search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
fix: hopefully last fix for nginx containers (#7750)
[openemr.git] / interface / main / authorizations / authorizations.php
blob7a30994080971ceea1894df11941dfc3a66f50e6
1 <?php
2
3 /**
4 * Authorizations script.
5 *
6 * @package OpenEMR
7 * @link http://www.open-emr.org
8 * @author Brady Miller <brady.g.miller@gmail.com>
9 * @copyright Copyright (c) 2018 Brady Miller <brady.g.miller@gmail.com>
10 * @license https://github.com/openemr/openemr/blob/master/LICENSE GNU General Public License 3
11 */
12
13 require_once("../../globals.php");
14 require_once("$srcdir/forms.inc.php");
15 require_once("$srcdir/transactions.inc.php");
16 require_once("$srcdir/lists.inc.php");
17 require_once("$srcdir/patient.inc.php");
18 require_once("$srcdir/options.inc.php");
19
20 use OpenEMR\Common\Csrf\CsrfUtils;
21 use OpenEMR\Common\Logging\EventAuditLogger;
22 use OpenEMR\Core\Header;
23
24 // The number of authorizations to display in the quick view:
25 // MAR 20041008 the full authorizations screen sucks... no links to the patient charts
26 // increase to a high number to make the mini frame more useful.
27 $N = 50;
28
29 $atemp = sqlQuery("SELECT see_auth FROM users WHERE username = ?", array($_SESSION['authUser']));
30 $see_auth = $atemp['see_auth'];
31
32 $imauthorized = $_SESSION['userauthorized'] || $see_auth > 2;
33
34 // This authorizes everything for the specified patient.
35 if (isset($_GET["mode"]) && $_GET["mode"] == "authorize" && $imauthorized) {
36 if (!CsrfUtils::verifyCsrfToken($_GET["csrf_token_form"])) {
37 CsrfUtils::csrfNotVerified();
38 }
39
40 $retVal = getProviderId($_SESSION['authUser']);
41 EventAuditLogger::instance()->newEvent("authorize", $_SESSION["authUser"], $_SESSION["authProvider"], 1, $_GET["pid"]);
42 sqlStatement("update billing set authorized=1 where pid=?", array($_GET["pid"]));
43 sqlStatement("update forms set authorized=1 where pid=?", array($_GET["pid"]));
44 sqlStatement("update pnotes set authorized=1 where pid=?", array($_GET["pid"]));
45 sqlStatement("update transactions set authorized=1 where pid=?", array($_GET["pid"]));
46 }
47 ?>
48 <html>
49 <head>
50 <?php Header::setupHeader(); ?>
51 <style>
52 /* min & max buttons are hidden in the newer concurrent layout */
53 #min {
54 float: right;
55 padding: 3px;
56 margin: 2px;
57 cursor: pointer;
58 <?php echo "display: none;"; ?>
59 }
60 #max {
61 float: right;
62 padding: 3px;
63 margin: 2px;
64 cursor: pointer;
65 <?php echo "display: none;"; ?>
66 }
67 </style>
68 </head>
69 <body class="body_bottom">
70
71 <!-- 'buttons' to min/max the bottom frame -JRM -->
72 <div id="max" title="Restore this information">
73 <img src="<?php echo $GLOBALS['images_static_relative']; ?>/max.gif" />
74 </div>
75 <div id="min" title="Minimize this information">
76 <img src="<?php echo $GLOBALS['images_static_relative']; ?>/min.gif" />
77 </div>
78
79 <?php if ($imauthorized) { ?>
80 <span class='title'>
81 <a href='authorizations_full.php' onclick='top.restoreSession()'>
82 <?php echo xlt('Authorizations'); ?> <span class='more'><?php echo text($tmore); ?></span></a>
83 <?php
84 }
85 ?>
86 </span>
87
88 <?php
89 if ($imauthorized && $see_auth > 1) {
90 // provider
91 // billing
92 // forms
93 // pnotes
94 // transactions
95
96 //fetch billing information:
97 if (
98 $res = sqlStatement("select *, concat(u.fname,' ', u.lname) as user " .
99 "from billing LEFT JOIN users as u on billing.user = u.id where " .
100 "billing.authorized = 0 and billing.activity = 1 and " .
101 "groupname = ?", array($groupname))
102 ) {
103 for ($iter = 0; $row = sqlFetchArray($res); $iter++) {
104 $result1[$iter] = $row;
105 }
106
107 if ($result1) {
108 foreach ($result1 as $iter) {
109 $authorize[$iter["pid"]]["billing"] .= "<span class='text'>" .
110 text($iter["code_text"] . " " . date("n/j/Y", strtotime($iter["date"]))) .
111 "</span><br />\n";
112 }
113 }
114 }
115
116 //fetch transaction information:
117 if (
118 $res = sqlStatement("select * from transactions where " .
119 "authorized = 0 and groupname = ?", array($groupname))
120 ) {
121 for ($iter = 0; $row = sqlFetchArray($res); $iter++) {
122 $result2[$iter] = $row;
123 }
124
125 if ($result2) {
126 foreach ($result2 as $iter) {
127 $authorize[$iter["pid"]]["transaction"] .= "<span class='text'>" .
128 text($iter["title"] . ": " . (strterm($iter["body"], 25)) . " " . date("n/j/Y", strtotime($iter["date"]))) .
129 "</span><br />\n";
130 }
131 }
132 }
133
134 if (empty($GLOBALS['ignore_pnotes_authorization'])) {
135 //fetch pnotes information:
136 if (
137 $res = sqlStatement("select * from pnotes where authorized = 0 and " .
