search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
refactor(ccdaservice): extract and test cleanCode function (#6785)
[openemr.git] / portal / add_edit_event_user.php
blob254ef4644563b432a3c31a86923e802691b359c2
1 <?php
2
3 /**
4 *
5 * Modified from interface/main/calendar/add_edit_event.php for
6 * the patient portal.
7 *
8 * @package OpenEMR
9 * @link http://www.open-emr.org
10 * @author Rod Roark <rod@sunsetsystems.com>
11 * @author Jerry Padgett <sjpadgett@gmail.com>
12 * @author Brady Miller <brady.g.miller@gmail.com>
13 * @copyright Copyright (C) 2005-2006 Rod Roark <rod@sunsetsystems.com>
14 * @copyright Copyright (C) 2016-2021 Jerry Padgett <sjpadgett@gmail.com>
15 * @copyright Copyright (c) 2019 Brady Miller <brady.g.miller@gmail.com>
16 * @license https://github.com/openemr/openemr/blob/master/LICENSE GNU General Public License 3
17 */
18
19 // Will start the (patient) portal OpenEMR session/cookie.
20 require_once(__DIR__ . "/../src/Common/Session/SessionUtil.php");
21 OpenEMR\Common\Session\SessionUtil::portalSessionStart();
22
23 require_once("./../library/pnotes.inc.php");
24
25 //landing page definition -- where to go if something goes wrong
26 $landingpage = "index.php?site=" . urlencode($_SESSION['site_id']);
27 //
28
29 // kick out if patient not authenticated
30 if (isset($_SESSION['pid']) && isset($_SESSION['patient_portal_onsite_two'])) {
31 $pid = $_SESSION['pid'];
32 } else {
33 OpenEMR\Common\Session\SessionUtil::portalSessionCookieDestroy();
34 header('Location: ' . $landingpage . '&w');
35 exit;
36 }
37
38 $ignoreAuth_onsite_portal = true;
39 global $ignoreAuth_onsite_portal;
40
41 require_once("../interface/globals.php");
42 require_once("$srcdir/patient.inc.php");
43 require_once("$srcdir/forms.inc.php");
44 require_once("$srcdir/appointments.inc.php");
45
46 use OpenEMR\Services\AppointmentService;
47
48 // Things that might be passed by our opener.
49 //
50 $eid = $_GET['eid'] ?? null; // only for existing events
51 $date = $_GET['date'] ?? null; // this and below only for new events
52 $userid = $_GET['userid'] ?? null;
53 $default_catid = ($_GET['catid'] ?? null) ? $_GET['catid'] : '5';
54 $patientid = $_GET['patid'] ?? null;
55 //
56
57 // did someone tamper with eid?
58 $checkEidInAppt = false;
59 $patient_appointments = fetchAppointments('1970-01-01', '2382-12-31', $_SESSION['pid']);
60 $checkEidInAppt = array_search($eid, array_column($patient_appointments, 'pc_eid'));
61
62 if (!empty($eid) && !$checkEidInAppt) {
63 echo js_escape("error");
64 exit();
65 }
66
67 if (!empty($_POST['form_pid'])) {
68 if ($_POST['form_pid'] != $_SESSION['pid']) {
69 echo js_escape("error");
70 exit();
71 }
72
73 if (! getAvailableSlots($_POST['form_date'], date('Y-m-d', strtotime("+1 year " . $_POST['form_date'])), $_POST['form_provider_ae'])) {
74 echo js_escape("error");
75 exit();
76 }
77
78 $appointment_service = (new AppointmentService())->getOneCalendarCategory($_POST['form_category']);
79 if (($_POST['form_duration'] * 60) != ($appointment_service[0]['pc_duration'])) {
80 echo js_escape("error");
81 exit();
82 }
83 }
84
85 if ($date) {
86 $date = substr($date, 0, 4) . '-' . substr($date, 4, 2) . '-' . substr($date, 6);
87 } else {
88 $date = date("Y-m-d");
89 }
90
91 //
92 $starttimem = '00';
93 if (isset($_GET['starttimem'])) {
94 $starttimem = substr('00' . $_GET['starttimem'], -2);
95 }
96
97 //
98 if (isset($_GET['starttimeh'])) {
99 $starttimeh = $_GET['starttimeh'];
100 if (isset($_GET['startampm'])) {
101 if ($_GET['startampm'] == '2' && $starttimeh < 12) {
102 $starttimeh += 12;
103 }
104 }
105 } else {
106 $starttimeh = date("G");
107 }
108
109 $startampm = '';
110
111 $info_msg = "";
112
113 // EVENTS TO FACILITIES (lemonsoftware)
114 //(CHEMED) get facility name
115 // edit event case - if there is no association made, then insert one with the first facility
116 if ($eid) {
117 $selfacil = '';
118 $facility = sqlQuery("SELECT pc_facility, pc_multiple, pc_aid, facility.name
119 FROM openemr_postcalendar_events
120 LEFT JOIN facility ON (openemr_postcalendar_events.pc_facility = facility.id)
121 WHERE pc_eid = ?", array($eid));
122 if (!$facility['pc_facility']) {
123 $qmin = sqlQuery("SELECT facility_id as minId, facility FROM users WHERE id = ?", array($facility['pc_aid']));
124 $min = $qmin['minId'];
125 $min_name = $qmin['facility'];
126
127 // multiple providers case
128 if ($GLOBALS['select_multi_providers']) {
129 $mul = $facility['pc_multiple'];
130 sqlStatement("UPDATE openemr_postcalendar_events SET pc_facility = ? WHERE pc_multiple = ?", array($min, $mul));
131 }
132
133 // EOS multiple
134
135 sqlStatement("UPDATE openemr_postcalendar_events SET pc_facility = ? WHERE pc_eid = ?", array($min, $eid));
136 $e2f = $min;
137 $e2f_name = $min_name;
138 } else {
139 $e2f = $facility['pc_facility'];
140 $e2f_name = $facility['name'];
141 }
142 }
143
144 // EOS E2F
145 // ===========================
146
147
148 // If we are saving, then save and close the window.
