search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
image for help file
[openemr.git] / interface / usergroup / usergroup_admin.php
blob980daede30b68f2fbfd12a843466c7b90aebcf9b
1 <?
2 include_once("../globals.php");
3 include_once("$srcdir/md5.js");
4 include_once("$srcdir/sql.inc");
5 require_once(dirname(__FILE__) . "/../../library/classes/WSProvider.class.php");
6
7 $alertmsg = '';
8
9 if (isset($_POST["mode"])) {
10 if ($_POST["mode"] == "facility")
11 {
12 sqlStatement("insert into facility set
13 name='{$_POST['facility']}',
14 phone='{$_POST['phone']}',
15 street='{$_POST['street']}',
16 city='{$_POST['city']}',
17 state='{$_POST['state']}',
18 postal_code='{$_POST['postal_code']}',
19 country_code='{$_POST['country_code']}',
20 federal_ein='{$_POST['federal_ein']}'");
21 } elseif ($_POST["mode"] == "new_user") {
22 if ($_POST["authorized"] != "1") {
23 $_POST["authorized"] = 0;
24 }
25 $_POST["info"] = addslashes($_POST["info"]);
26
27 $res = sqlStatement("select distinct username from users");
28 $doit = true;
29 while ($row = mysql_fetch_array($res)) {
30 if ($doit == true && $row['username'] == $_POST["username"]) {
31 $doit = false;
32 }
33 }
34
35 if ($doit == true) {
36 $prov_id = idSqlStatement("insert into users set " .
37 "username = '" . $_POST["username"] .
38 "', password = '" . $_POST["newauthPass"] .
39 "', fname = '" . $_POST["fname"] .
40 "', mname = '" . $_POST["mname"] .
41 "', lname = '" . $_POST["lname"] .
42 "', federaltaxid = '" . $_POST["federaltaxid"] .
43 "', authorized = '" . $_POST["authorized"] .
44 "', info = '" . $_POST["info"] .
45 "', federaldrugid = '" . $_POST["federaldrugid"] .
46 "', upin = '" . $_POST["upin"] .
47 "', facility = '" . $_POST["facility"] .
48 "', see_auth = '" . $_POST["see_auth"] .
49 "'");
50 sqlStatement("insert into groups set name = '" . $_POST["groupname"] .
51 "', user = '" . $_POST["username"] . "'");
52 $ws = new WSProvider($prov_id);
53 } else {
54 $alertmsg .= "User " . $_POST["username"] . " already exists. ";
55 }
56 }
57 elseif ($_POST["mode"] == "new_group") {
58 $res = sqlStatement("select distinct name, user from groups");
59 for ($iter = 0; $row = sqlFetchArray($res); $iter++)
60 $result[$iter] = $row;
61 $doit = 1;
62 foreach ($result as $iter) {
63 if ($doit == 1 && $iter{"name"} == $_POST["groupname"] && $iter{"user"} == $_POST["username"])
64 $doit--;
65 }
66 if ($doit == 1) {
67 sqlStatement("insert into groups set name = '" . $_POST["groupname"] .
68 "', user = '" . $_POST["username"] . "'");
69 } else {
70 $alertmsg .= "User " . $_POST["username"] .
71 " is already a member of group " . $_POST["groupname"] . ". ";
72 }
73 }
74 }
75
76 if (isset($_GET["mode"])) {
77
78 // This is the code to delete a user. Note that the link which invokes
79 // this is commented out. Somebody must have figured it was too dangerous.
80 //
81 if ($_GET["mode"] == "delete") {
82 $res = sqlStatement("select distinct username, id from users where id = '" .
83 $_GET["id"] . "'");
84 for ($iter = 0; $row = sqlFetchArray($res); $iter++)
85 $result[$iter] = $row;
86
87 // TBD: Before deleting the user, we should check all tables that
88 // reference users to make sure this user is not referenced!
89
90 foreach($result as $iter) {
91 sqlStatement("delete from groups where user = '" . $iter{"username"} . "'");
92 }
93 sqlStatement("delete from users where id = '" . $_GET["id"] . "'");
94 }
95
96 elseif ($_GET["mode"] == "delete_group") {
97 $res = sqlStatement("select distinct user from groups where id = '" .
