search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Emergency User Access Changes
[openemr.git] / interface / usergroup / usergroup_admin.php
blob66ba352c9b0b714ac491da8ef38402c44501b2ef
1 <?php
2 require_once("../globals.php");
3 require_once("../../library/acl.inc");
4 require_once("$srcdir/md5.js");
5 require_once("$srcdir/sql.inc");
6 require_once("$srcdir/auth.inc");
7 require_once("$srcdir/formdata.inc.php");
8 require_once(dirname(__FILE__) . "/../../library/classes/WSProvider.class.php");
9 require_once ($GLOBALS['srcdir'] . "/classes/postmaster.php");
10
11 $alertmsg = '';
12 $bg_msg = '';
13 $set_active_msg=0;
14
15 /* Sending a mail to the admin when the breakglass user is activated only if $GLOBALS['Emergency_Login_email'] is set to 1 */
16 $bg_count=count($access_group);
17 $mail_id = explode(".",$SMTP_HOST);
18 for($i=0;$i<$bg_count;$i++){
19 if(($_GET['access_group'][$i] == "Emergency Login") && ($_GET['active'] == 'on') && ($_GET['pre_active'] == 0)){
20 if(($_GET['get_admin_id'] == 1) && ($_GET['admin_id'] != "")){
21 $res = sqlStatement("select username from users where id={$_GET["id"]}");
22 $row = sqlFetchArray($res);
23 $uname=$row['username'];
24 $mail = new MyMailer();
25 $mail->SetLanguage("en",$GLOBALS['fileroot'] . "/library/" );
26 $mail->From = "admin@".$mail_id[1].".".$mail_id[2];
27 $mail->FromName = "Administrator OpenEMR";
28 $text_body = "Hello Security Admin,\n\n The Emergency Login user ".$uname.
29 " was activated at ".date('l jS \of F Y h:i:s A')." \n\nThanks,\nAdmin OpenEMR.";
30 $mail->Body = $text_body;
31 $mail->Subject = "Emergency Login User Activated";
32 $mail->AddAddress($_GET['admin_id']);
33 $mail->Send();
34 }
35 }
36 }
37 /* To refresh and save variables in mail frame */
38 if ($_GET["privatemode"]=="user_admin") {
39 if ($_GET["mode"] == "update") {
40 if ($_GET["username"]) {
41 // $tqvar = addslashes(trim($_GET["username"]));
42 $tqvar = trim(formData('username','G'));
43 $user_data = mysql_fetch_array(sqlStatement("select * from users where id={$_GET["id"]}"));
44 sqlStatement("update users set username='$tqvar' where id={$_GET["id"]}");
45 sqlStatement("update groups set user='$tqvar' where user='". $user_data["username"] ."'");
46 //echo "query was: " ."update groups set user='$tqvar' where user='". $user_data["username"] ."'" ;
47 }
48 if ($_GET["taxid"]) {
49 $tqvar = formData('taxid','G');
50 sqlStatement("update users set federaltaxid='$tqvar' where id={$_GET["id"]}");
51 }
52 if ($_GET["drugid"]) {
53 $tqvar = formData('drugid','G');
54 sqlStatement("update users set federaldrugid='$tqvar' where id={$_GET["id"]}");
55 }
56 if ($_GET["upin"]) {
57 $tqvar = formData('upin','G');
58 sqlStatement("update users set upin='$tqvar' where id={$_GET["id"]}");
59 }
60 if ($_GET["npi"]) {
61 $tqvar = formData('npi','G');
62 sqlStatement("update users set npi='$tqvar' where id={$_GET["id"]}");
63 }
64 if ($_GET["taxonomy"]) {
65 $tqvar = formData('taxonomy','G');
66 sqlStatement("update users set taxonomy = '$tqvar' where id= {$_GET["id"]}");
67 }
68 if ($_GET["lname"]) {
