search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Changed version to 3.0 to match new OpenEMR release.
[openemr.git] / interface / usergroup / usergroup_admin.php
blobc3bed9d46fce215ba48a9b28f495f832e6999add
1 <?php
2 include_once("../globals.php");
3 include_once("../../library/acl.inc");
4 include_once("$srcdir/md5.js");
5 include_once("$srcdir/sql.inc");
6 require_once(dirname(__FILE__) . "/../../library/classes/WSProvider.class.php");
7
8 $alertmsg = '';
9
10 if (isset($_POST["mode"])) {
11 if ($_POST["mode"] == "facility") {
12 sqlStatement("insert into facility set
13 name='{$_POST['facility']}',
14 phone='{$_POST['phone']}',
15 fax='{$_POST['fax']}',
16 street='{$_POST['street']}',
17 city='{$_POST['city']}',
18 state='{$_POST['state']}',
19 postal_code='{$_POST['postal_code']}',
20 country_code='{$_POST['country_code']}',
21 federal_ein='{$_POST['federal_ein']}',
22 facility_npi='{$_POST['facility_npi']}'");
23 }
24 else if ($_POST["mode"] == "new_user") {
25 if ($_POST["authorized"] != "1") {
26 $_POST["authorized"] = 0;
27 }
28 $_POST["info"] = addslashes($_POST["info"]);
29
30 $res = sqlStatement("select distinct username from users where username != ''");
31 $doit = true;
32 while ($row = mysql_fetch_array($res)) {
33 if ($doit == true && $row['username'] == $_POST["username"]) {
34 $doit = false;
35 }
36 }
37
38 if ($doit == true) {
39 $prov_id = idSqlStatement("insert into users set " .
40 "username = '" . $_POST["username"] .
41 "', password = '" . $_POST["newauthPass"] .
42 "', fname = '" . $_POST["fname"] .
43 "', mname = '" . $_POST["mname"] .
44 "', lname = '" . $_POST["lname"] .
45 "', federaltaxid = '" . $_POST["federaltaxid"] .
46 "', authorized = '" . $_POST["authorized"] .
47 "', info = '" . $_POST["info"] .
48 "', federaldrugid = '" . $_POST["federaldrugid"] .
49 "', upin = '" . $_POST["upin"] .
50 "', npi = '" . $_POST["npi"].
51 "', taxonomy = '" . $_POST["taxonomy"] .
52 "', facility = '" . $_POST["facility"] .
53 "', specialty = '" . $_POST["specialty"] .
54 "', see_auth = '" . $_POST["see_auth"] .
55 "'");
56 sqlStatement("insert into groups set name = '" . $_POST["groupname"] .
57 "', user = '" . $_POST["username"] . "'");
58
59 if (isset($phpgacl_location) && acl_check('admin', 'acl') && $_POST["username"]) {
60 // Set the access control group of user
61 set_user_aro($_POST["access_group"], $_POST["username"], $_POST["fname"], $_POST["mname"], $_POST["lname"]);
62 }
63
64 $ws = new WSProvider($prov_id);
65
66 // DBC DUTCH SYSTEM
67 if ( $GLOBALS['dutchpc'] ) {
68 sqlStatement("INSERT INTO cl_user_beroep SET cl_beroep_userid = ' ".$prov_id." ',
69 cl_beroep_sysid = ' ".$_POST['beroep']." '");
70 }
71 // EOS DBC
72
73 } else {
74 $alertmsg .= "User " . $_POST["username"] . " already exists. ";
75 }
76 }
77 else if ($_POST["mode"] == "new_group") {
78 $res = sqlStatement("select distinct name, user from groups");
79 for ($iter = 0; $row = sqlFetchArray($res); $iter++)
80 $result[$iter] = $row;
81 $doit = 1;
82 foreach ($result as $iter) {
83 if ($doit == 1 && $iter{"name"} == $_POST["groupname"] && $iter{"user"} == $_POST["username"])
84 $doit--;
85 }
86 if ($doit == 1) {
87 sqlStatement("insert into groups set name = '" . $_POST["groupname"] .
88 "', user = '" . $_POST["username"] . "'");
89 } else {
90 $alertmsg .= "User " . $_POST["username"] .