149 //
150 if (($_POST['form_action'] ?? null) == "save") {
151 //print_r($_POST);
152 //exit();
153 $event_date = fixDate($_POST['form_date']);
154
155 // Compute start and end time strings to be saved.
156 if ($_POST['form_allday'] ?? null) {
157 $tmph = 0;
158 $tmpm = 0;
159 $duration = 24 * 60;
160 } else {
161 $tmph = $_POST['form_hour'] + 0;
162 $tmpm = $_POST['form_minute'] + 0;
163 if ($_POST['form_ampm'] == '2' && $tmph < 12) {
164 $tmph += 12;
165 }
166
167 $duration = $_POST['form_duration'];
168 }
169
170 $starttime = "$tmph:$tmpm:00";
171 //
172 $tmpm += $duration;
173 while ($tmpm >= 60) {
174 $tmpm -= 60;
175 ++$tmph;
176 }
177
178 $endtime = "$tmph:$tmpm:00";
179
180 // Useless garbage that we must save.
181 $locationspec = 'a:6:{s:14:"event_location";N;s:13:"event_street1";N;' .
182 's:13:"event_street2";N;s:10:"event_city";N;s:11:"event_state";N;s:12:"event_postal";N;}';
183
184 // More garbage, but this time 1 character of it is used to save the
185 // repeat type.
186 if ($_POST['form_repeat'] ?? null) {
187 $recurrspec = 'a:5:{' .
188 's:17:"event_repeat_freq";s:1:"' . $_POST['form_repeat_freq'] . '";' .
189 's:22:"event_repeat_freq_type";s:1:"' . $_POST['form_repeat_type'] . '";' .
190 's:19:"event_repeat_on_num";s:1:"1";' .
191 's:19:"event_repeat_on_day";s:1:"0";' .
192 's:20:"event_repeat_on_freq";s:1:"0";}';
193 } else {
194 $recurrspec = 'a:5:{' .
195 's:17:"event_repeat_freq";N;' .
196 's:22:"event_repeat_freq_type";s:1:"0";' .
197 's:19:"event_repeat_on_num";s:1:"1";' .
198 's:19:"event_repeat_on_day";s:1:"0";' .
199 's:20:"event_repeat_on_freq";s:1:"1";}';
200 }
201
202 //The modification of the start date for events that take place on one day of the week
203 //for example monday, or thursday. We set the start date on the first day of the week
204 //that the event is scheduled. For example if you set the event to repeat on each monday
205 //the start date of the event will be set on the first monday after the day the event is scheduled
206 if (($_POST['form_repeat_type'] ?? null) == 5) {
207 $exploded_date = explode("-", $event_date);
208 $edate = date("D", mktime(0, 0, 0, $exploded_date[1], $exploded_date[2], $exploded_date[0]));
209 if ($edate == "Tue") {
210 $event_date = date("Y-m-d", mktime(0, 0, 0, $exploded_date[1], $exploded_date[2] + 6, $exploded_date[0]));
211 } elseif ($edate == "Wed") {
212 $event_date = date("Y-m-d", mktime(0, 0, 0, $exploded_date[1], $exploded_date[2] + 5, $exploded_date[0]));
213 } elseif ($edate == "Thu") {
214 $event_date = date("Y-m-d", mktime(0, 0, 0, $exploded_date[1], $exploded_date[2] + 4, $exploded_date[0]));
215 } elseif ($edate == "Fri") {
216 $event_date = date("Y-m-d", mktime(0, 0, 0, $exploded_date[1], $exploded_date[2] + 3, $exploded_date[0]));
217 } elseif ($edate == "Sat") {
218 $event_date = date("Y-m-d", mktime(0, 0, 0, $exploded_date[1], $exploded_date[2] + 2, $exploded_date[0]));
219 } elseif ($edate == "Sun") {
220 $event_date = date("Y-m-d", mktime(0, 0, 0, $exploded_date[1], $exploded_date[2] + 1, $exploded_date[0]));
221 }
222 } elseif (($_POST['form_repeat_type'] ?? null) == 6) {
223 $exploded_date = explode("-", $event_date);
224 $edate = date("D", mktime(0, 0, 0, $exploded_date[1], $exploded_date[2], $exploded_date[0]));
225 if ($edate == "Wed") {
226 $event_date = date("Y-m-d", mktime(0, 0, 0, $exploded_date[1], $exploded_date[2] + 6, $exploded_date[0]));
227 } elseif ($edate == "Thu") {
228 $event_date = date("Y-m-d", mktime(0, 0, 0, $exploded_date[1], $exploded_date[2] + 5, $exploded_date[0]));
229 } elseif ($edate == "Fri") {
230 $event_date = date("Y-m-d", mktime(0, 0, 0, $exploded_date[1], $exploded_date[2] + 4, $exploded_date[0]));
231 } elseif ($edate == "Sat") {
232 $event_date = date("Y-m-d", mktime(0, 0, 0, $exploded_date[1], $exploded_date[2] + 3, $exploded_date[0]));
233 } elseif ($edate == "Sun") {
234 $event_date = date("Y-m-d", mktime(0, 0, 0, $exploded_date[1], $exploded_date[2] + 2, $exploded_date[0]));
235 } elseif ($edate == "Mon") {
236 $event_date = date("Y-m-d", mktime(0, 0, 0, $exploded_date[1], $exploded_date[2] + 1, $exploded_date[0]));
237 }
238 } elseif (($_POST['form_repeat_type'] ?? null) == 7) {
239 $exploded_date = explode("-", $event_date);
240 $edate = date("D", mktime(0, 0, 0, $exploded_date[1], $exploded_date[2], $exploded_date[0]));
241 if ($edate == "Thu") {
242 $event_date = date("Y-m-d", mktime(0, 0, 0, $exploded_date[1], $exploded_date[2] + 6, $exploded_date[0]));
243 } elseif ($edate == "Fri") {
244 $event_date = date("Y-m-d", mktime(0, 0, 0, $exploded_date[1], $exploded_date[2] + 5, $exploded_date[0]));