69 $tqvar = formData('lname','G');
70 sqlStatement("update users set lname='$tqvar' where id={$_GET["id"]}");
71 }
72 if ($_GET["job"]) {
73 $tqvar = formData('job','G');
74 sqlStatement("update users set specialty='$tqvar' where id={$_GET["id"]}");
75 }
76 if ($_GET["mname"]) {
77 $tqvar = formData('mname','G');
78 sqlStatement("update users set mname='$tqvar' where id={$_GET["id"]}");
79 }
80 if ($_GET["facility_id"]) {
81 $tqvar = formData('facility_id','G');
82 sqlStatement("update users set facility_id = '$tqvar' where id = {$_GET["id"]}");
83 //(CHEMED) Update facility name when changing the id
84 sqlStatement("UPDATE users, facility SET users.facility = facility.name WHERE facility.id = '$tqvar' AND users.id = {$_GET["id"]}");
85 //END (CHEMED)
86 }
87 if ($GLOBALS['restrict_user_facility'] && $_GET["schedule_facility"]) {
88 sqlStatement("delete from users_facility
89 where tablename='users'
90 and table_id={$_GET["id"]}
91 and facility_id not in (" . implode(",", $_GET['schedule_facility']) . ")");
92 foreach($_GET["schedule_facility"] as $tqvar) {
93 sqlStatement("replace into users_facility set
94 facility_id = '$tqvar',
95 tablename='users',
96 table_id = {$_GET["id"]}");
97 }
98 }
99 if ($_GET["fname"]) {
100 $tqvar = formData('fname','G');
101 sqlStatement("update users set fname='$tqvar' where id={$_GET["id"]}");
102 }
103
104 //(CHEMED) Calendar UI preference
105 if ($_GET["cal_ui"]) {
106 $tqvar = formData('cal_ui','G');
107 sqlStatement("update users set cal_ui = '$tqvar' where id = {$_GET["id"]}");
108
109 // added by bgm to set this session variable if the current user has edited
110 // their own settings
111 if ($_SESSION['authId'] == $_GET["id"]) {
112 $_SESSION['cal_ui'] = $tqvar;
113 }
114 }
115 //END (CHEMED) Calendar UI preference
116 if ($_GET["newauthPass"] && $_GET["newauthPass"] != "d41d8cd98f00b204e9800998ecf8427e") { // account for empty
117 $tqvar = formData('newauthPass','G');
118 // When the user password is updated and the password history option is enabled, update the password history in database. A new password expiration is also calculated
119 if($GLOBALS['password_history'] != 0 ){
120 $updatepwd = UpdatePasswordHistory($_GET["id"], $tqvar);
121 }else
122 {
123 sqlStatement("update users set password='$tqvar' where id={$_GET["id"]}");
124 if($GLOBALS['password_expiration_days'] != 0){
125 $exp_days=$GLOBALS['password_expiration_days'];
126 $exp_date = date('Y-m-d', strtotime("+$exp_days days"));
127 sqlStatement("update users set pwd_expiration_date='$exp_date' where id=$userid");
128 }
129 }
130 }
131
132 // for relay health single sign-on
133 if ($_GET["ssi_relayhealth"]) {
134 $tqvar = formData('ssi_relayhealth','G');
135 sqlStatement("update users set ssi_relayhealth = '$tqvar' where id = {$_GET["id"]}");
136 }
137
138 $tqvar = $_GET["authorized"] ? 1 : 0;
139 $actvar = $_GET["active"] ? 1 : 0;
140 $calvar = $_GET["calendar"] ? 1 : 0;
141
142 sqlStatement("UPDATE users SET authorized = $tqvar, active = $actvar, " .
143 "calendar = $calvar, see_auth = '" . $_GET['see_auth'] . "' WHERE " .
