search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Visolve: Clear Active Patient Changes
[openemr.git] / interface / patient_file / deleter.php
blobb1be193a8002542dccb5e9aa7f8846d1ae88b706
1 <?php
2 // Copyright (C) 2005-2011 Rod Roark <rod@sunsetsystems.com>
3 //
4 // This program is free software; you can redistribute it and/or
5 // modify it under the terms of the GNU General Public License
6 // as published by the Free Software Foundation; either version 2
7 // of the License, or (at your option) any later version.
8
9 require_once("../globals.php");
10 require_once("$srcdir/log.inc");
11 require_once("$srcdir/acl.inc");
12 require_once("$srcdir/sl_eob.inc.php");
13
14 $patient = $_REQUEST['patient'];
15 $encounterid = $_REQUEST['encounterid'];
16 $formid = $_REQUEST['formid'];
17 $issue = $_REQUEST['issue'];
18 $document = $_REQUEST['document'];
19 $payment = $_REQUEST['payment'];
20 $billing = $_REQUEST['billing'];
21 $transaction = $_REQUEST['transaction'];
22
23 $info_msg = "";
24
25 // Delete rows, with logging, for the specified table using the
26 // specified WHERE clause.
27 //
28 function row_delete($table, $where) {
29 $tres = sqlStatement("SELECT * FROM $table WHERE $where");
30 $count = 0;
31 while ($trow = sqlFetchArray($tres)) {
32 $logstring = "";
33 foreach ($trow as $key => $value) {
34 if (! $value || $value == '0000-00-00 00:00:00') continue;
35 if ($logstring) $logstring .= " ";
36 $logstring .= $key . "='" . addslashes($value) . "'";
37 }
38 newEvent("delete", $_SESSION['authUser'], $_SESSION['authProvider'], 1, "$table: $logstring");
39 ++$count;
40 }
41 if ($count) {
42 $query = "DELETE FROM $table WHERE $where";
43 echo $query . "<br>\n";
44 sqlStatement($query);
45 }
46 }
47
48 // Deactivate rows, with logging, for the specified table using the
49 // specified SET and WHERE clauses.
50 //
51 function row_modify($table, $set, $where) {
52 if (sqlQuery("SELECT * FROM $table WHERE $where")) {
53 newEvent("deactivate", $_SESSION['authUser'], $_SESSION['authProvider'], 1, "$table: $where");
54 $query = "UPDATE $table SET $set WHERE $where";
55 echo $query . "<br>\n";
56 sqlStatement($query);
57 }
58 }
59
60 // We use this to put dashes, colons, etc. back into a timestamp.
61 //
62 function decorateString($fmt, $str) {
63 $res = '';
64 while ($fmt) {
65 $fc = substr($fmt, 0, 1);
66 $fmt = substr($fmt, 1);
67 if ($fc == '.') {
68 $res .= substr($str, 0, 1);
69 $str = substr($str, 1);
70 } else {
71 $res .= $fc;
72 }
73 }
74 return $res;
75 }
76
77 // Delete and undo product sales for a given patient or visit.
78 // This is special because it has to replace the inventory.
79 //
80 function delete_drug_sales($patient_id, $encounter_id=0) {
81 $where = $encounter_id ? "ds.encounter = '$encounter_id'" :
82 "ds.pid = '$patient_id' AND ds.encounter != 0";
83 sqlStatement("UPDATE drug_sales AS ds, drug_inventory AS di " .
84 "SET di.on_hand = di.on_hand + ds.quantity " .
85 "WHERE $where AND di.inventory_id = ds.inventory_id");
86 if ($encounter_id) {
87 row_delete("drug_sales", "encounter = '$encounter_id'");
88 }
89 else {
90 row_delete("drug_sales", "pid = '$patient_id'");
91 }
92 }
93
94 // Delete a form's data from its form-specific table.
95 //
96 function form_delete($formdir, $formid) {
97 $formdir = ($formdir == 'newpatient') ? 'encounter' : $formdir;
98 if (substr($formdir,0,3) == 'LBF')
99 row_delete("lbf_data", "form_id = '$formid'");
100 else
101 row_delete("form_$formdir", "id = '$formid'");
102 }
103
104 // Delete a specified document including its associated relations and file.
