search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Update copyright page (consolidated to one page):
[openemr.git] / interface / usergroup / user_admin.php
blobd8e1f37979de4e3d1521b6169479894a14f18ebe
1 <?php
2 // This program is free software; you can redistribute it and/or
3 // modify it under the terms of the GNU General Public License
4 // as published by the Free Software Foundation; either version 2
5 // of the License, or (at your option) any later version.
6 require_once("../globals.php");
7 require_once("../../library/acl.inc");
8 require_once("$srcdir/md5.js");
9 require_once("$srcdir/sql.inc");
10 require_once("$srcdir/calendar.inc");
11 require_once("$srcdir/formdata.inc.php");
12 require_once("$srcdir/options.inc.php");
13 require_once(dirname(__FILE__) . "/../../library/classes/WSProvider.class.php");
14
15 if (!$_GET["id"] || !acl_check('admin', 'users'))
16 exit();
17
18 if ($_GET["mode"] == "update") {
19 if ($_GET["username"]) {
20 // $tqvar = addslashes(trim($_GET["username"]));
21 $tqvar = trim(formData('username','G'));
22 $user_data = mysql_fetch_array(sqlStatement("select * from users where id={$_GET["id"]}"));
23 sqlStatement("update users set username='$tqvar' where id={$_GET["id"]}");
24 sqlStatement("update groups set user='$tqvar' where user='". $user_data["username"] ."'");
25 //echo "query was: " ."update groups set user='$tqvar' where user='". $user_data["username"] ."'" ;
26 }
27 if ($_GET["taxid"]) {
28 $tqvar = formData('taxid','G');
29 sqlStatement("update users set federaltaxid='$tqvar' where id={$_GET["id"]}");
30 }
31 if ($_GET["drugid"]) {
32 $tqvar = formData('drugid','G');
33 sqlStatement("update users set federaldrugid='$tqvar' where id={$_GET["id"]}");
34 }
35 if ($_GET["upin"]) {
36 $tqvar = formData('upin','G');
37 sqlStatement("update users set upin='$tqvar' where id={$_GET["id"]}");
38 }
39 if ($_GET["npi"]) {
40 $tqvar = formData('npi','G');
41 sqlStatement("update users set npi='$tqvar' where id={$_GET["id"]}");
42 }
43 if ($_GET["taxonomy"]) {
44 $tqvar = formData('taxonomy','G');
45 sqlStatement("update users set taxonomy = '$tqvar' where id= {$_GET["id"]}");
46 }
47 if ($_GET["lname"]) {
48 $tqvar = formData('lname','G');
49 sqlStatement("update users set lname='$tqvar' where id={$_GET["id"]}");
50 }
51 if ($_GET["job"]) {
52 $tqvar = formData('job','G');
53 sqlStatement("update users set specialty='$tqvar' where id={$_GET["id"]}");
54 }
55 if ($_GET["mname"]) {
56 $tqvar = formData('mname','G');
57 sqlStatement("update users set mname='$tqvar' where id={$_GET["id"]}");
58 }
59 if ($_GET["facility_id"]) {
60 $tqvar = formData('facility_id','G');
61 sqlStatement("update users set facility_id = '$tqvar' where id = {$_GET["id"]}");
62 //(CHEMED) Update facility name when changing the id
63 sqlStatement("UPDATE users, facility SET users.facility = facility.name WHERE facility.id = '$tqvar' AND users.id = {$_GET["id"]}");
64 //END (CHEMED)
65 }
66 if ($GLOBALS['restrict_user_facility'] && $_GET["schedule_facility"]) {
67 sqlStatement("delete from users_facility
68 where tablename='users'
69 and table_id={$_GET["id"]}
70 and facility_id not in (" . implode(",", $_GET['schedule_facility']) . ")");
71 foreach($_GET["schedule_facility"] as $tqvar) {
72 sqlStatement("replace into users_facility set
73 facility_id = '$tqvar',
74 tablename='users',
75 table_id = {$_GET["id"]}");
76 }
77 }
78 if ($_GET["fname"]) {
79 $tqvar = formData('fname','G');
80 sqlStatement("update users set fname='$tqvar' where id={$_GET["id"]}");
81 }
82 //(CHEMED) Calendar UI preference
83 if ($_GET["cal_ui"]) {
84 $tqvar = formData('cal_ui','G');
85 sqlStatement("update users set cal_ui = '$tqvar' where id = {$_GET["id"]}");
86
87 // added by bgm to set this session variable if the current user has edited
88 // their own settings
89 if ($_SESSION['authId'] == $_GET["id"]) {
90 $_SESSION['cal_ui'] = $tqvar;
91 }
92 }
93 //END (CHEMED) Calendar UI preference
94
95 if (isset($_GET['default_warehouse'])) {
96 sqlStatement("UPDATE users SET default_warehouse = '" .
