is scheduled
215 if ($_POST['form_repeat_type'] == 5) {
216 $exploded_date= explode("-", $event_date);
217 $edate = date("D", mktime(0, 0, 0, $exploded_date[1], $exploded_date[2], $exploded_date[0]));
218 if ($edate=="Tue") {
219 $event_date=date("Y-m-d", mktime(0, 0, 0, $exploded_date[1], $exploded_date[2]+6, $exploded_date[0]));
220 } elseif ($edate=="Wed") {
221 $event_date=date("Y-m-d", mktime(0, 0, 0, $exploded_date[1], $exploded_date[2]+5, $exploded_date[0]));
222 } elseif ($edate=="Thu") {
223 $event_date=date("Y-m-d", mktime(0, 0, 0, $exploded_date[1], $exploded_date[2]+4, $exploded_date[0]));
224 } elseif ($edate=="Fri") {
225 $event_date=date("Y-m-d", mktime(0, 0, 0, $exploded_date[1], $exploded_date[2]+3, $exploded_date[0]));
226 } elseif ($edate=="Sat") {
227 $event_date=date("Y-m-d", mktime(0, 0, 0, $exploded_date[1], $exploded_date[2]+2, $exploded_date[0]));
228 } elseif ($edate=="Sun") {
229 $event_date=date("Y-m-d", mktime(0, 0, 0, $exploded_date[1], $exploded_date[2]+1, $exploded_date[0]));
231 } elseif ($_POST['form_repeat_type'] == 6) {
232 $exploded_date= explode("-", $event_date);
233 $edate = date("D", mktime(0, 0, 0, $exploded_date[1], $exploded_date[2], $exploded_date[0]));
234 if ($edate=="Wed") {
235 $event_date=date("Y-m-d", mktime(0, 0, 0, $exploded_date[1], $exploded_date[2]+6, $exploded_date[0]));
236 } elseif ($edate=="Thu") {
237 $event_date=date("Y-m-d", mktime(0, 0, 0, $exploded_date[1], $exploded_date[2]+5, $exploded_date[0]));
238 } elseif ($edate=="Fri") {
239 $event_date=date("Y-m-d", mktime(0, 0, 0, $exploded_date[1], $exploded_date[2]+4, $exploded_date[0]));
240 } elseif ($edate=="Sat") {
241 $event_date=date("Y-m-d", mktime(0, 0, 0, $exploded_date[1], $exploded_date[2]+3, $exploded_date[0]));
242 } elseif ($edate=="Sun") {
243 $event_date=date("Y-m-d", mktime(0, 0, 0, $exploded_date[1], $exploded_date[2]+2, $exploded_date[0]));
244 } elseif ($edate=="Mon") {
245 $event_date=date("Y-m-d", mktime(0, 0, 0, $exploded_date[1], $exploded_date[2]+1, $exploded_date[0]));
247 } elseif ($_POST['form_repeat_type'] == 7) {
248 $exploded_date= explode("-", $event_date);
249 $edate = date("D", mktime(0, 0, 0, $exploded_date[1], $exploded_date[2], $exploded_date[0]));
250 if ($edate=="Thu") {
251 $event_date=date("Y-m-d", mktime(0, 0, 0, $exploded_date[1], $exploded_date[2]+6, $exploded_date[0]));
252 } elseif ($edate=="Fri") {
253 $event_date=date("Y-m-d", mktime(0, 0, 0, $exploded_date[1], $exploded_date[2]+5, $exploded_date[0]));
254 } elseif ($edate=="Sat") {
255 $event_date=date("Y-m-d", mktime(0, 0, 0, $exploded_date[1], $exploded_date[2]+4, $exploded_date[0]));
256 } elseif ($edate=="Sun") {
257 $event_date=date("Y-m-d", mktime(0, 0, 0, $exploded_date[1], $exploded_date[2]+3, $exploded_date[0]));
258 } elseif ($edate=="Mon") {
259 $event_date=date("Y-m-d", mktime(0, 0, 0, $exploded_date[1], $exploded_date[2]+2, $exploded_date[0]));
260 } elseif ($edate=="Tue") {
261 $event_date=date("Y-m-d", mktime(0, 0, 0, $exploded_date[1], $exploded_date[2]+1, $exploded_date[0]));
263 } elseif ($_POST['form_repeat_type'] == 8) {
264 $exploded_date= explode("-", $event_date);
265 $edate = date("D", mktime(0, 0, 0, $exploded_date[1], $exploded_date[2], $exploded_date[0]));
266 if ($edate=="Fri") {
267 $event_date=date("Y-m-d", mktime(0, 0, 0, $exploded_date[1], $exploded_date[2]+6, $exploded_date[0]));
268 } elseif ($edate=="Sat") {
269 $event_date=date("Y-m-d", mktime(0, 0, 0, $exploded_date[1], $exploded_date[2]+5, $exploded_date[0]));
270 } elseif ($edate=="Sun") {
271 $event_date=date("Y-m-d", mktime(0, 0, 0, $exploded_date[1], $exploded_date[2]+4, $exploded_date[0]));
272 } elseif ($edate=="Mon") {
273 $event_date=date("Y-m-d", mktime(0, 0, 0, $exploded_date[1], $exploded_date[2]+3, $exploded_date[0]));
274 } elseif ($edate=="Tue") {
275 $event_date=date("Y-m-d", mktime(0, 0, 0, $exploded_date[1], $exploded_date[2]+2, $exploded_date[0]));
276 } elseif ($edate=="Wed") {
