4 * Authorizations script.
7 * @link http://www.open-emr.org
8 * @author Brady Miller <brady.g.miller@gmail.com>
9 * @copyright Copyright (c) 2018 Brady Miller <brady.g.miller@gmail.com>
10 * @license https://github.com/openemr/openemr/blob/master/LICENSE GNU General Public License 3
13 require_once("../../globals.php");
14 require_once("$srcdir/forms.inc.php");
15 require_once("$srcdir/transactions.inc.php");
16 require_once("$srcdir/lists.inc.php");
17 require_once("$srcdir/patient.inc.php");
18 require_once("$srcdir/options.inc.php");
20 use OpenEMR\Common\Csrf\CsrfUtils
;
21 use OpenEMR\Common\Logging\EventAuditLogger
;
22 use OpenEMR\Core\Header
;
24 // The number of authorizations to display in the quick view:
25 // MAR 20041008 the full authorizations screen sucks... no links to the patient charts
26 // increase to a high number to make the mini frame more useful.
29 $atemp = sqlQuery("SELECT see_auth FROM users WHERE username = ?", array($_SESSION['authUser']));
30 $see_auth = $atemp['see_auth'];
32 $imauthorized = $_SESSION['userauthorized'] ||
$see_auth > 2;
34 // This authorizes everything for the specified patient.
35 if (isset($_GET["mode"]) && $_GET["mode"] == "authorize" && $imauthorized) {
36 if (!CsrfUtils
::verifyCsrfToken($_GET["csrf_token_form"])) {
37 CsrfUtils
::csrfNotVerified();
40 $retVal = getProviderId($_SESSION['authUser']);
41 EventAuditLogger
::instance()->newEvent("authorize", $_SESSION["authUser"], $_SESSION["authProvider"], 1, $_GET["pid"]);
42 sqlStatement("update billing set authorized=1 where pid=?", array($_GET["pid"]));
43 sqlStatement("update forms set authorized=1 where pid=?", array($_GET["pid"]));
44 sqlStatement("update pnotes set authorized=1 where pid=?", array($_GET["pid"]));
45 sqlStatement("update transactions set authorized=1 where pid=?", array($_GET["pid"]));
50 <?php Header
::setupHeader(); ?
>
52 /* min & max buttons are hidden in the newer concurrent layout */
58 <?php
echo "display: none;"; ?
>
65 <?php
echo "display: none;"; ?
>
69 <body
class="body_bottom">
71 <!-- 'buttons' to min
/max the bottom frame
-JRM
-->
72 <div id
="max" title
="Restore this information">
73 <img src
="<?php echo $GLOBALS['images_static_relative']; ?>/max.gif" />
75 <div id
="min" title
="Minimize this information">
76 <img src
="<?php echo $GLOBALS['images_static_relative']; ?>/min.gif" />
79 <?php
if ($imauthorized) { ?
>
81 <a href
='authorizations_full.php' onclick
='top.restoreSession()'>
82 <?php
echo xlt('Authorizations'); ?
> <span
class='more'><?php
echo text($tmore); ?
></span
></a
>
89 if ($imauthorized && $see_auth > 1) {
96 //fetch billing information:
98 $res = sqlStatement("select *, concat(u.fname,' ', u.lname) as user " .
99 "from billing LEFT JOIN users as u on billing.user = u.id where " .
100 "billing.authorized = 0 and billing.activity = 1 and " .
101 "groupname = ?", array($groupname))
103 for ($iter = 0; $row = sqlFetchArray($res); $iter++
) {
104 $result1[$iter] = $row;
108 foreach ($result1 as $iter) {
109 $authorize[$iter["pid"]]["billing"] .= "<span class='text'>" .
110 text($iter["code_text"] . " " . date("n/j/Y", strtotime($iter["date"]))) .
116 //fetch transaction information:
118 $res = sqlStatement("select * from transactions where " .
119 "authorized = 0 and groupname = ?", array($groupname))
121 for ($iter = 0; $row = sqlFetchArray($res); $iter++
) {
122 $result2[$iter] = $row;
126 foreach ($result2 as $iter) {
127 $authorize[$iter["pid"]]["transaction"] .= "<span class='text'>" .
128 text($iter["title"] . ": " . (strterm($iter["body"], 25)) . " " . date("n/j/Y", strtotime($iter["date"]))) .
134 if (empty($GLOBALS['ignore_pnotes_authorization'])) {
135 //fetch pnotes information:
137 $res = sqlStatement("select * from pnotes where authorized = 0 and " .
