2 include_once("../globals.php");
3 include_once("$srcdir/md5.js");
4 include_once("$srcdir/sql.inc");
5 require_once(dirname(__FILE__
) . "/../../library/classes/WSProvider.class.php");
9 if (isset($_POST["mode"])) {
10 if ($_POST["mode"] == "facility")
12 sqlStatement("insert into facility set
13 name='{$_POST['facility']}',
14 phone='{$_POST['phone']}',
15 street='{$_POST['street']}',
16 city='{$_POST['city']}',
17 state='{$_POST['state']}',
18 postal_code='{$_POST['postal_code']}',
19 country_code='{$_POST['country_code']}',
20 federal_ein='{$_POST['federal_ein']}'");
21 } elseif ($_POST["mode"] == "new_user") {
22 if ($_POST["authorized"] != "1") {
23 $_POST["authorized"] = 0;
25 $_POST["info"] = addslashes($_POST["info"]);
27 $res = sqlStatement("select distinct username from users");
29 while ($row = mysql_fetch_array($res)) {
30 if ($doit == true && $row['username'] == $_POST["username"]) {
36 $prov_id = idSqlStatement("insert into users set " .
37 "username = '" . $_POST["username"] .
38 "', password = '" . $_POST["newauthPass"] .
39 "', fname = '" . $_POST["fname"] .
40 "', mname = '" . $_POST["mname"] .
41 "', lname = '" . $_POST["lname"] .
42 "', federaltaxid = '" . $_POST["federaltaxid"] .
43 "', authorized = '" . $_POST["authorized"] .
44 "', info = '" . $_POST["info"] .
45 "', federaldrugid = '" . $_POST["federaldrugid"] .
46 "', upin = '" . $_POST["upin"] .
47 "', facility = '" . $_POST["facility"] .
48 "', see_auth = '" . $_POST["see_auth"] .
50 sqlStatement("insert into groups set name = '" . $_POST["groupname"] .
51 "', user = '" . $_POST["username"] . "'");
52 $ws = new WSProvider($prov_id);
54 $alertmsg .= "User " . $_POST["username"] . " already exists. ";
57 elseif ($_POST["mode"] == "new_group") {
58 $res = sqlStatement("select distinct name, user from groups");
59 for ($iter = 0; $row = sqlFetchArray($res); $iter++
)
60 $result[$iter] = $row;
62 foreach ($result as $iter) {
63 if ($doit == 1 && $iter{"name"} == $_POST["groupname"] && $iter{"user"} == $_POST["username"])
67 sqlStatement("insert into groups set name = '" . $_POST["groupname"] .
68 "', user = '" . $_POST["username"] . "'");
70 $alertmsg .= "User " . $_POST["username"] .
71 " is already a member of group " . $_POST["groupname"] . ". ";
76 if (isset($_GET["mode"])) {
78 // This is the code to delete a user. Note that the link which invokes
79 // this is commented out. Somebody must have figured it was too dangerous.
81 if ($_GET["mode"] == "delete") {
82 $res = sqlStatement("select distinct username, id from users where id = '" .
84 for ($iter = 0; $row = sqlFetchArray($res); $iter++
)
85 $result[$iter] = $row;
87 // TBD: Before deleting the user, we should check all tables that
88 // reference users to make sure this user is not referenced!
90 foreach($result as $iter) {
91 sqlStatement("delete from groups where user = '" . $iter{"username"} . "'");
93 sqlStatement("delete from users where id = '" . $_GET["id"] . "'");
96 elseif ($_GET["mode"] == "delete_group") {
97 $res = sqlStatement("select distinct user from groups where id = '" .
99 for ($iter = 0; $row = sqlFetchArray($res); $iter++
)
100 $result[$iter] = $row;
101 foreach($result as $iter)
103 // $res = sqlStatement("select name,user from groups where user = '" .
104 // $iter{"user"} . "' and id != {$_GET["id"]}\n");
105 $res = sqlStatement("select name, user from groups where user = '$un' " .
106 "and id != '" . $_GET["id"] . "'");
108 // Remove the user only if they are also in some other group. I.e. every
109 // user must be a member of at least one group.
110 if (sqlFetchArray($res) != FALSE) {
111 sqlStatement("delete from groups where id = '" . $_GET["id"] . "'");
113 $alertmsg .= "You must add this user to some other group before " .
114 "removing them from this group. ";
122 <link rel
=stylesheet href
="<?echo $css_header;?>" type
="text/css">
125 <body
<?
echo $top_bg_line;?
> topmargin
=0 rightmargin
=0 leftmargin
=2 bottommargin
=0 marginwidth
=2 marginheight
=0>
127 <span
class="title"><?
xl('User & Group Administration','e'); ?
></span
>
136 <form name
='facility' method
='post' action
="usergroup_admin.php">
137 <input type
=hidden name
=mode value
="facility">
138 <span
class=bold
><?
xl('New Facility Information','e'); ?
