search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
bug fix march continued (#1921)
[openemr.git] / interface / usergroup / user_admin.php
blob7362b29b2c425afc8ecbbf894fdf9e6bc807f91c
1 <?php
2 /**
3 * Edit user.
4 *
5 * @package OpenEMR
6 * @link http://www.open-emr.org
7 * @author Brady Miller <brady.g.miller@gmail.com>
8 * @copyright Copyright (c) 2017 Brady Miller <brady.g.miller@gmail.com>
9 * @license https://github.com/openemr/openemr/blob/master/LICENSE GNU General Public License 3
10 */
11
12 require_once("../globals.php");
13 require_once("../../library/acl.inc");
14 require_once("$srcdir/calendar.inc");
15 require_once("$srcdir/options.inc.php");
16 require_once("$srcdir/erx_javascript.inc.php");
17
18 use OpenEMR\Core\Header;
19 use OpenEMR\Menu\MainMenuRole;
20 use OpenEMR\Menu\PatientMenuRole;
21 use OpenEMR\Services\FacilityService;
22
23 $facilityService = new FacilityService();
24
25 if (!$_GET["id"] || !acl_check('admin', 'users')) {
26 exit();
27 }
28
29 $res = sqlStatement("select * from users where id=?", array($_GET["id"]));
30 for ($iter = 0; $row = sqlFetchArray($res); $iter++) {
31 $result[$iter] = $row;
32 }
33
34 $iter = $result[0];
35
36 ?>
37
38 <html>
39 <head>
40
41 <?php Header::setupHeader(['common','opener']); ?>
42
43 <script src="checkpwd_validation.js" type="text/javascript"></script>
44
45 <!-- validation library -->
46 <!--//Not lbf forms use the new validation, please make sure you have the corresponding values in the list Page validation-->
47 <?php $use_validate_js = 1;?>
48 <?php require_once($GLOBALS['srcdir'] . "/validation/validation_script.js.php"); ?>
49 <?php
50 //Gets validation rules from Page Validation list.
51 //Note that for technical reasons, we are bypassing the standard validateUsingPageRules() call.
52 $collectthis = collectValidationPageRules("/interface/usergroup/user_admin.php");
53 if (empty($collectthis)) {
54 $collectthis = "undefined";
55 } else {
56 $collectthis = $collectthis["user_form"]["rules"];
57 }
58 ?>
59
60 <script language="JavaScript">
61
62 /*
63 * validation on the form with new client side validation (using validate.js).
64 * this enable to add new rules for this form in the pageValidation list.
65 * */
66 var collectvalidation = <?php echo($collectthis); ?>;
67
68 function checkChange()
69 {
70 alert("<?php echo addslashes(xl('If you change e-RX Role for ePrescription, it may affect the ePrescription workflow. If you face any difficulty, contact your ePrescription vendor.'));?>");
71 }
72 function submitform() {
73
74 var valid = submitme(1, undefined, 'user_form', collectvalidation);
75 if (!valid) return;
76
77 top.restoreSession();
78 var flag=0;
79 <?php if (!$GLOBALS['use_active_directory']) { ?>
80 if(document.forms[0].clearPass.value!="")
81 {
82 //Checking for the strong password if the 'secure password' feature is enabled
83 if(document.forms[0].secure_pwd.value === 1)
84 {
85 var pwdresult = passwordvalidate(document.forms[0].clearPass.value);
86 if(pwdresult == 0) {
87 flag=1;
88 alert("<?php echo xls('The password must be at least eight characters, and should');
89 echo '\n';
90 echo xls('contain at least three of the four following items:');
91 echo '\n';
92 echo xls('A number');
93 echo '\n';
94 echo xls('A lowercase letter');
95 echo '\n';
96 echo xls('An uppercase letter');
97 echo '\n';
98 echo xls('A special character');
99 echo '(';
100 echo xls('not a letter or number');
101 echo ').';
102 echo '\n';
103 echo xls('For example:');
104 echo ' healthCare@09'; ?>");
105 return false;
106 }
107 }
108
109 }//If pwd null ends here
110 <?php } ?>
111 //Request to reset the user password if the user was deactived once the password expired.
