interface/patient_file/deleter.php

   1 <?
   2  // Copyright (C) 2005, 2006 Rod Roark <rod@sunsetsystems.com>
   3  //
   4  // This program is free software; you can redistribute it and/or
   5  // modify it under the terms of the GNU General Public License
   6  // as published by the Free Software Foundation; either version 2
   7  // of the License, or (at your option) any later version.
   8
   9  include_once("../globals.php");
  10  include_once("$srcdir/log.inc");
  11  include_once("$srcdir/acl.inc");
  12
  13  $patient   = $_REQUEST['patient'];
  14  $encounter = $_REQUEST['encounter'];
  15  $issue     = $_REQUEST['issue'];
  16  $document  = $_REQUEST['document'];
  17
  18  $info_msg = "";
  19
  20  $thisauth = acl_check('admin', 'super');
  21  if (! $thisauth) die("Not authorized!");
  22
  23  // Delete rows, with logging, for the specified table using the
  24  // specified WHERE clause.
  25  //
  26  function row_delete($table, $where) {
  27   $tres = sqlStatement("SELECT * FROM $table WHERE $where");
  28   $count = 0;
  29   while ($trow = sqlFetchArray($tres)) {
  30    $logstring = "";
  31    foreach ($trow as $key => $value) {
  32     if (! $value || $value == '0000-00-00 00:00:00') continue;
  33     if ($logstring) $logstring .= " ";
  34     $logstring .= $key . "='" . addslashes($value) . "'";
  35    }
  36    newEvent("delete", $_SESSION['authUser'], $_SESSION['authProvider'], "$table: $logstring");
  37    ++$count;
  38   }
  39   if ($count) {
  40    $query = "DELETE FROM $table WHERE $where";
  41    echo $query . "<br>\n";
  42    sqlStatement($query);
  43   }
  44  }
  45
  46  // Deactivate rows, with logging, for the specified table using the
  47  // specified SET and WHERE clauses.
  48  //
  49  function row_modify($table, $set, $where) {
  50   if (sqlQuery("SELECT * FROM $table WHERE $where")) {
  51    newEvent("deactivate", $_SESSION['authUser'], $_SESSION['authProvider'], "$table: $where");
  52    $query = "UPDATE $table SET $set WHERE $where";
  53    echo $query . "<br>\n";
  54    sqlStatement($query);
  55   }
  56  }
  57
  58 ?>
  59 <html>
  60 <head>
  61 <title><? xl('Delete Patient, Encounter, Issue or Document','e'); ?></title>
  62 <link rel=stylesheet href='<? echo $css_header ?>' type='text/css'>
  63
  64 <style>
  65 td { font-size:10pt; }
  66 </style>
  67
  68 </head>
  69
  70 <body <?echo $top_bg_line;?>>
  71 <?
  72  // If the delete is confirmed...
  73  //
  74  if ($_POST['form_submit']) {
  75
  76   if ($patient) {
  77    row_modify("billing"       , "activity = 0", "pid = '$patient'");
  78    row_modify("pnotes"        , "activity = 0", "pid = '$patient'");
  79    row_modify("prescriptions" , "active = 0"  , "patient_id = '$patient'");
  80
  81    row_delete("openemr_postcalendar_events", "pc_pid = '$patient'");
  82    row_delete("immunizations"  , "patient_id = '$patient'");
  83    row_delete("issue_encounter", "pid = '$patient'");
  84    row_delete("lists"          , "pid = '$patient'");
  85    row_delete("transactions"   , "pid = '$patient'");
  86    row_delete("employer_data"  , "pid = '$patient'");
  87    row_delete("history_data"   , "pid = '$patient'");
  88    row_delete("insurance_data" , "pid = '$patient'");
  89    row_delete("patient_data"   , "pid = '$patient'");
  90
  91    $res = sqlStatement("SELECT * FROM forms WHERE pid = '$patient'");
  92    while ($row = sqlFetchArray($res)) {
  93     $formdir = ($row['formdir'] == 'newpatient') ? 'encounter' : $row['formdir'];
  94     row_delete("form_$formdir", "id = '" . $row['form_id'] . "'");
  95    }
  96    row_delete("forms", "pid = '$patient'");
  97   }
  98   else if ($encounter) {
  99    row_modify("billing", "activity = 0", "encounter = '$encounter'");
 100    row_delete("issue_encounter", "encounter = '$encounter'");
 101    $res = sqlStatement("SELECT * FROM forms WHERE encounter = '$encounter'");
 102    while ($row = sqlFetchArray($res)) {
 103     $formdir = ($row['formdir'] == 'newpatient') ? 'encounter' : $row['formdir'];
 104     row_delete("form_$formdir", "id = '" . $row['form_id'] . "'");
 105    }
 106    row_delete("forms", "encounter = '$encounter'");
 107   }
 108   else if ($issue) {
 109    row_delete("issue_encounter", "list_id = '$issue'");
 110    row_delete("lists", "id = '$issue'");
 111   }
 112   else if ($document) {
 113    $trow = sqlQuery("SELECT url FROM documents WHERE id = '$document'");
 114    $url = $trow['url'];
 115    row_delete("categories_to_documents", "document_id = '$document'");
 116    row_delete("documents", "id = '$document'");
 117    if (substr($url, 0, 7) == 'file://') {
 118     @unlink(substr($url, 7));
 119    }
 120   }
 121   else {
 122    die("Nothing was specified to delete!");
 123   }
 124
 125   if (! $info_msg) $info_msg = "Delete successful.";
 126
 127   // Close this window and tell our opener that it's done.
 128   //
 129   echo "<script language='JavaScript'>\n";
 130   if ($info_msg) echo " alert('$info_msg');\n";
 131   echo " window.close();\n";
 132   echo " if (opener.imdeleted) opener.imdeleted();\n";
 133   echo "</script></body></html>\n";
 134   exit();
 135  }
 136 ?>
 137
 138 <form method='post' action='deleter.php?patient=<? echo $patient ?>&encounter=<? echo $encounter ?>&issue=<? echo $issue ?>&document=<? echo $document ?>'>
 139
 140 <p>&nbsp;<br><? xl('
 141 Do you really want to delete','e'); ?>
 142
 143 <?php
 144  if ($patient) {
 145   echo "patient $patient";
 146  } else if ($encounter) {
 147   echo "encounter $encounter";
 148  } else if ($issue) {
 149   echo "issue $issue";
 150  } else if ($document) {
 151   echo "document $document";
 152  }
 153 ?> <? xl('and all subordinate data? This action will be logged','e'); ?>!</p>
 154
 155 <center>
 156
 157 <p>&nbsp;<br>
 158 <input type='submit' name='form_submit' value='Yes, Delete and Log' />
 159 &nbsp;
 160 <input type='button' value='No, Cancel' onclick='window.close()' />
 161 </p>
 162
 163 </center>
 164 </form>
 165 </body>
 166 </html>