search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
PHP7 bug fix 4
[openemr.git] / interface / cmsportal / upload_form.php
blob8e152ece2e9b46aa7324b036d34b0af3dac31a07
1 <?php
2 /**
3 * Handles file uploads from the WordPress Patient Portal.
4 *
5 * Copyright (C) 2014 Rod Roark <rod@sunsetsystems.com>
6 *
7 * LICENSE: This program is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU General Public License
9 * as published by the Free Software Foundation; either version 2
10 * of the License, or (at your option) any later version.
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
15 * You should have received a copy of the GNU General Public License
16 * along with this program. If not, see <http://opensource.org/licenses/gpl-license.php>;.
17 *
18 * @package OpenEMR
19 * @author Rod Roark <rod@sunsetsystems.com>
20 */
21
22 $sanitize_all_escapes = true;
23 $fake_register_globals = false;
24
25 require_once("../globals.php");
26 require_once("$srcdir/formdata.inc.php");
27 require_once("$srcdir/classes/Document.class.php");
28 require_once("portal.inc.php");
29
30 // This function builds an array of document categories recursively.
31 // Borrowed from interface/fax/fax_dispatch.php.
32 //
33 function getKittens($catid, $catstring, &$categories) {
34 $cres = sqlStatement("SELECT id, name FROM categories " .
35 "WHERE parent = ? ORDER BY name", array($catid));
36 $childcount = 0;
37 while ($crow = sqlFetchArray($cres)) {
38 ++$childcount;
39 getKittens($crow['id'], ($catstring ? "$catstring / " : "") .
40 ($catid ? $crow['name'] : ''), $categories);
41 }
42 // If no kitties, then this is a leaf node and should be listed.
43 if (!$childcount) $categories[$catid] = $catstring;
44 }
45
46 $postid = empty($_REQUEST['postid' ]) ? 0 : intval($_REQUEST['postid' ]);
47 $messageid = empty($_REQUEST['messageid']) ? 0 : intval($_REQUEST['messageid']);
48
49 if ($_POST['bn_save']) {
50 $ptid = intval($_POST['ptid']);
51 echo "<html><body>\n";
52 if (is_array($_POST['form_filename'])) {
53 foreach ($_POST['form_filename'] as $uploadid => $filename) {
54 $catid = $_POST['form_category'][$uploadid];
55 if (!$catid) continue;
56 echo xlt('Fetching following file from portal') . ": " . $filename . " ...<br />\n";
57 flush();
58 if ($messageid) {
59 $result = cms_portal_call(array('action' => 'getmsgup', 'uploadid' => $uploadid));
60 }
61 else {
62 $result = cms_portal_call(array('action' => 'getupload', 'uploadid' => $uploadid));
63 }
64 if ($result['errmsg']) die(text($result['errmsg']));
65 $d = new Document();
66 // With JSON-over-HTTP we would need to base64_decode the contents.
67 $rc = $d->createDocument($ptid, $catid, $filename, $result['mimetype'],
68 $result['contents']);
69 if ($rc) die(text(xl('Error saving document') . ": $rc"));
70 }
71 }
72 // Finally, delete the request or message from the portal.
73 if ($messageid) {
74 $result = cms_portal_call(array('action' => 'delmessage', 'messageid' => $messageid));
75 }
76 else {
77 $result = cms_portal_call(array('action' => 'delpost', 'postid' => $postid));
78 }
79 if ($result['errmsg']) {
80 die(text($result['errmsg']));
81 }
82 echo "<script language='JavaScript'>\n";
83 echo "if (top.restoreSession) top.restoreSession(); else opener.top.restoreSession();\n";
84 echo "document.location.href = 'list_requests.php';\n";
85 echo "</script></body></html>\n";
86 exit();
87 }
88
89 // Get the document categories list.
90 $categories = array();
91 getKittens(0, '', $categories);
92
93 // Get the portal request data.
94 if (!$postid && !$messageid) die(xlt('Request ID is missing!'));
95 if ($messageid) {
96 $result = cms_portal_call(array('action' => 'getmessage', 'messageid' => $messageid));
97 }
98 else {
99 $result = cms_portal_call(array('action' => 'getpost', 'postid' => $postid));
100 }
101 if ($result['errmsg']) {
102 die(text($result['errmsg']));
103 }
104
105 // Look up the patient in OpenEMR.