245 } elseif ($edate == "Sat") {
246 $event_date = date("Y-m-d", mktime(0, 0, 0, $exploded_date[1], $exploded_date[2] + 4, $exploded_date[0]));
247 } elseif ($edate == "Sun") {
248 $event_date = date("Y-m-d", mktime(0, 0, 0, $exploded_date[1], $exploded_date[2] + 3, $exploded_date[0]));
249 } elseif ($edate == "Mon") {
250 $event_date = date("Y-m-d", mktime(0, 0, 0, $exploded_date[1], $exploded_date[2] + 2, $exploded_date[0]));
251 } elseif ($edate == "Tue") {
252 $event_date = date("Y-m-d", mktime(0, 0, 0, $exploded_date[1], $exploded_date[2] + 1, $exploded_date[0]));
253 }
254 } elseif (($_POST['form_repeat_type'] ?? null) == 8) {
255 $exploded_date = explode("-", $event_date);
256 $edate = date("D", mktime(0, 0, 0, $exploded_date[1], $exploded_date[2], $exploded_date[0]));
257 if ($edate == "Fri") {
258 $event_date = date("Y-m-d", mktime(0, 0, 0, $exploded_date[1], $exploded_date[2] + 6, $exploded_date[0]));
259 } elseif ($edate == "Sat") {
260 $event_date = date("Y-m-d", mktime(0, 0, 0, $exploded_date[1], $exploded_date[2] + 5, $exploded_date[0]));
261 } elseif ($edate == "Sun") {
262 $event_date = date("Y-m-d", mktime(0, 0, 0, $exploded_date[1], $exploded_date[2] + 4, $exploded_date[0]));
263 } elseif ($edate == "Mon") {
264 $event_date = date("Y-m-d", mktime(0, 0, 0, $exploded_date[1], $exploded_date[2] + 3, $exploded_date[0]));
265 } elseif ($edate == "Tue") {
266 $event_date = date("Y-m-d", mktime(0, 0, 0, $exploded_date[1], $exploded_date[2] + 2, $exploded_date[0]));
267 } elseif ($edate == "Wed") {
268 $event_date = date("Y-m-d", mktime(0, 0, 0, $exploded_date[1], $exploded_date[2] + 1, $exploded_date[0]));
269 }
270 } elseif (($_POST['form_repeat_type'] ?? null) == 9) {
271 $exploded_date = explode("-", $event_date);
272 $edate = date("D", mktime(0, 0, 0, $exploded_date[1], $exploded_date[2], $exploded_date[0]));
273 if ($edate == "Sat") {
274 $event_date = date("Y-m-d", mktime(0, 0, 0, $exploded_date[1], $exploded_date[2] + 6, $exploded_date[0]));
275 } elseif ($edate == "Sun") {
276 $event_date = date("Y-m-d", mktime(0, 0, 0, $exploded_date[1], $exploded_date[2] + 5, $exploded_date[0]));
277 } elseif ($edate == "Mon") {
278 $event_date = date("Y-m-d", mktime(0, 0, 0, $exploded_date[1], $exploded_date[2] + 4, $exploded_date[0]));
279 } elseif ($edate == "Tue") {
280 $event_date = date("Y-m-d", mktime(0, 0, 0, $exploded_date[1], $exploded_date[2] + 3, $exploded_date[0]));
281 } elseif ($edate == "Wed") {
282 $event_date = date("Y-m-d", mktime(0, 0, 0, $exploded_date[1], $exploded_date[2] + 2, $exploded_date[0]));
283 } elseif ($edate == "Thu") {
284 $event_date = date("Y-m-d", mktime(0, 0, 0, $exploded_date[1], $exploded_date[2] + 1, $exploded_date[0]));
285 }
286 }//if end
287 /* =======================================================
288 // UPDATE EVENTS
289 ========================================================*/
290 if ($eid) {
291 // what is multiple key around this $eid?
292 $row = sqlQuery("SELECT pc_multiple FROM openemr_postcalendar_events WHERE pc_eid = ?", array($eid));
293
294 if ($GLOBALS['select_multi_providers'] && $row['pc_multiple']) {
295 /* ==========================================
296 // multi providers BOS
297 ==========================================*/
298
299 // obtain current list of providers regarding the multiple key
300 $up = sqlStatement("SELECT pc_aid FROM openemr_postcalendar_events WHERE pc_multiple = ?", array($row['pc_multiple']));
301 while ($current = sqlFetchArray($up)) {
302 $providers_current[] = $current['pc_aid'];
303 }
304
305 $providers_new = $_POST['form_provider_ae'];
306
307 // this difference means that some providers from current was UNCHECKED
308 // so we must delete this event for them
309 $r1 = array_diff($providers_current, $providers_new);
310 if (count($r1)) {
311 foreach ($r1 as $to_be_removed) {
312 sqlQuery("DELETE FROM openemr_postcalendar_events WHERE pc_aid = ? AND pc_multiple = ?", array($to_be_removed, $row['pc_multiple']));
313 }
314 }
315
316 // this difference means that some providers was added
317 // so we must insert this event for them
318 $r2 = array_diff($providers_new, $providers_current);
319 if (count($r2)) {
320 foreach ($r2 as $to_be_inserted) {
321 sqlStatement("INSERT INTO openemr_postcalendar_events ( pc_catid, pc_multiple, pc_aid, pc_pid, pc_title, pc_time, pc_hometext, pc_informant, pc_eventDate, pc_endDate, pc_duration, pc_recurrtype, pc_recurrspec, pc_startTime, pc_endTime, pc_alldayevent, pc_apptstatus, pc_prefcatid, pc_location, pc_eventstatus, pc_sharing, pc_facility)
322 VALUES ( " .
323 "'" . add_escape_custom($_POST['form_category']) . "', " .