277 $event_date=date("Y-m-d", mktime(0, 0, 0, $exploded_date[1], $exploded_date[2]+1, $exploded_date[0]));
279 } elseif ($_POST['form_repeat_type'] == 9) {
280 $exploded_date= explode("-", $event_date);
281 $edate = date("D", mktime(0, 0, 0, $exploded_date[1], $exploded_date[2], $exploded_date[0]));
282 if ($edate=="Sat") {
283 $event_date=date("Y-m-d", mktime(0, 0, 0, $exploded_date[1], $exploded_date[2]+6, $exploded_date[0]));
284 } elseif ($edate=="Sun") {
285 $event_date=date("Y-m-d", mktime(0, 0, 0, $exploded_date[1], $exploded_date[2]+5, $exploded_date[0]));
286 } elseif ($edate=="Mon") {
287 $event_date=date("Y-m-d", mktime(0, 0, 0, $exploded_date[1], $exploded_date[2]+4, $exploded_date[0]));
288 } elseif ($edate=="Tue") {
289 $event_date=date("Y-m-d", mktime(0, 0, 0, $exploded_date[1], $exploded_date[2]+3, $exploded_date[0]));
290 } elseif ($edate=="Wed") {
291 $event_date=date("Y-m-d", mktime(0, 0, 0, $exploded_date[1], $exploded_date[2]+2, $exploded_date[0]));
292 } elseif ($edate=="Thu") {
293 $event_date=date("Y-m-d", mktime(0, 0, 0, $exploded_date[1], $exploded_date[2]+1, $exploded_date[0]));
295 }//if end
296 /* =======================================================
297 // UPDATE EVENTS
298 ========================================================*/
299 if ($eid) {
300 // what is multiple key around this $eid?
301 $row = sqlQuery("SELECT pc_multiple FROM openemr_postcalendar_events WHERE pc_eid = $eid");
303 if ($GLOBALS['select_multi_providers'] && $row['pc_multiple']) {
304 /* ==========================================
305 // multi providers BOS
306 ==========================================*/
308 // obtain current list of providers regarding the multiple key
309 $up = sqlStatement("SELECT pc_aid FROM openemr_postcalendar_events WHERE pc_multiple={$row['pc_multiple']}");
310 while ($current = sqlFetchArray($up)) {
311 $providers_current[] = $current['pc_aid'];
314 $providers_new = $_POST['form_provider'];
316 // this difference means that some providers from current was UNCHECKED
317 // so we must delete this event for them
318 $r1 = array_diff($providers_current, $providers_new);
319 if (count($r1)) {
320 foreach ($r1 as $to_be_removed) {
321 sqlQuery("DELETE FROM openemr_postcalendar_events WHERE pc_aid='$to_be_removed' AND pc_multiple={$row['pc_multiple']}");
325 // this difference means that some providers was added
326 // so we must insert this event for them
327 $r2 = array_diff($providers_new, $providers_current);
328 if (count($r2)) {
329 foreach ($r2 as $to_be_inserted) {
330 sqlInsert("INSERT INTO openemr_postcalendar_events ( pc_catid, pc_multiple, pc_aid, pc_pid, pc_title, pc_time, pc_hometext, pc_informant, pc_eventDate, pc_endDate, pc_duration, pc_recurrtype, pc_recurrspec, pc_startTime, pc_endTime, pc_alldayevent, pc_apptstatus, pc_prefcatid, pc_location, pc_eventstatus, pc_sharing, pc_facility)
331 VALUES ( " .
332 "'" . $_POST['form_category'] . "', " .
333 "'" . $row['pc_multiple'] . "', " .
334 "'" . $to_be_inserted . "', " .
335 "'" . $_POST['form_pid'] . "', " .
336 "'" . $_POST['form_title'] . "', " .
337 "NOW(), " .
338 "'" . $_POST['form_comments'] . "', " .
339 "'" . $_SESSION['authUserID'] . "', " .
340 "'" . $event_date . "', " .
341 "'" . fixDate($_POST['form_enddate']) . "', " .
342 "'" . ($duration * 60) . "', " .
343 "'" . ($_POST['form_repeat'] ? '1' : '0') . "', " .
344 "'$recurrspec', " .
345 "'$starttime', " .
346 "'$endtime', " .
347 "'" . $_POST['form_allday'] . "', " .
348 "'" . $_POST['form_apptstatus'] . "', " .
349 "'" . $_POST['form_prefcat'] . "', " .
350 "'$locationspec', " .
351 "1, " .
352 "1, " .(int)$_POST['facility']. " )"); // FF stuff
353 } // foreach
354 } //if count
357 // after the two diffs above, we must update for remaining providers
358 // those who are intersected in $providers_current and $providers_new
359 foreach ($_POST['form_provider'] as $provider) {
360 sqlStatement("UPDATE openemr_postcalendar_events SET " .
