5 * Modified from interface/main/calendar/add_edit_event.php for
9 * @link http://www.open-emr.org
10 * @author Rod Roark <rod@sunsetsystems.com>
11 * @author Jerry Padgett <sjpadgett@gmail.com>
12 * @author Brady Miller <brady.g.miller@gmail.com>
13 * @copyright Copyright (C) 2005-2006 Rod Roark <rod@sunsetsystems.com>
14 * @copyright Copyright (C) 2016-2021 Jerry Padgett <sjpadgett@gmail.com>
15 * @copyright Copyright (c) 2019 Brady Miller <brady.g.miller@gmail.com>
16 * @license https://github.com/openemr/openemr/blob/master/LICENSE GNU General Public License 3
19 // Will start the (patient) portal OpenEMR session/cookie.
20 require_once(__DIR__
. "/../src/Common/Session/SessionUtil.php");
21 OpenEMR\Common\Session\SessionUtil
::portalSessionStart();
23 require_once("./../library/pnotes.inc.php");
25 //landing page definition -- where to go if something goes wrong
26 $landingpage = "index.php?site=" . urlencode($_SESSION['site_id']);
29 // kick out if patient not authenticated
30 if (isset($_SESSION['pid']) && isset($_SESSION['patient_portal_onsite_two'])) {
31 $pid = $_SESSION['pid'];
33 OpenEMR\Common\Session\SessionUtil
::portalSessionCookieDestroy();
34 header('Location: ' . $landingpage . '&w');
38 $ignoreAuth_onsite_portal = true;
39 global $ignoreAuth_onsite_portal;
41 require_once("../interface/globals.php");
42 require_once("$srcdir/patient.inc.php");
43 require_once("$srcdir/forms.inc.php");
44 require_once("$srcdir/appointments.inc.php");
46 use OpenEMR\Services\AppointmentService
;
48 // Things that might be passed by our opener.
50 $eid = $_GET['eid'] ??
null; // only for existing events
51 $date = $_GET['date'] ??
null; // this and below only for new events
52 $userid = $_GET['userid'] ??
null;
53 $default_catid = ($_GET['catid'] ??
null) ?
$_GET['catid'] : '5';
54 $patientid = $_GET['patid'] ??
null;
57 // did someone tamper with eid?
58 $checkEidInAppt = false;
59 $patient_appointments = fetchAppointments('1970-01-01', '2382-12-31', $_SESSION['pid']);
60 $checkEidInAppt = array_search($eid, array_column($patient_appointments, 'pc_eid'));
62 if (!empty($eid) && !$checkEidInAppt) {
63 echo js_escape("error");
67 if (!empty($_POST['form_pid'])) {
68 if ($_POST['form_pid'] != $_SESSION['pid']) {
69 echo js_escape("error");
73 if (! getAvailableSlots($_POST['form_date'], date('Y-m-d', strtotime("+1 year " . $_POST['form_date'])), $_POST['form_provider_ae'])) {
74 echo js_escape("error");
78 $appointment_service = (new AppointmentService())->getOneCalendarCategory($_POST['form_category']);
79 if (($_POST['form_duration'] * 60) != ($appointment_service[0]['pc_duration'])) {
80 echo js_escape("error");
86 $date = substr($date, 0, 4) . '-' . substr($date, 4, 2) . '-' . substr($date, 6);
88 $date = date("Y-m-d");
93 if (isset($_GET['starttimem'])) {
94 $starttimem = substr('00' . $_GET['starttimem'], -2);
98 if (isset($_GET['starttimeh'])) {
99 $starttimeh = $_GET['starttimeh'];
100 if (isset($_GET['startampm'])) {
101 if ($_GET['startampm'] == '2' && $starttimeh < 12) {
106 $starttimeh = date("G");
113 // EVENTS TO FACILITIES (lemonsoftware)
114 //(CHEMED) get facility name
115 // edit event case - if there is no association made, then insert one with the first facility
118 $facility = sqlQuery("SELECT pc_facility, pc_multiple, pc_aid, facility.name
119 FROM openemr_postcalendar_events
120 LEFT JOIN facility ON (openemr_postcalendar_events.pc_facility = facility.id)
121 WHERE pc_eid = ?", array($eid));
122 if (!$facility['pc_facility']) {
123 $qmin = sqlQuery("SELECT facility_id as minId, facility FROM users WHERE id = ?", array($facility['pc_aid']));
124 $min = $qmin['minId'];
125 $min_name = $qmin['facility'];
127 // multiple providers case
128 if ($GLOBALS['select_multi_providers']) {
129 $mul = $facility['pc_multiple'];
130 sqlStatement("UPDATE openemr_postcalendar_events SET pc_facility = ? WHERE pc_multiple = ?", array($min, $mul));
135 sqlStatement("UPDATE openemr_postcalendar_events SET pc_facility = ? WHERE pc_eid = ?", array($min, $eid));
137 $e2f_name = $min_name;
139 $e2f = $facility['pc_facility'];
140 $e2f_name = $facility['name'];
145 // ===========================
148 // If we are saving, then save and close the window.
150 if (($_POST['form_action'] ??
null) == "save") {
153 $event_date = fixDate($_POST['form_date']);
155 // Compute start and end time strings to be saved.