324 "'" . add_escape_custom($row['pc_multiple']) . "', " .
325 "'" . add_escape_custom($to_be_inserted) . "', " .
326 "'" . add_escape_custom($_SESSION['pid']) . "', " .
327 "'" . add_escape_custom($_POST['form_title']) . "', " .
328 "NOW(), " .
329 "'" . add_escape_custom($_POST['form_comments']) . "', " .
330 "'" . add_escape_custom($_SESSION['providerId']) . "', " .
331 "'" . add_escape_custom($event_date) . "', " .
332 "'" . add_escape_custom(fixDate($_POST['form_enddate'])) . "', " .
333 "'" . add_escape_custom(($duration * 60)) . "', " .
334 "'" . ($_POST['form_repeat'] ? '1' : '0') . "', " .
335 "'" . add_escape_custom($recurrspec) . "', " .
336 "'" . add_escape_custom($starttime) . "', " .
337 "'" . add_escape_custom($endtime) . "', " .
338 "'" . add_escape_custom($_POST['form_allday']) . "', " .
339 "'" . add_escape_custom($_POST['form_apptstatus']) . "', " .
340 "'" . add_escape_custom($_POST['form_prefcat']) . "', " .
341 "'" . add_escape_custom($locationspec) . "', " .
342 "1, " .
343 "1, " . (int)$_POST['facility'] . " )"); // FF stuff
344 } // foreach
345 } //if count
346
347
348 // after the two diffs above, we must update for remaining providers
349 // those who are intersected in $providers_current and $providers_new
350 foreach ($_POST['form_provider_ae'] as $provider) {
351 sqlStatement("UPDATE openemr_postcalendar_events SET " .
352 "pc_catid = '" . add_escape_custom($_POST['form_category']) . "', " .
353 "pc_pid = '" . add_escape_custom($_SESSION['pid']) . "', " .
354 "pc_title = '" . add_escape_custom($_POST['form_title']) . "', " .
355 "pc_time = NOW(), " .
356 "pc_hometext = '" . add_escape_custom($_POST['form_comments']) . "', " .
357 "pc_informant = '" . add_escape_custom($_SESSION['providerId']) . "', " .
358 "pc_eventDate = '" . add_escape_custom($event_date) . "', " .
359 "pc_endDate = '" . add_escape_custom(fixDate($_POST['form_enddate'])) . "', " .
360 "pc_duration = '" . add_escape_custom(($duration * 60)) . "', " .
361 "pc_recurrtype = '" . ($_POST['form_repeat'] ? '1' : '0') . "', " .
362 "pc_recurrspec = '" . add_escape_custom($recurrspec) . "', " .
363 "pc_startTime = '" . add_escape_custom($starttime) . "', " .
364 "pc_endTime = '" . add_escape_custom($endtime) . "', " .
365 "pc_alldayevent = '" . add_escape_custom($_POST['form_allday']) . "', " .
366 "pc_apptstatus = '" . add_escape_custom($_POST['form_apptstatus']) . "', " .
367 "pc_prefcatid = '" . add_escape_custom($_POST['form_prefcat']) . "', " .
368 "pc_facility = '" . (int)$_POST['facility'] . "' " . // FF stuff
369 "WHERE pc_aid = '" . add_escape_custom($provider) . "' AND pc_multiple='" . add_escape_custom($row['pc_multiple']) . "'");
370 } // foreach
371
372 /* ==========================================
373 // multi providers EOS
374 ==========================================*/
375 } elseif (!$row['pc_multiple']) {
376 if ($GLOBALS['select_multi_providers']) {
377 $prov = $_POST['form_provider_ae'][0];
378 } else {
379 $prov = $_POST['form_provider_ae'];
380 }
381 $insert = false;
382 // simple provider case
383 sqlStatement("UPDATE openemr_postcalendar_events SET " .
384 "pc_catid = '" . add_escape_custom($_POST['form_category']) . "', " .
385 "pc_aid = '" . add_escape_custom($prov) . "', " .
386 "pc_pid = '" . add_escape_custom($_SESSION['pid']) . "', " .
387 "pc_title = '" . add_escape_custom($_POST['form_title']) . "', " .
388 "pc_time = NOW(), " .
389 "pc_hometext = '" . add_escape_custom($_POST['form_comments']) . "', " .
390 "pc_informant = '" . add_escape_custom($_SESSION['providerId']) . "', " .
391 "pc_eventDate = '" . add_escape_custom($event_date) . "', " .
392 "pc_endDate = '" . add_escape_custom(fixDate($_POST['form_enddate'] ?? '')) . "', " .
393 "pc_duration = '" . add_escape_custom(($duration * 60)) . "', " .
394 "pc_recurrtype = '" . (($_POST['form_repeat'] ?? null) ? '1' : '0') . "', " .
395 "pc_recurrspec = '" . add_escape_custom($recurrspec) . "', " .
396 "pc_startTime = '" . add_escape_custom($starttime) . "', " .
397 "pc_endTime = '" . add_escape_custom($endtime) . "', " .
398 "pc_alldayevent = '" . add_escape_custom(($_POST['form_allday'] ?? '')) . "', " .
399 "pc_apptstatus = '" . add_escape_custom($_POST['form_apptstatus']) . "', " .
400 "pc_prefcatid = '" . add_escape_custom(($_POST['form_prefcat'] ?? '')) . "', " .