361 "pc_catid = '" . $_POST['form_category'] . "', " .
362 "pc_pid = '" . $_POST['form_pid'] . "', " .
363 "pc_title = '" . $_POST['form_title'] . "', " .
364 "pc_time = NOW(), " .
365 "pc_hometext = '" . $_POST['form_comments'] . "', " .
366 "pc_informant = '" . $_SESSION['authUserID'] . "', " .
367 "pc_eventDate = '" . $event_date . "', " .
368 "pc_endDate = '" . fixDate($_POST['form_enddate']) . "', " .
369 "pc_duration = '" . ($duration * 60) . "', " .
370 "pc_recurrtype = '" . ($_POST['form_repeat'] ? '1' : '0') . "', " .
371 "pc_recurrspec = '$recurrspec', " .
372 "pc_startTime = '$starttime', " .
373 "pc_endTime = '$endtime', " .
374 "pc_alldayevent = '" . $_POST['form_allday'] . "', " .
375 "pc_apptstatus = '" . $_POST['form_apptstatus'] . "', " .
376 "pc_prefcatid = '" . $_POST['form_prefcat'] . "' ," .
377 "pc_facility = '" .(int)$_POST['facility'] ."' " . // FF stuff
378 "WHERE pc_aid = '$provider' AND pc_multiple={$row['pc_multiple']}");
379 } // foreach
381 /* ==========================================
382 // multi providers EOS
383 ==========================================*/
384 } elseif (!$row['pc_multiple']) {
385 if ($GLOBALS['select_multi_providers']) {
386 $prov = $_POST['form_provider'][0];
387 } else {
388 $prov = $_POST['form_provider'];
391 // simple provider case
392 sqlStatement("UPDATE openemr_postcalendar_events SET " .
393 "pc_catid = '" . $_POST['form_category'] . "', " .
394 "pc_aid = '" . $prov . "', " .
395 "pc_pid = '" . $_POST['form_pid'] . "', " .
396 "pc_title = '" . $_POST['form_title'] . "', " .
397 "pc_time = NOW(), " .
398 "pc_hometext = '" . $_POST['form_comments'] . "', " .
399 "pc_informant = '" . $_SESSION['authUserID'] . "', " .
400 "pc_eventDate = '" . $event_date . "', " .
401 "pc_endDate = '" . fixDate($_POST['form_enddate']) . "', " .
402 "pc_duration = '" . ($duration * 60) . "', " .
403 "pc_recurrtype = '" . ($_POST['form_repeat'] ? '1' : '0') . "', " .
404 "pc_recurrspec = '$recurrspec', " .
405 "pc_startTime = '$starttime', " .
406 "pc_endTime = '$endtime', " .
407 "pc_alldayevent = '" . $_POST['form_allday'] . "', " .
408 "pc_apptstatus = '" . $_POST['form_apptstatus'] . "', " .
409 "pc_prefcatid = '" . $_POST['form_prefcat'] . "' ," .
410 "pc_facility = '" .(int)$_POST['facility'] ."' " . // FF stuff
411 "WHERE pc_eid = '$eid'");
414 // =======================================
415 // EOS multi providers case
416 // =======================================
418 // EVENTS TO FACILITIES
420 $e2f = (int)$eid;
422 /* =======================================================
423 // INSERT EVENTS
424 ========================================================*/
425 } else {
426 // =======================================
427 // multi providers case
428 // =======================================
430 if (is_array($_POST['form_provider'])) {
431 // obtain the next available unique key to group multiple providers around some event
432 $q = sqlStatement("SELECT MAX(pc_multiple) as max FROM openemr_postcalendar_events");
433 $max = sqlFetchArray($q);
434 $new_multiple_value = $max['max'] + 1;
436 foreach ($_POST['form_provider'] as $provider) {
437 sqlInsert("INSERT INTO openemr_postcalendar_events ( " .
438 "pc_catid, pc_multiple, pc_aid, pc_pid, pc_title, pc_time, pc_hometext, " .
439 "pc_informant, pc_eventDate, pc_endDate, pc_duration, pc_recurrtype, " .
440 "pc_recurrspec, pc_startTime, pc_endTime, pc_alldayevent, " .
441 "pc_apptstatus, pc_prefcatid, pc_location, pc_eventstatus, pc_sharing, pc_facility " .
442 ") VALUES ( " .
443 "'" . $_POST['form_category'] . "', " .
444 "'" . $new_multiple_value . "', " .
445 "'" . $provider . "', " .
446 "'" . $_POST['form_pid'] . "', " .
447 "'" . $_POST['form_title'] . "', " .
448 "NOW(), " .
449 "'" . $_POST['form_comments'] . "', " .
450 "'" . $_SESSION['authUserID'] . "', " .
451 "'" . $event_date . "', " .
452 "'" . fixDate($_POST['form_enddate']) . "', " .
453 "'" . ($duration * 60) . "', " .
454 "'" . ($_POST['form_repeat'] ? '1' : '0') . "', " .
455 "'$recurrspec', " .
456 "'$starttime', " .
457 "'$endtime', " .
458 "'" . $_POST['form_allday'] . "', " .