156 if ($_POST['form_allday'] ??
null) {
161 $tmph = $_POST['form_hour'] +
0;
162 $tmpm = $_POST['form_minute'] +
0;
163 if ($_POST['form_ampm'] == '2' && $tmph < 12) {
167 $duration = $_POST['form_duration'];
170 $starttime = "$tmph:$tmpm:00";
173 while ($tmpm >= 60) {
178 $endtime = "$tmph:$tmpm:00";
180 // Useless garbage that we must save.
181 $locationspec = 'a:6:{s:14:"event_location";N;s:13:"event_street1";N;' .
182 's:13:"event_street2";N;s:10:"event_city";N;s:11:"event_state";N;s:12:"event_postal";N;}';
184 // More garbage, but this time 1 character of it is used to save the
186 if ($_POST['form_repeat'] ??
null) {
187 $recurrspec = 'a:5:{' .
188 's:17:"event_repeat_freq";s:1:"' . $_POST['form_repeat_freq'] . '";' .
189 's:22:"event_repeat_freq_type";s:1:"' . $_POST['form_repeat_type'] . '";' .
190 's:19:"event_repeat_on_num";s:1:"1";' .
191 's:19:"event_repeat_on_day";s:1:"0";' .
192 's:20:"event_repeat_on_freq";s:1:"0";}';
194 $recurrspec = 'a:5:{' .
195 's:17:"event_repeat_freq";N;' .
196 's:22:"event_repeat_freq_type";s:1:"0";' .
197 's:19:"event_repeat_on_num";s:1:"1";' .
198 's:19:"event_repeat_on_day";s:1:"0";' .
199 's:20:"event_repeat_on_freq";s:1:"1";}';
202 //The modification of the start date for events that take place on one day of the week
203 //for example monday, or thursday. We set the start date on the first day of the week
204 //that the event is scheduled. For example if you set the event to repeat on each monday
205 //the start date of the event will be set on the first monday after the day the event is scheduled
206 if (($_POST['form_repeat_type'] ??
null) == 5) {
207 $exploded_date = explode("-", $event_date);
208 $edate = date("D", mktime(0, 0, 0, $exploded_date[1], $exploded_date[2], $exploded_date[0]));
209 if ($edate == "Tue") {
210 $event_date = date("Y-m-d", mktime(0, 0, 0, $exploded_date[1], $exploded_date[2] +
6, $exploded_date[0]));
211 } elseif ($edate == "Wed") {
212 $event_date = date("Y-m-d", mktime(0, 0, 0, $exploded_date[1], $exploded_date[2] +
5, $exploded_date[0]));
213 } elseif ($edate == "Thu") {
214 $event_date = date("Y-m-d", mktime(0, 0, 0, $exploded_date[1], $exploded_date[2] +
4, $exploded_date[0]));
215 } elseif ($edate == "Fri") {
216 $event_date = date("Y-m-d", mktime(0, 0, 0, $exploded_date[1], $exploded_date[2] +
3, $exploded_date[0]));
217 } elseif ($edate == "Sat") {
218 $event_date = date("Y-m-d", mktime(0, 0, 0, $exploded_date[1], $exploded_date[2] +
2, $exploded_date[0]));
219 } elseif ($edate == "Sun") {
220 $event_date = date("Y-m-d", mktime(0, 0, 0, $exploded_date[1], $exploded_date[2] +
1, $exploded_date[0]));
222 } elseif (($_POST['form_repeat_type'] ??
null) == 6) {
223 $exploded_date = explode("-", $event_date);
224 $edate = date("D", mktime(0, 0, 0, $exploded_date[1], $exploded_date[2], $exploded_date[0]));
225 if ($edate == "Wed") {
226 $event_date = date("Y-m-d", mktime(0, 0, 0, $exploded_date[1], $exploded_date[2] +
6, $exploded_date[0]));
227 } elseif ($edate == "Thu") {
228 $event_date = date("Y-m-d", mktime(0, 0, 0, $exploded_date[1], $exploded_date[2] +
5, $exploded_date[0]));
229 } elseif ($edate == "Fri") {
230 $event_date = date("Y-m-d", mktime(0, 0, 0, $exploded_date[1], $exploded_date[2] +
4, $exploded_date[0]));
231 } elseif ($edate == "Sat") {
232 $event_date = date("Y-m-d", mktime(0, 0, 0, $exploded_date[1], $exploded_date[2] +
3, $exploded_date[0]));
233 } elseif ($edate == "Sun") {
234 $event_date = date("Y-m-d", mktime(0, 0, 0, $exploded_date[1], $exploded_date[2] +
2, $exploded_date[0]));
235 } elseif ($edate == "Mon") {
236 $event_date = date("Y-m-d", mktime(0, 0, 0, $exploded_date[1], $exploded_date[2] +
1, $exploded_date[0]));
238 } elseif (($_POST['form_repeat_type'] ??
