library/api.inc.php

   1 <?php
   2
   3 /**
   4  * old api for 3rd parties
   5  *
   6  * @package   OpenEMR
   7  * @link      https://www.open-emr.org
   8  * @author    Brady Miller <brady.g.miller@gmail.com>
   9  * @copyright Copyright (c) 2017-2021 Brady Miller <brady.g.miller@gmail.com>
  10  * @license   https://github.com/openemr/openemr/blob/master/LICENSE GNU General Public License 3
  11  */
  12
  13 use OpenEMR\Billing\BillingUtilities;
  14 use OpenEMR\Core\Header;
  15
  16 $GLOBALS['form_exit_url'] = "javascript:parent.closeTab(window.name, false)";
  17
  18 function formHeader($title = "My Form")
  19 {
  20     ?>
  21     <html>
  22     <head>
  23     <?php Header::setupHeader(); ?>
  24     <title><?php echo text($title); ?></title>
  25     </head>
  26     <body background="<?php echo $GLOBALS['backpic']?>" topmargin=0 rightmargin=0 leftmargin=2 bottommargin=0 marginwidth=2 marginheight=0>
  27     <?php
  28 }
  29
  30 function formFooter()
  31 {
  32     ?>
  33     </body>
  34     </html>
  35     <?php
  36 }
  37
  38 function formSubmit($tableName, $values, $id, $authorized = "0")
  39 {
  40     global $attendant_type;
  41
  42     $sqlBindingArray = [$_SESSION['pid'], $_SESSION['authProvider'], $_SESSION['authUser'], $authorized];
  43     $sql = "insert into " . escape_table_name($tableName) . " set " .  escape_sql_column_name($attendant_type, array($tableName)) . "=?, groupname=?, user=?, authorized=?, activity=1, date = NOW(),";
  44     foreach ($values as $key => $value) {
  45         if ($key == "csrf_token_form") {
  46             continue;
  47         }
  48         if (strpos($key, "openemr_net_cpt") === 0) {
  49             //code to auto add cpt code
  50             if (!empty($value)) {
  51                 $code_array = explode(" ", $value, 2);
  52
  53                 BillingUtilities::addBilling(date("Ymd"), 'CPT4', $code_array[0], $code_array[1], $_SESSION['pid'], $authorized, $_SESSION['authUserID']);
  54             }
  55         } elseif (strpos($key, "diagnosis") == (strlen($key) - 10) && !(strpos($key, "diagnosis") === false )) {
  56             //case where key looks like "[a-zA-Z]*diagnosis[0-9]" which is special, it is used to auto add ICD codes
  57             //icd auto add ICD9-CM
  58             if (!empty($value)) {
  59                 $code_array = explode(" ", $value, 2);
  60                 BillingUtilities::addBilling(date("Ymd"), 'ICD9-M', $code_array[0], $code_array[1], $_SESSION['pid'], $authorized, $_SESSION['authUserID']);
  61             }
  62         } else {
  63             $sql .= " " . escape_sql_column_name($key, array($tableName)) . " = ?,";
  64             $sqlBindingArray[] = $value;
  65         }
  66     }
  67
  68     $sql = substr($sql, 0, -1);
  69     return sqlInsert($sql, $sqlBindingArray);
  70 }
  71
  72
  73 function formUpdate($tableName, $values, $id, $authorized = "0")
  74 {
  75     $sqlBindingArray = [$_SESSION['pid'], $_SESSION['authProvider'], $_SESSION['authUser'], $authorized];
  76     $sql = "update " . escape_table_name($tableName) . " set pid =?, groupname=?, user=? ,authorized=?, activity=1, date = NOW(),";
  77     foreach ($values as $key => $value) {
  78         if ($key == "csrf_token_form") {
  79             continue;
  80         }
  81         $sql .= " " . escape_sql_column_name($key, array($tableName)) . " = ?,";
  82         $sqlBindingArray[] = $value;
  83     }
  84
  85     $sql = substr($sql, 0, -1);
  86     $sql .= " where id=?";
  87     $sqlBindingArray[] = $id;
  88
  89     return sqlInsert($sql, $sqlBindingArray);
  90 }
  91
  92 function formJump($address = '')
  93 {
  94     echo "<script>\n";
  95     if ($address) {
  96         echo "top.restoreSession();\n";
  97         echo "location.href = " . js_escape($address) . ";\n";
  98     } else {
  99         echo "parent.closeTab(window.name, true);\n";
 100     }
 101     echo "</script>\n";
 102     // TBD: Exit seems wrong here, but that's how it has been forever.
 103     exit;
 104 }
 105
 106 function formFetch($tableName, $id, $cols = "*", $activity = "1")
 107 {
 108         // Run through escape_table_name() function to support dynamic form names in addition to mitigate sql table casing issues.
 109     return sqlQuery("select " . escape_sql_column_name(process_cols_escape($cols), array($tableName)) . " from `" . escape_table_name($tableName) . "` where id=? and pid = ? and activity like ? order by date DESC LIMIT 0,1", array($id,$GLOBALS['pid'],$activity)) ;
 110 }
 111
 112 function formDisappear($tableName, $id)
 113 {
 114         // Run through escape_table_name() function to support dynamic form names in addition to mitigate sql table casing issues.
 115     if (sqlStatement("update `" . escape_table_name($tableName) . "` set activity = '0' where id=? and pid=?", [$id, $pid])) {
 116         return true;
 117     }
 118
 119     return false;
 120 }
 121
 122 function formReappear($tableName, $id)
 123 {
 124         // Run through escape_table_name() function to support dynamic form names in addition to mitigate sql table casing issues.
 125     if (sqlStatement("update `" . escape_table_name($tableName) . "` set activity = '1' where id=? and pid=?", [$id, $pid])) {
 126         return true;
 127     }
 128
 129     return false;
 130 }
 131 ?>