459 "'" . $_POST['form_apptstatus'] . "', " .
460 "'" . $_POST['form_prefcat'] . "', " .
461 "'$locationspec', " .
462 "1, " .
463 "1, " .(int)$_POST['facility']. " )"); // FF stuff
464 } // foreach
465 } else {
466 sqlInsert("INSERT INTO openemr_postcalendar_events ( " .
467 "pc_catid, pc_aid, pc_pid, pc_title, pc_time, pc_hometext, " .
468 "pc_informant, pc_eventDate, pc_endDate, pc_duration, pc_recurrtype, " .
469 "pc_recurrspec, pc_startTime, pc_endTime, pc_alldayevent, " .
470 "pc_apptstatus, pc_prefcatid, pc_location, pc_eventstatus, pc_sharing, pc_facility " .
471 ") VALUES ( " .
472 "'" . $_POST['form_category'] . "', " .
473 "'" . $_POST['form_provider'] . "', " .
474 "'" . $_POST['form_pid'] . "', " .
475 "'" . $_POST['form_title'] . "', " .
476 "NOW(), " .
477 "'" . $_POST['form_comments'] . "', " .
478 "'" . $_SESSION['authUserID'] . "', " .
479 "'" . $event_date . "', " .
480 "'" . fixDate($_POST['form_enddate']) . "', " .
481 "'" . ($duration * 60) . "', " .
482 "'" . ($_POST['form_repeat'] ? '1' : '0') . "', " .
483 "'$recurrspec', " .
484 "'$starttime', " .
485 "'$endtime', " .
486 "'" . $_POST['form_allday'] . "', " .
487 "'" . $_POST['form_apptstatus'] . "', " .
488 "'" . $_POST['form_prefcat'] . "', " .
489 "'$locationspec', " .
490 "1, " .
491 "1," .(int)$_POST['facility']. ")"); // FF stuff
492 } // INSERT single
493 } // else - insert
495 // Save new DOB if it's there.
496 $patient_dob = trim($_POST['form_dob']);
497 if ($patient_dob && $_POST['form_pid']) {
498 sqlStatement("UPDATE patient_data SET DOB = '$patient_dob' WHERE " .
499 "pid = '" . $_POST['form_pid'] . "'");
502 // Auto-create a new encounter if appropriate.
505 /* if ($GLOBALS['auto_create_new_encounters'] &&
506 $_POST['form_apptstatus'] == '@' && $event_date == date('Y-m-d'))
509 // We decided not to auto-create blank enconter when user arrives. Todd's decision 18 Jun 2010
510 // Applied by Cassian Lup (cassian.lup@clinicdr.com)
512 if (0) {
513 $tmprow = sqlQuery("SELECT count(*) AS count FROM form_encounter WHERE " .
514 "pid = '" . $_POST['form_pid'] . "' AND date = '$event_date 00:00:00'");
515 if ($tmprow['count'] == 0) {
516 $tmprow = sqlQuery("SELECT username, facility, facility_id FROM users WHERE id = '" .
517 $_POST['form_provider'] . "'");
518 $username = $tmprow['username'];
519 $facility = $tmprow['facility'];
520 $facility_id = $tmprow['facility_id'];
521 $conn = $GLOBALS['adodb']['db'];
522 $encounter = $conn->GenID("sequences");
523 addForm(
524 $encounter,
525 "New Patient Encounter",
526 sqlInsert("INSERT INTO form_encounter SET " .
527 "date = '$event_date', " .
528 "onset_date = '$event_date', " .
529 "reason = '" . $_POST['form_comments'] . "', " .
530 "facility = '$facility', " .
531 "facility_id = '$facility_id', " .
532 "pid = '" . $_POST['form_pid'] . "', " .
533 "encounter = '$encounter'"),
534 "newpatient",
535 $_POST['form_pid'],
536 "1",
537 "NOW()",
538 $username
540 $info_msg .= "New encounter $encounter was created. ";
543 } else if ($_POST['form_action'] == "delete") {
544 // =======================================
545 // multi providers case
546 // =======================================
547 if ($GLOBALS['select_multi_providers']) {
548 // what is multiple key around this $eid?
549 $row = sqlQuery("SELECT pc_multiple FROM openemr_postcalendar_events WHERE pc_eid = $eid");
550 if ($row['pc_multiple']) {
551 sqlStatement("DELETE FROM openemr_postcalendar_events WHERE pc_multiple = {$row['pc_multiple']}");
552 } else {
553 sqlStatement("DELETE FROM openemr_postcalendar_events WHERE pc_eid = $eid");
556 // =======================================
557 // EOS multi providers case
558 // =======================================
559 } else {
560 sqlStatement("DELETE FROM openemr_postcalendar_events WHERE pc_eid = '$eid'");
564 if ($_POST['form_action'] != "") {
565 // Close this window and refresh the calendar display.
