2 // Copyright (C) 2010 OpenEMR Support LLC
3 // This program is free software; you can redistribute it and/or
4 // modify it under the terms of the GNU General Public License
5 // as published by the Free Software Foundation; either version 2
6 // of the License, or (at your option) any later version.
9 $sanitize_all_escapes=true;
12 //STOP FAKE REGISTER GLOBALS
13 $fake_register_globals=false;
16 require_once("../../globals.php");
17 require_once("$srcdir/pnotes.inc");
18 require_once("$srcdir/patient.inc");
19 require_once("$srcdir/acl.inc");
20 require_once("$srcdir/log.inc");
21 require_once("$srcdir/options.inc.php");
22 require_once("$srcdir/formdata.inc.php");
23 require_once("$srcdir/classes/Document.class.php");
24 require_once("$srcdir/gprelations.inc.php");
25 require_once("$srcdir/formatting.inc.php");
30 <?php
html_header_show();?
>
31 <link rel
="stylesheet" href
="<?php echo $css_header;?>" type
="text/css">
32 <script type
="text/javascript" src
="../../../library/dialog.js"></script
>
33 <script type
="text/javascript" src
="../../../library/textformat.js"></script
>
34 <script type
="text/javascript" src
="<?php echo $GLOBALS['webroot']; ?>/library/js/jquery.js"></script
>
37 <body
class="body_top">
39 // Check to see if the user has Admin rights, and if so, allow access to See All.
40 $showall = isset($_GET['show_all']) ?
$_GET['show_all'] : "" ;
41 if ($showall == "yes") {
48 if (acl_check('admin', 'super' )) {
49 if ($show_all=='yes') {
51 $lnkvar="'messages.php?show_all=no' name='Just Mine' onclick=\"top.restoreSession()\"> (".htmlspecialchars( xl('Just Mine'), ENT_NOQUOTES
).")";
55 $lnkvar="'messages.php?show_all=yes' name='See All' onclick=\"top.restoreSession()\"> (".htmlspecialchars( xl('See All'), ENT_NOQUOTES
).")";
59 <table
><tr
><td
><span
class="title"><?php
echo htmlspecialchars( xl('Messages'), ENT_NOQUOTES
); ?
></span
> <a
class='more' href
=<?php
echo $lnkvar; ?
></a
></td
></tr
></table
><br
>
61 //collect the task setting
62 $task= isset($_REQUEST['task']) ?
$_REQUEST['task'] : "";
67 // Add a new message for a specific patient; the message is documented in Patient Notes.
68 // Add a new message; it's treated as a new note in Patient Notes.
69 $note = $_POST['note'];
70 $noteid = $_POST['noteid'];
71 $form_note_type = $_POST['form_note_type'];
72 $assigned_to = $_POST['assigned_to'];
73 $form_message_status = $_POST['form_message_status'];
74 $reply_to = $_POST['reply_to'];
75 $assigned_to_list = explode(';',$assigned_to);
76 foreach($assigned_to_list as $assigned_to){
77 if ($noteid && $assigned_to != '-patient-') {
78 updatePnote($noteid, $note, $form_note_type, $assigned_to, $form_message_status);
82 if($noteid && $assigned_to == '-patient-'){
83 $row = getPnoteById($noteid);
84 if (! $row) die("getPnoteById() did not find id '$noteid'");
85 $pres = sqlQuery("SELECT lname, fname " .
86 "FROM patient_data WHERE pid = ?", array($reply_to) );
87 $patientname = $pres['lname'] . ", " . $pres['fname'];
88 $note .= "\n\n$patientname on ".$row['date']." wrote:\n\n";
89 $note .= $row['body'];
91 addPnote($reply_to, $note, $userauthorized, '1', $form_note_type, $assigned_to, '', $form_message_status);
97 $noteid = $_POST['noteid'];
98 $form_message_status = $_POST['form_message_status'];
99 updatePnoteMessageStatus($noteid,$form_message_status);
101 $note = $_POST['note'];
102 $title = $_POST['form_note_type'];
103 $assigned_to = $_POST['assigned_to'];
104 $reply_to = $_POST['reply_to'];
108 $noteid = $_GET['noteid'];
110 // Update the message if it already exists; it's appended to an existing note in Patient Notes.