112 if((document.forms[0].pwd_expires.value != 0) && (document.forms[0].clearPass.value == "")) {
113 if((document.forms[0].user_type.value != "Emergency Login") && (document.forms[0].pre_active.value == 0) && (document.forms[0].active.checked == 1) && (document.forms[0].grace_time.value != "") && (document.forms[0].current_date.value) > (document.forms[0].grace_time.value))
114 {
115 flag=1;
116 document.getElementById('error_message').innerHTML="<?php echo xla('Please reset the password.') ?>";
117 }
118 }
119
120 if (document.forms[0].access_group_id) {
121 var sel = getSelected(document.forms[0].access_group_id.options);
122 for (var item in sel) {
123 if (sel[item].value == "Emergency Login") {
124 document.forms[0].check_acl.value = 1;
125 }
126 }
127 }
128
129 <?php if ($GLOBALS['erx_enable']) { ?>
130 alertMsg='';
131 f=document.forms[0];
132 for(i=0;i<f.length;i++){
133 if(f[i].type=='text' && f[i].value)
134 {
135 if(f[i].name == 'fname' || f[i].name == 'mname' || f[i].name == 'lname')
136 {
137 alertMsg += checkLength(f[i].name,f[i].value,35);
138 alertMsg += checkUsername(f[i].name,f[i].value);
139 }
140 else if(f[i].name == 'taxid')
141 {
142 alertMsg += checkLength(f[i].name,f[i].value,10);
143 alertMsg += checkFederalEin(f[i].name,f[i].value);
144 }
145 else if(f[i].name == 'state_license_number')
146 {
147 alertMsg += checkLength(f[i].name,f[i].value,10);
148 alertMsg += checkStateLicenseNumber(f[i].name,f[i].value);
149 }
150 else if(f[i].name == 'npi')
151 {
152 alertMsg += checkLength(f[i].name,f[i].value,10);
153 alertMsg += checkTaxNpiDea(f[i].name,f[i].value);
154 }
155 else if(f[i].name == 'drugid')
156 {
157 alertMsg += checkLength(f[i].name,f[i].value,30);
158 alertMsg += checkAlphaNumeric(f[i].name,f[i].value);
159 }
160 }
161 }
162 if(alertMsg)
163 {
164 alert(alertMsg);
165 return false;
166 }
167 <?php } ?>
168
169 if (flag === 0) {
170 let post_url = $("#user_form").attr("action");
171 let request_method = $("#user_form").attr("method");
172 let form_data = $("#user_form").serialize();
173 // submit form
174 $.ajax({
175 url: post_url,
176 type: request_method,
177 data: form_data
178 }).done(function (r) {
179 if (r) {
180 alert(r);
181 } else {
182 dlgclose('reload', false);
183 }
184 });
185 return false;
186 }
187 }
188 //Getting the list of selected item in ACL
189 function getSelected(opt) {
190 var selected = new Array();
191 var index = 0;
192 for (var intLoop = 0; intLoop < opt.length; intLoop++) {
193 if ((opt[intLoop].selected) ||
194 (opt[intLoop].checked)) {
195 index = selected.length;
196 selected[index] = new Object;
197 selected[index].value = opt[intLoop].value;
198 selected[index].index = intLoop;
199 }
200 }
201 return selected;
202 }
203
204 function authorized_clicked() {
205 var f = document.forms[0];
206 f.calendar.disabled = !f.authorized.checked;
207 f.calendar.checked = f.authorized.checked;
208 }
209
210 </script>
211 <style type="text/css">
212 .physician_type_class{
213 width: 150px !important;
214 }
215 #main_menu_role {
216 width: 120px !important;
217 }
218 </style>
219 </head>
220 <body class="body_top">
221
222 <div class="container">
223
224 <table><tr><td>
225 <span class="title"><?php echo xlt('Edit User'); ?></span>&nbsp;
226 </td><td>
227 <a class="btn btn-default btn-save" name='form_save' id='form_save' href='#' onclick='return submitform()'> <span><?php echo xlt('Save');?></span> </a>
228 <a class="btn btn-link btn-cancel" id='cancel' href='#'><span><?php echo xlt('Cancel');?></span></a>
229 </td></tr>
230 </table>
231 <br>
232 <FORM NAME="user_form" id="user_form" METHOD="POST" ACTION="usergroup_admin.php">
233
234 <input type=hidden name="pwd_expires" value="<?php echo attr($GLOBALS['password_expiration_days']); ?>" >
235 <input type=hidden name="pre_active" value="<?php echo attr($iter["active"]); ?>" >