>: </span
>
141 <table border
=0 cellpadding
=0 cellspacing
=0>
143 <td
><span
class=text
><?
xl('Name','e'); ?
>: </span
></td
><td
><input type
=entry name
=facility size
=20 value
=""></td
>
144 <td
><span
class=text
><?
xl('Phone','e'); ?
>: </span
></td
><td
><input type
=entry name
=phone size
=20 value
=""></td
>
147 <td
><span
class=text
><?
xl('Address','e'); ?
>: </span
></td
><td
><input type
=entry size
=20 name
=street value
=""></td
>
148 <td
><span
class=text
><?
xl('City','e'); ?
>: </span
></td
><td
><input type
=entry size
=20 name
=city value
=""></td
>
151 <td
><span
class=text
><?
xl('State','e'); ?
>: </span
></td
><td
><input type
=entry size
=20 name
=state value
=""></td
>
152 <td
><span
class=text
><?
xl('Zip Code','e'); ?
>: </span
></td
><td
><input type
=entry size
=20 name
=postal_code value
=""></td
>
155 <td
><span
class=text
><?
xl('Country','e'); ?
>: </span
></td
><td
><input type
=entry size
=20 name
=country_code value
=""></td
>
156 <td
><span
class=text
><?
xl('Federal EIN','e'); ?
>: </span
></td
><td
><input type
=entry size
=20 name
=federal_ein value
=""></td
>
159 <td
> 
;</td
><td
> 
;</td
>
160 <td
> 
;</td
><td
><input type
="submit" value
=<?
xl('Add Facility','e'); ?
>></td
>
169 <form name
='facility' method
='post' action
="usergroup_admin.php">
170 <input type
=hidden name
=mode value
=<?
xl('facility','e'); ?
>>
171 <span
class=bold
><?
xl('Edit Facilities','e'); ?
>: </span
>
175 $fres = sqlStatement("select * from facility order by name");
178 for ($iter3 = 0;$frow = sqlFetchArray($fres);$iter3++
)
179 $result2[$iter3] = $frow;
180 foreach($result2 as $iter3) {
182 <span
class=text
><?
echo $iter3{name
};?
></span
><a href
="facility_admin.php?fid=<?echo $iter3{id};?>" class=link_submit
>(Edit
)</a
><br
>
191 <form name
='new_user' method
='post' action
="usergroup_admin.php">
192 <input type
=hidden name
=mode value
=new_user
>
193 <span
class=bold
><?
xl('New User','e'); ?
>:</span
>
195 <table border
=0 cellpadding
=0 cellspacing
=0>
197 <td
><span
class=text
><?
xl('Username','e'); ?
>: </span
></td
><td
><input type
=entry name
=username size
=20>  
;</td
>
198 <td
><span
class=text
><?
xl('Password','e'); ?
>: </span
></td
><td
><input type
="password" size
=20 name
=clearPass
></td
>
201 <td
><span
class=text
><?
xl('Groupname','e'); ?
>: </span
></td
><td
>
202 <select name
=groupname
>
204 $res = sqlStatement("select distinct name from groups");
205 for ($iter = 0;$row = sqlFetchArray($res);$iter++
)
206 $result2[$iter] = $row;
207 foreach ($result2 as $iter) {
208 print "<option value='".$iter{"name"}."'>" . $iter{"name"} . "</option>\n";
212 <td
><span
class=text
><?
xl('Authorized','e'); ?
>: </span
></td
><td
><input type
=checkbox name
='authorized' value
="1"></td
>
215 <td
><span
class=text
><?
xl('First Name','e'); ?
>: </span
></td
><td
><input type
=entry name
='fname' size
=20></td
>
216 <td
><span
class=text
><?
xl('Middle Name','e'); ?
>: </span
></td
><td
><input type
=entry name
='mname' size
=20></td
>
219 <td
><span
class=text
><?
xl('Last Name','e'); ?
>: </span
></td
><td
><input type
=entry name
='lname' size
=20></td
>
220 <td
><span
class=text
><?
xl('Default Facility','e'); ?
>: </span
></td
><td
><select name
=facility
>
222 $fres = sqlStatement("select * from facility order by name");
224 for ($iter = 0;$frow = sqlFetchArray($fres);$iter++
)
225 $result[$iter] = $frow;
226 foreach($result as $iter) {
228 <option value
="<?echo $iter{name};?>"><?
echo $iter{name
};?
></option
>
236 <td
><span
class=text
><?
xl('Federal Tax ID','e'); ?
>: </span
></td
><td
><input type
=entry name
='federaltaxid' size
=20></td
>
237 <td
><span
class=text
><?
xl('Federal Drug ID','e'); ?
>: </span
></td
><td
><input type
=entry name
='federaldrugid' size
=20></td
>
240 <td
><span
class="text"><?
xl('UPIN','e'); ?
>: </span
></td
><td
><input type
="entry" name
="upin" size
="20"></td
>
241 <td
class='text'><?
xl('See Authorizations','e'); ?