105 //
106 function delete_document($document) {
107 $trow = sqlQuery("SELECT url FROM documents WHERE id = '$document'");
108 $url = $trow['url'];
109 row_delete("categories_to_documents", "document_id = '$document'");
110 row_delete("documents", "id = '$document'");
111 row_delete("gprelations", "type1 = 1 AND id1 = '$document'");
112 if (substr($url, 0, 7) == 'file://') {
113 @unlink(substr($url, 7));
114 }
115 }
116 ?>
117 <html>
118 <head>
119 <?php html_header_show();?>
120 <title><?php xl('Delete Patient, Encounter, Form, Issue, Document, Payment, Billing or Transaction','e'); ?></title>
121 <link rel="stylesheet" href='<?php echo $css_header ?>' type='text/css'>
122
123 <style>
124 td { font-size:10pt; }
125 </style>
126
127 <script language="javascript">
128 function submit_form()
129 {
130 document.deletefrm.submit();
131 }
132 // Java script function for closing the popup
133 function popup_close() {
134 if(parent.$==undefined) {
135 window.close();
136 }
137 else {
138 parent.$.fn.fancybox.close();
139 }
140 }
141 </script>
142 </head>
143
144 <body class="body_top">
145 <?php
146 // If the delete is confirmed...
147 //
148 if ($_POST['form_submit']) {
149
150 if ($patient) {
151 if (!acl_check('admin', 'super')) die("Not authorized!");
152 row_modify("billing" , "activity = 0", "pid = '$patient'");
153 row_modify("pnotes" , "deleted = 1" , "pid = '$patient'");
154 // row_modify("prescriptions" , "active = 0" , "patient_id = '$patient'");
155 row_delete("prescriptions" , "patient_id = '$patient'");
156 row_delete("claims" , "patient_id = '$patient'");
157 delete_drug_sales($patient);
158 row_delete("payments" , "pid = '$patient'");
159 row_delete("ar_activity" , "pid = '$patient'");
160 row_delete("openemr_postcalendar_events", "pc_pid = '$patient'");
161 row_delete("immunizations" , "patient_id = '$patient'");
162 row_delete("issue_encounter", "pid = '$patient'");
163 row_delete("lists" , "pid = '$patient'");
164 row_delete("transactions" , "pid = '$patient'");
165 row_delete("employer_data" , "pid = '$patient'");
166 row_delete("history_data" , "pid = '$patient'");
167 row_delete("insurance_data" , "pid = '$patient'");
168
169 $res = sqlStatement("SELECT * FROM forms WHERE pid = '$patient'");
170 while ($row = sqlFetchArray($res)) {
171 form_delete($row['formdir'], $row['form_id']);
172 }
173 row_delete("forms", "pid = '$patient'");
174
175 // integration_mapping is used for sql-ledger and is virtually obsolete now.
176 $row = sqlQuery("SELECT id FROM patient_data WHERE pid = '$patient'");
177 row_delete("integration_mapping", "local_table = 'patient_data' AND " .
178 "local_id = '" . $row['id'] . "'");
179
180 // Delete all documents for the patient.
181 $res = sqlStatement("SELECT id FROM documents WHERE foreign_id = '$patient'");
182 while ($row = sqlFetchArray($res)) {
183 delete_document($row['id']);
184 }
185
186 // This table exists only for athletic teams.