null) == 7) {
239 $exploded_date = explode("-", $event_date);
240 $edate = date("D", mktime(0, 0, 0, $exploded_date[1], $exploded_date[2], $exploded_date[0]));
241 if ($edate == "Thu") {
242 $event_date = date("Y-m-d", mktime(0, 0, 0, $exploded_date[1], $exploded_date[2] +
6, $exploded_date[0]));
243 } elseif ($edate == "Fri") {
244 $event_date = date("Y-m-d", mktime(0, 0, 0, $exploded_date[1], $exploded_date[2] +
5, $exploded_date[0]));
245 } elseif ($edate == "Sat") {
246 $event_date = date("Y-m-d", mktime(0, 0, 0, $exploded_date[1], $exploded_date[2] +
4, $exploded_date[0]));
247 } elseif ($edate == "Sun") {
248 $event_date = date("Y-m-d", mktime(0, 0, 0, $exploded_date[1], $exploded_date[2] +
3, $exploded_date[0]));
249 } elseif ($edate == "Mon") {
250 $event_date = date("Y-m-d", mktime(0, 0, 0, $exploded_date[1], $exploded_date[2] +
2, $exploded_date[0]));
251 } elseif ($edate == "Tue") {
252 $event_date = date("Y-m-d", mktime(0, 0, 0, $exploded_date[1], $exploded_date[2] +
1, $exploded_date[0]));
254 } elseif (($_POST['form_repeat_type'] ??
null) == 8) {
255 $exploded_date = explode("-", $event_date);
256 $edate = date("D", mktime(0, 0, 0, $exploded_date[1], $exploded_date[2], $exploded_date[0]));
257 if ($edate == "Fri") {
258 $event_date = date("Y-m-d", mktime(0, 0, 0, $exploded_date[1], $exploded_date[2] +
6, $exploded_date[0]));
259 } elseif ($edate == "Sat") {
260 $event_date = date("Y-m-d", mktime(0, 0, 0, $exploded_date[1], $exploded_date[2] +
5, $exploded_date[0]));
261 } elseif ($edate == "Sun") {
262 $event_date = date("Y-m-d", mktime(0, 0, 0, $exploded_date[1], $exploded_date[2] +
4, $exploded_date[0]));
263 } elseif ($edate == "Mon") {
264 $event_date = date("Y-m-d", mktime(0, 0, 0, $exploded_date[1], $exploded_date[2] +
3, $exploded_date[0]));
265 } elseif ($edate == "Tue") {
266 $event_date = date("Y-m-d", mktime(0, 0, 0, $exploded_date[1], $exploded_date[2] +
2, $exploded_date[0]));
267 } elseif ($edate == "Wed") {
268 $event_date = date("Y-m-d", mktime(0, 0, 0, $exploded_date[1], $exploded_date[2] +
1, $exploded_date[0]));
270 } elseif (($_POST['form_repeat_type'] ??
null) == 9) {
271 $exploded_date = explode("-", $event_date);
272 $edate = date("D", mktime(0, 0, 0, $exploded_date[1], $exploded_date[2], $exploded_date[0]));
273 if ($edate == "Sat") {
274 $event_date = date("Y-m-d", mktime(0, 0, 0, $exploded_date[1], $exploded_date[2] +
6, $exploded_date[0]));
275 } elseif ($edate == "Sun") {
276 $event_date = date("Y-m-d", mktime(0, 0, 0, $exploded_date[1], $exploded_date[2] +
5, $exploded_date[0]));
277 } elseif ($edate == "Mon") {
278 $event_date = date("Y-m-d", mktime(0, 0, 0, $exploded_date[1], $exploded_date[2] +
4, $exploded_date[0]));
279 } elseif ($edate == "Tue") {
280 $event_date = date("Y-m-d", mktime(0, 0, 0, $exploded_date[1], $exploded_date[2] +
3, $exploded_date[0]));
281 } elseif ($edate == "Wed") {
282 $event_date = date("Y-m-d", mktime(0, 0, 0, $exploded_date[1], $exploded_date[2] +
2, $exploded_date[0]));
283 } elseif ($edate == "Thu") {
284 $event_date = date("Y-m-d", mktime(0, 0, 0, $exploded_date[1], $exploded_date[2] +
1, $exploded_date[0]));
287 /* =======================================================
289 ========================================================*/
291 // what is multiple key around this $eid?
292 $row = sqlQuery("SELECT pc_multiple FROM openemr_postcalendar_events WHERE pc_eid = ?", array($eid));
294 if ($GLOBALS['select_multi_providers'] && $row['pc_multiple']) {
295 /* ==========================================
296 // multi providers BOS
297 ==========================================*/
299 // obtain current list of providers regarding the multiple key
300 $up = sqlStatement("SELECT pc_aid FROM openemr_postcalendar_events WHERE pc_multiple = ?", array($row['pc_multiple']));
301 while ($current = sqlFetchArray($up)) {
302 $providers_current[] = $current['pc_aid'];
305 $providers_new = $_POST['form_provider_ae'];
307 // this difference means that some providers from current was UNCHECKED
308 // so we must delete this event for them
309 $r1 = array_diff($providers_current, $providers_new);
311 foreach ($r1 as $to_be_removed) {
312 sqlQuery("DELETE FROM openemr_postcalendar_events WHERE pc_aid = ? AND pc_multiple = ?", array($to_be_removed, $row['pc_multiple']));
316 // this difference means that some providers was added
317 // so we must insert this event for them
318 $r2 = array_diff($providers_new, $providers_current);
320 foreach ($r2 as $to_be_inserted) {
321 sqlStatement("INSERT INTO openemr_postcalendar_events ( pc_catid, pc_multiple, pc_aid, pc_pid, pc_title, pc_time, pc_hometext, pc_informant, pc_eventDate, pc_endDate, pc_duration, pc_recurrtype, pc_recurrspec, pc_startTime, pc_endTime, pc_alldayevent, pc_apptstatus, pc_prefcatid, pc_location, pc_eventstatus, pc_sharing, pc_facility)
323 "'" . add_escape_custom($_POST['form_category']) . "', " .