111 $result = getPnoteById($noteid);
114 $title = $result['title'];
116 if ($assigned_to == ""){
117 $assigned_to = $result['assigned_to'];
119 $body = $result['body'];
120 if ($reply_to == ""){
121 $reply_to = $result['pid'];
123 $form_message_status = $result['message_status'];
127 // Delete selected message(s) from the Messages box (only).
128 $delete_id = $_POST['delete_id'];
129 for($i = 0; $i < count($delete_id); $i++
) {
130 deletePnote($delete_id[$i]);
131 newEvent("delete", $_SESSION['authUser'], $_SESSION['authProvider'], 1, "pnotes: id ".$delete_id[$i]);
136 if($task == "addnew" or $task == "edit") {
137 // Display the Messages page layout.
139 <form name=new_note id=new_note action=\"messages.php?showall=$showall&sortby=$sortby&sortorder=$sortorder&begin=$begin\" method=post>
140 <input type=hidden name=noteid id=noteid value=".htmlspecialchars( $noteid, ENT_QUOTES
).">
141 <input type=hidden name=task id=task value=add>";
143 <div id
="pnotes"><center
>
144 <table border
='0' cellspacing
='8'>
146 <td
class='text' align
='center'>
147 <b
><?php
echo htmlspecialchars( xl('Type'), ENT_NOQUOTES
); ?
>:</b
>
150 $title = "Unassigned";
152 // Added 6/2009 by BM to incorporate the patient notes into the list_options listings.
153 generate_form_field(array('data_type'=>1,'field_id'=>'note_type','list_id'=>'note_type','empty_title'=>'SKIP','order_by'=>'title'), $title);
156 <b
><?php
echo htmlspecialchars( xl('To'), ENT_QUOTES
); ?
>:</b
>
157 <input type
='textbox' name
='assigned_to_text' id
='assigned_to_text' size
='50' readonly
='readonly' value
='<?php echo htmlspecialchars(xl("Select Users From The Dropdown List"), ENT_QUOTES)?>' >
158 <input type
='hidden' name
='assigned_to' id
='assigned_to' >
159 <select name
='users' id
='users' onchange
='addtolist(this);' >
162 echo "<option value='" . htmlspecialchars( '--', ENT_QUOTES
) . "'";
163 echo ">" . htmlspecialchars( xl('Select User'), ENT_NOQUOTES
);
165 $ures = sqlStatement("SELECT username, fname, lname FROM users " .
166 "WHERE username != '' AND active = 1 AND " .
167 "( info IS NULL OR info NOT LIKE '%Inactive%' ) " .
168 "ORDER BY lname, fname");
169 while ($urow = sqlFetchArray($ures)) {
170 echo " <option value='" . htmlspecialchars( $urow['username'], ENT_QUOTES
) . "'";
171 if ($urow['username'] == $assigned_to) echo " selected";
172 echo ">" . htmlspecialchars( $urow['lname'], ENT_NOQUOTES
);
173 if ($urow['fname']) echo ", " . htmlspecialchars( $urow['fname'], ENT_NOQUOTES
);
176 echo "<option value='" . htmlspecialchars( '-patient-', ENT_QUOTES
) . "'";
177 if ($assigned_to == '-patient-') echo " selected";
178 echo ">" . htmlspecialchars( '-Patient-', ENT_NOQUOTES
);
185 <td
class='text' align
='center'>
186 <b
class='<?php echo ($task=="addnew"?"required":"") ?>'><?php
echo htmlspecialchars( xl('Patient'), ENT_NOQUOTES
); ?
>:</b
><?php
188 $prow = sqlQuery("SELECT lname, fname " .
189 "FROM patient_data WHERE pid = ?", array($reply_to) );
190 $patientname = $prow['lname'] . ", " . $prow['fname'];
192 if ($patientname == "") {
193 $patientname = xl('Click to select');
195 <input type
='text' size
='10' name
='form_patient' style
='width:150px;<?php echo ($task=="addnew"?"cursor:pointer;cursor:hand;":"") ?>' value
='<?php echo htmlspecialchars($patientname, ENT_QUOTES); ?>' <?php
echo ($task=="addnew"?
