library/deletedrug.php

   1 <?php
   2
   3 /**
   4  *  @package   OpenEMR
   5  *  @link      http://www.open-emr.org
   6  *  @author    Sherwin Gaddis <sherwingaddis@gmail.com>
   7  *  @copyright Copyright (c )2020. Sherwin Gaddis <sherwingaddis@gmail.com>
   8  *  @license   https://github.com/openemr/openemr/blob/master/LICENSE GNU General Public License 3
   9  *
  10  *
  11  */
  12
  13 require_once "../interface/globals.php";
  14
  15 use OpenEMR\Common\Acl\AclMain;
  16 use OpenEMR\Common\Csrf\CsrfUtils;
  17 use OpenEMR\Common\Logging\EventAuditLogger;
  18
  19 //ensure user has proper access
  20 if (!AclMain::aclCheckCore('patient', 'rx', '', 'write')) {
  21     echo xlt('ACL Administration Not Authorized');
  22     exit;
  23 }
  24
  25 $id = filter_input(INPUT_POST, 'drugId', FILTER_VALIDATE_INT);
  26 $id = trim($id);
  27 if (isset($id)) {
  28     if (!CsrfUtils::verifyCsrfToken($_POST["csrf_token_form"])) {
  29         CsrfUtils::csrfNotVerified();
  30     }
  31
  32     /**
  33      * find the drug name in the prescription table
  34      */
  35     try {
  36         $drug_name = "SELECT patient_id, drug FROM prescriptions WHERE id = ?";
  37         $dn = sqlQuery($drug_name, [$id]);
  38     } catch (Exception $e) {
  39         echo 'Caught exception ', text($e->getMessage()), "\n";
  40         if ($e->getMessage()) {
  41             exit;
  42         }
  43     }
  44
  45     /**
  46      * remove drug from the medication list if exist
  47      */
  48     try {
  49         $pid = $dn['patient_id'];
  50         $drugname = $dn['drug'];
  51         if (!empty($drugname)) {
  52             $medicationlist = "DELETE FROM lists WHERE pid = ? AND type = 'medication' AND title = ?";
  53             sqlStatement($medicationlist, [$pid, $drugname]);
  54             EventAuditLogger::instance()->newEvent("delete", $_SESSION['authUser'], $_SESSION['authProvider'], 1, $drugname . " prescription/medication removed", $pid);
  55         }
  56     } catch (Exception $e) {
  57         echo 'Caught exception ', text($e->getMessage()), "\n";
  58         if ($e->getMessage()) {
  59             exit;
  60         }
  61     }
  62
  63     /**
  64      * remove drug from the prescription
  65      */
  66     try {
  67         $sql = "delete from prescriptions where id = ?";
  68         sqlQuery($sql, [$id]);
  69     } catch (Exception $e) {
  70         echo 'Caught exception ', text($e->getMessage()), "\n";
  71         if ($e->getMessage()) {
  72             exit;
  73         }
  74     }
  75 }
  76 echo xlt("Finished Deleting");