>: </td
>
242 <td
><select name
="see_auth">
244 foreach (array(1 => xl('None'), 2 => xl('Only Mine'), 3 => xl('All')) as $key => $value)
246 echo " <option value='$key'";
247 echo ">$value</option>\n";
253 <span
class=text
><?
xl('Additional Info','e'); ?
>: </span
><br
>
254 <textarea name
=info cols
=40 rows
=4 wrap
=auto
></textarea
>
255 <br
><input type
="hidden" name
="newauthPass">
256 <input type
="submit" onClick
="javascript:this.form.newauthPass.value=MD5(this.form.clearPass.value);this.form.clearPass.value='';" value
=<?
xl('Add User','e'); ?
>>
263 <form name
=new_group method
=post action
="usergroup_admin.php">
264 <input type
=hidden name
=mode value
=new_group
>
265 <span
class=bold
><?
xl('New Group','e'); ?
>:</span
>
267 <span
class=text
><?
xl('Groupname','e'); ?
>: </span
><input type
=entry name
=groupname size
=10>
269 <span
class=text
><?
xl('Initial User','e'); ?
>: </span
>
270 <select name
=username
>
272 $res = sqlStatement("select distinct username from users");
273 for ($iter = 0;$row = sqlFetchArray($res);$iter++
)
274 $result[$iter] = $row;
275 foreach ($result as $iter) {
276 print "<option value='".$iter{"username"}."'>" . $iter{"username"} . "</option>\n";
281 <input type
="submit" value
=<?
xl('Add Group','e'); ?
>>
288 <form name
=new_group method
=post action
="usergroup_admin.php">
289 <input type
=hidden name
=mode value
=new_group
>
290 <span
class=bold
><?
xl('Add User To Group','e'); ?
>:</span
>
292 <span
class=text
><?
xl('User','e'); ?
>: </span
>
293 <select name
=username
>
295 $res = sqlStatement("select distinct username from users");
296 for ($iter = 0;$row = sqlFetchArray($res);$iter++
)
297 $result3[$iter] = $row;
298 foreach ($result3 as $iter) {
299 print "<option value='".$iter{"username"}."'>" . $iter{"username"} . "</option>\n";
304 <span
class=text
><?
xl('Groupname','e'); ?
>: </span
>
305 <select name
=groupname
>
307 $res = sqlStatement("select distinct name from groups");
308 for ($iter = 0;$row = sqlFetchArray($res);$iter++
)
309 $result2[$iter] = $row;
310 foreach ($result2 as $iter) {
311 print "<option value='".$iter{"name"}."'>" . $iter{"name"} . "</option>\n";
316 <input type
="submit" value
=<?
xl('Add User To Group','e'); ?
>>
325 <table border
=0 cellpadding
=1 cellspacing
=2>
326 <tr
><td
><span
class=bold
><?
xl('Username','e'); ?
></span
></td
><td
><span
class=bold
><?
xl('Real Name','e'); ?
></span
></td
><td
><span
class=bold
><?
xl('Info','e'); ?
></span
></td
><td
><span
class=bold
><?
xl('Authorized','e'); ?
>?
</span
></td
></tr
>
328 $res = sqlStatement("select * from users order by username");
329 for ($iter = 0;$row = sqlFetchArray($res);$iter++
)
330 $result4[$iter] = $row;
331 foreach ($result4 as $iter) {
332 if ($iter{"authorized"}) {
333 $iter{"authorized"} = xl('yes');
335 $iter{"authorized"} = "";
338 print "<tr><td><span class=text>" . $iter{"username"} .
339 "</span><a href='user_admin.php?id=" . $iter{"id"} .
340 "' class=link_submit>(Edit)</a></td><td><span class=text>" .
341 $iter{"fname"} . ' ' . $iter{"lname"}."</span></td><td><span class=text>" .
342 $iter{"info"} . "</span></td><td align='center'><span class=text>" .
343 $iter{"authorized"} . "</span></td>";
344 print "<td><!--<a href='usergroup_admin.php?mode=delete&id=" . $iter{"id"} .
345 "' class=link_submit>[Delete]</a>--></td>";
355 $res = sqlStatement("select * from groups order by name");
356 for ($iter = 0;$row = sqlFetchArray($res);$iter++
)
357 $result5[$iter] = $row;
359 foreach ($result5 as $iter) {
360 $grouplist{$iter{"name"}} .= $iter{"user"} .
361 "(<a class=link_submit href='usergroup_admin.php?mode=delete_group&id=" .
362 $iter{"id"} . "'>Remove</a>), ";
365 foreach ($grouplist as $groupname => $list) {
366 print "<span class=bold>" . $groupname . "</span><br>\n<span class=text>" .
367 substr($list,0,strlen($list)-2) . "</span><br>\n";
371 <script language
="JavaScript">
373 if ($alertmsg = trim($alertmsg)) {
374 echo "alert('$alertmsg');\n";