236 <input type=hidden name="exp_date" value="<?php echo attr($iter["pwd_expiration_date"]); ?>" >
237 <input type=hidden name="get_admin_id" value="<?php echo attr($GLOBALS['Emergency_Login_email']); ?>" >
238 <input type=hidden name="admin_id" value="<?php echo attr($GLOBALS['Emergency_Login_email_id']); ?>" >
239 <input type=hidden name="check_acl" value="">
240 <?php
241 //Calculating the grace time
242 $current_date = date("Y-m-d");
243 $password_exp=$iter["pwd_expiration_date"];
244 if ($password_exp != "0000-00-00") {
245 $grace_time1 = date("Y-m-d", strtotime($password_exp . "+".$GLOBALS['password_grace_time'] ."days"));
246 }
247 ?>
248 <input type=hidden name="current_date" value="<?php echo strtotime($current_date); ?>" >
249 <input type=hidden name="grace_time" value="<?php echo strtotime($grace_time1); ?>" >
250 <!-- Get the list ACL for the user -->
251 <?php
252 $acl_name=acl_get_group_titles($iter["username"]);
253 $bg_name='';
254 $bg_count=count($acl_name);
255 for ($i=0; $i<$bg_count; $i++) {
256 if ($acl_name[$i] == "Emergency Login") {
257 $bg_name=$acl_name[$i];
258 }
259 }
260 ?>
261 <input type=hidden name="user_type" value="<?php echo attr($bg_name); ?>" >
262
263 <TABLE border=0 cellpadding=0 cellspacing=0>
264 <TR>
265 <TD style="width:180px;"><span class=text><?php echo xlt('Username'); ?>: </span></TD>
266 <TD style="width:270px;"><input type=entry name=username style="width:150px;" class="form-control" value="<?php echo attr($iter["username"]); ?>" disabled></td>
267 <?php if (!$GLOBALS['use_active_directory']) { ?>
268 <TD style="width:200px;"><span class=text>*<?php echo xlt('Your Password'); ?>*: </span></TD>
269 <TD class='text' style="width:280px;"><input type='password' name=adminPass style="width:150px;" class="form-control" value="" autocomplete='off'><font class="mandatory"></font></TD>
270 <?php } ?>
271 </TR>
272 <?php if (!$GLOBALS['use_active_directory']) { ?>
273 <TR>
274 <TD style="width:180px;"><span class=text></span></TD>
275 <TD style="width:270px;"></td>
276 <TD style="width:200px;"><span class=text><?php echo xlt('User\'s New Password'); ?>: </span></TD>
277 <TD class='text' style="width:280px;"> <input type=text name=clearPass style="width:150px;" class="form-control" value=""><font class="mandatory"></font></td>
278 </TR>
279 <?php } ?>
280
281 <TR height="30" style="valign:middle;">
282 <td class='text'>
283 <?php echo xlt('Clear 2FA'); ?>:
284 </td>
285 <td title='<?php echo xla('Remove multi-factor authentications for this person.'); ?>'>
286 <input type="checkbox" name="clear_2fa" value='1' />
287 </td>
288 <td colspan="2"><span class=text><?php echo xlt('Provider'); ?>:
289 <input type="checkbox" name="authorized" onclick="authorized_clicked()"<?php
290 if ($iter["authorized"]) {
291 echo " checked";
292 } ?> />
293 &nbsp;&nbsp;<span class='text'><?php echo xlt('Calendar'); ?>:
294 <input type="checkbox" name="calendar"<?php
295 if ($iter["calendar"]) {
296 echo " checked";
297 }
298
299 if (!$iter["authorized"]) {
300 echo " disabled";
301 } ?> />
302 &nbsp;&nbsp;<span class='text'><?php echo xlt('Active'); ?>:
303 <input type="checkbox" name="active"<?php echo ($iter["active"]) ? " checked" : ""; ?>/>
304 </TD>
305 </TR>
306
307 <TR>
308 <TD><span class=text><?php echo xlt('First Name'); ?>: </span></TD>
309 <TD><input type=entry name=fname id=fname style="width:150px;" class="form-control" value="<?php echo attr($iter["fname"]); ?>"><span class="mandatory"></span></td>
310 <td><span class=text><?php echo xlt('Middle Name'); ?>: </span></TD><td><input type=entry name=mname style="width:150px;" value="<?php echo attr($iter["mname"]); ?>"></td>
311 </TR>
312
313 <TR>
314 <td><span class=text><?php echo xlt('Last Name'); ?>: </span></td><td><input type=entry name=lname id=lname style="width:150px;" class="form-control" value="<?php echo attr($iter["lname"]); ?>"><span class="mandatory"></span></td>