98 $_GET["id"] . "'");
99 for ($iter = 0; $row = sqlFetchArray($res); $iter++)
100 $result[$iter] = $row;
101 foreach($result as $iter)
102 $un = $iter{"user"};
103 // $res = sqlStatement("select name,user from groups where user = '" .
104 // $iter{"user"} . "' and id != {$_GET["id"]}\n");
105 $res = sqlStatement("select name, user from groups where user = '$un' " .
106 "and id != '" . $_GET["id"] . "'");
107
108 // Remove the user only if they are also in some other group. I.e. every
109 // user must be a member of at least one group.
110 if (sqlFetchArray($res) != FALSE) {
111 sqlStatement("delete from groups where id = '" . $_GET["id"] . "'");
112 } else {
113 $alertmsg .= "You must add this user to some other group before " .
114 "removing them from this group. ";
115 }
116 }
117 }
118 ?>
119 <html>
120 <head>
121
122 <link rel=stylesheet href="<?echo $css_header;?>" type="text/css">
123
124 </head>
125 <body <?echo $top_bg_line;?> topmargin=0 rightmargin=0 leftmargin=2 bottommargin=0 marginwidth=2 marginheight=0>
126
127 <span class="title"><? xl('User & Group Administration','e'); ?></span>
128
129 <br><br>
130
131 <table width=100%>
132 <tr>
133
134 <td valign=top>
135
136 <form name='facility' method='post' action="usergroup_admin.php">
137 <input type=hidden name=mode value="facility">
138 <span class=bold><? xl('New Facility Information','e'); ?>: </span>
139 </td><td>
140
141 <table border=0 cellpadding=0 cellspacing=0>
142 <tr>
143 <td><span class=text><? xl('Name','e'); ?>: </span></td><td><input type=entry name=facility size=20 value=""></td>
144 <td><span class=text><? xl('Phone','e'); ?>: </span></td><td><input type=entry name=phone size=20 value=""></td>
145 </tr>
146 <tr>
147 <td><span class=text><? xl('Address','e'); ?>: </span></td><td><input type=entry size=20 name=street value=""></td>
148 <td><span class=text><? xl('City','e'); ?>: </span></td><td><input type=entry size=20 name=city value=""></td>
149 </tr>
150 <tr>
151 <td><span class=text><? xl('State','e'); ?>: </span></td><td><input type=entry size=20 name=state value=""></td>
152 <td><span class=text><? xl('Zip Code','e'); ?>: </span></td><td><input type=entry size=20 name=postal_code value=""></td>
153 </tr>
154 <tr>
155 <td><span class=text><? xl('Country','e'); ?>: </span></td><td><input type=entry size=20 name=country_code value=""></td>
156 <td><span class=text><? xl('Federal EIN','e'); ?>: </span></td><td><input type=entry size=20 name=federal_ein value=""></td>
157 </tr>
158 <tr>
159 <td>&nbsp;</td><td>&nbsp;</td>
160 <td>&nbsp;</td><td><input type="submit" value=<? xl('Add Facility','e'); ?>></td>
161 </tr>
162 </table>
163 </form>
164 <br><br>
165 </tr>
166 <tr>
167 <td valign=top>
168
169 <form name='facility' method='post' action="usergroup_admin.php">
170 <input type=hidden name=mode value=<? xl('facility','e'); ?>>
171 <span class=bold><? xl('Edit Facilities','e'); ?>: </span>
172 </td><td valign=top>
173 <?
174 $fres = 0;
175 $fres = sqlStatement("select * from facility order by name");
176 if ($fres) {
177 $result2 = array();
178 for ($iter3 = 0;$frow = sqlFetchArray($fres);$iter3++)
179 $result2[$iter3] = $frow;
180 foreach($result2 as $iter3) {
181 ?>
182 <span class=text><?echo $iter3{name};?></span><a href="facility_admin.php?fid=<?echo $iter3{id};?>" class=link_submit>(Edit)</a><br>
183 <?