138 "groupname = ?", array($groupname))
140 for ($iter = 0; $row = sqlFetchArray($res); $iter++
) {
141 $result3[$iter] = $row;
145 foreach ($result3 as $iter) {
146 $authorize[$iter["pid"]]["pnotes"] .= "<span class='text'>" .
147 text((strterm($iter["body"], 25)) . " " . date("n/j/Y", strtotime($iter["date"]))) .
154 //fetch forms information:
156 $res = sqlStatement("select * from forms where authorized = 0 and " .
157 "groupname = ?", array($groupname))
159 for ($iter = 0; $row = sqlFetchArray($res); $iter++
) {
160 $result4[$iter] = $row;
164 foreach ($result4 as $iter) {
165 $authorize[$iter["pid"]]["forms"] .= "<span class='text'>" .
166 text($iter["form_name"] . " " . date("n/j/Y", strtotime($iter["date"]))) .
173 <table
class='border-0 w-100' cellpadding
='0' cellspacing
='2'>
181 foreach ($authorize as $ppid => $patient) {
182 $name = getPatientData($ppid);
184 // If I want to see mine only and this patient is not mine, skip it.
185 if ($see_auth == 2 && $_SESSION['authUserID'] != $name['id']) {
190 print "<tr><td colspan='5' align='center'><a" .
191 " href='authorizations_full.php?active=1' class='alert' onclick='top.restoreSession()'>" .
192 xlt('Some authorizations were not displayed. Click here to view all') .
197 echo "<tr><td valign='top'>";
198 // Clicking the patient name will load both frames for that patient,
199 // as demographics.php takes care of loading the bottom frame.
200 echo "<a href='$rootdir/patient_file/summary/demographics.php?set_pid=" .
201 attr_url($ppid) . "' target='RTop' onclick='top.restoreSession()'>";
203 echo "<span class='font-weight-bold'>" . text($name["fname"]) . " " .
204 text($name["lname"]) . "</span></a><br />" .
205 "<a class=link_submit href='authorizations.php?mode=authorize" .
206 "&pid=" . attr_url($ppid) . "&csrf_token_form=" . attr_url(CsrfUtils
::collectCsrfToken()) . "' onclick='top.restoreSession()'>" .
207 xlt('Authorize') . "</a></td>\n";
210 //Michael A Rowley MD 20041012.
211 // added below 4 lines to add provider to authorizations for ez reference.
212 $providerID = sqlFetchArray(sqlStatement(
213 "select providerID from patient_data where pid=?", array($ppid) ));
214 $userID=$providerID["providerID"];
215 $providerName = sqlFetchArray(sqlStatement(
216 "select lname from users where id=?", array($userID) ));
218 // Don't use sqlQuery because there might be no match.
219 $providerName = sqlFetchArray(sqlStatement(
220 "select lname from users where id = ?",
221 array($name['providerID'])
224 echo "<td valign='top'><span class='font-weight-bold'>" . xlt('Provider') . ":</span><span class='text'><br />" .
225 text($providerName["lname"]) . "</td>\n";
226 echo "<td valign='top'><span class='font-weight-bold'>" . xlt('Billing') . ":</span><span class='text'><br />" .
227 $patient["billing"] . "</td>\n";
228 echo "<td valign='top'><span class='font-weight-bold'>" . xlt('Transactions') . ":</span><span class='text'><br />" .
229 $patient["transaction"] . "</td>\n";
230 echo "<td valign='top'><span class='font-weight-bold'>" . xlt('Patient Notes') . ":</span><span class='text'><br />" .
231 $patient["pnotes"] . "</td>\n";
232 echo "<td valign='top'><span class='font-weight-bold'>" . xlt('Encounter Forms') . ":</span><span class='text'><br />" .
233 $patient["forms"] . "</td>\n";
251 /* added to adjust the height of this frame by the min/max buttons */
255 $
(".noterow").on("mouseover", function() { $
(this
).toggleClass("highlight"); });
256 $
(".noterow").on("mouseout", function() { $
(this
).toggleClass("highlight"); });
257 $
(".noterow").on("click", function() { EditNote(this
); });
261 var EditNote
= function(note
) {
262 var parts
= note
.id
.split("~");
264 top
.restoreSession();
265 location
.href
= "<?php echo $GLOBALS['webroot']; ?>/interface/patient_file/summary/pnotes_full.php?noteid=" +
encodeURIComponent(parts
[1]) +
"&set_pid=" +
encodeURIComponent(parts
[0]) +
"&active=1";
268 alert(<?php
echo xlj('You do not have access to view/edit this note'); ?
>);