324 "'" . add_escape_custom($row['pc_multiple']) . "', " .
325 "'" . add_escape_custom($to_be_inserted) . "', " .
326 "'" . add_escape_custom($_SESSION['pid']) . "', " .
327 "'" . add_escape_custom($_POST['form_title']) . "', " .
329 "'" . add_escape_custom($_POST['form_comments']) . "', " .
330 "'" . add_escape_custom($_SESSION['providerId']) . "', " .
331 "'" . add_escape_custom($event_date) . "', " .
332 "'" . add_escape_custom(fixDate($_POST['form_enddate'])) . "', " .
333 "'" . add_escape_custom(($duration * 60)) . "', " .
334 "'" . ($_POST['form_repeat'] ?
'1' : '0') . "', " .
335 "'" . add_escape_custom($recurrspec) . "', " .
336 "'" . add_escape_custom($starttime) . "', " .
337 "'" . add_escape_custom($endtime) . "', " .
338 "'" . add_escape_custom($_POST['form_allday']) . "', " .
339 "'" . add_escape_custom($_POST['form_apptstatus']) . "', " .
340 "'" . add_escape_custom($_POST['form_prefcat']) . "', " .
341 "'" . add_escape_custom($locationspec) . "', " .
343 "1, " . (int)$_POST['facility'] . " )"); // FF stuff
348 // after the two diffs above, we must update for remaining providers
349 // those who are intersected in $providers_current and $providers_new
350 foreach ($_POST['form_provider_ae'] as $provider) {
351 sqlStatement("UPDATE openemr_postcalendar_events SET " .
352 "pc_catid = '" . add_escape_custom($_POST['form_category']) . "', " .
353 "pc_pid = '" . add_escape_custom($_SESSION['pid']) . "', " .
354 "pc_title = '" . add_escape_custom($_POST['form_title']) . "', " .
355 "pc_time = NOW(), " .
356 "pc_hometext = '" . add_escape_custom($_POST['form_comments']) . "', " .
357 "pc_informant = '" . add_escape_custom($_SESSION['providerId']) . "', " .
358 "pc_eventDate = '" . add_escape_custom($event_date) . "', " .
359 "pc_endDate = '" . add_escape_custom(fixDate($_POST['form_enddate'])) . "', " .
360 "pc_duration = '" . add_escape_custom(($duration * 60)) . "', " .
361 "pc_recurrtype = '" . ($_POST['form_repeat'] ?
'1' : '0') . "', " .
362 "pc_recurrspec = '" . add_escape_custom($recurrspec) . "', " .
363 "pc_startTime = '" . add_escape_custom($starttime) . "', " .
364 "pc_endTime = '" . add_escape_custom($endtime) . "', " .
365 "pc_alldayevent = '" . add_escape_custom($_POST['form_allday']) . "', " .
366 "pc_apptstatus = '" . add_escape_custom($_POST['form_apptstatus']) . "', " .
367 "pc_prefcatid = '" . add_escape_custom($_POST['form_prefcat']) . "', " .
368 "pc_facility = '" . (int)$_POST['facility'] . "' " . // FF stuff
369 "WHERE pc_aid = '" . add_escape_custom($provider) . "' AND pc_multiple='" . add_escape_custom($row['pc_multiple']) . "'");
372 /* ==========================================
373 // multi providers EOS
374 ==========================================*/
375 } elseif (!$row['pc_multiple']) {
376 if ($GLOBALS['select_multi_providers']) {
377 $prov = $_POST['form_provider_ae'][0];
379 $prov = $_POST['form_provider_ae'];
382 // simple provider case
383 sqlStatement("UPDATE openemr_postcalendar_events SET " .
384 "pc_catid = '" . add_escape_custom($_POST['form_category']) . "', " .
385 "pc_aid = '" . add_escape_custom($prov) . "', " .
386 "pc_pid = '" . add_escape_custom($_SESSION['pid']) . "', " .
387 "pc_title = '" . add_escape_custom($_POST['form_title']) . "', " .
388 "pc_time = NOW(), " .
389 "pc_hometext = '" . add_escape_custom($_POST['form_comments']) . "', " .
390 "pc_informant = '" . add_escape_custom($_SESSION['providerId']) . "', " .
391 "pc_eventDate = '" . add_escape_custom($event_date) . "', " .
392 "pc_endDate = '" . add_escape_custom(fixDate($_POST['form_enddate'] ??
'')) . "', " .
393 "pc_duration = '" . add_escape_custom(($duration * 60)) . "', " .
394 "pc_recurrtype = '" . (($_POST['form_repeat'] ??
null) ?
'1' : '0') . "', " .
395 "pc_recurrspec = '" . add_escape_custom($recurrspec) . "', " .
396 "pc_startTime = '" . add_escape_custom($starttime) . "', " .
397 "pc_endTime = '" . add_escape_custom($endtime) . "', " .
398 "pc_alldayevent = '" . add_escape_custom(($_POST['form_allday'] ??
'')) . "', " .