97 formData('default_warehouse','G') .
98 "' WHERE id = '" . formData('id','G') . "'");
99 }
100
101 if (isset($_GET['irnpool'])) {
102 sqlStatement("UPDATE users SET irnpool = '" .
103 formData('irnpool','G') .
104 "' WHERE id = '" . formData('id','G') . "'");
105 }
106
107 if ($_GET["newauthPass"] && $_GET["newauthPass"] != "d41d8cd98f00b204e9800998ecf8427e") { // account for empty
108 $tqvar = formData('newauthPass','G');
109 sqlStatement("update users set password='$tqvar' where id={$_GET["id"]}");
110 }
111
112 // for relay health single sign-on
113 if ($_GET["ssi_relayhealth"]) {
114 $tqvar = formData('ssi_relayhealth','G');
115 sqlStatement("update users set ssi_relayhealth = '$tqvar' where id = {$_GET["id"]}");
116 }
117
118 $tqvar = $_GET["authorized"] ? 1 : 0;
119 $actvar = $_GET["active"] ? 1 : 0;
120 $calvar = $_GET["calendar"] ? 1 : 0;
121
122 sqlStatement("UPDATE users SET authorized = $tqvar, active = $actvar, " .
123 "calendar = $calvar, see_auth = '" . $_GET['see_auth'] . "' WHERE " .
124 "id = {$_GET["id"]}");
125
126 if ($_GET["comments"]) {
127 $tqvar = formData('comments','G');
128 sqlStatement("update users set info = '$tqvar' where id = {$_GET["id"]}");
129 }
130
131 if (isset($phpgacl_location) && acl_check('admin', 'acl')) {
132 // Set the access control group of user
133 $user_data = mysql_fetch_array(sqlStatement("select username from users where id={$_GET["id"]}"));
134 set_user_aro($_GET['access_group'], $user_data["username"],
135 formData('fname','G'), formData('mname','G'), formData('lname','G'));
136 }
137
138 $ws = new WSProvider($_GET['id']);
139
140 /*Dont move usergroup_admin (1).php just close window
141 // On a successful update, return to the users list.
142 include("usergroup_admin.php");
143 exit(0);
144 */ echo '
145 <script type="text/javascript">
146 <!--
147 parent.$.fn.fancybox.close();
148 //-->
149 </script>
150
151 ';
152 }
153
154 $res = sqlStatement("select * from users where id={$_GET["id"]}");
155 for ($iter = 0;$row = sqlFetchArray($res);$iter++)
156 $result[$iter] = $row;
157 $iter = $result[0];
158
159 ///
160 if (isset($_POST["mode"])) {
161 echo '
162 <script type="text/javascript">
163 <!--
164 parent.$.fn.fancybox.close();
165 //-->
166 </script>
167
168 ';
169 }
170 ///
171
172 ?>
173
174 <html>
175 <head>
176
177 <link rel="stylesheet" href="<?php echo $css_header; ?>" type="text/css">
178 <script type="text/javascript" src="../../library/dialog.js"></script>
179 <script type="text/javascript" src="../../library/js/jquery.1.3.2.js"></script>
180 <script type="text/javascript" src="../../library/js/common.js"></script>
181 <script src="checkpwd_validation.js" type="text/javascript"></script>
182
183 <script language="JavaScript">
184 function submitform() {
185 top.restoreSession();
186 var flag=0;
187 if(document.forms[0].clearPass.value!="")
188 {
189 //Checking for the strong password if the 'secure password' feature is enabled
190 if(document.forms[0].secure_pwd.value == 1)
191 {
192 var pwdresult = passwordvalidate(document.forms[0].clearPass.value);
193 if(pwdresult == 0) {
194 flag=1;
195 alert("<?php echo xl('The password must be at least eight characters, and should'); echo '\n'; echo xl('contain at least three of the four following items:'); echo '\n'; echo xl('A number'); echo '\n'; echo xl('A lowercase letter'); echo '\n'; echo xl('An uppercase letter'); echo '\n'; echo xl('A special character');echo '('; echo xl('not a letter or number'); echo ').'; echo '\n'; echo xl('For example:'); echo ' healthCare@09'; ?>");
196 return false;
197 }
198 }
199 //Checking for password history if the 'password history' feature is enabled.
