search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
More security stuff.
[openemr.git] / interface / batchcom / batchcom.php
blob61604206aa071044f995a77951828515d0b5ba4c
1 <?php
2 //INCLUDES, DO ANY ACTIONS, THEN GET OUR DATA
3 include_once("../globals.php");
4 include_once("$srcdir/registry.inc");
5 include_once("$srcdir/sql.inc");
6 include_once("../../library/acl.inc");
7 include_once("batchcom.inc.php");
8
9 // gacl control
10 $thisauth = acl_check('admin', 'batchcom');
11
12 if (!$thisauth) {
13 echo "<html>\n<body>\n";
14 echo "<p>".xl('You are not authorized for this.','','','</p>')."\n";
15 echo "</body>\n</html>\n";
16 exit();
17 }
18
19 // menu arrays (done this way so it's easier to validate input on validate selections)
20 $choices=Array (xl('CSV File'),xl('Email'),xl('Phone call list'));
21 $gender=Array (xl('Any'),xl('Male'),xl('Female'));
22 $hipaa=Array (xl('NO'),xl('YES'));
23 $sort_by=Array (xl('Zip Code')=>'patient_data.postal_code',xl('Last Name')=>'patient_data.lname',xl('Appointment Date')=>'last_ap' );
24
25 // process form
26 if ($_POST['form_action']=='Process') {
27 //validation uses the functions in batchcom.inc.php
28 //validate dates
29 if (!check_date_format($_POST['app_s'])) $form_err.=xl('Date format for "appointment start" is not valid','','<br>');
30 if (!check_date_format($_POST['app_e'])) $form_err.=xl('Date format for "appointment end" is not valid','','<br>');
31 if (!check_date_format($_POST['seen_since'])) $form_err.=xl('Date format for "seen since" is not valid','','<br>');
32 if (!check_date_format($_POST['not_seen_since'])) $form_err.=xl('Date format for "not seen since" is not valid','','<br>');
33 // validate numbers
34 if (!check_age($_POST['age_from'])) $form_err.=xl('Age format for "age from" is not valid','','<br>');
35 if (!check_age($_POST['age_upto'])) $form_err.=xl('Age format for "age up to" is not valid','','<br>');
36 // validate selections
37 if (!check_select($_POST['gender'],$gender)) $form_err.=xl('Error in "Gender" selection','','<br>');
38 if (!check_select($_POST['process_type'],$choices)) $form_err.=xl('Error in "Process" selection','','<br>');
39 if (!check_select($_POST['hipaa_choice'],$hipaa)) $form_err.=xl('Error in "HIPAA" selection','','<br>');
40 if (!check_select($_POST['sort_by'],$sort_by)) $form_err.=xl('Error in "Sort By" selection','','<br>');
41 // validates and or
42 if (!check_yes_no ($_POST['and_or_gender'])) $form_err.=xl('Error in YES or NO option','','<br>');
43 if (!check_yes_no ($_POST['and_or_app_within'])) $form_err.=xl('Error in YES or NO option','','<br>');
44 if (!check_yes_no ($_POST['and_or_seen_since'])) $form_err.=xl('Error in YES or NO option','','<br>');
45 if (!check_yes_no ($_POST['and_or_not_seen_since'])) $form_err.=xl('Error in YES or NO option','','<br>');
46
47 //process sql
48 if (!$form_err) {
49
50 $sql="
51 SELECT DISTINCT patient_data.* , MAX( cal_events.pc_endDate ) AS last_ap, MAX( forms.date) AS last_visit, (DATEDIFF(CURDATE(),patient_data.DOB)/365.25) AS pat_age
52 FROM (patient_data, forms)
53 LEFT JOIN openemr_postcalendar_events AS cal_events ON patient_data.pid=cal_events.pc_pid
54 LEFT JOIN forms AS forms2 ON patient_data.pid=forms2.pid
55 ";
56
57 //appointment dates
58 if ($_POST['app_s']!=0 AND $_POST['app_s']!='') {
59 $and=where_or_and ($and);