187 $tmp = sqlQuery("SHOW TABLES LIKE 'daily_fitness'");
188 if (!empty($tmp)) {
189 row_delete("daily_fitness", "pid = '$patient'");
190 }
191
192 row_delete("patient_data", "pid = '$patient'");
193 }
194 else if ($encounterid) {
195 if (!acl_check('admin', 'super')) die("Not authorized!");
196 row_modify("billing", "activity = 0", "encounter = '$encounterid'");
197 delete_drug_sales(0, $encounterid);
198 row_delete("ar_activity", "encounter = '$encounterid'");
199 row_delete("claims", "encounter_id = '$encounterid'");
200 row_delete("issue_encounter", "encounter = '$encounterid'");
201 $res = sqlStatement("SELECT * FROM forms WHERE encounter = '$encounterid'");
202 while ($row = sqlFetchArray($res)) {
203 form_delete($row['formdir'], $row['form_id']);
204 }
205 row_delete("forms", "encounter = '$encounterid'");
206 }
207 else if ($formid) {
208 if (!acl_check('admin', 'super')) die("Not authorized!");
209 $row = sqlQuery("SELECT * FROM forms WHERE id = '$formid'");
210 $formdir = $row['formdir'];
211 if (! $formdir) die("There is no form with id '$formid'");
212 form_delete($formdir, $row['form_id']);
213 row_delete("forms", "id = '$formid'");
214 }
215 else if ($issue) {
216 if (!acl_check('admin', 'super')) die("Not authorized!");
217 row_delete("issue_encounter", "list_id = '$issue'");
218 row_delete("lists", "id = '$issue'");
219 }
220 else if ($document) {
221 if (!acl_check('admin', 'super')) die("Not authorized!");
222 delete_document($document);
223 }
224 else if ($payment) {
225 if (!acl_check('admin', 'super')) die("Not authorized!");
226 list($patient_id, $timestamp, $ref_id) = explode(".", $payment);
227 $timestamp = decorateString('....-..-.. ..:..:..', $timestamp);
228 $payres = sqlStatement("SELECT * FROM payments WHERE " .
229 "pid = '$patient_id' AND dtime = '$timestamp'");
230 while ($payrow = sqlFetchArray($payres)) {
231 // Delete the payment.
232 row_delete("ar_activity",
233 "pid = '$patient_id' AND " .
234 "session_id = '$ref_id'");
235 row_delete("ar_session",
236 "patient_id = '$patient_id' AND " .
237 "session_id = '$ref_id'");
238 if ($payrow['amount2'] != 0) {
239 if ($GLOBALS['oer_config']['ws_accounting']['enabled'] === 2) {
240 $thissrc = '';
241 if ($payrow['method']) {
242 $thissrc .= $payrow['method'];
243 if ($payrow['source']) $thissrc .= ' ' . $payrow['source'];
244 }
245 $thissrc .= ' front office reversal';
246 $session_id = 0; // Is this OK?
247 arPostPayment($patient_id, $payrow['encounter'], $session_id,
248 0 - $payrow['amount2'], '', 0, $thissrc, 0);
249 }
250 else {
251 // Look up the matching invoice and post an offsetting payment.
252 slInitialize();
253 $invnum = "$patient_id." . $payrow['encounter'];
254 $thissrc = 'Pt/';
255 if ($payrow['method']) {
256 $thissrc .= $payrow['method'];
257 if ($payrow['source']) $thissrc .= ' ' . $payrow['source'];
258 }
259 $thissrc .= ' front office reversal';
260 $trans_id = SLQueryValue("SELECT id FROM ar WHERE " .
261 "ar.invnumber = '$invnum' LIMIT 1");
262 if ($trans_id) {
263 slPostPayment($trans_id, 0 - $payrow['amount2'], date('Y-m-d'),
264 $thissrc, '', 0, 0);
265 } else {
266 $info_msg .= "Invoice '$invnum' not found; could not delete its " .
267 "payment of \$" . $payrow['amount2'] . ". ";
268 }
269 SLClose();
270 }
271 }
272 row_delete("payments", "id = '" . $payrow['id'] . "'");
273 }
274 }
275 else if ($billing) {
276 if (!acl_check('acct','disc')) die("Not authorized!");
277 list($patient_id, $encounter_id) = explode(".", $billing);
278 if ($GLOBALS['oer_config']['ws_accounting']['enabled'] === 2) {
279 sqlStatement("DELETE FROM ar_activity WHERE " .
280 "pid = '$patient_id' AND encounter = '$encounter_id'");
281 sqlStatement("DELETE ar_session FROM ar_session LEFT JOIN " .
282 "ar_activity ON ar_session.session_id = ar_activity.session_id " .
283 "WHERE ar_activity.session_id IS NULL");
284 row_modify("billing", "activity = 0",
285 "pid = '$patient_id' AND " .
286 "encounter = '$encounter_id' AND " .