200 if(document.forms[0].pwd_history.value == 1){
201 var p = MD5(document.forms[0].clearPass.value);
202 var p1 = document.forms[0].pwd.value;
203 var p2 = document.forms[0].pwd_history1.value;
204 var p3 = document.forms[0].pwd_history2.value;
205 if((p == p1) || (p == p2) || (p == p3))
206 {
207 flag=1;
208 document.getElementById('error_message').innerHTML="<?php xl('Recent three passwords are not allowed.',e) ?>";
209 return false;
210 }
211 }
212
213 }//If pwd null ends here
214 //Request to reset the user password if the user was deactived once the password expired.
215 if((document.forms[0].pwd_expires.value != 0) && (document.forms[0].clearPass.value == "")) {
216 if((document.forms[0].user_type.value != "Emergency Login") && (document.forms[0].pre_active.value == 0) && (document.forms[0].active.checked == 1) && (document.forms[0].grace_time.value != "") && (document.forms[0].current_date.value) > (document.forms[0].grace_time.value))
217 {
218 flag=1;
219 document.getElementById('error_message').innerHTML="<?php xl('Please reset the password.',e) ?>";
220 }
221 }
222 var sel = getSelected(document.forms[0].access_group_id.options);
223 for (var item in sel){
224 if(sel[item].value == "Emergency Login"){
225 document.forms[0].check_acl.value = 1;
226 }
227 }
228
229 if(flag == 0){
230 document.forms[0].newauthPass.value=MD5(document.forms[0].clearPass.value);document.forms[0].clearPass.value='';
231 document.forms[0].submit();
232 parent.$.fn.fancybox.close();
233 }
234 }
235 //Getting the list of selected item in ACL
236 function getSelected(opt) {
237 var selected = new Array();
238 var index = 0;
239 for (var intLoop = 0; intLoop < opt.length; intLoop++) {
240 if ((opt[intLoop].selected) ||
241 (opt[intLoop].checked)) {
242 index = selected.length;
243 selected[index] = new Object;
244 selected[index].value = opt[intLoop].value;
245 selected[index].index = intLoop;
246 }
247 }
248 return selected;
249 }
250 function authorized_clicked() {
251 var f = document.forms[0];
252 f.calendar.disabled = !f.authorized.checked;
253 f.calendar.checked = f.authorized.checked;
254 }
255
256 </script>
257
258 </head>
259 <body class="body_top">
260 <table><tr><td>
261 <span class="title"><?php xl('Edit User','e'); ?></span>&nbsp;
262 </td><td>
263 <a class="css_button" name='form_save' id='form_save' href='#' onclick='return submitform()'> <span><?php xl('Save','e');?></span> </a>
264 <a class="css_button" id='cancel' href='#'><span><?php xl('Cancel','e');?></span></a>
265 </td></tr>
266 </table>
267 <br>
268 <FORM NAME="user_form" METHOD="GET" ACTION="usergroup_admin.php" target="_parent" onsubmit='return top.restoreSession()'>
269 <input type=hidden name="pwd_history" value="<? echo $GLOBALS['password_history']; ?>" >
270 <input type=hidden name="pwd_history1" value="<? echo $iter["pwd_history1"]; ?>" >
271 <input type=hidden name="pwd_history2" value="<? echo $iter["pwd_history2"]; ?>" >
272 <input type=hidden name="pwd" value="<? echo $iter["password"]; ?>" >
273
274 <input type=hidden name="pwd_expires" value="<? echo $GLOBALS['password_expiration_days']; ?>" >