144 "id = {$_GET["id"]}");
145 //Display message when Emergency Login user was activated
146 $bg_count=count($_GET['access_group']);
147 for($i=0;$i<$bg_count;$i++){
148 if(($_GET['access_group'][$i] == "Emergency Login") && ($_GET['pre_active'] == 0) && ($actvar == 1)){
149 $show_message = 1;
150 }
151 }
152 if(($_GET['access_group'])){
153 for($i=0;$i<$bg_count;$i++){
154 if(($_GET['access_group'][$i] == "Emergency Login") && ($_GET['user_type']) == "" && ($_GET['check_acl'] == 1) && ($_GET['active']) != ""){
155 $set_active_msg=1;
156 }
157 }
158 }
159 if ($_GET["comments"]) {
160 $tqvar = formData('comments','G');
161 sqlStatement("update users set info = '$tqvar' where id = {$_GET["id"]}");
162 }
163
164 if (isset($phpgacl_location) && acl_check('admin', 'acl')) {
165 // Set the access control group of user
166 $user_data = mysql_fetch_array(sqlStatement("select username from users where id={$_GET["id"]}"));
167 set_user_aro($_GET['access_group'], $user_data["username"],
168 formData('fname','G'), formData('mname','G'), formData('lname','G'));
169 }
170
171 $ws = new WSProvider($_GET['id']);
172
173 }
174 }
175
176 /* To refresh and save variables in mail frame - Arb*/
177 if (isset($_POST["mode"])) {
178 if ($_POST["mode"] == "new_user") {
179 if ($_POST["authorized"] != "1") {
180 $_POST["authorized"] = 0;
181 }
182 // $_POST["info"] = addslashes($_POST["info"]);
183
184 $calvar = $_POST["calendar"] ? 1 : 0;
185
186 $res = sqlStatement("select distinct username from users where username != ''");
187 $doit = true;
188 while ($row = mysql_fetch_array($res)) {
189 if ($doit == true && $row['username'] == trim(formData('rumple'))) {
190 $doit = false;
191 }
192 }
193
194 if ($doit == true) {
195 //if password expiration option is enabled, calculate the expiration date of the password
196 if($GLOBALS['password_expiration_days'] != 0){
197 $exp_days = $GLOBALS['password_expiration_days'];
198 $exp_date = date('Y-m-d', strtotime("+$exp_days days"));
199 }
200 $prov_id = idSqlStatement("insert into users set " .
201 "username = '" . trim(formData('rumple' )) .
202 "', password = '" . trim(formData('newauthPass' )) .
203 "', fname = '" . trim(formData('fname' )) .
204 "', mname = '" . trim(formData('mname' )) .
205 "', lname = '" . trim(formData('lname' )) .
206 "', federaltaxid = '" . trim(formData('federaltaxid' )) .
207 "', authorized = '" . trim(formData('authorized' )) .
208 "', info = '" . trim(formData('info' )) .
209 "', federaldrugid = '" . trim(formData('federaldrugid')) .
210 "', upin = '" . trim(formData('upin' )) .
211 "', npi = '" . trim(formData('npi' )).
212 "', taxonomy = '" . trim(formData('taxonomy' )) .
213 "', facility_id = '" . trim(formData('facility_id' )) .
214 "', specialty = '" . trim(formData('specialty' )) .
215 "', see_auth = '" . trim(formData('see_auth' )) .
216 "', cal_ui = '" . trim(formData('cal_ui' )) .
217 "', calendar = '" . $calvar .
218 "', pwd_expiration_date = '" . trim("$exp_date") .
219 "'");
220 //set the facility name from the selected facility_id
221 sqlStatement("UPDATE users, facility SET users.facility = facility.name WHERE facility.id = '" . trim(formData('facility_id')) . "' AND users.username = '" . trim(formData('rumple')) . "'");
222
223 sqlStatement("insert into groups set name = '" . trim(formData('groupname')) .
224 "', user = '" . trim(formData('rumple')) . "'");
225
226 if (isset($phpgacl_location) && acl_check('admin', 'acl') && trim(formData('rumple'))) {
227 // Set the access control group of user
228 set_user_aro($_POST['access_group'], trim(formData('rumple')),
229 trim(formData('fname')), trim(formData('mname')), trim(formData('lname')));
230 }
231
232 $ws = new WSProvider($prov_id);
233
234 } else {
235 $alertmsg .= xl('User','','',' ') . trim(formData('rumple')) . xl('already exists.','',' ');
236 }
237 if($_POST['access_group']){
238 $bg_count=count($_POST['access_group']);
239 for($i=0;$i<$bg_count;$i++){
240 if($_POST['access_group'][$i] == "Emergency Login"){
241 $set_active_msg=1;
242 }
243 }
244 }
245 }
246 else if ($_POST["mode"] == "new_group") {
247 $res = sqlStatement("select distinct name, user from groups");
248 for ($iter = 0; $row = sqlFetchArray($res); $iter++)
249 $result[$iter] = $row;
250 $doit = 1;
251 foreach ($result as $iter) {
252 if ($doit == 1 && $iter{"name"} == trim(formData('groupname')) && $iter{"user"} == trim(formData('rumple')))
253 $doit--;
254 }
255 if ($doit == 1) {
256 sqlStatement("insert into groups set name = '" . trim(formData('groupname')) .