399 "pc_apptstatus = '" . add_escape_custom($_POST['form_apptstatus']) . "', " .
400 "pc_prefcatid = '" . add_escape_custom(($_POST['form_prefcat'] ??
'')) . "', " .
401 "pc_facility = '" . (int)($_POST['facility'] ??
null) . "' " . // FF stuff
402 "WHERE pc_eid = '" . add_escape_custom($eid) . "'");
405 // =======================================
406 // EOS multi providers case
407 // =======================================
409 // EVENTS TO FACILITIES
413 /* =======================================================
415 ========================================================*/
417 // =======================================
418 // multi providers case
419 // =======================================
421 if (is_array($_POST['form_provider_ae'])) {
422 // obtain the next available unique key to group multiple providers around some event
423 $q = sqlStatement("SELECT MAX(pc_multiple) as max FROM openemr_postcalendar_events");
424 $max = sqlFetchArray($q);
425 $new_multiple_value = $max['max'] +
1;
427 foreach ($_POST['form_provider_ae'] as $provider) {
428 sqlStatement("INSERT INTO openemr_postcalendar_events ( " .
429 "pc_catid, pc_multiple, pc_aid, pc_pid, pc_title, pc_time, pc_hometext, " .
430 "pc_informant, pc_eventDate, pc_endDate, pc_duration, pc_recurrtype, " .
431 "pc_recurrspec, pc_startTime, pc_endTime, pc_alldayevent, " .
432 "pc_apptstatus, pc_prefcatid, pc_location, pc_eventstatus, pc_sharing, pc_facility " .
434 "'" . add_escape_custom($_POST['form_category']) . "', " .
435 "'" . add_escape_custom($new_multiple_value) . "', " .
436 "'" . add_escape_custom($provider) . "', " .
437 "'" . add_escape_custom($_SESSION['pid']) . "', " .
438 "'" . add_escape_custom($_POST['form_title']) . "', " .
440 "'" . add_escape_custom($_POST['form_comments']) . "', " .
441 "'" . add_escape_custom($_SESSION['providerId']) . "', " .
442 "'" . add_escape_custom($event_date) . "', " .
443 "'" . add_escape_custom(fixDate($_POST['form_enddate'])) . "', " .
444 "'" . add_escape_custom(($duration * 60)) . "', " .
445 "'" . ($_POST['form_repeat'] ?
'1' : '0') . "', " .
446 "'" . add_escape_custom($recurrspec) . "', " .
447 "'" . add_escape_custom($starttime) . "', " .
448 "'" . add_escape_custom($endtime) . "', " .
449 "'" . add_escape_custom($_POST['form_allday']) . "', " .
450 "'" . add_escape_custom($_POST['form_apptstatus']) . "', " .
451 "'" . add_escape_custom($_POST['form_prefcat']) . "', " .
452 "'" . add_escape_custom($locationspec) . "', " .
454 "1, " . (int)$_POST['facility'] . " )"); // FF stuff
457 $_POST['form_apptstatus'] = '^';
459 sqlStatement("INSERT INTO openemr_postcalendar_events ( " .
460 "pc_catid, pc_aid, pc_pid, pc_title, pc_time, pc_hometext, " .
461 "pc_informant, pc_eventDate, pc_endDate, pc_duration, pc_recurrtype, " .
462 "pc_recurrspec, pc_startTime, pc_endTime, pc_alldayevent, " .
463 "pc_apptstatus, pc_prefcatid, pc_location, pc_eventstatus, pc_sharing, pc_facility " .
465 "'" . add_escape_custom($_POST['form_category']) . "', " .
466 "'" . add_escape_custom($_POST['form_provider_ae']) . "', " .
467 "'" . add_escape_custom($_SESSION['pid']) . "', " .
468 "'" . add_escape_custom($_POST['form_title']) . "', " .
470 "'" . add_escape_custom($_POST['form_comments']) . "', " .
471 "'" . add_escape_custom($_SESSION['providerId']) . "', " .
472 "'" . add_escape_custom($event_date) . "', " .
473 "'" . add_escape_custom(fixDate(($_POST['form_enddate'] ??
''))) . "', " .
474 "'" . add_escape_custom(($duration * 60)) . "', " .
475 "'" . (($_POST['form_repeat'] ??
null) ?
'1' : '0') . "', " .
476 "'" . add_escape_custom($recurrspec) . "', " .
477 "'" . add_escape_custom($starttime) . "', " .
478 "'" . add_escape_custom($endtime) . "', " .
479 "'" . add_escape_custom(($_POST['form_allday'] ??
'')) . "', " .
480 "'" . add_escape_custom($_POST['form_apptstatus']) . "', " .
481 "'" . add_escape_custom(($_POST['form_prefcat'] ??
null)) . "', " .
482 "'" . add_escape_custom($locationspec) . "', " .
484 "1, " . (int)($_POST['facility'] ??
null) . ")"); // FF stuff
487 } elseif (($_POST['form_action'] ??
null) == "delete") {
488 // =======================================
489 // multi providers case
490 // =======================================
491 if ($GLOBALS['select_multi_providers']) {
492 // what is multiple key around this $eid?