60 $sql_where_a=" $and cal_events.pc_eventDate > '".$_POST['app_s']."'";
61 }
62 if ($_POST['app_e']!=0 AND $_POST['app_e']!='') {
63 $and=where_or_and ($and);
64 $sql_where_a.=" $and cal_events.pc_endDate < '".$_POST['app_e']."'";
65 }
66 $sql.=$sql_where_a;
67
68 // encounter dates
69 if ($_POST['seen_since']!=0 AND $_POST['seen_since']!='') {
70 $and=where_or_and ($and);
71 $sql.=" $and forms2.date > '".$_POST['seen_since']."' " ;
72 }
73 if ($_POST['seen_upto']!=0 AND $_POST['not_seen_since']!='') {
74 $and=where_or_and ($and);
75 $sql.=" $and forms2.date > '".$_POST['seen_since']."' " ;
76 }
77
78 // age
79 if ($_POST['age_from']!=0 AND $_POST['age_from']!='') {
80 $and=where_or_and ($and);
81 $sql.=" $and DATEDIFF( CURDATE( ), patient_data.DOB )/ 365.25 >= '".$_POST['age_from']."' ";
82 }
83 if ($_POST['age_upto']!=0 AND $_POST['age_upto']!='') {
84 $and=where_or_and ($and);
85 $sql.=" $and DATEDIFF( CURDATE( ), patient_data.DOB )/ 365.25 <= '".$_POST['age_upto']."' ";
86 }
87
88 // gender
89 if ($_POST['gender']!='Any') {
90 $and=where_or_and ($and);
91 $sql.=" $and patient_data.sex='".$_POST['gender']."' ";
92 }
93
94 // hipaa overwrite
95 if ($_POST['hipaa_choice']!='NO') {
96 $and=where_or_and ($and);
97 $sql.=" $and patient_data.hipaa_mail='YES' ";
98 }
99
100 switch ($_POST['process_type']):
101 case $choices[1]: // Email
102 $and=where_or_and ($and);
103 $sql.=" $and patient_data.email IS NOT NULL ";
104 break;
105 endswitch;
106
107 // add to complete query sintax
108 $sql.=' GROUP BY patient_data.pid';
109
110 // sort by
111 $sql.=' ORDER BY '.$_POST['sort_by'];
112
113 // echo $sql;
114 // send query for results.
115 $res = sqlStatement($sql);
116
117 // if no results.
118 if (mysql_num_rows($res)==0){
119
120 echo (xl('No results, please try again.','','<br>'));
121
122 //if results
123 } else {
124 switch ($_POST['process_type']):
125 case $choices[0]: // CSV File
126 require_once ('batchCSV.php');
127 break;
128 case $choices[1]: // Email
129 require_once ('batchEmail.php');
130 break;
131 case $choices[2]: // Phone list
132 require_once ('batchPhoneList.php');
133 break;
134 endswitch;
135 }
136 // end results
137
138 exit ();
139 }
140 }
141
142 //START OUT OUR PAGE....
143 ?>
144 <html>
145 <head>
146 <?php html_header_show();?>
147 <link rel="stylesheet" href="<?php echo $css_header;?>" type="text/css">
148 <link rel="stylesheet" href="batchcom.css" type="text/css">
149 <script type="text/javascript" src="../../library/overlib_mini.js"></script>
150 <script type="text/javascript" src="../../library/calendar.js"></script>
151
152
153 </head>
154 <body class="body_top">
155 <!-- larry's sms/email notification -->
156 <span class="title"><?php include_once("batch_navigation.php");?></span>
157 <!--- end of larry's insert -->
158 <span class="title"><?php xl('Batch Communication Tool','e')?></span>
159 <br><br>
160
161 <!-- for the popup date selector -->
162 <div id="overDiv" style="position:absolute; visibility:hidden; z-index:1000;"></div>
163
164 <FORM name="select_form" METHOD=POST ACTION="">
165
166 <div class="text">
167 <div class="main_box">
168 <?php
169 if ($form_err) {
170 echo (xl('The following errors occurred')."<br>$form_err<br><br>");
171 }
172
173 xl('Process','e')?>:<SELECT NAME="process_type">
174 <?php
175 foreach ($choices as $value) {
176 echo ("<option>$value</option>");
177 }
178 ?>
179 </SELECT>