401 "pc_facility = '" . (int)($_POST['facility'] ?? null) . "' " . // FF stuff
402 "WHERE pc_eid = '" . add_escape_custom($eid) . "'");
403 }
404
405 // =======================================
406 // EOS multi providers case
407 // =======================================
408
409 // EVENTS TO FACILITIES
410
411 $e2f = (int)$eid;
412
413 /* =======================================================
414 // INSERT EVENTS
415 ========================================================*/
416 } else {
417 // =======================================
418 // multi providers case
419 // =======================================
420
421 if (is_array($_POST['form_provider_ae'])) {
422 // obtain the next available unique key to group multiple providers around some event
423 $q = sqlStatement("SELECT MAX(pc_multiple) as max FROM openemr_postcalendar_events");
424 $max = sqlFetchArray($q);
425 $new_multiple_value = $max['max'] + 1;
426
427 foreach ($_POST['form_provider_ae'] as $provider) {
428 sqlStatement("INSERT INTO openemr_postcalendar_events ( " .
429 "pc_catid, pc_multiple, pc_aid, pc_pid, pc_title, pc_time, pc_hometext, " .
430 "pc_informant, pc_eventDate, pc_endDate, pc_duration, pc_recurrtype, " .
431 "pc_recurrspec, pc_startTime, pc_endTime, pc_alldayevent, " .
432 "pc_apptstatus, pc_prefcatid, pc_location, pc_eventstatus, pc_sharing, pc_facility " .
433 ") VALUES ( " .
434 "'" . add_escape_custom($_POST['form_category']) . "', " .
435 "'" . add_escape_custom($new_multiple_value) . "', " .
436 "'" . add_escape_custom($provider) . "', " .
437 "'" . add_escape_custom($_SESSION['pid']) . "', " .
438 "'" . add_escape_custom($_POST['form_title']) . "', " .
439 "NOW(), " .
440 "'" . add_escape_custom($_POST['form_comments']) . "', " .
441 "'" . add_escape_custom($_SESSION['providerId']) . "', " .
442 "'" . add_escape_custom($event_date) . "', " .
443 "'" . add_escape_custom(fixDate($_POST['form_enddate'])) . "', " .
444 "'" . add_escape_custom(($duration * 60)) . "', " .
445 "'" . ($_POST['form_repeat'] ? '1' : '0') . "', " .
446 "'" . add_escape_custom($recurrspec) . "', " .
447 "'" . add_escape_custom($starttime) . "', " .
448 "'" . add_escape_custom($endtime) . "', " .
449 "'" . add_escape_custom($_POST['form_allday']) . "', " .
450 "'" . add_escape_custom($_POST['form_apptstatus']) . "', " .
451 "'" . add_escape_custom($_POST['form_prefcat']) . "', " .
452 "'" . add_escape_custom($locationspec) . "', " .
453 "1, " .
454 "1, " . (int)$_POST['facility'] . " )"); // FF stuff
455 } // foreach
456 } else {
457 $_POST['form_apptstatus'] = '^';
458 $insert = true;
459 sqlStatement("INSERT INTO openemr_postcalendar_events ( " .
460 "pc_catid, pc_aid, pc_pid, pc_title, pc_time, pc_hometext, " .
461 "pc_informant, pc_eventDate, pc_endDate, pc_duration, pc_recurrtype, " .
462 "pc_recurrspec, pc_startTime, pc_endTime, pc_alldayevent, " .
463 "pc_apptstatus, pc_prefcatid, pc_location, pc_eventstatus, pc_sharing, pc_facility " .
464 ") VALUES ( " .
465 "'" . add_escape_custom($_POST['form_category']) . "', " .
466 "'" . add_escape_custom($_POST['form_provider_ae']) . "', " .
467 "'" . add_escape_custom($_SESSION['pid']) . "', " .
468 "'" . add_escape_custom($_POST['form_title']) . "', " .
469 "NOW(), " .
470 "'" . add_escape_custom($_POST['form_comments']) . "', " .
471 "'" . add_escape_custom($_SESSION['providerId']) . "', " .
472 "'" . add_escape_custom($event_date) . "', " .
473 "'" . add_escape_custom(fixDate(($_POST['form_enddate'] ?? ''))) . "', " .
474 "'" . add_escape_custom(($duration * 60)) . "', " .
475 "'" . (($_POST['form_repeat'] ?? null) ? '1' : '0') . "', " .
476 "'" . add_escape_custom($recurrspec) . "', " .
477 "'" . add_escape_custom($starttime) . "', " .
478 "'" . add_escape_custom($endtime) . "', " .
479 "'" . add_escape_custom(($_POST['form_allday'] ?? '')) . "', " .
480 "'" . add_escape_custom($_POST['form_apptstatus']) . "', " .
481 "'" . add_escape_custom(($_POST['form_prefcat'] ?? null)) . "', " .
482 "'" . add_escape_custom($locationspec) . "', " .
483 "1, " .
484 "1, " . (int)($_POST['facility'] ?? null) . ")"); // FF stuff
485 } // INSERT single
486 } // else - insert
487 } elseif (($_POST['form_action'] ?? null) == "delete") {
488 // =======================================
489 // multi providers case
490 // =======================================
491 if ($GLOBALS['select_multi_providers']) {
492 // what is multiple key around this $eid?