106 $userlogin = $messageid ? $result['message']['user'] : $result['post']['user'];
107 $ptid = lookup_openemr_patient($userlogin);
108 ?>
109 <html>
110 <head>
111 <?php html_header_show(); ?>
112 <link rel=stylesheet href="<?php echo $css_header; ?>" type="text/css">
113
114 <style type="text/css">@import url(../../library/dynarch_calendar.css);</style>
115 <style>
116
117 tr.head { font-size:10pt; background-color:#cccccc; text-align:center; }
118 tr.detail { font-size:10pt; background-color:#ddddff; }
119 td input { background-color:transparent; }
120
121 </style>
122
123 <script type="text/javascript" src="../../library/textformat.js"></script>
124 <script type="text/javascript" src="<?php echo $GLOBALS['webroot'] ?>/library/js/jquery-1.2.2.min.js"></script>
125
126 <script language="JavaScript">
127
128 var mypcc = '<?php echo $GLOBALS['phone_country_code'] ?>';
129
130 function myRestoreSession() {
131 if (top.restoreSession) top.restoreSession(); else opener.top.restoreSession();
132 return true;
133 }
134
135 </script>
136 </head>
137
138 <body class="body_top">
139 <center>
140
141 <form method='post' action='upload_form.php'>
142
143 <?php
144 if ($messageid) {
145 echo "<p class='text'><b>" . xlt('Message Title') . ":</b> ";
146 echo htmlspecialchars($result['message']['title']);
147 echo "</p>\n";
148 echo "<textarea style='width:90%;height:144pt;' readonly>";
149 echo htmlspecialchars($result['message']['contents']);
150 echo "</textarea>\n";
151 echo "<p class='text'><i>";
152 echo xlt('This message text is not saved automatically. Copy and save it as appropriate for the content.');
153 echo "</i></p>\n";
154 }
155 ?>
156
157 <input type='hidden' name='ptid' value='<?php echo attr($ptid); ?>' />
158 <input type='hidden' name='postid' value='<?php echo attr($postid); ?>' />
159 <input type='hidden' name='messageid' value='<?php echo attr($messageid); ?>' />
160
161 <table width='100%' cellpadding='1' cellspacing='2'>
162 <tr class='head'>
163 <th align='left'><?php echo xlt('MIME Type'); ?></th>
164 <th align='left'><?php echo xlt('Desired Filename'); ?></th>
165 <th align='left'><?php echo xlt('Document Category or Discard'); ?></th>
166 </tr>
167 <?php
168 if (is_array($result['uploads'])) {
169 foreach ($result['uploads'] as $upload) {
170 $id = intval($upload['id']);
171 echo " <tr class='detail'>\n";
172 // MIME type and view link
173 echo " <td><a href='upload_form_show.php?id=$id&messageid=$messageid'>" .
174 text($upload['mimetype']) . "</a></td>\n";
175 // Desired file name
176 echo " <td><input type='text' name='form_filename[$id]' value='" .
177 attr($upload['filename']) . "' size='20' /></td>";
178 // Desired document category with option to discard the file
179 echo " <td><select name='form_category[$id]'>\n";
180 echo "<option value='0'>-- " . xlt('Discard') . " --</option>\n";
181 $i = 0;
182 foreach ($categories as $catkey => $catname) {
183 echo "<option value='" . attr($catkey) . "'";
184 if (++$i == 1) echo " selected";
185 echo ">" . text($catname) . "</option>\n";
186 }
187 echo "</select></td>\n";
188 //
189 echo " </tr>\n";
190 }
191 }
192 ?>
193 </table>
194
195 <p>
196 <input type='submit' name='bn_save' value='<?php echo xla('Submit and Delete Request'); ?>' />
197 &nbsp;
198 <input type='button' value='<?php echo xla('Back'); ?>'
199 onclick="myRestoreSession();location='list_requests.php'" />
200 </p>
201
202 </form>
203 </center>
204 </body>
205 </html>
206
Mirror of official OpenEMR Sourceforge repository