180
181 <br><?php xl('Overwrite HIPAA choice','e')?> :<SELECT NAME="hipaa_choice">
182 <?php
183 foreach ($hipaa as $value) {
184 echo ("<option>$value</option>");
185 }
186 ?>
187 </SELECT>
188 <br>
189 <?php xl('Age From','e')?>:<INPUT TYPE="text" size="2" NAME="age_from"> <?php xl('Up to','e')?>:<INPUT TYPE="text" size="2" NAME="age_upto">
190 <?php xl('And','e')?>:<INPUT TYPE="radio" NAME="and_or_gender" value="AND" checked>, <?php xl('Or','e')?>:<INPUT TYPE="radio" NAME="and_or_gender" value="OR">
191 <?php xl('Gender','e')?> :<SELECT NAME="gender">
192 <?php
193 foreach ($gender as $value) {
194 echo ("<option>$value</option>");
195 }
196 ?>
197 </SELECT>
198 <!-- later gator
199 <br>Insurance: <SELECT multiple NAME="insurance" Rows="10" cols="20">
200
201 </SELECT>
202 -->
203 <br><?php xl('And','e')?>:<INPUT TYPE="radio" NAME="and_or_app_within" value="AND" checked>, <?php xl('Or','e')?>:<INPUT TYPE="radio" NAME="and_or_app_within" value="OR"> <?php xl('Appointment within','e')?>:<INPUT TYPE='text' size='12' NAME='app_s'> <a href="javascript:show_calendar('select_form.app_s')"
204 title="<?php xl('Click here to choose a date','e')?>"
205 ><img src='../pic/show_calendar.gif' align='absbottom' width='24' height='22' border='0' ></a>
206
207 <?php xl('And','e')?> :<INPUT TYPE='text' size='12' NAME='app_e'> <a href="javascript:show_calendar('select_form.app_e')"
208 title="<?php xl('Click here to choose a date','e')?>"
209 ><img src='../pic/show_calendar.gif' align='absbottom' width='24' height='22' border='0' ></a>
210
211 <br><?php xl('And','e')?>:<INPUT TYPE="radio" NAME="and_or_seen_since" value="AND" checked>, <?php xl('Or','e')?>:<INPUT TYPE="radio" NAME="and_or_seen_since" value="OR"> <?php xl('Seen since','e')?> :<INPUT TYPE='text' size='12' NAME='seen_since'> <a href="javascript:show_calendar('select_form.seen_since')"
212 title="<?php xl('Click here to choose a date','e')?>"
213 ><img src='../pic/show_calendar.gif' align='absbottom' width='24' height='22' border='0'></a>
214
215 <br><?php xl('And','e')?>:<INPUT TYPE="radio" NAME="and_or_not_seen_since" value="AND" checked>, <?php xl('Or','e')?>:<INPUT TYPE="radio" NAME="and_or_not_seen_since" value="OR"> <?php xl('Not seen since','e')?> :<INPUT TYPE='text' size='12' NAME='not_seen_since'> <a href="javascript:show_calendar('select_form.not_seen_since')"
216 title="<?php xl('Click here to choose a date','e')?>"
217 ><img src='../pic/show_calendar.gif' align='absbottom' width='24' height='22' border='0'></a>
218 <br><?php xl('Sort by','e')?> :<SELECT NAME="sort_by">
219 <?php
220 foreach ($sort_by as $key => $value) {
221 echo ("<option value=\"".$value."\">$key</option>");
222 }
223 ?>
224 </SELECT>
225 <br>(<?php xl('Fill here only if sending email notification to patients','e')?>)
226 <br><?php xl('Email Sender','e')?> :<INPUT TYPE="text" NAME="email_sender" value="your@example.com">
227 <br><?php xl('Email Subject','e')?>: <INPUT TYPE="text" NAME="email_subject" value="From your clinic">
228 <br><?php xl('Email Text, Usable Tag: ***NAME*** , i.e. Dear ***NAME***','e')?>
229 <br><TEXTAREA NAME="email_body" ROWS="8" COLS="35"></TEXTAREA>
230
231 <br><INPUT TYPE="submit" name="form_action" value=<?php xl('Process','e','\'','\''); ?>><?php xl('Takes long','e')?>
232
233 </div>
234 </div>
235 </FORM>
Mirror of official OpenEMR Sourceforge repository