493 $row = sqlQuery("SELECT pc_multiple FROM openemr_postcalendar_events WHERE pc_eid = ?", array($eid));
494 if ($row['pc_multiple']) {
495 sqlStatement("DELETE FROM openemr_postcalendar_events WHERE pc_multiple = ?", array($row['pc_multiple']));
496 } else {
497 sqlStatement("DELETE FROM openemr_postcalendar_events WHERE pc_eid = ?", array($eid));
498 }
499
500 // =======================================
501 // EOS multi providers case
502 // =======================================
503 } else {
504 sqlStatement("DELETE FROM openemr_postcalendar_events WHERE pc_eid = ?", array($eid));
505 }
506 }
507
508 if (!empty($_POST['form_action'])) {
509 // Leave
510 $type = $insert ? xl("A New Appointment") : xl("An Updated Appointment");
511 $note = $type . " " . xl("request was received from portal patient") . " ";
512 $note .= $_SESSION['ptName'] . " " . xl("regarding appointment dated") . " " . $event_date . " " . $starttime . ". ";
513 $note .= !empty($_POST['form_comments']) ? (xl("Reason") . " " . $_POST['form_comments']) : "";
514 $note .= ". " . xl("Use Portal Dashboard to confirm with patient.");
515 $title = xl("Patient Reminders");
516 $user = sqlQueryNoLog("SELECT users.username FROM users WHERE authorized = 1 And id = ?", array($_POST['form_provider_ae']));
517 $rtn = addPnote($_SESSION['pid'], $note, 1, 1, $title, $user['username'], '', 'New');
518
519 $_SESSION['whereto'] = '#appointmentcard';
520 header('Location:./home.php');
521 exit();
522 }
523
524 // If we get this far then we are displaying the form.
525
526 $statuses = array(
527 '-' => '',
528 '*' => xl('* Reminder done'),
529 '+' => xl('+ Chart pulled'),
530 'x' => xl('x Cancelled'), // added Apr 2008 by JRM
531 '?' => xl('? No show'),
532 '@' => xl('@ Arrived'),
533 '~' => xl('~ Arrived late'),
534 '!' => xl('! Left w/o visit'),
535 '#' => xl('# Ins/fin issue'),
536 '<' => xl('< In exam room'),
537 '>' => xl('> Checked out'),
538 '$' => xl('$ Coding done'),
539 '^' => xl('^ Pending'),
540 );
541
542 $repeats = 0; // if the event repeats
543 $repeattype = '0';
544 $repeatfreq = '0';
545 $patienttitle = "";
546 $hometext = "";
547 $row = array();
548
549 // If we are editing an existing event, then get its data.
550 if ($eid) {
551 $row = sqlQuery("SELECT * FROM openemr_postcalendar_events WHERE pc_eid = ?", array($eid));
552 $date = $row['pc_eventDate'];
553 $userid = $row['pc_aid'];
554 $patientid = $row['pc_pid'];
555 $starttimeh = substr($row['pc_startTime'], 0, 2) + 0;
556 $starttimem = substr($row['pc_startTime'], 3, 2);
557 $repeats = $row['pc_recurrtype'];
558 $multiple_value = $row['pc_multiple'];
559
560 if (preg_match('/"event_repeat_freq_type";s:1:"(\d)"/', $row['pc_recurrspec'], $matches)) {
561 $repeattype = $matches[1];
562 }
563
564 if (preg_match('/"event_repeat_freq";s:1:"(\d)"/', $row['pc_recurrspec'], $matches)) {
565 $repeatfreq = $matches[1];
566 }
567
568 $hometext = $row['pc_hometext'];
569 if (substr($hometext, 0, 6) == ':text:') {
570 $hometext = substr($hometext, 6);
571 }
572 } else {
573 $patientid = $_GET['pid'];
574 }
575
576 // If we have a patient ID, get the name and phone numbers to display.
577 if ($patientid) {
578 $prow = sqlQuery("SELECT lname, fname, phone_home, phone_biz, DOB " .
579 "FROM patient_data WHERE pid = ?", array($patientid));
580 $patientname = $prow['lname'] . ", " . $prow['fname'];
581 if ($prow['phone_home']) {
582 $patienttitle .= " H=" . $prow['phone_home'];
583 }
584
585 if ($prow['phone_biz']) {
586 $patienttitle .= " W=" . $prow['phone_biz'];
587 }
588 }
589
590 // Get the providers list.
591 $ures = sqlStatement("SELECT `id`, `username`, `fname`, `lname`, `mname` FROM `users` WHERE " .
592 "`authorized` != 0 AND `active` = 1 AND `username` > '' ORDER BY `lname`, `fname`");
593
594 //Set default facility for a new event based on the given 'userid'
595 if ($userid) {
596 $pref_facility = sqlFetchArray(sqlStatement("SELECT facility_id, facility FROM users WHERE id = ?", array($userid)));
597 $e2f = $pref_facility['facility_id'];
598 $e2f_name = $pref_facility['facility'];
599 }
600 ?>
601 <!DOCTYPE html>
602 <html>
603 <head>
604 <title><?php echo $eid ? xlt("Edit Event") : xlt("Add New Event"); ?></title>
605 <?php // no header necessary. scope is home.php ?>
606 </head>
607 <script>
608 var durations = Array();
609 <?php
610 // Read the event categories, generate their options list, and get
611 // the default event duration from them if this is a new event.
612 $cattype = 0;
613
614 // Get event categories.
615 $cres = sqlStatement("SELECT pc_catid, pc_cattype, pc_catname, " .
616 "pc_recurrtype, pc_duration, pc_end_all_day " .