"onclick='sel_patient()' readonly":"disabled") ?
> title
='<?php echo ($task=="addnew"?(htmlspecialchars( xl('Click to select patient
'), ENT_QUOTES)):"") ?>' />
196 <input type
='hidden' name
='reply_to' id
='reply_to' value
='<?php echo htmlspecialchars( $reply_to, ENT_QUOTES) ?>' />
198 <b
><?php
echo htmlspecialchars( xl('Status'), ENT_NOQUOTES
); ?
>:</b
>
200 if ($form_message_status == "") {
201 $form_message_status = 'New';
203 generate_form_field(array('data_type'=>1,'field_id'=>'message_status','list_id'=>'message_status','empty_title'=>'SKIP','order_by'=>'title'), $form_message_status); ?
>
212 $body = preg_replace('/(:\d{2}\s\()'.$result['pid'].'(\sto\s)/','${1}'.$patientname.'${2}',$body);
213 $body = nl2br(htmlspecialchars( $body, ENT_NOQUOTES
));
214 echo "<div class='text' style='background-color:white; color: gray; border:1px solid #999; padding: 5px; width: 640px;'>".$body."</div>";
218 <textarea name
='note' id
='note' rows
='8' style
="width: 660px; "><?php
echo htmlspecialchars( $note, ENT_NOQUOTES
) ?
></textarea
>
223 <?php
if ($noteid) { ?
>
224 <!-- This is
for displaying an existing note
. -->
225 <input type
="button" id
="newnote" value
="<?php echo htmlspecialchars( xl('Send message'), ENT_QUOTES); ?>">
226 <input type
="button" id
="printnote" value
="<?php echo htmlspecialchars( xl('Print message'), ENT_QUOTES); ?>">
227 <input type
="button" id
="cancel" value
="<?php echo htmlspecialchars( xl('Cancel'), ENT_QUOTES); ?>">
229 <!-- This is
for displaying a
new note
. -->
230 <input type
="button" id
="newnote" value
="<?php echo htmlspecialchars( xl('Send message'), ENT_QUOTES); ?>">
231 <input type
="button" id
="cancel" value
="<?php echo htmlspecialchars( xl('Cancel'), ENT_QUOTES); ?>">
235 </form
></center
></div
>
236 <script language
="javascript">
238 // jQuery stuff to make the page a little easier to use
240 $
(document
).ready(function(){
241 $
("#newnote").click(function() { NewNote(); });
242 $
("#printnote").click(function() { PrintNote(); });
243 obj
= document
.getElementById("form_message_status");
244 obj
.onchange
= function(){SaveNote();};
245 $
("#cancel").click(function() { CancelNote(); });
248 var NewNote
= function () {
249 top
.restoreSession();
250 if (document
.forms
[0].reply_to
.value
.length
== 0) {
251 alert('<?php echo htmlspecialchars( xl('Please choose a patient
'), ENT_QUOTES); ?>');
253 else if (document
.forms
[0].assigned_to
.value
.length
== 0) {
254 alert('<?php echo addslashes(xl('Recipient
List Is
Empty')); ?>');
258 $
("#new_note").submit();
262 var PrintNote
= function () {
263 top
.restoreSession();
264 window
.open('../../patient_file/summary/pnotes_print.php?noteid=<?php echo htmlspecialchars( $noteid, ENT_QUOTES); ?>', '_blank', 'resizable=1,scrollbars=1,width=600,height=500');
267 var SaveNote
= function () {
268 <?php
if ($noteid) { ?
>
269 top
.restoreSession();
270 $
("#task").val("save");
271 $
("#new_note").submit();
275 var CancelNote
= function () {
276 top
.restoreSession();
278 $
("#new_note").submit();
281 // This is for callback by the find-patient popup.