493 $row = sqlQuery("SELECT pc_multiple FROM openemr_postcalendar_events WHERE pc_eid = ?", array($eid));
494 if ($row['pc_multiple']) {
495 sqlStatement("DELETE FROM openemr_postcalendar_events WHERE pc_multiple = ?", array($row['pc_multiple']));
497 sqlStatement("DELETE FROM openemr_postcalendar_events WHERE pc_eid = ?", array($eid));
500 // =======================================
501 // EOS multi providers case
502 // =======================================
504 sqlStatement("DELETE FROM openemr_postcalendar_events WHERE pc_eid = ?", array($eid));
508 if (!empty($_POST['form_action'])) {
510 $type = $insert ?
xl("A New Appointment") : xl("An Updated Appointment");
511 $note = $type . " " . xl("request was received from portal patient") . " ";
512 $note .= $_SESSION['ptName'] . " " . xl("regarding appointment dated") . " " . $event_date . " " . $starttime . ". ";
513 $note .= !empty($_POST['form_comments']) ?
(xl("Reason") . " " . $_POST['form_comments']) : "";
514 $note .= ". " . xl("Use Portal Dashboard to confirm with patient.");
515 $title = xl("Patient Reminders");
516 $user = sqlQueryNoLog("SELECT users.username FROM users WHERE authorized = 1 And id = ?", array($_POST['form_provider_ae']));
517 $rtn = addPnote($_SESSION['pid'], $note, 1, 1, $title, $user['username'], '', 'New');
519 $_SESSION['whereto'] = '#appointmentcard';
520 header('Location:./home.php');
524 // If we get this far then we are displaying the form.
528 '*' => xl('* Reminder done'),
529 '+' => xl('+ Chart pulled'),
530 'x' => xl('x Cancelled'), // added Apr 2008 by JRM
531 '?' => xl('? No show'),
532 '@' => xl('@ Arrived'),
533 '~' => xl('~ Arrived late'),
534 '!' => xl('! Left w/o visit'),
535 '#' => xl('# Ins/fin issue'),
536 '<' => xl('< In exam room'),
537 '>' => xl('> Checked out'),
538 '$' => xl('$ Coding done'),
539 '^' => xl('^ Pending'),
542 $repeats = 0; // if the event repeats
549 // If we are editing an existing event, then get its data.
551 $row = sqlQuery("SELECT * FROM openemr_postcalendar_events WHERE pc_eid = ?", array($eid));
552 $date = $row['pc_eventDate'];
553 $userid = $row['pc_aid'];
554 $patientid = $row['pc_pid'];
555 $starttimeh = substr($row['pc_startTime'], 0, 2) +
0;
556 $starttimem = substr($row['pc_startTime'], 3, 2);
557 $repeats = $row['pc_recurrtype'];
558 $multiple_value = $row['pc_multiple'];
560 if (preg_match('/"event_repeat_freq_type";s:1:"(\d)"/', $row['pc_recurrspec'], $matches)) {
561 $repeattype = $matches[1];
564 if (preg_match('/"event_repeat_freq";s:1:"(\d)"/', $row['pc_recurrspec'], $matches)) {
565 $repeatfreq = $matches[1];
568 $hometext = $row['pc_hometext'];
569 if (substr($hometext, 0, 6) == ':text:') {
570 $hometext = substr($hometext, 6);
573 $patientid = $_GET['pid'];
576 // If we have a patient ID, get the name and phone numbers to display.
578 $prow = sqlQuery("SELECT lname, fname, phone_home, phone_biz, DOB " .
579 "FROM patient_data WHERE pid = ?", array($patientid));
580 $patientname = $prow['lname'] . ", " . $prow['fname'];
581 if ($prow['phone_home']) {
582 $patienttitle .= " H=" . $prow['phone_home'];
585 if ($prow['phone_biz']) {
586 $patienttitle .= " W=" . $prow['phone_biz'];
590 // Get the providers list.
591 $ures = sqlStatement("SELECT `id`, `username`, `fname`, `lname`, `mname` FROM `users` WHERE " .
592 "`authorized` != 0 AND `active` = 1 AND `username` > '' ORDER BY `lname`, `fname`");
594 //Set default facility for a new event based on the given 'userid'
596 $pref_facility = sqlFetchArray(sqlStatement("SELECT facility_id, facility FROM users WHERE id = ?", array($userid)));
597 $e2f = $pref_facility['facility_id'];
598 $e2f_name = $pref_facility['facility'];
604 <title
><?php
echo $eid ?
xlt("Edit Event") : xlt("Add New Event"); ?
></title
>
605 <?php
// no header necessary. scope is home.php ?>
608 var durations
= Array();
610 // Read the event categories, generate their options list, and get
611 // the default event duration from them if this is a new event.
614 // Get event categories.
615 $cres = sqlStatement("SELECT pc_catid, pc_cattype, pc_catname, " .
616 "pc_recurrtype, pc_duration, pc_end_all_day " .
617 "FROM openemr_postcalendar_categories where pc_active = 1 ORDER BY pc_seq");
619 $prefcat_options = " <option value='0'>-- " . xlt("None{{Category}}") . " --</option>\n";
622 $thisduration = $row['pc_alldayevent'] ?