566 echo "<html>\n<body>\n<script language='JavaScript'>\n";
567 if ($info_msg) {
568 echo " alert('$info_msg');\n";
571 // echo " if (!opener.closed && opener.refreshme) opener.refreshme();\n";
572 // echo " if (!opener.closed && opener.refreshme) window.opener.location.reload(true);\n";
573 // echo " opener.refreshme();";
574 // echo " window.location='https://ehr.clinicdr.com/".$GLOBALS['instance_name']."/clinicdr-ehr/interface/main/calendar/index.php?module=PostCalendar&func=view&tplview=default&pc_category=&pc_topic='";
575 echo " dlgclose();\n";
576 echo "</script>\n</body>\n</html>\n";
577 exit();
580 // If we get this far then we are displaying the form.
582 $statuses = array(
583 '-' => '',
584 '*' => xl('* Reminder done'),
585 '+' => xl('+ Chart pulled'),
586 'x' => xl('x Cancelled'), // added Apr 2008 by JRM
587 '?' => xl('? No show'),
588 '@' => xl('@ Arrived'),
589 '~' => xl('~ Arrived late'),
590 '!' => xl('! Left w/o visit'),
591 '#' => xl('# Ins/fin issue'),
592 '<' => xl('< In exam room'),
593 '>' => xl('> Checked out'),
594 '$' => xl('$ Coding done'),
597 $repeats = 0; // if the event repeats
598 $repeattype = '0';
599 $repeatfreq = '0';
600 $patienttitle = "";
601 $hometext = "";
602 $row = array();
604 // If we are editing an existing event, then get its data.
605 if ($eid) {
606 $row = sqlQuery("SELECT * FROM openemr_postcalendar_events WHERE pc_eid = $eid");
607 $date = $row['pc_eventDate'];
608 $userid = $row['pc_aid'];
609 $patientid = $row['pc_pid'];
610 $starttimeh = substr($row['pc_startTime'], 0, 2) + 0;
611 $starttimem = substr($row['pc_startTime'], 3, 2);
612 $repeats = $row['pc_recurrtype'];
613 $multiple_value = $row['pc_multiple'];
615 if (preg_match('/"event_repeat_freq_type";s:1:"(\d)"/', $row['pc_recurrspec'], $matches)) {
616 $repeattype = $matches[1];
619 if (preg_match('/"event_repeat_freq";s:1:"(\d)"/', $row['pc_recurrspec'], $matches)) {
620 $repeatfreq = $matches[1];
623 $hometext = $row['pc_hometext'];
624 if (substr($hometext, 0, 6) == ':text:') {
625 $hometext = substr($hometext, 6);
627 } else {
628 $patientid=$_GET['pid'];
631 // If we have a patient ID, get the name and phone numbers to display.
632 if ($patientid) {
633 $prow = sqlQuery("SELECT lname, fname, phone_home, phone_biz, DOB " .
634 "FROM patient_data WHERE pid = '" . $patientid . "'");
635 $patientname = $prow['lname'] . ", " . $prow['fname'];
636 if ($prow['phone_home']) {
637 $patienttitle .= " H=" . $prow['phone_home'];
640 if ($prow['phone_biz']) {
641 $patienttitle .= " W=" . $prow['phone_biz'];
645 // Get the providers list.
646 $ures = sqlStatement("SELECT id, username, fname, lname FROM users WHERE " .
647 "authorized != 0 AND active = 1 ORDER BY lname, fname");
649 //-------------------------------------
650 //(CHEMED)
651 //Set default facility for a new event based on the given 'userid'
652 if ($userid) {
653 $pref_facility = sqlFetchArray(sqlStatement("SELECT facility_id, facility FROM users WHERE id = $userid"));
654 $e2f = $pref_facility['facility_id'];
655 $e2f_name = $pref_facility['facility'];
658 //END of CHEMED -----------------------
660 // Get event categories.
661 $cres = sqlStatement("SELECT pc_catid, pc_catname, pc_recurrtype, pc_duration, pc_end_all_day " .
662 "FROM openemr_postcalendar_categories ORDER BY pc_catname");
664 // Fix up the time format for AM/PM.
665 $startampm = '1';
666 if ($starttimeh >= 12) { // p.m. starts at noon and not 12:01
667 $startampm = '2';
668 if ($starttimeh > 12) {
669 $starttimeh -= 12;
674 <html>
675 <head>
676 <?php html_header_show(); ?>
677 <title><?php echo $eid ? "Edit" : "Add New" ?> <?php xl('Event', 'e');?></title>
678 <link rel="stylesheet" href='<?php echo $css_header ?>' type='text/css'>
679 <link rel="stylesheet" href="<?php echo $GLOBALS['assets_static_relative']; ?>/jquery-datetimepicker-2-5-4/build/jquery.datetimepicker.min.css">
681 <style>
682 td { font-size:0.8em; }
683 </style>
685 <script type="text/javascript" src="<?php echo $GLOBALS['assets_static_relative']; ?>/jquery-min-3-1-1/index.js"></script>
686 <script type="text/javascript" src="<?php echo $GLOBALS['assets_static_relative']; ?>/jquery-datetimepicker-2-5-4/build/jquery.datetimepicker.full.min.js"></script>
687 <script type="text/javascript" src="../library/topdialog.js?v=<?php echo $v_js_includes; ?>"></script>
688 <script type="text/javascript" src="../library/dialog.js?v=<?php echo $v_js_includes; ?>"></script>
689 <script type="text/javascript" src="../library/textformat.js?v=<?php echo $v_js_includes; ?>"></script>
691 <script language="JavaScript">
693 var durations = new Array();
694 // var rectypes = new Array();
695 <?php
696 // Read the event categories, generate their options list, and get
697 // the default event duration from them if this is a new event.