315 <td><span class=text><?php echo xlt('Default Facility'); ?>: </span></td><td><select name=facility_id style="width:150px;" class="form-control">
316 <?php
317 $fres = $facilityService->getAllBillingLocations();
318 if ($fres) {
319 for ($iter2 = 0; $iter2 < sizeof($fres); $iter2++) {
320 $result[$iter2] = $fres[$iter2];
321 }
322
323 foreach ($result as $iter2) {
324 ?>
325 <option value="<?php echo attr($iter2['id']); ?>" <?php if ($iter['facility_id'] == $iter2['id']) {
326 echo "selected";
327 } ?>><?php echo text($iter2['name']); ?></option>
328 <?php
329 }
330 }
331 ?>
332 </select></td>
333 </tr>
334
335 <?php if ($GLOBALS['restrict_user_facility']) { ?>
336 <tr>
337 <td colspan=2>&nbsp;</td>
338 <td><span class=text><?php echo xlt('Schedule Facilities:');?></td>
339 <td>
340 <select name="schedule_facility[]" multiple style="width:150px;" class="form-control">
341 <?php
342 $userFacilities = getUserFacilities($_GET['id']);
343 $ufid = array();
344 foreach ($userFacilities as $uf) {
345 $ufid[] = $uf['id'];
346 }
347
348 $fres = $facilityService->getAllServiceLocations();
349 if ($fres) {
350 foreach ($fres as $frow) :
351 ?>
352 <option <?php echo in_array($frow['id'], $ufid) || $frow['id'] == $iter['facility_id'] ? "selected" : null ?>
353 class="form-control" value="<?php echo attr($frow['id']); ?>"><?php echo text($frow['name']) ?></option>
354 <?php
355 endforeach;
356 }
357 ?>
358 </select>
359 </td>
360 </tr>
361 <?php } ?>
362
363 <TR>
364 <TD><span class=text><?php echo xlt('Federal Tax ID'); ?>: </span></TD><TD><input type=text name=taxid style="width:150px;" class="form-control" value="<?php echo attr($iter["federaltaxid"]); ?>"></td>
365 <TD><span class=text><?php echo xlt('Federal Drug ID'); ?>: </span></TD><TD><input type=text name=drugid style="width:150px;" class="form-control" value="<?php echo attr($iter["federaldrugid"]); ?>"></td>
366 </TR>
367
368 <tr>
369 <td><span class="text"><?php echo xlt('UPIN'); ?>: </span></td><td><input type="text" name="upin" style="width:150px;" class="form-control" value="<?php echo attr($iter["upin"]); ?>"></td>
370 <td class='text'><?php echo xlt('See Authorizations'); ?>: </td>
371 <td><select name="see_auth" style="width:150px;" class="form-control" >
372 <?php
373 foreach (array(1 => xl('None'), 2 => xl('Only Mine'), 3 => xl('All')) as $key => $value) {
374 echo " <option value='" . attr($key) . "'";
375 if ($key == $iter['see_auth']) {
376 echo " selected";
377 }
378
379 echo ">" . text($value) . "</option>\n";
380 }
381 ?>
382 </select></td>
383 </tr>
384
385 <tr>
386 <td><span class="text"><?php echo xlt('NPI'); ?>: </span></td><td><input type="text" name="npi" style="width:150px;" class="form-control" value="<?php echo attr($iter["npi"]); ?>"></td>
387 <td><span class="text"><?php echo xlt('Job Description'); ?>: </span></td><td><input type="text" name="job" style="width:150px;" class="form-control" value="<?php echo attr($iter["specialty"]); ?>"></td>
388 </tr>
389
390 <tr>
391 <td><span class="text"><?php echo xlt('Taxonomy'); ?>: </span></td>
392 <td><input type="text" name="taxonomy" style="width:150px;" class="form-control" value="<?php echo attr($iter["taxonomy"]); ?>"></td>
393 <td>&nbsp;</td><td>&nbsp;</td></tr>
394
395 <tr>
396 <td><span class="text"><?php echo xlt('State License Number'); ?>: </span></td>
397 <td><input type="text" name="state_license_number" style="width:150px;" class="form-control" value="<?php echo attr($iter["state_license_number"]); ?>"></td>
398 <td class='text'><?php echo xlt('NewCrop eRX Role'); ?>:</td>
399 <td>
400 <?php echo generate_select_list("erxrole", "newcrop_erx_role", $iter['newcrop_user_role'], '', xl('Select Role'), '', '', '', array('style'=>'width:150px')); ?>