282 function setpatient(pid
, lname
, fname
, dob
) {
283 var f
= document
.forms
[0];
284 f
.form_patient
.value
= lname +
', ' + fname
;
285 f
.reply_to
.value
= pid
;
288 // This invokes the find-patient popup.
289 function sel_patient() {
290 dlgopen('../../main/calendar/find_patient_popup.php', '_blank', 500, 400);
293 function addtolist(sel
){
294 var itemtext
= document
.getElementById('assigned_to_text');
295 var item
= document
.getElementById('assigned_to');
296 if(sel
.value
!= '--'){
298 if(item
.value
.indexOf(sel
.value
) == -1){
299 itemtext
.value
= itemtext
.value +
' ; '+ sel
.options
[sel
.selectedIndex
].text
;
300 item
.value
= item
.value +
';'+ sel
.value
;
303 itemtext
.value
= sel
.options
[sel
.selectedIndex
].text
;
304 item
.value
= sel
.value
;
313 // This is for sorting the records.
314 $sort = array("users.lname", "patient_data.lname", "pnotes.title", "pnotes.date", "pnotes.message_status");
315 $sortby = (isset($_REQUEST['sortby']) && ($_REQUEST['sortby']!="")) ?
$_REQUEST['sortby'] : $sort[0];
316 $sortorder = (isset($_REQUEST['sortorder']) && ($_REQUEST['sortorder']!="")) ?
$_REQUEST['sortorder'] : "asc";
317 $begin = isset($_REQUEST['begin']) ?
$_REQUEST['begin'] : 0;
319 for($i = 0; $i < count($sort); $i++
) {
320 $sortlink[$i] = "<a href=\"messages.php?show_all=$showall&sortby=$sort[$i]&sortorder=asc\" onclick=\"top.restoreSession()\"><img src=\"../../../images/sortdown.gif\" border=0 alt=\"".htmlspecialchars( xl('Sort Up'), ENT_QUOTES
)."\"></a>";
322 for($i = 0; $i < count($sort); $i++
) {
323 if($sortby == $sort[$i]) {
325 case "asc" : $sortlink[$i] = "<a href=\"messages.php?show_all=$showall&sortby=$sortby&sortorder=desc\" onclick=\"top.restoreSession()\"><img src=\"../../../images/sortup.gif\" border=0 alt=\"".htmlspecialchars( xl('Sort Up'), ENT_QUOTES
)."\"></a>"; break;
326 case "desc" : $sortlink[$i] = "<a href=\"messages.php?show_all=$showall&sortby=$sortby&sortorder=asc\" onclick=\"top.restoreSession()\"><img src=\"../../../images/sortdown.gif\" border=0 alt=\"".htmlspecialchars( xl('Sort Down'), ENT_QUOTES
)."\"></a>"; break;
330 // Manage page numbering and display beneath the Messages table.
332 $show_all='yes' ?
$usrvar='_%' : $usrvar=$_SESSION['authUser'] ;
333 $sql = "SELECT pnotes.id, pnotes.user, pnotes.pid, pnotes.title, pnotes.date, pnotes.message_status,
334 IF(pnotes.user != pnotes.pid,users.fname,patient_data.fname), IF(pnotes.user != pnotes.pid,users.lname,patient_data.lname), patient_data.fname,
335 patient_data.lname FROM ((pnotes LEFT JOIN users ON pnotes.user = users.username)
336 JOIN patient_data ON pnotes.pid = patient_data.pid) WHERE pnotes.message_status != 'Done'
337 AND pnotes.deleted != '1' AND pnotes.assigned_to LIKE ?";
338 $result = sqlStatement($sql, array($usrvar) );
339 if(sqlNumRows($result) != 0) {
340 $total = sqlNumRows($result);
345 if($begin == "" or $begin == 0) {
348 $prev = $begin - $listnumber;
349 $next = $begin +
$listnumber;
351 $end = $listnumber +
$start - 1;
359 $prevlink = "<a href=\"messages.php?show_all=$showall&sortby=$sortby&sortorder=$sortorder&begin=$prev\" onclick=\"top.restoreSession()\"><<</a>";
366 $nextlink = "<a href=\"messages.php?show_all=$showall&sortby=$sortby&sortorder=$sortorder&begin=$next\" onclick=\"top.restoreSession()\">>></a>";
371 // Display the Messages table header.