1440 : round($row['pc_duration'] / 60);
624 while ($crow = sqlFetchArray($cres)) {
625 $duration = round($crow['pc_duration'] / 60);
626 if ($crow['pc_end_all_day']) {
630 // This section is to build the list of preferred categories:
632 $prefcat_options .= " <option value='" . attr($crow['pc_catid']) . "'";
634 if ($crow['pc_catid'] == $row['pc_prefcatid']) {
635 $prefcat_options .= " selected";
639 $prefcat_options .= ">" . text(xl_appt_category($crow['pc_catname'])) . "</option>\n";
642 if ($crow['pc_cattype'] != $cattype) {
646 echo " durations[" . attr($crow['pc_catid']) . "] = " . attr($duration) . ";\n";
647 // echo " rectypes[" . $crow['pc_catid'] . "] = " . $crow['pc_recurrtype'] . "\n";
648 $catoptions .= " <option value='" . attr($crow['pc_catid']) . "'";
650 if ($crow['pc_catid'] == $row['pc_catid']) {
651 $catoptions .= " selected";
654 if ($crow['pc_catid'] == $default_catid) {
655 $catoptions .= " selected";
656 $thisduration = $duration;
660 $catoptions .= ">" . text(xl_appt_category($crow['pc_catname'])) . "</option>\n";
662 // Fix up the time format for AM/PM.
664 if ($starttimeh >= 12) { // p.m. starts at noon and not 12:01
666 if ($starttimeh > 12) {
673 <body
class="skin-blue">
674 <div
class="container-fluid">
675 <form method
='post' name
='theaddform' id
='theaddform' action
='add_edit_event_user.php?eid=<?php echo attr_url($eid); ?>'>
677 <input type
="hidden" name
="form_action" id
="form_action" value
="" />
678 <input type
='hidden' name
='form_title' id
='form_title' value
='<?php echo ($row['pc_catid
'] ?? '') ? attr($row['pc_title
']) : xla("Office Visit"); ?>' />
679 <input type
='hidden' name
='form_apptstatus' id
='form_apptstatus' value
='<?php echo ($row['pc_apptstatus
'] ?? '') ? attr($row['pc_apptstatus
'] ?? '') : "^" ?>' />
680 <div
class="row form-group">
681 <div
class="input-group col-12 col-md-6">
682 <label
class="mr-2" for="form_category"><?php
echo xlt('Visit'); ?
>:</label
>
683 <select
class="form-control mb-1" onchange
='set_category()' id
='form_category' name
='form_category' value
='<?php echo (($row['pc_catid
'] ?? '') > "") ? attr($row['pc_catid
']) : '5'; ?>'>
684 <?php
echo $catoptions ?
>
687 <div
class="input-group col-12 col-md-6">
688 <label
class="mr-2" for="form_date"><?php
echo xlt('Date'); ?
>:</label
>
689 <input
class="form-control mb-1" type
='text' name
='form_date' readonly id
='form_date' value
='<?php echo (isset($eid) && $eid) ? attr($row['pc_eventDate
']) : attr($date); ?>' />
693 <div
class="form-group form-inline col-12">
694 <div
class="input-group mb-1">
695 <label
class="mr-2"><?php
echo xlt('Time'); ?
>:</label
>
696 <input
class="form-control col-2 col-md-3" type
='text' name
='form_hour' size
='2' value
='<?php echo (isset($eid)) ? $starttimeh : ''; ?>' title
='<?php echo xla('Event start time
'); ?>' readonly
/>
697 <input
class="form-control col-2 col-md-3" type
='text' name
='form_minute' size
='2' value
='<?php echo (isset($eid)) ? $starttimem : ''; ?>' title
='<?php echo xla('Event start time
'); ?>' readonly
/>
698 <select
class="form-control col-3 col-md-4" name
='form_ampm' title
='Note: 12:00 noon is PM, not AM' readonly
>
699 <option value
='1'><?php
echo xlt('AM'); ?
></option
>
700 <option value
='2'<?php
echo ($startampm == '2') ?
" selected" : ""; ?
>><?php
echo xlt('PM'); ?
></option
>
703 <div
class="input-group">
704 <label
class="mr-2" for="form_duration"><?php
echo xlt('Duration'); ?
></label
>
705 <input
class="form-control" type
='text' size
='1' id
='form_duration' name
='form_duration' value
='<?php echo ($row['pc_duration
'] ?? '') ? ($row['pc_duration
'] * 1 / 60) : attr($thisduration) ?>' readonly
/>
706 <span
class="input-group-append">
707 <span
class="input-group-text"><?php
echo " " . xlt('minutes'); ?
></span
>
713 <div
class="input-group col-12 mb-1">
714 <label
class="mr-2" for="form_patient"><?php
echo xlt('Patient'); ?
>:</label
>
715 <input
class="form-control" type
='text' id
='form_patient' name
='form_patient' value
='<?php echo attr($patientname); ?>' title
='Patient' readonly
/>
716 <input type
='hidden' name
='form_pid' value
='<?php echo attr($patientid); ?>' />
720 <div
class="input-group col-12 mb-1">
721 <label
class="mr-2" for="form_provider_ae"><?php
echo xlt('Provider'); ?