184 }
185 }
186 ?>
187
188 </td>
189 </tr>
190 <tr><td valign=top>
191 <form name='new_user' method='post' action="usergroup_admin.php">
192 <input type=hidden name=mode value=new_user>
193 <span class=bold><? xl('New User','e'); ?>:</span>
194 </td><td>
195 <table border=0 cellpadding=0 cellspacing=0>
196 <tr>
197 <td><span class=text><? xl('Username','e'); ?>: </span></td><td><input type=entry name=username size=20> &nbsp;</td>
198 <td><span class=text><? xl('Password','e'); ?>: </span></td><td><input type="password" size=20 name=clearPass></td>
199 </tr>
200 <tr>
201 <td><span class=text><? xl('Groupname','e'); ?>: </span></td><td>
202 <select name=groupname>
203 <?
204 $res = sqlStatement("select distinct name from groups");
205 for ($iter = 0;$row = sqlFetchArray($res);$iter++)
206 $result2[$iter] = $row;
207 foreach ($result2 as $iter) {
208 print "<option value='".$iter{"name"}."'>" . $iter{"name"} . "</option>\n";
209 }
210 ?>
211 </select></td>
212 <td><span class=text><? xl('Authorized','e'); ?>: </span></td><td><input type=checkbox name='authorized' value="1"></td>
213 </tr>
214 <tr>
215 <td><span class=text><? xl('First Name','e'); ?>: </span></td><td><input type=entry name='fname' size=20></td>
216 <td><span class=text><? xl('Middle Name','e'); ?>: </span></td><td><input type=entry name='mname' size=20></td>
217 </tr>
218 <tr>
219 <td><span class=text><? xl('Last Name','e'); ?>: </span></td><td><input type=entry name='lname' size=20></td>
220 <td><span class=text><? xl('Default Facility','e'); ?>: </span></td><td><select name=facility>
221 <?
222 $fres = sqlStatement("select * from facility order by name");
223 if ($fres) {
224 for ($iter = 0;$frow = sqlFetchArray($fres);$iter++)
225 $result[$iter] = $frow;
226 foreach($result as $iter) {
227 ?>
228 <option value="<?echo $iter{name};?>"><?echo $iter{name};?></option>
229 <?
230 }
231 }
232 ?>
233 </select></td>
234 </tr>
235 <tr>
236 <td><span class=text><? xl('Federal Tax ID','e'); ?>: </span></td><td><input type=entry name='federaltaxid' size=20></td>
237 <td><span class=text><? xl('Federal Drug ID','e'); ?>: </span></td><td><input type=entry name='federaldrugid' size=20></td>
238 </tr>
239 <tr>
240 <td><span class="text"><? xl('UPIN','e'); ?>: </span></td><td><input type="entry" name="upin" size="20"></td>
241 <td class='text'><? xl('See Authorizations','e'); ?>: </td>
242 <td><select name="see_auth">
243 <?php
244 foreach (array(1 => xl('None'), 2 => xl('Only Mine'), 3 => xl('All')) as $key => $value)
245 {
246 echo " <option value='$key'";
247 echo ">$value</option>\n";
248 }
249 ?>
250 </select></td>
251 </tr>
252 </table>
253 <span class=text><? xl('Additional Info','e'); ?>: </span><br>
254 <textarea name=info cols=40 rows=4 wrap=auto></textarea>
255 <br><input type="hidden" name="newauthPass">
256 <input type="submit" onClick="javascript:this.form.newauthPass.value=MD5(this.form.clearPass.value);this.form.clearPass.value='';" value=<? xl('Add User','e'); ?>>
257 </form>
258 </td>
259
260 </tr><tr>
261
262 <td valign=top>
263 <form name=new_group method=post action="usergroup_admin.php">
264 <input type=hidden name=mode value=new_group>
265 <span class=bold><? xl('New Group','e'); ?>:</span>
266 </td><td>
267 <span class=text><? xl('Groupname','e'); ?>: </span><input type=entry name=groupname size=10>
268 &nbsp;&nbsp;&nbsp;
269 <span class=text><? xl('Initial User','e'); ?>: </span>
270 <select name=username>
271 <?