373 <table width=100%><tr><td><table border=0 cellpadding=1 cellspacing=0 width=90% style=\"border-left: 1px #000000 solid; border-right: 1px #000000 solid; border-top: 1px #000000 solid;\">
374 <form name=wikiList action=\"messages.php?showall=$showall&sortby=$sortby&sortorder=$sortorder&begin=$begin\" method=post>
375 <input type=hidden name=task value=delete>
376 <tr height=\"24\" style=\"background:lightgrey\">
377 <td align=\"center\" width=\"25\" style=\"border-bottom: 1px #000000 solid; border-right: 1px #000000 solid;\"><input type=checkbox id=\"checkAll\" onclick=\"selectAll()\"></td>
378 <td width=\"20%\" style=\"border-bottom: 1px #000000 solid; border-right: 1px #000000 solid;\" class=bold> <b>" .
379 htmlspecialchars( xl('From'), ENT_NOQUOTES
) . "</b> $sortlink[0]</td>
380 <td width=\"20%\" style=\"border-bottom: 1px #000000 solid; border-right: 1px #000000 solid;\" class=bold> <b>" .
381 htmlspecialchars( xl('Patient'), ENT_NOQUOTES
) . "</b> $sortlink[1]</td>
382 <td style=\"border-bottom: 1px #000000 solid; border-right: 1px #000000 solid;\" class=bold> <b>" .
383 htmlspecialchars( xl('Type'), ENT_NOQUOTES
) . "</b> $sortlink[2]</td>
384 <td width=\"15%\" style=\"border-bottom: 1px #000000 solid; border-right: 1px #000000 solid;\" class=bold> <b>" .
385 htmlspecialchars( xl('Date'), ENT_NOQUOTES
) . "</b> $sortlink[3]</td>
386 <td width=\"15%\" style=\"border-bottom: 1px #000000 solid; \" class=bold> <b>" .
387 htmlspecialchars( xl('Status'), ENT_NOQUOTES
) . "</b> $sortlink[4]</td>
389 // Display the Messages table body.
391 $show_all='yes' ?
$usrvar='_%' : $usrvar=$_SESSION['authUser'] ;
392 $sql = "SELECT pnotes.id, pnotes.user, pnotes.pid, pnotes.title, pnotes.date, pnotes.message_status,
393 IF(pnotes.user != pnotes.pid,users.fname,patient_data.fname) as users_fname,
394 IF(pnotes.user != pnotes.pid,users.lname,patient_data.lname) as users_lname,
395 patient_data.fname as patient_data_fname, patient_data.lname as patient_data_lname
396 FROM ((pnotes LEFT JOIN users ON pnotes.user = users.username)
397 JOIN patient_data ON pnotes.pid = patient_data.pid) WHERE pnotes.message_status != 'Done'
398 AND pnotes.deleted != '1' AND pnotes.assigned_to LIKE ?".
399 " order by ".add_escape_custom($sortby)." ".add_escape_custom($sortorder).
400 " limit ".add_escape_custom($begin).", ".add_escape_custom($listnumber);
401 $result = sqlStatement($sql, array($usrvar) );
402 while ($myrow = sqlFetchArray($result)) {
403 $name = $myrow['user'];
404 $name = $myrow['users_lname'];
405 if ($myrow['users_fname']) {
406 $name .= ", " . $myrow['users_fname'];
408 $patient = $myrow['pid'];
409 $patient = $myrow['patient_data_lname'];
410 if ($myrow['patient_data_fname']) {
411 $patient .= ", " . $myrow['patient_data_fname'];
415 <tr id=\"row$count\" style=\"background:white\" height=\"24\">
416 <td align=\"center\" style=\"border-bottom: 1px #000000 solid; border-right: 1px #000000 solid;\"><input type=checkbox id=\"check$count\" name=\"delete_id[]\" value=\"" .