257 "', user = '" . trim(formData('rumple')) . "'");
258 } else {
259 $alertmsg .= "User " . trim(formData('rumple')) .
260 " is already a member of group " . trim(formData('groupname')) . ". ";
261 }
262 }
263 }
264
265 if (isset($_GET["mode"])) {
266
267 /*******************************************************************
268 // This is the code to delete a user. Note that the link which invokes
269 // this is commented out. Somebody must have figured it was too dangerous.
270 //
271 if ($_GET["mode"] == "delete") {
272 $res = sqlStatement("select distinct username, id from users where id = '" .
273 $_GET["id"] . "'");
274 for ($iter = 0; $row = sqlFetchArray($res); $iter++)
275 $result[$iter] = $row;
276
277 // TBD: Before deleting the user, we should check all tables that
278 // reference users to make sure this user is not referenced!
279
280 foreach($result as $iter) {
281 sqlStatement("delete from groups where user = '" . $iter{"username"} . "'");
282 }
283 sqlStatement("delete from users where id = '" . $_GET["id"] . "'");
284 }
285 *******************************************************************/
286
287 if ($_GET["mode"] == "delete_group") {
288 $res = sqlStatement("select distinct user from groups where id = '" .
289 $_GET["id"] . "'");
290 for ($iter = 0; $row = sqlFetchArray($res); $iter++)
291 $result[$iter] = $row;
292 foreach($result as $iter)
293 $un = $iter{"user"};
294 $res = sqlStatement("select name, user from groups where user = '$un' " .
295 "and id != '" . $_GET["id"] . "'");
296
297 // Remove the user only if they are also in some other group. I.e. every
298 // user must be a member of at least one group.
299 if (sqlFetchArray($res) != FALSE) {
300 sqlStatement("delete from groups where id = '" . $_GET["id"] . "'");
301 } else {
302 $alertmsg .= "You must add this user to some other group before " .
303 "removing them from this group. ";
304 }
305 }
306 }
307
308 $form_inactive = empty($_REQUEST['form_inactive']) ? false : true;
309
310 ?>
311 <html>
312 <head>
313
314 <link rel="stylesheet" href="<?php echo $css_header;?>" type="text/css">
315 <link rel="stylesheet" href="<?php echo $css_header;?>" type="text/css">
316 <link rel="stylesheet" type="text/css" href="<?php echo $GLOBALS['webroot'] ?>/library/js/fancybox/jquery.fancybox-1.2.6.css" media="screen" />
317 <script type="text/javascript" src="<?php echo $GLOBALS['webroot'] ?>/library/dialog.js"></script>
318 <script type="text/javascript" src="<?php echo $GLOBALS['webroot'] ?>/library/js/jquery.1.3.2.js"></script>
319 <script type="text/javascript" src="<?php echo $GLOBALS['webroot'] ?>/library/js/common.js"></script>
320 <script type="text/javascript" src="<?php echo $GLOBALS['webroot'] ?>/library/js/fancybox/jquery.fancybox-1.2.6.js"></script>
321
322 <script type="text/javascript">
323
324 $(document).ready(function(){
325
326 // fancy box
327 enable_modals();
328
329 tabbify();
330
331 // special size for
332 $(".iframe_medium").fancybox( {
333 'overlayOpacity' : 0.0,
334 'showCloseButton' : true,
335 'frameHeight' : 450,
336 'frameWidth' : 660
337 });
338
339
340 });
341
342 </script>
343 <script language="JavaScript">
344
345 function authorized_clicked() {
346 var f = document.forms[0];
347 f.calendar.disabled = !f.authorized.checked;
348 f.calendar.checked = f.authorized.checked;
349 }
350
351 </script>
352
353 </head>
354 <body class="body_top">
355
356 <div>
357 <div>
358 <table>
359 <tr >
360 <td><b><?php xl('User / Groups','e'); ?></b></td>
361 <td><a href="usergroup_admin_add.php" class="iframe_medium css_button"><span><?php xl('Add User','e'); ?></span></a>
362 </td>
363 </tr>
364 </table>
365 </div>
366 <div style="width:650px;">
367 <div>
368
369 <form name='userlist' method='post' action='usergroup_admin.php' onsubmit='return top.restoreSession()'>
370 <input type='checkbox' name='form_inactive' value='1' onclick='submit()' <?php if ($form_inactive) echo 'checked '; ?>/>
371 <span class='text' style = "margin-left:-3px"> <?php xl('Include inactive users','e'); ?> </span>
372 </form>
373 <?