401 </td>
402 </tr>
403 <tr>
404 <td><span class="text"><?php echo xlt('Weno Provider ID'); ?>: </span></td><td><input type="text" name="erxprid" style="width:150px;" class="form-control" value="<?php echo attr($iter["weno_prov_id"]); ?>"></td>
405 </tr>
406
407 <tr>
408 <td><span class="text"><?php echo xlt('Provider Type'); ?>: </span></td>
409 <td><?php echo generate_select_list("physician_type", "physician_type", $iter['physician_type'], '', xl('Select Type'), 'physician_type_class', '', '', ''); ?></td>
410 </tr>
411 <tr>
412 <td>
413 <span class="text"><?php echo xlt('Main Menu Role'); ?>: </span>
414 </td>
415 <td>
416 <?php
417 $menuMain = new MainMenuRole();
418 echo $menuMain->displayMenuRoleSelector($iter["main_menu_role"]);
419 ?>
420 </td>
421 <td>
422 <span class="text"><?php echo xlt('Patient Menu Role'); ?>: </span>
423 </td>
424 <td>
425 <?php
426 $menuPatient = new PatientMenuRole();
427 echo $menuPatient->displayMenuRoleSelector($iter["patient_menu_role"]);
428 ?>
429 </td>
430
431
432 </tr>
433 <?php if ($GLOBALS['inhouse_pharmacy']) { ?>
434 <tr>
435 <td class="text"><?php echo xlt('Default Warehouse'); ?>: </td>
436 <td class='text'>
437 <?php
438 echo generate_select_list(
439 'default_warehouse',
440 'warehouse',
441 $iter['default_warehouse'],
442 ''
443 );
444 ?>
445 </td>
446 <td class="text"><?php echo xlt('Invoice Refno Pool'); ?>: </td>
447 <td class='text'>
448 <?php
449 echo generate_select_list(
450 'irnpool',
451 'irnpool',
452 $iter['irnpool'],
453 xl('Invoice reference number pool, if used')
454 );
455 ?>
456 </td>
457 </tr>
458 <?php } ?>
459
460 <tr>
461 <td class='text'><?php echo xlt('Access Control'); ?>:</td>
462 <td><select id="access_group_id" name="access_group[]" multiple style="width:150px;" class="form-control">
463 <?php
464 // Collect the access control group of user
465 $list_acl_groups = acl_get_group_title_list();
466 $username_acl_groups = acl_get_group_titles($iter["username"]);
467 foreach ($list_acl_groups as $value) {
468 if (($username_acl_groups) && in_array($value, $username_acl_groups)) {
469 // Modified 6-2009 by BM - Translate group name if applicable
470 echo " <option value='" . attr($value) . "' selected>" . text(xl_gacl_group($value)) . "</option>\n";
471 } else {
472 // Modified 6-2009 by BM - Translate group name if applicable
473 echo " <option value='" . attr($value) . "'>" . text(xl_gacl_group($value)) . "</option>\n";
474 }
475 }
476 ?>
477 </select></td>
478 <td><span class=text><?php echo xlt('Additional Info'); ?>:</span></td>
479 <td><textarea style="width:150px;" name="comments" wrap=auto rows=4 cols=25 class="form-control"><?php echo text($iter["info"]); ?></textarea></td>
480
481 </tr>
482 <tr height="20" valign="bottom">
483 <td colspan="4" class="text">
484 *<?php echo xlt('You must enter your own password to change user passwords. Leave blank to keep password unchanged.'); ?>
485 <!--
486 Display red alert if entered password matched one of last three passwords/Display red alert if user password was expired and the user was inactivated previously
487 -->
488 <div class="redtext" id="error_message">&nbsp;</div>
489 </td>
490 </tr>
491
492 </table>
493
494 <INPUT TYPE="HIDDEN" NAME="id" VALUE="<?php echo attr($_GET["id"]); ?>">
495 <INPUT TYPE="HIDDEN" NAME="mode" VALUE="update">
496 <INPUT TYPE="HIDDEN" NAME="privatemode" VALUE="user_admin">
497
498 <INPUT TYPE="HIDDEN" NAME="secure_pwd" VALUE="<?php echo attr($GLOBALS['secure_password']); ?>">
499 </FORM>
500 <script language="JavaScript">
501 $(document).ready(function(){
502 $("#cancel").click(function() {
503 dlgclose();
504 });
505
506 });
507 </script>
508
509 <div class="container">
510
511 </BODY>
512
513 </HTML>
514
515 <?php
516 // d41d8cd98f00b204e9800998ecf8427e == blank
517 ?>
Mirror of official OpenEMR Sourceforge repository