287 "code_type = 'COPAY' AND " .
288 "activity = 1");
289 sqlStatement("UPDATE form_encounter SET last_level_billed = 0, " .
290 "last_level_closed = 0, stmt_count = 0, last_stmt_date = NULL " .
291 "WHERE pid = '$patient_id' AND encounter = '$encounter_id'");
292 }
293 else {
294 slInitialize();
295 $trans_id = SLQueryValue("SELECT id FROM ar WHERE ar.invnumber = '$billing' LIMIT 1");
296 if ($trans_id) {
297 newEvent("delete", $_SESSION['authUser'], $_SESSION['authProvider'], 1, "Invoice $billing from SQL-Ledger");
298 SLQuery("DELETE FROM acc_trans WHERE trans_id = '$trans_id'");
299 if ($sl_err) die($sl_err);
300 SLQuery("DELETE FROM invoice WHERE trans_id = '$trans_id'");
301 if ($sl_err) die($sl_err);
302 SLQuery("DELETE FROM ar WHERE id = '$trans_id'");
303 if ($sl_err) die($sl_err);
304 } else {
305 $info_msg .= "Invoice '$billing' not found!";
306 }
307 SLClose();
308 }
309 sqlStatement("UPDATE drug_sales SET billed = 0 WHERE " .
310 "pid = '$patient_id' AND encounter = '$encounter_id'");
311 updateClaim(true, $patient_id, $encounter_id, -1, -1, 1, 0, ''); // clears for rebilling
312 }
313 else if ($transaction) {
314 if (!acl_check('admin', 'super')) die("Not authorized!");
315 row_delete("transactions", "id = '$transaction'");
316 }
317 else {
318 die("Nothing was recognized to delete!");
319 }
320
321 if (! $info_msg) $info_msg = xl('Delete successful.');
322
323 // Close this window and tell our opener that it's done.
324 //
325 echo "<script language='JavaScript'>\n";
326 if ($info_msg) echo " alert('$info_msg');\n";
327 if ($encounterid) //this code need to be same as 'parent.imdeleted($encounterid)' when the popup is div like
328 {
329 echo "window.opener.imdeleted($encounterid);\n";
330 }
331 else
332 {
333 echo "parent.imdeleted();\n";
334 }
335 echo "</script></body></html>\n";
336 exit();
337 }
338 ?>
339
340 <form method='post' name="deletefrm" action='deleter.php?patient=<?php echo $patient ?>&encounterid=<?php echo $encounterid ?>&formid=<?php echo $formid ?>&issue=<?php echo $issue ?>&document=<?php echo $document ?>&payment=<?php echo $payment ?>&billing=<?php echo $billing ?>&transaction=<?php echo $transaction ?>' onsubmit="javascript:alert('1');document.deleform.submit();">
341
342 <p class="text">&nbsp;<br><?php xl('Do you really want to delete','e'); ?>
343
344 <?php
345 if ($patient) {
346 echo xl('patient') . " $patient";
347 } else if ($encounterid) {
348 echo xl('encounter') . " $encounterid";
349 } else if ($formid) {
350 echo xl('form') . " $formid";
351 } else if ($issue) {
352 echo xl('issue') . " $issue";
353 } else if ($document) {
354 echo xl('document') . " $document";
355 } else if ($payment) {
356 echo xl('payment') . " $payment";
357 } else if ($billing) {
358 echo xl('invoice') . " $billing";
359 } else if ($transaction) {
360 echo xl('transaction') . " $transaction";
361 }
362 ?> <?php xl('and all subordinate data? This action will be logged','e'); ?>!</p>
363
364 <center>
365
366 <p class="text">&nbsp;<br>
367 <a href="#" onclick="submit_form()" class="css_button"><span><?php xl('Yes, Delete and Log','e'); ?></span></a>
368 <input type='hidden' name='form_submit' value=<?php xl('Yes, Delete and Log','e','\'','\''); ?>/>
369 <a href='#' class="css_button" onclick=popup_close();><span><?php echo xl('No, Cancel');?></span></a>
370 </p>
371
372 </center>
373 </form>
374 </body>
375 </html>
Mirror of official OpenEMR Sourceforge repository