275 <input type=hidden name="pre_active" value="<? echo $iter["active"]; ?>" >
276 <input type=hidden name="exp_date" value="<? echo $iter["pwd_expiration_date"]; ?>" >
277 <input type=hidden name="get_admin_id" value="<? echo $GLOBALS['Emergency_Login_email']; ?>" >
278 <input type=hidden name="admin_id" value="<? echo $GLOBALS['Emergency_Login_email_id']; ?>" >
279 <input type=hidden name="check_acl" value="">
280 <?php
281 //Calculating the grace time
282 $current_date = date("Y-m-d");
283 $password_exp=$iter["pwd_expiration_date"];
284 if($password_exp != "0000-00-00")
285 {
286 $grace_time1 = date("Y-m-d", strtotime($password_exp . "+".$GLOBALS['password_grace_time'] ."days"));
287 }
288 ?>
289 <input type=hidden name="current_date" value="<? echo strtotime($current_date); ?>" >
290 <input type=hidden name="grace_time" value="<? echo strtotime($grace_time1); ?>" >
291 <!-- Get the list ACL for the user -->
292 <?php
293 $acl_name=acl_get_group_titles($iter["username"]);
294 $bg_count=count($acl_name);
295 for($i=0;$i<$bg_count;$i++){
296 if($acl_name[$i] == "Emergency Login")
297 $bg_name=$acl_name[$i];
298 }
299 ?>
300 <input type=hidden name="user_type" value="<? echo $bg_name; ?>" >
301
302 <TABLE border=0 cellpadding=0 cellspacing=0>
303 <TR>
304 <TD style="width:180px;"><span class=text><?php xl('Username','e'); ?>: </span></TD><TD style="width:270px;"><input type=entry name=username style="width:150px;" value="<?php echo $iter["username"]; ?>" disabled></td>
305 <TD style="width:200px;"><span class=text><?php xl('Password','e'); ?>: </span></TD><TD class='text' style="width:280px;"><input type=entry name=clearPass style="width:150px;" value=""><font class="mandatory">*</font></td>
306 </TR>
307
308 <TR height="30" style="valign:middle;">
309 <td><span class="text">&nbsp;</span></td><td>&nbsp;</td>
310 <td colspan="2"><span class=text><?php xl('Provider','e'); ?>:
311 <input type="checkbox" name="authorized" onclick="authorized_clicked()"<?php
312 if ($iter["authorized"]) echo " checked"; ?> />
313 &nbsp;&nbsp;<span class='text'><?php xl('Calendar','e'); ?>:
314 <input type="checkbox" name="calendar"<?php
315 if ($iter["calendar"]) echo " checked";
316 if (!$iter["authorized"]) echo " disabled"; ?> />
317 &nbsp;&nbsp;<span class='text'><?php xl('Active','e'); ?>:
318 <input type="checkbox" name="active"<?php if ($iter["active"]) echo " checked"; ?> />
319 </TD>
320 </TR>
321
322 <TR>
323 <TD><span class=text><?php xl('First Name','e'); ?>: </span></TD>
324 <TD><input type=entry name=fname style="width:150px;" value="<?php echo $iter["fname"]; ?>"></td>
325 <td><span class=text><?php xl('Middle Name','e'); ?>: </span></TD><td><input type=entry name=mname style="width:150px;" value="<?php echo $iter["mname"]; ?>"></td>
326 </TR>
327
328 <TR>
329 <td><span class=text><?php xl('Last Name','e'); ?>: </span></td><td><input type=entry name=lname style="width:150px;" value="<?php echo $iter["lname"]; ?>"></td>
330 <td><span class=text><?php xl('Default Facility','e'); ?>: </span></td><td><select name=facility_id style="width:150px;" >
331 <?php
332 $fres = sqlStatement("select * from facility where service_location != 0 order by name");
