search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Refactor previous name into dedicated service (#7571)
[openemr.git] / interface / forms / CAMOS / admin.php
blob11ab62399505ec0fa4b671abcc266657890a89e1
1 <?php
2
3 /**
4 * CAMOS admin.php
5 *
6 * @package OpenEMR
7 * @link http://www.open-emr.org
8 * @author Mark Leeds <drleeds@gmail.com>
9 * @author Brady Miller <brady.g.miller@gmail.com>
10 * @copyright Copyright (C) 2006-2009 Mark Leeds <drleeds@gmail.com>
11 * @copyright Copyright (c) 2018 Brady Miller <brady.g.miller@gmail.com>
12 * @license https://github.com/openemr/openemr/blob/master/LICENSE GNU General Public License 3
13 */
14
15 require_once('../../globals.php');
16
17 use OpenEMR\Common\Acl\AclMain;
18 use OpenEMR\Common\Csrf\CsrfUtils;
19 use OpenEMR\Common\Twig\TwigContainer;
20
21 ?>
22 <?php
23 // Check authorization.
24 if (!AclMain::aclCheckCore('admin', 'super')) {
25 echo (new TwigContainer(null, $GLOBALS['kernel']))->getTwig()->render('core/unauthorized.html.twig', ['pageTitle' => xl("admin")]);
26 exit;
27 }
28
29
30 if ($_POST['export']) {
31 if (!CsrfUtils::verifyCsrfToken($_POST["csrf_token_form"])) {
32 CsrfUtils::csrfNotVerified();
33 }
34
35 $temp = tmpfile();
36 if ($temp === false) {
37 echo "<h1>" . xlt("failed") . "</h1>";
38 } else {
39 $query1 = "select id, category from " . mitigateSqlTableUpperCase("form_CAMOS_category");
40 $statement1 = sqlStatement($query1);
41 while ($result1 = sqlFetchArray($statement1)) {
42 $tmp = $result1['category'];
43 $tmp = "<category>$tmp</category>" . "\n";
44 fwrite($temp, $tmp);
45 $query2 = "select id,subcategory from " . mitigateSqlTableUpperCase("form_CAMOS_subcategory") . " where category_id=?";
46 $statement2 = sqlStatement($query2, array($result1['id']));
47 while ($result2 = sqlFetchArray($statement2)) {
48 $tmp = $result2['subcategory'];
49 $tmp = "<subcategory>$tmp</subcategory>" . "\n";
50 fwrite($temp, $tmp);
51 $query3 = "select item, content from " . mitigateSqlTableUpperCase("form_CAMOS_item") . " where subcategory_id=?";
52 $statement3 = sqlStatement($query3, array($result2['id']));
53 while ($result3 = sqlFetchArray($statement3)) {
54 $tmp = $result3['item'];
55 $tmp = "<item>$tmp</item>" . "\n";
56 fwrite($temp, $tmp);
57 $tmp = preg_replace(array("/\n/","/\r/"), array("\\\\n","\\\\r"), $result3['content']);
58 $tmp = "<content>$tmp</content>" . "\n";
59 fwrite($temp, $tmp);
60 }
61 }
62 }
63
64 rewind($temp);
65 header("Pragma: public");
66 header("Expires: 0");
67 header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
68 header("Content-Type: text/plain");
69 header("Content-Disposition: attachment; filename=\"CAMOS_export.txt\"");
70
71 fpassthru($temp);
72 fclose($temp);
73 }
74 }
75
76 if ($_POST['import']) {
77 if (!CsrfUtils::verifyCsrfToken($_POST["csrf_token_form"])) {
78 CsrfUtils::csrfNotVerified();
79 }
80 ?>
81 <?php
82 $fname = '';
83 foreach ($_FILES as $file) {
84 $fname = $file['tmp_name'];
85 }
86
87 $handle = @fopen($fname, "r");
88 if ($handle === false) {
89 echo "<h1>" . xlt('Error opening uploaded file for reading') . "</h1>";
90 } else {
91 $category = '';
92 $category_id = 0;
93 $subcategory = '';
94 $subcategory_id = 0;
95 $item = '';
96 $item_id = 0;
97 $content = '';
98 while (!feof($handle)) {
99 $buffer = fgets($handle);
100 if (preg_match('/<category>(.*?)<\/category>/', $buffer, $matches)) {
101 $category = trim($matches[1]); //trim in case someone edited by hand and added spaces
102 $statement = sqlStatement("select id from " . mitigateSqlTableUpperCase("form_CAMOS_category") . " where category like ?", array($category));
103 if ($result = sqlFetchArray($statement)) {
104 $category_id = $result['id'];
105 } else {
106 $query = "INSERT INTO " . mitigateSqlTableUpperCase("form_CAMOS_category") . " (user, category) " .
107 "values (?, ?)";
108 sqlStatement($query, array($_SESSION['authUser'], $category));
109 $statement = sqlStatement("select id from " . mitigateSqlTableUpperCase("form_CAMOS_category") . " where category like ?", array($category));
110 if ($result = sqlFetchArray($statement)) {
111 $category_id = $result['id'];
112 }
113 }
114 }
115
116 if (preg_match('/<subcategory>(.*?)<\/subcategory>/', $buffer, $matches)) {
117 $subcategory = trim($matches[1]);
118 $statement = sqlStatement("select id from " . mitigateSqlTableUpperCase("form_CAMOS_subcategory") . " where subcategory " .