617 "FROM openemr_postcalendar_categories where pc_active = 1 ORDER BY pc_seq");
618 $catoptions = "";
619 $prefcat_options = " <option value='0'>-- " . xlt("None{{Category}}") . " --</option>\n";
620 $thisduration = 0;
621 if ($eid) {
622 $thisduration = $row['pc_alldayevent'] ? 1440 : round($row['pc_duration'] / 60);
623 }
624 while ($crow = sqlFetchArray($cres)) {
625 $duration = round($crow['pc_duration'] / 60);
626 if ($crow['pc_end_all_day']) {
627 $duration = 1440;
628 }
629
630 // This section is to build the list of preferred categories:
631 if ($duration) {
632 $prefcat_options .= " <option value='" . attr($crow['pc_catid']) . "'";
633 if ($eid) {
634 if ($crow['pc_catid'] == $row['pc_prefcatid']) {
635 $prefcat_options .= " selected";
636 }
637 }
638
639 $prefcat_options .= ">" . text(xl_appt_category($crow['pc_catname'])) . "</option>\n";
640 }
641
642 if ($crow['pc_cattype'] != $cattype) {
643 continue;
644 }
645
646 echo " durations[" . attr($crow['pc_catid']) . "] = " . attr($duration) . ";\n";
647 // echo " rectypes[" . $crow['pc_catid'] . "] = " . $crow['pc_recurrtype'] . "\n";
648 $catoptions .= " <option value='" . attr($crow['pc_catid']) . "'";
649 if ($eid) {
650 if ($crow['pc_catid'] == $row['pc_catid']) {
651 $catoptions .= " selected";
652 }
653 } else {
654 if ($crow['pc_catid'] == $default_catid) {
655 $catoptions .= " selected";
656 $thisduration = $duration;
657 }
658 }
659
660 $catoptions .= ">" . text(xl_appt_category($crow['pc_catname'])) . "</option>\n";
661 }
662 // Fix up the time format for AM/PM.
663 $startampm = '1';
664 if ($starttimeh >= 12) { // p.m. starts at noon and not 12:01
665 $startampm = '2';
666 if ($starttimeh > 12) {
667 $starttimeh -= 12;
668 }
669 }
670
671 ?>
672 </script>
673 <body class="skin-blue">
674 <div class="container-fluid">
675 <form method='post' name='theaddform' id='theaddform' action='add_edit_event_user.php?eid=<?php echo attr_url($eid); ?>'>
676 <div class="col-12">
677 <input type="hidden" name="form_action" id="form_action" value="" />
678 <input type='hidden' name='form_title' id='form_title' value='<?php echo ($row['pc_catid'] ?? '') ? attr($row['pc_title']) : xla("Office Visit"); ?>' />
679 <input type='hidden' name='form_apptstatus' id='form_apptstatus' value='<?php echo ($row['pc_apptstatus'] ?? '') ? attr($row['pc_apptstatus'] ?? '') : "^" ?>' />
680 <div class="row form-group">
681 <div class="input-group col-12 col-md-6">
682 <label class="mr-2" for="form_category"><?php echo xlt('Visit'); ?>:</label>
683 <select class="form-control mb-1" onchange='set_category()' id='form_category' name='form_category' value='<?php echo (($row['pc_catid'] ?? '') > "") ? attr($row['pc_catid']) : '5'; ?>'>
684 <?php echo $catoptions ?>
685 </select>
686 </div>
687 <div class="input-group col-12 col-md-6">
688 <label class="mr-2" for="form_date"><?php echo xlt('Date'); ?>:</label>
689 <input class="form-control mb-1" type='text' name='form_date' readonly id='form_date' value='<?php echo (isset($eid) && $eid) ? attr($row['pc_eventDate']) : attr($date); ?>' />
690 </div>
691 </div>
692 <div class="row">
693 <div class="form-group form-inline col-12">
694 <div class="input-group mb-1">
695 <label class="mr-2"><?php echo xlt('Time'); ?>:</label>
696 <input class="form-control col-2 col-md-3" type='text' name='form_hour' size='2' value='<?php echo (isset($eid)) ? $starttimeh : ''; ?>' title='<?php echo xla('Event start time'); ?>' readonly />
697 <input class="form-control col-2 col-md-3" type='text' name='form_minute' size='2' value='<?php echo (isset($eid)) ? $starttimem : ''; ?>' title='<?php echo xla('Event start time'); ?>' readonly />
698 <select class="form-control col-3 col-md-4" name='form_ampm' title='Note: 12:00 noon is PM, not AM' readonly>
699 <option value='1'><?php echo xlt('AM'); ?></option>
700 <option value='2'<?php echo ($startampm == '2') ? " selected" : ""; ?>><?php echo xlt('PM'); ?></option>
701 </select>
702 </div>
703 <div class="input-group">
704 <label class="mr-2" for="form_duration"><?php echo xlt('Duration'); ?></label>
705 <input class="form-control" type='text' size='1' id='form_duration' name='form_duration' value='<?php echo ($row['pc_duration'] ?? '') ? ($row['pc_duration'] * 1 / 60) : attr($thisduration) ?>' readonly />
706 <span class="input-group-append">
707 <span class="input-group-text"><?php echo "&nbsp;" . xlt('minutes'); ?></span>
708 </span>
709 </div>
710 </div>
711 </div>
712 <div class="row">
713 <div class="input-group col-12 mb-1">
714 <label class="mr-2" for="form_patient"><?php echo xlt('Patient'); ?>:</label>
715 <input class="form-control" type='text' id='form_patient' name='form_patient' value='<?php echo attr($patientname); ?>' title='Patient' readonly />
716 <input type='hidden' name='form_pid' value='<?php echo attr($patientid); ?>' />
717 </div>
718 </div>
719 <div class="row">
720 <div class="input-group col-12 mb-1">
721 <label class="mr-2" for="form_provider_ae"><?php echo xlt('Provider'); ?>:</label>
722 <select class="form-control" name='form_provider_ae' id='form_provider_ae' onchange='change_provider();'>
723 <?php
724 // present a list of providers to choose from
725 // default to the currently logged-in user
726 while ($urow = sqlFetchArray($ures)) {
727 echo "<option value='" . attr($urow['id']) . "'";
728 if (($urow['id'] == ($_GET['userid'] ?? null)) || ($urow['id'] == $userid)) {