333 if ($fres) {
334 for ($iter2 = 0; $frow = sqlFetchArray($fres); $iter2++)
335 $result[$iter2] = $frow;
336 foreach($result as $iter2) {
337 ?>
338 <option value="<?php echo $iter2['id']; ?>" <?php if ($iter['facility_id'] == $iter2['id']) echo "selected"; ?>><?php echo htmlspecialchars($iter2['name']); ?></option>
339 <?php
340 }
341 }
342 ?>
343 </select></td>
344 </tr>
345
346 <?php if ($GLOBALS['restrict_user_facility']) { ?>
347 <tr>
348 <td colspan=2>&nbsp;</td>
349 <td><span class=text><?php xl('Schedule Facilities:', 'e');?></td>
350 <td>
351 <select name="schedule_facility[]" multiple style="width:150px;" >
352 <?php
353 $userFacilities = getUserFacilities($_GET['id']);
354 $ufid = array();
355 foreach($userFacilities as $uf)
356 $ufid[] = $uf['id'];
357 $fres = sqlStatement("select * from facility where service_location != 0 order by name");
358 if ($fres) {
359 while($frow = sqlFetchArray($fres)):
360 ?>
361 <option <?php echo in_array($frow['id'], $ufid) || $frow['id'] == $iter['facility_id'] ? "selected" : null ?>
362 value="<?php echo $frow['id'] ?>"><?php echo htmlspecialchars($frow['name']) ?></option>
363 <?php
364 endwhile;
365 }
366 ?>
367 </select>
368 </td>
369 </tr>
370 <?php } ?>
371
372 <TR>
373 <TD><span class=text><?php xl('Federal Tax ID','e'); ?>: </span></TD><TD><input type=text name=taxid style="width:150px;" value="<?php echo $iter["federaltaxid"]?>"></td>
374 <TD><span class=text><?php xl('Federal Drug ID','e'); ?>: </span></TD><TD><input type=text name=drugid style="width:150px;" value="<?php echo $iter["federaldrugid"]?>"></td>
375 </TR>
376
377 <tr>
378 <td><span class="text"><?php xl('UPIN','e'); ?>: </span></td><td><input type="text" name="upin" style="width:150px;" value="<?php echo $iter["upin"]?>"></td>
379 <td class='text'><?php xl('See Authorizations','e'); ?>: </td>
380 <td><select name="see_auth" style="width:150px;" >
381 <?php
382 foreach (array(1 => xl('None'), 2 => xl('Only Mine'), 3 => xl('All')) as $key => $value)
383 {
384 echo " <option value='$key'";
385 if ($key == $iter['see_auth']) echo " selected";
386 echo ">$value</option>\n";
387 }
388 ?>
389 </select></td>
390 </tr>
391
392 <tr>
393 <td><span class="text"><?php xl('NPI','e'); ?>: </span></td><td><input type="text" name="npi" style="width:150px;" value="<?php echo $iter["npi"]?>"></td>
394 <td><span class="text"><?php xl('Job Description','e'); ?>: </span></td><td><input type="text" name="job" style="width:150px;" value="<?php echo $iter["specialty"]?>"></td>
395 </tr>
396
397 <?php if (!empty($GLOBALS['ssi']['rh'])) { ?>
398 <tr>
399 <td><span class="text"><?php xl('Relay Health ID', 'e'); ?>: </span></td>
400 <td><input type="password" name="ssi_relayhealth" style="width:150px;" value="<?php echo $iter["ssi_relayhealth"]; ?>"></td>
401 </tr>
402 <?php } ?>
403
404 <!-- (CHEMED) Calendar UI preference -->
405 <tr>
406 <td><span class="text"><?php xl('Taxonomy','e'); ?>: </span></td>
407 <td><input type="text" name="taxonomy" style="width:150px;" value="<?php echo $iter["taxonomy"]?>"></td>
408 <td><span class="text"><?php xl('Calendar UI','e'); ?>: </span></td><td><select name="cal_ui" style="width:150px;" >