374 if($set_active_msg == 1){
375 echo "<font class='alert'>".xl('Emergency Login ACL is chosen. The user is still in active state, please de-activate the user and activate the user during emergency situations.')."</font><br>";
376 echo "<font class='alert'>".xl('Note').": ".xl('Visit Administration')."->".xl('Users for activation or de-activation.')."</font><br>";
377 }
378 if ($show_message == 1){
379 echo "<font class='alert'>".xl('Emergency Login User')." "."<b>".$_GET['fname']."</b>"." ".xl('is activated')."</font><br>";
380 echo "<font class='alert'>".xl('Emergency Login activation mail will be circulated only if')." \$GLOBALS['Emergency_Login_email'] ".xl('and')." \$GLOBALS['Emergency_Login_email_id'] ".xl('are configured')."</font>";
381 }
382
383 ?>
384 <table cellpadding="1" cellspacing="0" class="showborder">
385 <tbody><tr height="22" class="showborder_head">
386 <th width="180px"><b><?php xl('Username','e'); ?></b></th>
387 <th width="270px"><b><?php xl('Real Name','e'); ?></b></th>
388 <th width="320px"><b><span class="bold"><?php xl('Additional Info','e'); ?></span></b></th>
389 <th><b><?php xl('Authorized','e'); ?>?</b></th>
390
391 <?php
392 $query = "SELECT * FROM users WHERE username != '' ";
393 if (!$form_inactive) $query .= "AND active = '1' ";
394 $query .= "ORDER BY username";
395 $res = sqlStatement($query);
396 for ($iter = 0;$row = sqlFetchArray($res);$iter++)
397 $result4[$iter] = $row;
398 foreach ($result4 as $iter) {
399 if ($iter{"authorized"}) {
400 $iter{"authorized"} = xl('yes');
401 } else {
402 $iter{"authorized"} = "";
403 }
404 print "<tr height=20 class='text' style='border-bottom: 1px dashed;'>
405 <td class='text'><b><a href='user_admin.php?id=" . $iter{"id"} .
406 "' class='iframe_medium' onclick='top.restoreSession()'><span>" . $iter{"username"} . "</span></a></b>" ."&nbsp;</td>
407 <td><span class='text'>" .$iter{"fname"} . ' ' . $iter{"lname"}."</span>&nbsp;</td>
408 <td><span class='text'>" .$iter{"info"} . "</span>&nbsp;</td>
409 <td align='left'><span class='text'>" .$iter{"authorized"} . "</span>&nbsp;</td>";
410 print "<td><!--<a href='usergroup_admin.php?mode=delete&id=" . $iter{"id"} .
411 "' class='link_submit'>[Delete]</a>--></td>";
412 print "</tr>\n";
413 }
414 ?>
415 </tbody></table>
416 <?php
417 if (empty($GLOBALS['disable_non_default_groups'])) {
418 $res = sqlStatement("select * from groups order by name");
419 for ($iter = 0;$row = sqlFetchArray($res);$iter++)
420 $result5[$iter] = $row;
421
422 foreach ($result5 as $iter) {
423 $grouplist{$iter{"name"}} .= $iter{"user"} .
424 "(<a class='link_submit' href='usergroup_admin.php?mode=delete_group&id=" .
425 $iter{"id"} . "' onclick='top.restoreSession()'>Remove</a>), ";
426 }
427
428 foreach ($grouplist as $groupname => $list) {
429 print "<span class='bold'>" . $groupname . "</span><br>\n<span class='text'>" .
430 substr($list,0,strlen($list)-2) . "</span><br>\n";
431 }
432 }
433 ?>
434 </div>
435 </div>
436 </div>
437
438
439 <script language="JavaScript">
440 <?php
441 if ($alertmsg = trim($alertmsg)) {
442 echo "alert('$alertmsg');\n";
443 }
444 ?>
445 </script>
446
447 </body>
448 </html>
Mirror of official OpenEMR Sourceforge repository