138 "groupname = ?", array($groupname))
139 ) {
140 for ($iter = 0; $row = sqlFetchArray($res); $iter++) {
141 $result3[$iter] = $row;
142 }
143
144 if ($result3) {
145 foreach ($result3 as $iter) {
146 $authorize[$iter["pid"]]["pnotes"] .= "<span class='text'>" .
147 text((strterm($iter["body"], 25)) . " " . date("n/j/Y", strtotime($iter["date"]))) .
148 "</span><br />\n";
149 }
150 }
151 }
152 }
153
154 //fetch forms information:
155 if (
156 $res = sqlStatement("select * from forms where authorized = 0 and " .
157 "groupname = ?", array($groupname))
158 ) {
159 for ($iter = 0; $row = sqlFetchArray($res); $iter++) {
160 $result4[$iter] = $row;
161 }
162
163 if ($result4) {
164 foreach ($result4 as $iter) {
165 $authorize[$iter["pid"]]["forms"] .= "<span class='text'>" .
166 text($iter["form_name"] . " " . date("n/j/Y", strtotime($iter["date"]))) .
167 "</span><br />\n";
168 }
169 }
170 }
171 ?>
172
173 <table class='border-0 w-100' cellpadding='0' cellspacing='2'>
174 <tr>
175 <td valign='top'>
176
177 <?php
178 if ($authorize) {
179 $count = 0;
180
181 foreach ($authorize as $ppid => $patient) {
182 $name = getPatientData($ppid);
183
184 // If I want to see mine only and this patient is not mine, skip it.
185 if ($see_auth == 2 && $_SESSION['authUserID'] != $name['id']) {
186 continue;
187 }
188
189 if ($count >= $N) {
190 print "<tr><td colspan='5' align='center'><a" .
191 " href='authorizations_full.php?active=1' class='alert' onclick='top.restoreSession()'>" .
192 xlt('Some authorizations were not displayed. Click here to view all') .
193 "</a></td></tr>\n";
194 break;
195 }
196
197 echo "<tr><td valign='top'>";
198 // Clicking the patient name will load both frames for that patient,
199 // as demographics.php takes care of loading the bottom frame.
200 echo "<a href='$rootdir/patient_file/summary/demographics.php?set_pid=" .
201 attr_url($ppid) . "' target='RTop' onclick='top.restoreSession()'>";
202
203 echo "<span class='font-weight-bold'>" . text($name["fname"]) . " " .
204 text($name["lname"]) . "</span></a><br />" .
205 "<a class=link_submit href='authorizations.php?mode=authorize" .
206 "&pid=" . attr_url($ppid) . "&csrf_token_form=" . attr_url(CsrfUtils::collectCsrfToken()) . "' onclick='top.restoreSession()'>" .
207 xlt('Authorize') . "</a></td>\n";
208
209 /****
210 //Michael A Rowley MD 20041012.
211 // added below 4 lines to add provider to authorizations for ez reference.
212 $providerID = sqlFetchArray(sqlStatement(
213 "select providerID from patient_data where pid=?", array($ppid) ));
214 $userID=$providerID["providerID"];
215 $providerName = sqlFetchArray(sqlStatement(
216 "select lname from users where id=?", array($userID) ));
217 ****/
218 // Don't use sqlQuery because there might be no match.
219 $providerName = sqlFetchArray(sqlStatement(
220 "select lname from users where id = ?",
221 array($name['providerID'])
222 ));
223
224 echo "<td valign='top'><span class='font-weight-bold'>" . xlt('Provider') . ":</span><span class='text'><br />" .
225 text($providerName["lname"]) . "</td>\n";
226 echo "<td valign='top'><span class='font-weight-bold'>" . xlt('Billing') . ":</span><span class='text'><br />" .
227 $patient["billing"] . "</td>\n";
228 echo "<td valign='top'><span class='font-weight-bold'>" . xlt('Transactions') . ":</span><span class='text'><br />" .
229 $patient["transaction"] . "</td>\n";
230 echo "<td valign='top'><span class='font-weight-bold'>" . xlt('Patient Notes') . ":</span><span class='text'><br />" .
231 $patient["pnotes"] . "</td>\n";
232 echo "<td valign='top'><span class='font-weight-bold'>" . xlt('Encounter Forms') . ":</span><span class='text'><br />" .
233 $patient["forms"] . "</td>\n";
234 echo "</tr>\n";
235
236 $count++;
237 }
238 }
239 ?>
240
241 </td>
242
243 </tr>
244 </table>
245
246 <?php } ?>
247
248 </body>
249 <script>
250
251 /* added to adjust the height of this frame by the min/max buttons */
252 var origRows = null;
253 $(function () {
254
255 $(".noterow").on("mouseover", function() { $(this).toggleClass("highlight"); });
256 $(".noterow").on("mouseout", function() { $(this).toggleClass("highlight"); });
257 $(".noterow").on("click", function() { EditNote(this); });
258
259 });
260
261 var EditNote = function(note) {
262 var parts = note.id.split("~");
263 <?php if (true) : ?>
264 top.restoreSession();
265 location.href = "<?php echo $GLOBALS['webroot']; ?>/interface/patient_file/summary/pnotes_full.php?noteid=" + encodeURIComponent(parts[1]) + "&set_pid=" + encodeURIComponent(parts[0]) + "&active=1";
266 <?php else : ?>
267 // no-op
268 alert(<?php echo xlj('You do not have access to view/edit this note'); ?>);
269 <?php endif; ?>
270 }
271
272 </script>
273
274 </html>
Mirror of official OpenEMR Sourceforge repository