409 <?php
410 foreach (array(3 => xl('Outlook'), 1 => xl('Original'), 2 => xl('Fancy')) as $key => $value)
411 {
412 echo " <option value='$key'";
413 if ($key == $iter['cal_ui']) echo " selected";
414 echo ">$value</option>\n";
415 }
416 ?>
417 </select></td>
418 </tr>
419 <!-- END (CHEMED) Calendar UI preference -->
420
421 <?php if ($GLOBALS['inhouse_pharmacy']) { ?>
422 <tr>
423 <td class="text"><?php xl('Default Warehouse','e'); ?>: </td>
424 <td class='text'>
425 <?php
426 echo generate_select_list('default_warehouse', 'warehouse',
427 $iter['default_warehouse'], '');
428 ?>
429 </td>
430 <td class="text"><?php xl('Invoice Refno Pool','e'); ?>: </td>
431 <td class='text'>
432 <?php
433 echo generate_select_list('irnpool', 'irnpool', $iter['irnpool'],
434 xl('Invoice reference number pool, if used'));
435 ?>
436 </td>
437 </tr>
438 <?php } ?>
439
440 <?php
441 // Collect the access control group of user
442 if (isset($phpgacl_location) && acl_check('admin', 'acl')) {
443 ?>
444 <tr>
445 <td class='text'><?php xl('Access Control','e'); ?>:</td>
446 <td><select id="access_group_id" name="access_group[]" multiple style="width:150px;" >
447 <?php
448 $list_acl_groups = acl_get_group_title_list();
449 $username_acl_groups = acl_get_group_titles($iter["username"]);
450 foreach ($list_acl_groups as $value) {
451 if (($username_acl_groups) && in_array($value,$username_acl_groups)) {
452 // Modified 6-2009 by BM - Translate group name if applicable
453 echo " <option value='$value' selected>" . xl_gacl_group($value) . "</option>\n";
454 }
455 else {
456 // Modified 6-2009 by BM - Translate group name if applicable
457 echo " <option value='$value'>" . xl_gacl_group($value) . "</option>\n";
458 }
459 }
460 ?>
461 </select></td>
462 <td><span class=text><?php xl('Additional Info','e'); ?>:</span></td>
463 <td><textarea style="width:150px;" name="comments" wrap=auto rows=4 cols=25><?php echo $iter["info"];?></textarea></td>
464
465 </tr>
466 <tr height="20" valign="bottom">
467 <td colspan="4" class="text">
468 <font class="mandatory">*</font> <?php xl('Leave blank to keep password unchanged.','e'); ?>
469 <!--
470 Display red alert if entered password matched one of last three passwords/Display red alert if user password was expired and the user was inactivated previously
471 -->
472 <div class="redtext" id="error_message">&nbsp;</div>
473 </td>
474 </tr>
475 <?php
476 }
477 ?>
478 </table>
479
480 <INPUT TYPE="HIDDEN" NAME="id" VALUE="<?php echo $_GET["id"]; ?>">
481 <INPUT TYPE="HIDDEN" NAME="mode" VALUE="update">
482 <INPUT TYPE="HIDDEN" NAME="privatemode" VALUE="user_admin">
483 <INPUT TYPE="HIDDEN" NAME="newauthPass" VALUE="">
484 <INPUT TYPE="HIDDEN" NAME="secure_pwd" VALUE="<? echo $GLOBALS['secure_password']; ?>">
485 </FORM>
486 <script language="JavaScript">
487 $(document).ready(function(){
488 $("#cancel").click(function() {
489 parent.$.fn.fancybox.close();
490 });
491
492 });
493 </script>
494 </BODY>
495
496 </HTML>
497
498 <?php
499 // d41d8cd98f00b204e9800998ecf8427e == blank
500 ?>
Mirror of official OpenEMR Sourceforge repository