698 $catoptions = "";
699 $prefcat_options = " <option value='0'>-- None --</option>\n";
700 $thisduration = 0;
701 if ($eid) {
702 $thisduration = $row['pc_alldayevent'] ? 1440 : round($row['pc_duration'] / 60);
705 while ($crow = sqlFetchArray($cres)) {
706 $duration = round($crow['pc_duration'] / 60);
707 if ($crow['pc_end_all_day']) {
708 $duration = 1440;
711 echo " durations[" . $crow['pc_catid'] . "] = $duration\n";
712 // echo " rectypes[" . $crow['pc_catid'] . "] = " . $crow['pc_recurrtype'] . "\n";
713 $catoptions .= " <option value='" . $crow['pc_catid'] . "'";
714 if ($eid) {
715 if ($crow['pc_catid'] == $row['pc_catid']) {
716 $catoptions .= " selected";
718 } else {
719 if ($crow['pc_catid'] == $default_catid) {
720 $catoptions .= " selected";
721 $thisduration = $duration;
725 $catoptions .= ">" . $crow['pc_catname'] . "</option>\n";
727 // This section is to build the list of preferred categories:
728 if ($duration) {
729 $prefcat_options .= " <option value='" . $crow['pc_catid'] . "'";
730 if ($eid) {
731 if ($crow['pc_catid'] == $row['pc_prefcatid']) {
732 $prefcat_options .= " selected";
736 $prefcat_options .= ">" . $crow['pc_catname'] . "</option>\n";
741 <?php require($GLOBALS['srcdir'] . "/restoreSession.php"); ?>
743 // This is for callback by the find-patient popup.
744 function setpatient(pid, lname, fname, dob) {
745 var f = document.forms[0];
746 f.form_patient.value = lname + ', ' + fname;
747 f.form_pid.value = pid;
748 dobstyle = (dob == '' || dob.substr(5, 10) == '00-00') ? '' : 'none';
749 document.getElementById('dob_row').style.display = dobstyle;
751 function change_provider(){
752 var f = document.forms[0];
753 f.form_date.value='';
754 f.form_hour.value='';
755 f.form_minute.value='';
757 // This is for callback by the find-patient popup.
758 function unsetpatient() {
759 var f = document.forms[0];
760 f.form_patient.value = '';
761 f.form_pid.value = '';
764 // This invokes the find-patient popup.
765 function sel_patient() {
766 dlgopen('find_patient_popup.php', '_blank', 500, 400);
769 // Do whatever is needed when a new event category is selected.
770 // For now this means changing the event title and duration.
771 function set_display() {
772 var f = document.forms[0];
773 var s = f.form_category;
774 if (s.selectedIndex >= 0) {
775 var catid = s.options[s.selectedIndex].value;
776 var style_apptstatus = document.getElementById('title_apptstatus').style;
777 var style_prefcat = document.getElementById('title_prefcat').style;
778 if (catid == '2') { // In Office
779 style_apptstatus.display = 'none';
780 style_prefcat.display = '';
781 f.form_apptstatus.style.display = 'none';
782 f.form_prefcat.style.display = '';
783 } else {
784 style_prefcat.display = 'none';
785 style_apptstatus.display = '';
786 f.form_prefcat.style.display = 'none';
787 f.form_apptstatus.style.display = '';
792 // Gray out certain fields according to selection of Category DDL
793 function categoryChanged() {
794 var value = '5';
796 document.getElementById("form_patient").disabled=false;
797 //document.getElementById("form_apptstatus").disabled=false;
798 //document.getElementById("form_prefcat").disabled=false;
802 // Do whatever is needed when a new event category is selected.
803 // For now this means changing the event title and duration.
804 function set_category() {
805 var f = document.forms[0];
806 var s = f.form_category;
807 if (s.selectedIndex >= 0) {
808 var catid = s.options[s.selectedIndex].value;
809 f.form_title.value = s.options[s.selectedIndex].text;
810 f.form_duration.value = durations[catid];
811 set_display();
815 // Modify some visual attributes when the all-day or timed-event
816 // radio buttons are clicked.
817 function set_allday() {
818 var f = document.forms[0];
819 var color1 = '#777777';
820 var color2 = '#777777';
821 var disabled2 = true;
822 /*if (document.getElementById('rballday1').checked) {
823 color1 = '#000000';
825 if (document.getElementById('rballday2').checked) {
826 color2 = '#000000';
827 disabled2 = false;
829 document.getElementById('tdallday1').style.color = color1;
830 document.getElementById('tdallday2').style.color = color2;
831 document.getElementById('tdallday3').style.color = color2;
832 document.getElementById('tdallday4').style.color = color2;
833 document.getElementById('tdallday5').style.color = color2;
834 f.form_hour.disabled = disabled2;
835 f.form_minute.disabled = disabled2;
836 f.form_ampm.disabled = disabled2;
837 f.form_duration.disabled = disabled2;
840 // Modify some visual attributes when the Repeat checkbox is clicked.