>:</label
>
722 <select
class="form-control" name
='form_provider_ae' id
='form_provider_ae' onchange
='change_provider();'>
724 // present a list of providers to choose from
725 // default to the currently logged-in user
726 while ($urow = sqlFetchArray($ures)) {
727 echo "<option value='" . attr($urow['id']) . "'";
728 if (($urow['id'] == ($_GET['userid'] ??
null)) ||
($urow['id'] == $userid)) {
731 echo ">" . text($urow['lname']);
732 if ($urow['fname']) {
733 echo ", " . text($urow['fname']);
739 <div
class="text-right">
740 <input type
='button' class='btn btn-success' value
='<?php echo xla('Openings
'); ?>' onclick
='find_available()' />
745 <div
class="input-group col-12">
746 <label
class="mr-2"><?php
echo xlt('Reason'); ?
>:</label
>
747 <input
class="form-control" type
='text' size
='40' name
='form_comments' value
='<?php echo attr($hometext); ?>' title
='<?php echo xla('Optional information about this event
'); ?>' />
750 <div
class="row input-group my-1">
751 <?php
if (($_GET['eid'] ??
null) && $row['pc_apptstatus'] !== 'x') { ?
>
752 <input type
='button' id
='form_cancel' class='btn btn-danger' onsubmit
='return false' value
='<?php echo xla('Cancel Appointment
'); ?>' onclick
="cancel_appointment()" />
754 <input type
='button' name
='form_save' class='btn btn-success' onsubmit
='return false' value
='<?php echo xla('Save
'); ?>' onclick
="validate()" />
759 function change_provider() {
760 var f
= document
.forms
.namedItem("theaddform");
761 f
.form_date
.value
= '';
762 f
.form_hour
.value
= '';
763 f
.form_minute
.value
= '';
766 function set_display() {
767 var f
= document
.forms
.namedItem("theaddform");
768 var si
= document
.getElementById('form_category');
769 if (si
.selectedIndex
>= 0) {
770 var catid
= si
.options
[si
.selectedIndex
].value
;
771 //var style_apptstatus = document.getElementById('title_apptstatus').style;
772 //var style_prefcat = document.getElementById('title_prefcat').style;
773 // will keep this for future. not needed now.
777 function cancel_appointment() {
778 let f
= document
.forms
.namedItem("theaddform");
779 let msg
= <?php
echo xlj("Click Okay if you are sure you want to cancel this appointment?") . "\n" .
780 xlj("It is prudent to follow up with provider if not contacted.") ?
>;
781 let msg_reason
= <?php
echo xlj("You must enter a reason to cancel this appointment?") . "\n" .
782 xlj("Reason must be at least 10 characters!") ?
>;
783 if (f
.form_comments
.value
.length
<= 10) {
787 let yn
= confirm(msg
);
791 document
.getElementById('form_apptstatus').value
= "x";
795 // Do whatever is needed when a new event category is selected.
796 // For now this means changing the event title and duration.
797 function set_category() {
798 var f
= document
.forms
.namedItem("theaddform");
799 var s
= f
.form_category
;
800 if (s
.selectedIndex
>= 0) {
801 var catid
= s
.options
[s
.selectedIndex
].value
;
802 f
.form_title
.value
= s
.options
[s
.selectedIndex
].text
;
803 f
.form_duration
.value
= durations
[catid
];
808 // This is for callback by the find-available popup.
809 function setappt(year
, mon
, mday
, hours
, minutes
) {
810 var f
= document
.forms
.namedItem("theaddform");
811 f
.form_date
.value
= '' + year +
'-' +
812 ('' +
(mon +
100)).substring(1) +
'-' +
813 ('' +
(mday +
100)).substring(1);
814 f
.form_ampm
.selectedIndex
= (hours
> 12) ?
1 : 0;
816 f
.form_hour
.value
= 12;
818 f
.form_hour
.value
= (hours
>= 13) ? hours
- 12 : hours
;
820 f
.form_minute
.value
= minutes
;
823 function get_form_category_value() {
825 var f
= document
.forms
.namedItem("theaddform");
826 var s
= f
.form_category
;
827 if (s
.selectedIndex
>= 0) {
828 catid
= s
.options
[s
.selectedIndex
].value
;
833 // Invoke the find-available popup.
834 function find_available() {
835 // when making an appointment for a specific provider
836 var catId
= get_form_category_value() ||
5;
837 var se
= document
.getElementById('form_provider_ae');
838 <?php
if ($userid != 0) { ?
>
841 s
= se
.options
[se
.selectedIndex
].value
;
843 var formDate
= document
.getElementById('form_date');
844 var url
= 'find_appt_popup_user.php?bypatient&providerid=' +
encodeURIComponent(s
) +
'&catid=' +
encodeURIComponent(catId
)
845 +
'&startdate=' +
encodeURIComponent(formDate
.value
);
848 {text
: <?php
echo xlj('Cancel'); ?
>, close
: true, style
: 'danger btn-sm'}
852 dialogId
: 'apptDialog',
855 dlgopen(url
, 'apptFind', 'modal-md', 300, '', 'Find Date', params
);
858 // Check for errors when the form is submitted.
859 function validate() {
860 var f
= document
.getElementById('theaddform');
861 if (!f
.form_date
.value ||
!f
.form_hour
.value ||
!f
.form_minute
.value
) {
862 alert(<?php
echo xlj('Please click on Openings to select a time.'); ?
>);
866 if (f
.form_patient
.value
== '') {
867 alert(<?php
echo xlj('Your Id is missing. Cancel and try again.'); ?
>);
871 var form_action
= document
.getElementById('form_action');
872 form_action
.value
= "save";