272 $res = sqlStatement("select distinct username from users");
273 for ($iter = 0;$row = sqlFetchArray($res);$iter++)
274 $result[$iter] = $row;
275 foreach ($result as $iter) {
276 print "<option value='".$iter{"username"}."'>" . $iter{"username"} . "</option>\n";
277 }
278 ?>
279 </select>
280 &nbsp;&nbsp;&nbsp;
281 <input type="submit" value=<? xl('Add Group','e'); ?>>
282 </form>
283 </td>
284
285 </tr><tr>
286
287 <td valign=top>
288 <form name=new_group method=post action="usergroup_admin.php">
289 <input type=hidden name=mode value=new_group>
290 <span class=bold><? xl('Add User To Group','e'); ?>:</span>
291 </td><td>
292 <span class=text><? xl('User','e'); ?>: </span>
293 <select name=username>
294 <?
295 $res = sqlStatement("select distinct username from users");
296 for ($iter = 0;$row = sqlFetchArray($res);$iter++)
297 $result3[$iter] = $row;
298 foreach ($result3 as $iter) {
299 print "<option value='".$iter{"username"}."'>" . $iter{"username"} . "</option>\n";
300 }
301 ?>
302 </select>
303 &nbsp;&nbsp;&nbsp;
304 <span class=text><? xl('Groupname','e'); ?>: </span>
305 <select name=groupname>
306 <?
307 $res = sqlStatement("select distinct name from groups");
308 for ($iter = 0;$row = sqlFetchArray($res);$iter++)
309 $result2[$iter] = $row;
310 foreach ($result2 as $iter) {
311 print "<option value='".$iter{"name"}."'>" . $iter{"name"} . "</option>\n";
312 }
313 ?>
314 </select>
315 &nbsp;&nbsp;&nbsp;
316 <input type="submit" value=<? xl('Add User To Group','e'); ?>>
317 </form>
318 </td>
319
320 </tr>
321 </table>
322
323 <hr>
324
325 <table border=0 cellpadding=1 cellspacing=2>
326 <tr><td><span class=bold><? xl('Username','e'); ?></span></td><td><span class=bold><? xl('Real Name','e'); ?></span></td><td><span class=bold><? xl('Info','e'); ?></span></td><td><span class=bold><? xl('Authorized','e'); ?>?</span></td></tr>
327 <?
328 $res = sqlStatement("select * from users order by username");
329 for ($iter = 0;$row = sqlFetchArray($res);$iter++)
330 $result4[$iter] = $row;
331 foreach ($result4 as $iter) {
332 if ($iter{"authorized"}) {
333 $iter{"authorized"} = xl('yes');
334 } else {
335 $iter{"authorized"} = "";
336 }
337
338 print "<tr><td><span class=text>" . $iter{"username"} .
339 "</span><a href='user_admin.php?id=" . $iter{"id"} .
340 "' class=link_submit>(Edit)</a></td><td><span class=text>" .
341 $iter{"fname"} . ' ' . $iter{"lname"}."</span></td><td><span class=text>" .
342 $iter{"info"} . "</span></td><td align='center'><span class=text>" .
343 $iter{"authorized"} . "</span></td>";
344 print "<td><!--<a href='usergroup_admin.php?mode=delete&id=" . $iter{"id"} .
345 "' class=link_submit>[Delete]</a>--></td>";
346 print "</tr>\n";
347 }
348 ?>
349
350 </table>
351
352 <hr>
353
354 <?
355 $res = sqlStatement("select * from groups order by name");
356 for ($iter = 0;$row = sqlFetchArray($res);$iter++)
357 $result5[$iter] = $row;
358
359 foreach ($result5 as $iter) {
360 $grouplist{$iter{"name"}} .= $iter{"user"} .
361 "(<a class=link_submit href='usergroup_admin.php?mode=delete_group&id=" .
362 $iter{"id"} . "'>Remove</a>), ";
363 }
364
365 foreach ($grouplist as $groupname => $list) {
366 print "<span class=bold>" . $groupname . "</span><br>\n<span class=text>" .
367 substr($list,0,strlen($list)-2) . "</span><br>\n";
368 }
369 ?>
370
371 <script language="JavaScript">
372 <?
373 if ($alertmsg = trim($alertmsg)) {
374 echo "alert('$alertmsg');\n";
375 }
376 ?>
377 </script>
378
379 </body>
380 </html>
Mirror of official OpenEMR Sourceforge repository