841 function set_repeat() {
842 var f = document.forms[0];
843 var isdisabled = true;
844 var mycolor = '#777777';
845 var myvisibility = 'hidden';
846 /*if (f.form_repeat.checked) {
847 isdisabled = false;
848 mycolor = '#000000';
849 myvisibility = 'visible';
851 //f.form_repeat_type.disabled = isdisabled;
852 //f.form_repeat_freq.disabled = isdisabled;
853 //f.form_enddate.disabled = isdisabled;
854 document.getElementById('tdrepeat1').style.color = mycolor;
855 document.getElementById('tdrepeat2').style.color = mycolor;
856 document.getElementById('img_enddate').style.visibility = myvisibility;
859 // This is for callback by the find-available popup.
860 function setappt(year,mon,mday,hours,minutes) {
861 var f = document.forms[0];
862 f.form_date.value = '' + year + '-' +
863 ('' + (mon + 100)).substring(1) + '-' +
864 ('' + (mday + 100)).substring(1);
865 f.form_ampm.selectedIndex = (hours >= 12) ? 1 : 0;
866 f.form_hour.value = (hours > 12) ? hours - 12 : hours;
867 f.form_minute.value = ('' + (minutes + 100)).substring(1);
870 // Invoke the find-available popup.
871 function find_available() {
872 //top.restoreSession();
873 // (CHEMED) Conditional value selection, because there is no <select> element
874 // when making an appointment for a specific provider
875 var s = document.forms[0].form_provider;
876 <?php if ($userid != 0) { ?>
877 s = document.forms[0].form_provider.value;
878 <?php } else {?>
879 s = document.forms[0].form_provider.options[s.selectedIndex].value;
880 <?php }?>
881 // var fd2=document.forms[0].form_date2.value;
882 // document.forms[0].form_date.value=fd2.substring(6)+'-'+fd2.substring(0,2)+'-'+fd2.substring(3,5);
884 var formDate = document.forms[0].form_date;
885 window.open('find_appt_popup_user.php?bypatient&providerid=' + s +
886 '&catid=5' +
887 '&startdate=' + formDate.value, '_blank', 500, 400);
888 //END (CHEMED) modifications
891 // Check for errors when the form is submitted.
892 function validate() {
893 var f = document.getElementById('theform');
894 if (!f.form_date.value || !f.form_hour.value || !f.form_minute.value) {
895 alert('Please click on "Openings" to select a time.');
896 return false;
899 // in lunch outofoffice reserved vacation
900 f.form_category.value='12';
901 if (f.form_patient.value=='Click to select' && (!(
902 f.form_category.value=='2' || f.form_category.value=='8' || f.form_category.value=='3' || f.form_category.value=='4' || f.form_category.value=='11'
903 || f.form_category.value=='10'))) {
904 alert('Please select a patient.');
905 return false;
906 } else if (f.form_category.value=='10') {
907 unsetpatient();
909 var form_action = document.getElementById('form_action');
910 form_action.value="save";
911 f.submit();
912 //top.restoreSession();
913 // top
914 return true;
917 function deleteEvent() {
918 if (confirm("Deleting this event cannot be undone. It cannot be recovered once it is gone. Are you sure you wish to delete this event?")) {
919 var f = document.getElementById('theform');
920 var form_action = document.getElementById('form_action');
921 form_action.value="delete";
922 f.submit();
923 return true;
925 return false;
928 $(document).ready(function() {
929 $('.datepicker').datetimepicker({
930 <?php $datetimepicker_timepicker = false; ?>
931 <?php $datetimepicker_showseconds = false; ?>
932 <?php $datetimepicker_formatInput = false; ?>
933 <?php require($GLOBALS['srcdir'] . '/js/xl/jquery-datetimepicker-2-5-4.js.php'); ?>
934 <?php // can add any additional javascript settings to datetimepicker here; need to prepend first setting with a comma ?>
938 </script>
940 </head>
942 <body class="body_top" onunload='imclosing()' onload='categoryChanged()'>
944 <form method='post' name='theform' id='theform' action='add_edit_event_user.php?eid=<?php echo $eid ?>' />
945 <input type="hidden" name="form_action" id="form_action" value="">
946 <center>
948 <table border='0' width='100%'>
950 <tr>
951 <td width='1%' nowrap>
952 <b><?php xl('Category', 'e'); ?>:</b>
953 </td>
954 <td nowrap>
955 <input type="text" id='form_category' name='form_category' value='Office Visit' readonly='readonly' style='width:100%'/>
956 </td>
957 <td></td>
958 <td width='1%' nowrap>
959 <b><?php xl('Date', 'e'); ?>:</b>
960 </td>
961 <td colspan='2' nowrap id='tdallday1'>
962 <input type='text' size='10' name='form_date' readonly id='form_date' <?php echo $disabled ?>