119 "like ? and category_id = ?", array($subcategory, $category_id));
120 if ($result = sqlFetchArray($statement)) {
121 $subcategory_id = $result['id'];
122 } else {
123 $query = "INSERT INTO " . mitigateSqlTableUpperCase("form_CAMOS_subcategory") . " (user, subcategory, category_id) " .
124 "values (?, ?, ?)";
125 sqlStatement($query, array($_SESSION['authUser'], $subcategory, $category_id));
126 $statement = sqlStatement("select id from " . mitigateSqlTableUpperCase("form_CAMOS_subcategory") . " where subcategory " .
127 "like ? and category_id = ?", array($subcategory, $category_id));
128 if ($result = sqlFetchArray($statement)) {
129 $subcategory_id = $result['id'];
130 }
131 }
132 }
133
134 if (
135 (preg_match('/<(item)>(.*?)<\/item>/', $buffer, $matches)) ||
136 (preg_match('/<(content)>(.*?)<\/content>/s', $buffer, $matches))
137 ) {
138 $mode = $matches[1];
139 $value = trim($matches[2]);
140 $insert_value = '';
141 if ($mode == 'item') {
142 $postfix = 0;
143 $statement = sqlStatement("select id from " . mitigateSqlTableUpperCase("form_CAMOS_item") . " where item like ? " .
144 "and subcategory_id = ?", array($value, $subcategory_id));
145 if ($result = sqlFetchArray($statement)) {//let's count until we find a number available
146 $postfix = 1;
147 $inserted_duplicate = false;
148 while ($inserted_duplicate === false) {
149 $insert_value = $value . "_" . $postfix;
150 $inner_statement = sqlStatement("select id from " . mitigateSqlTableUpperCase("form_CAMOS_item") . " " .
151 "where item like ? " .
152 "and subcategory_id = ?", array($insert_value, $subcategory_id));
153 if (!($inner_result = sqlFetchArray($inner_statement))) {//doesn't exist
154 $inner_query = "INSERT INTO " . mitigateSqlTableUpperCase("form_CAMOS_item") . " (user, item, subcategory_id) " .
155 "values (?, ?, ?)";
156 sqlStatement($inner_query, array($_SESSION['authUser'], $insert_value, $subcategory_id));
157 $inserted_duplicate = true;
158 } else {
159 $postfix++;
160 }
161 }
162 } else {
163 $query = "INSERT INTO " . mitigateSqlTableUpperCase("form_CAMOS_item") . " (user, item, subcategory_id) " .
164 "values (?, ?, ?)";
165 sqlStatement($query, array($_SESSION['authUser'], $value, $subcategory_id));
166 }
167
168 if ($postfix == 0) {
169 $insert_value = $value;
170 }
171
172 $statement = sqlStatement("select id from " . mitigateSqlTableUpperCase("form_CAMOS_item") . " where item like ? " .
173 "and subcategory_id = ?", array($insert_value, $subcategory_id));
174 if ($result = sqlFetchArray($statement)) {
175 $item_id = $result['id'];
176 }
177 } elseif ($mode == 'content') {
178 $statement = sqlStatement("select content from " . mitigateSqlTableUpperCase("form_CAMOS_item") . " where id = ?", array($item_id));
179 if ($result = sqlFetchArray($statement)) {
180 //$content = "/*old*/\n\n".$result['content']."\n\n/*new*/\n\n$value";
181 $content = $value;
182 } else {
183 $content = $value;
184 }
185
186 $query = "UPDATE " . mitigateSqlTableUpperCase("form_CAMOS_item") . " set content = ? where id = ?";
187 sqlStatement($query, array($content, $item_id));
188 }
189 }
190 }
191
192 fclose($handle);
193 }
194 }
195 ?>
196 <html>
197 <head>
198 <title>
199 admin
200 </title>
201 </head>
202 <body>
203 <p>
204 <?php echo xlt("Click 'export' to export your Category, Subcategory, Item, Content data to a text file. Any resemblance of this file to an XML file is purely coincidental. The opening and closing tags must be on the same line, they must be lowercase with no spaces. To import, browse for a file and click 'import'. If the data is completely different, it will merge with your existing data. If there are similar item names, The old one will be kept and the new one saved with a number added to the end."); ?>
205 <?php echo xlt("This feature is very experimental and not fully tested. Use at your own risk!"); ?>
206 </p>
207 <form enctype="multipart/form-data" method="POST">
208 <input type="hidden" name="csrf_token_form" value="<?php echo attr(CsrfUtils::collectCsrfToken()); ?>" />
209 <input type="hidden" name="MAX_FILE_SIZE" value="12000000" />
210 <?php echo xlt('Send this file'); ?>: <input type="file" name="userfile"/>
211 <input type="submit" name="import" value='<?php echo xla("Import"); ?>'/>
212 <input type="submit" name="export" value='<?php echo xla("Export"); ?>'/>
213 </form>
214 </body>
215 </html>
Mirror of official OpenEMR Sourceforge repository