729 echo " selected";
730 }
731 echo ">" . text($urow['lname']);
732 if ($urow['fname']) {
733 echo ", " . text($urow['fname']);
734 }
735 echo "</option>\n";
736 }
737 ?>
738 </select>
739 <div class="text-right">
740 <input type='button' class='btn btn-success' value='<?php echo xla('Openings'); ?>' onclick='find_available()' />
741 </div>
742 </div>
743 </div>
744 <div class="row">
745 <div class="input-group col-12">
746 <label class="mr-2"><?php echo xlt('Reason'); ?>:</label>
747 <input class="form-control" type='text' size='40' name='form_comments' value='<?php echo attr($hometext); ?>' title='<?php echo xla('Optional information about this event'); ?>' />
748 </div>
749 </div>
750 <div class="row input-group my-1">
751 <?php if (($_GET['eid'] ?? null) && $row['pc_apptstatus'] !== 'x') { ?>
752 <input type='button' id='form_cancel' class='btn btn-danger' onsubmit='return false' value='<?php echo xla('Cancel Appointment'); ?>' onclick="cancel_appointment()" />
753 <?php } ?>
754 <input type='button' name='form_save' class='btn btn-success' onsubmit='return false' value='<?php echo xla('Save'); ?>' onclick="validate()" />
755 </div>
756 </div>
757 </form>
758 <script>
759 function change_provider() {
760 var f = document.forms.namedItem("theaddform");
761 f.form_date.value = '';
762 f.form_hour.value = '';
763 f.form_minute.value = '';
764 }
765
766 function set_display() {
767 var f = document.forms.namedItem("theaddform");
768 var si = document.getElementById('form_category');
769 if (si.selectedIndex >= 0) {
770 var catid = si.options[si.selectedIndex].value;
771 //var style_apptstatus = document.getElementById('title_apptstatus').style;
772 //var style_prefcat = document.getElementById('title_prefcat').style;
773 // will keep this for future. not needed now.
774 }
775 }
776
777 function cancel_appointment() {
778 let f = document.forms.namedItem("theaddform");
779 let msg = <?php echo xlj("Click Okay if you are sure you want to cancel this appointment?") . "\n" .
780 xlj("It is prudent to follow up with provider if not contacted.") ?>;
781 let msg_reason = <?php echo xlj("You must enter a reason to cancel this appointment?") . "\n" .
782 xlj("Reason must be at least 10 characters!") ?>;
783 if (f.form_comments.value.length <= 10) {
784 alert(msg_reason);
785 return false;
786 }
787 let yn = confirm(msg);
788 if (!yn) {
789 return false;
790 }
791 document.getElementById('form_apptstatus').value = "x";
792 validate();
793 }
794
795 // Do whatever is needed when a new event category is selected.
796 // For now this means changing the event title and duration.
797 function set_category() {
798 var f = document.forms.namedItem("theaddform");
799 var s = f.form_category;
800 if (s.selectedIndex >= 0) {
801 var catid = s.options[s.selectedIndex].value;
802 f.form_title.value = s.options[s.selectedIndex].text;
803 f.form_duration.value = durations[catid];
804 set_display();
805 }
806 }
807
808 // This is for callback by the find-available popup.
809 function setappt(year, mon, mday, hours, minutes) {
810 var f = document.forms.namedItem("theaddform");
811 f.form_date.value = '' + year + '-' +
812 ('' + (mon + 100)).substring(1) + '-' +
813 ('' + (mday + 100)).substring(1);
814 f.form_ampm.selectedIndex = (hours > 12) ? 1 : 0;
815 if (hours == 0) {
816 f.form_hour.value = 12;
817 } else {
818 f.form_hour.value = (hours >= 13) ? hours - 12 : hours;
819 }
820 f.form_minute.value = minutes;
821 }
822
823 function get_form_category_value() {
824 var catid = 0;
825 var f = document.forms.namedItem("theaddform");
826 var s = f.form_category;
827 if (s.selectedIndex >= 0) {
828 catid = s.options[s.selectedIndex].value;
829 }
830 return catid;
831 }
832
833 // Invoke the find-available popup.
834 function find_available() {
835 // when making an appointment for a specific provider
836 var catId = get_form_category_value() || 5;
837 var se = document.getElementById('form_provider_ae');
838 <?php if ($userid != 0) { ?>
839 s = se.value;
840 <?php } else {?>
841 s = se.options[se.selectedIndex].value;
842 <?php }?>
843 var formDate = document.getElementById('form_date');
844 var url = 'find_appt_popup_user.php?bypatient&providerid=' + encodeURIComponent(s) + '&catid=' + encodeURIComponent(catId)
845 + '&startdate=' + encodeURIComponent(formDate.value);
846 var params = {
847 buttons: [
848 {text: <?php echo xlj('Cancel'); ?>, close: true, style: 'danger btn-sm'}
849
850 ],
851 allowResize: true,
852 dialogId: 'apptDialog',
853 type: 'iframe'
854 };
855 dlgopen(url, 'apptFind', 'modal-md', 300, '', 'Find Date', params);
856 }
857
858 // Check for errors when the form is submitted.
859 function validate() {
860 var f = document.getElementById('theaddform');
861 if (!f.form_date.value || !f.form_hour.value || !f.form_minute.value) {
862 alert(<?php echo xlj('Please click on Openings to select a time.'); ?>);
863 return false;
864 }
865
866 if (f.form_patient.value == '') {
867 alert(<?php echo xlj('Your Id is missing. Cancel and try again.'); ?>);
868 return false;
869 }
870
871 var form_action = document.getElementById('form_action');
872 form_action.value = "save";
873 f.submit();
874 return false;
875 }
876
877 <?php if ($eid) { ?>
878 set_display();
879 <?php } ?>
880 $(function () {
881
882 });
883 </script>
884 </div>
885 </body>
886 </html>
Mirror of official OpenEMR Sourceforge repository