963 value='<?php echo (isset($eid) && $eid) ? $row['pc_eventDate'] : $date; ?>'>
964 </td>
965 </tr>
967 <tr>
968 <td nowrap>
969 <b><?php xl('Title', 'e'); ?>:</b>
970 </td>
971 <td nowrap>
972 <input type='text' size='10' name='form_title' value='<?php echo addslashes($row['pc_title']) ?>'
973 style='width:100%'
974 title='<?php xl('Event title', 'e'); ?>' />
975 </td>
976 <td nowrap>
977 </td>
978 <td width='1%' nowrap id='tdallday2'>
979 <?php xl('Time', 'e'); ?>
980 </td>
981 <td width='1%' nowrap id='tdallday3'>
982 <input type='text' size='2' name='form_hour' value='<?php echo (isset($eid)) ? $starttimeh : ''; ?>'
983 title='<?php xl('Event start time', 'e'); ?>' readonly/> :
984 <input type='text' size='2' name='form_minute' value='<?php echo (isset($eid)) ? $starttimem : ''; ?>'
985 title='<?php xl('Event start time', 'e'); ?>' readonly/>&nbsp;
986 <select name='form_ampm' title='Note: 12:00 noon is PM, not AM' disabled="disabled">
987 <option value='1'><?php xl('AM', 'e'); ?></option>
988 <option value='2'<?php echo ($startampm == '2') ? " selected" : ""; ?>><?php xl('PM', 'e'); ?></option>
989 </select>
990 </td>
991 </tr>
992 <tr>
993 <td nowrap>
994 <b><?php xl('Patient', 'e'); ?>:</b>
995 </td>
996 <td nowrap>
997 <input type='text' size='10' id='form_patient' name='form_patient' style='width:100%;' value='<?php echo $patientname ?>' title='Patient' readonly />
998 <input type='hidden' name='form_pid' value='<?php echo $patientid ?>' />
999 </td>
1000 <td nowrap>
1001 &nbsp;
1002 </td>
1003 <td nowrap id='tdallday4'><?php xl('duration', 'e'); ?>
1004 </td>
1005 <td nowrap id='tdallday5'>
1006 <input type='text' size='4' name='form_duration' readonly value='<?php echo $thisduration ?>' title='<?php xl('Event duration in minutes', 'e'); ?>' />
1007 <?php xl('minutes', 'e'); ?>
1009 </td>
1010 </tr>
1012 <tr>
1014 </tr>
1017 <tr>
1018 <td nowrap>
1019 <b><?php xl('Provider', 'e'); ?>:</b>
1020 </td>
1021 <td nowrap>
1022 <?php
1024 // present a list of providers to choose from
1025 // default to the currently logged-in user
1026 echo "<select name='form_provider' onchange='change_provider();' style='width:100%' />";
1027 while ($urow = sqlFetchArray($ures)) {
1028 echo " <option value='" . $urow['id'] . "'";
1029 // if ($urow['id'] == $_SESSION['authUserID']) echo " selected";
1030 if (($urow['id'] == $_GET['userid'])||($urow['id']== $userid)) {
1031 echo " selected";
1034 echo ">" . $urow['lname'];
1035 if ($urow['fname']) {
1036 echo ", " . $urow['fname'];
1039 echo "</option>\n";
1042 echo "</select>";
1044 // } //END (CHEMED) IF
1047 </td>
1048 <td nowrap style='font-size:8pt'>
1050 </td>
1051 <td><input type='button' value='<?php xl('Openings', 'e');?>' onclick='find_available()' /></td>
1052 <td></td>
1053 </tr>
1055 <tr>
1056 <td nowrap>
1057 <b><?php xl('Comments', 'e'); ?>:</b>
1058 </td>
1059 <td colspan='4' nowrap>
1060 <input type='text' size='40' name='form_comments' style='width:100%' value='<?php echo $hometext ?>' title='<?php xl('Optional information about this event', 'e');?>' />
1061 </td>
1062 </tr>
1064 <?php
1065 // DOB is important for the clinic, so if it's missing give them a chance
1066 // to enter it right here. We must display or hide this row dynamically
1067 // in case the patient-select popup is used.
1068 $patient_dob = trim($prow['DOB']);
1069 $dobstyle = ($prow && (!$patient_dob || substr($patient_dob, 5) == '00-00')) ?
1070 '' : 'none';
1072 <tr id='dob_row' style='display:none<?php //echo $dobstyle
1073 ?>'>
1074 <td colspan='4' nowrap style='display:none'>
1075 <font color='white'><?php xl('DOB is missing, please enter if possible', 'e'); ?>:</font></b>
1076 </td>
1077 <td nowrap>
1078 <input type='text' size='10' class='datepicker' name='form_dob' id='form_dob' style='display:none' title='<?php xl('yyyy-mm-dd date of birth', 'e');?>' />
1079 </td>
1080 </tr>
1082 </table>
1085 <input type='button' name='form_save' value='<?php xl('Save', 'e');?>' onclick="validate()" />
1086 &nbsp;
1087 <input type='button' value='<?php xl('Cancel', 'e');?>' onclick='dlgclose()' />
1088 </p>
1089 </center>
1090 </form>
1092 <script language='JavaScript'>
1093 <?php if ($eid) { ?>
1094 set_display();
1095 <?php } else { ?>
1096 //set_category();
1097 <?php } ?>
1098 //set_allday();
1099 //set_repeat();
1101 </script>
1103 </body>
1104 </html>