417 htmlspecialchars( $myrow['id'], ENT_QUOTES
) . "\" onclick=\"if(this.checked==true){ selectRow('row$count'); }else{ deselectRow('row$count'); }\"></td>
418 <td style=\"border-bottom: 1px #000000 solid; border-right: 1px #000000 solid;\"><table cellspacing=0 cellpadding=0 width=100%><tr><td width=5></td><td class=\"text\">" .
419 htmlspecialchars( $name, ENT_NOQUOTES
) . "</td><td width=5></td></tr></table></td>
420 <td style=\"border-bottom: 1px #000000 solid; border-right: 1px #000000 solid;\"><table cellspacing=0 cellpadding=0 width=100%><tr><td width=5></td><td class=\"text\"><a href=\"messages.php?showall=$showall&sortby=$sortby&sortorder=$sortorder&begin=$begin&task=edit¬eid=" .
421 htmlspecialchars( $myrow['id'], ENT_QUOTES
) . "\" onclick=\"top.restoreSession()\">" .
422 htmlspecialchars( $patient, ENT_NOQUOTES
) . "</a></td><td width=5></td></tr></table></td>
423 <td style=\"border-bottom: 1px #000000 solid; border-right: 1px #000000 solid;\"><table cellspacing=0 cellpadding=0 width=100%><tr><td width=5></td><td class=\"text\">" .
424 htmlspecialchars( $myrow['title'], ENT_NOQUOTES
) . "</td><td width=5></td></tr></table></td>
425 <td style=\"border-bottom: 1px #000000 solid; border-right: 1px #000000 solid;\"><table cellspacing=0 cellpadding=0 width=100%><tr><td width=5></td><td class=\"text\">" .
426 htmlspecialchars( oeFormatShortDate(substr($myrow['date'], 0, strpos($myrow['date'], " "))), ENT_NOQUOTES
) . "</td><td width=5></td></tr></table></td>
427 <td style=\"border-bottom: 1px #000000 solid;\"><table cellspacing=0 cellpadding=0 width=100%><tr><td width=5></td><td class=\"text\">" .
428 htmlspecialchars( $myrow['message_status'], ENT_NOQUOTES
) . "</td><td width=5></td></tr></table></td>
431 // Display the Messages table footer.
434 <table border=0 cellpadding=5 cellspacing=0 width=90%>
436 <td class=\"text\"><a href=\"messages.php?showall=$showall&sortby=$sortby&sortorder=$sortorder&begin=$begin&task=addnew\" onclick=\"top.restoreSession()\">" .
437 htmlspecialchars( xl('Add New'), ENT_NOQUOTES
) . "</a> <a href=\"javascript:confirmDeleteSelected()\" onclick=\"top.restoreSession()\">" .
438 htmlspecialchars( xl('Delete'), ENT_NOQUOTES
) . "</a></td>
439 <td align=right class=\"text\">$prevlink $end of $total $nextlink</td>
441 </table></td></tr></table><br>"; ?
>
442 <script language
="javascript">
443 // This is to confirm delete action.
444 function confirmDeleteSelected() {
445 if(confirm("<?php echo htmlspecialchars( xl('Do you really want to delete the selection?'), ENT_QUOTES); ?>")) {
446 document
.wikiList
.submit();
449 // This is to allow selection of all items in Messages table for deletion.
450 function selectAll() {
451 if(document
.getElementById("checkAll").checked
==true) {
452 document
.getElementById("checkAll").checked
=true;<?php
453 for($i = 1; $i <= $count; $i++
) {
454 echo "document.getElementById(\"check$i\").checked=true; document.getElementById(\"row$i\").style.background='#E7E7E7'; ";
458 document
.getElementById("checkAll").checked
=false;<?php
459 for($i = 1; $i <= $count; $i++
) {
460 echo "document.getElementById(\"check$i\").checked=false; document.getElementById(\"row$i\").style.background='#F7F7F7'; ";
464 // The two functions below are for managing row styles in Messages table.
465 function selectRow(row
) {
466 document
.getElementById(row
).style
.background
= "#E7E7E7";
468 function deselectRow(row
) {
469 document
.getElementById(row
).style
.background
= "#F7F7F7";