interface/forms/clinical_notes/save.php

   1 <?php
   2
   3 /**
   4  * Clinical Notes form save.php
   5  *
   6  * @package   OpenEMR
   7  * @link      http://www.open-emr.org
   8  * @author    Jacob T Paul <jacob@zhservices.com>
   9  * @author    Vinish K <vinish@zhservices.com>
  10  * @author    Brady Miller <brady.g.miller@gmail.com>
  11  * @author    Stephen Nielson <stephen@nielson.org>
  12  * @copyright Copyright (c) 2015 Z&H Consultancy Services Private Limited <sam@zhservices.com>
  13  * @copyright Copyright (c) 2019 Brady Miller <brady.g.miller@gmail.com>
  14  * @copyright Copyright (c) 2021 Stephen Nielson <stephen@nielson.org>
  15  * @license   https://github.com/openemr/openemr/blob/master/LICENSE GNU General Public License 3
  16  */
  17
  18 require_once(__DIR__ . "/../../globals.php");
  19 require_once("$srcdir/api.inc.php");
  20 require_once("$srcdir/forms.inc.php");
  21
  22 use OpenEMR\Common\Csrf\CsrfUtils;
  23 use OpenEMR\Services\ClinicalNotesService;
  24
  25 if (!CsrfUtils::verifyCsrfToken($_POST["csrf_token_form"])) {
  26     CsrfUtils::csrfNotVerified();
  27 }
  28
  29 if (!$encounter) { // comes from globals.php
  30     die(xlt("Internal error: we do not seem to be in an encounter!"));
  31 }
  32
  33 // TODO: This should all be rolled into a transaction
  34
  35 $form_id = (int) (isset($_GET['id']) ? $_GET['id'] : '');
  36 $code = $_POST["code"];
  37 $code_text = $_POST["codetext"];
  38 $code_date = $_POST["code_date"];
  39 $code_des = $_POST["description"];
  40 $ids = $_POST['id'] ?? [];
  41 $count = $_POST["count"];
  42 $clinical_notes_type = $_POST['clinical_notes_type'];
  43 $clinical_notes_category = $_POST['clinical_notes_category'];
  44 $note_relations = "";
  45
  46 $clinicalNotesService = new ClinicalNotesService();
  47
  48 if (!empty($form_id)) {
  49     $existingIds  = $clinicalNotesService->getClinicalNoteIdsForPatientForm($form_id, $_SESSION['pid'], $_SESSION['encounter']);
  50
  51     // in order to find the ids that are unique we have to operate on the same type system, we'll convert everything into
  52     // an integer
  53     // the database BIGINT(20).  Its very, very unlikely we will run into overflow problems here.
  54     $existingIdInts = array_map('intval', $existingIds);
  55     $submittedIdInts = array_map('intval', array_filter($ids, 'is_numeric'));
  56
  57     // now grab all of the ids that exist that were not submitted so we can mark them as inactive.  This does a
  58     // mathmatical set substraction.  We don't really delete the records as we need an audit trail here.
  59     $recordsIdsToDelete = array_diff($existingIdInts, $submittedIdInts);
  60     foreach ($recordsIdsToDelete as $recordId) {
  61         $clinicalNotesService->setActivityForClinicalRecord(
  62             $recordId,
  63             $_SESSION['pid'],
  64             $_SESSION['encounter'],
  65             ClinicalNotesService::ACTIVITY_INACTIVE
  66         );
  67     }
  68 } else {
  69     $form_id = $clinicalNotesService->createClinicalNotesParentForm($_SESSION['pid'], $_SESSION['encounter'], $userauthorized);
  70 }
  71
  72 // create our records let the underlying service fix everything
  73 $note_records = [];
  74
  75 $count = array_filter($count);
  76 if (!empty($count)) {
  77     foreach ($count as $key => $codeval) {
  78         $record = [];
  79         $record['id'] = $ids[$key] ?? null; // new records we don't set an id
  80         $record['form_id'] = $form_id;
  81         $record['code'] = $code[$key] ?: '';
  82         $record['codetext'] = $code_text[$key] ?: null;
  83         $record['description'] = $code_des[$key] ?: null;
  84         $record['clinical_notes_type'] = $clinical_notes_type[$key] ?: null;
  85         $record['clinical_notes_category'] = $clinical_notes_category[$key] ?: null;
  86         if (empty($record['id'])) {
  87             // we only populate this on an insert as we don't want someone tampering with the user that created this
  88             // record, this avoids issues where the record can be impersonated by someone else (IE falsifying who entered
  89             // the note).
  90             $record['user'] = $_SESSION["authUser"];
  91         }
  92         // this is for related issues to the note
  93         $record['note_related_to'] = parse_note($record['description']);
  94         //$record['note_related_to'] = $record['description'];
  95         // note this is the form_id from the forms table and is NOT a unique record id
  96
  97         $record['pid'] = $_SESSION['pid'];
  98         $record['encounter'] = $_SESSION['encounter'];
  99         $record['authorized'] = $userauthorized;
 100         $record['date'] = $code_date[$key];
 101         $record['groupname'] = $_SESSION["authProvider"];
 102         $record['activity'] = ClinicalNotesService::ACTIVITY_ACTIVE;
 103         $clinicalNotesService->saveArray($record);
 104     }
 105 }
 106
 107 formHeader("Redirecting....");
 108 formJump();
 109 formFooter();
 110 function parse_note($note)
 111 {
 112     $result = preg_match_all("/\{\|([^\]]*)\|}/", $note, $matches);
 113     return json_encode($matches[1]);
 114 }