91 " is already a member of group " . $_POST["groupname"] . ". ";
92 }
93 }
94 }
95
96 if (isset($_GET["mode"])) {
97
98 // This is the code to delete a user. Note that the link which invokes
99 // this is commented out. Somebody must have figured it was too dangerous.
100 //
101 if ($_GET["mode"] == "delete") {
102 $res = sqlStatement("select distinct username, id from users where id = '" .
103 $_GET["id"] . "'");
104 for ($iter = 0; $row = sqlFetchArray($res); $iter++)
105 $result[$iter] = $row;
106
107 // TBD: Before deleting the user, we should check all tables that
108 // reference users to make sure this user is not referenced!
109
110 foreach($result as $iter) {
111 sqlStatement("delete from groups where user = '" . $iter{"username"} . "'");
112 }
113 sqlStatement("delete from users where id = '" . $_GET["id"] . "'");
114 }
115
116 elseif ($_GET["mode"] == "delete_group") {
117 $res = sqlStatement("select distinct user from groups where id = '" .
118 $_GET["id"] . "'");
119 for ($iter = 0; $row = sqlFetchArray($res); $iter++)
120 $result[$iter] = $row;
121 foreach($result as $iter)
122 $un = $iter{"user"};
123 // $res = sqlStatement("select name,user from groups where user = '" .
124 // $iter{"user"} . "' and id != {$_GET["id"]}\n");
125 $res = sqlStatement("select name, user from groups where user = '$un' " .
126 "and id != '" . $_GET["id"] . "'");
127
128 // Remove the user only if they are also in some other group. I.e. every
129 // user must be a member of at least one group.
130 if (sqlFetchArray($res) != FALSE) {
131 sqlStatement("delete from groups where id = '" . $_GET["id"] . "'");
132 } else {
133 $alertmsg .= "You must add this user to some other group before " .
134 "removing them from this group. ";
135 }
136 }
137 }
138
139 $form_inactive = empty($_REQUEST['form_inactive']) ? false : true;
140
141 ?>
142 <html>
143 <head>
144
145 <link rel="stylesheet" href="<?php echo $css_header;?>" type="text/css">
146
147 </head>
148 <body class="body_top">
149
150 <span class="title"><?php xl('User and Facility Administration','e'); ?></span>
151
152 <br><br>
153
154 <table width=100%>
155 <tr>
156
157 <td valign=top>
158
159 <form name='facility' method='post' action="usergroup_admin.php"
160 onsubmit='return top.restoreSession()'>
161 <input type=hidden name=mode value="facility">
162 <span class="bold"><?php xl('New Facility Information','e'); ?>: </span>
163 </td><td>
164
165 <table border=0 cellpadding=0 cellspacing=0>
166 <tr>
167 <td><span class="text"><?php xl('Name','e'); ?>: </span></td><td><input type=entry name=facility size=20 value=""></td>
168 <td><span class="text"><?php xl('Phone','e'); ?>: </span></td><td><input type=entry name=phone size=20 value=""></td>
169 </tr>
170 <tr>
171 <td>&nbsp;</td><td>&nbsp;</td>
172 <td><span class="text"><?php xl('Fax','e'); ?>: </span></td><td><input type=entry name=fax size=20 value=""></td>
173 </tr>
174 <tr>
175 <td><span class="text"><?php xl('Address','e'); ?>: </span></td><td><input type=entry size=20 name=street value=""></td>
176 <td><span class="text"><?php xl('City','e'); ?>: </span></td><td><input type=entry size=20 name=city value=""></td>
177 </tr>
178 <tr>
179 <td><span class="text"><?php xl('State','e'); ?>: </span></td><td><input type=entry size=20 name=state value=""></td>
180 <td><span class="text"><?php xl('Zip Code','e'); ?>: </span></td><td><input type=entry size=20 name=postal_code value=""></td>
181 </tr>
182 <tr>
183 <td height="22"><span class="text"><?php xl('Country','e'); ?>: </span></td>
184 <td><input type=entry size=20 name=country_code value=""></td>
185 <td><span class="text"><?php xl('Federal EIN','e'); ?>: </span></td><td><input type=entry size=20 name=federal_ein value=""></td>
186 </tr>
187 <tr>
188 <td>&nbsp;</td><td>&nbsp;</td>
189
190 <td><span class="text"><?php xl('Facility NPI','e'); ?>: </span></td><td><input type=entry size=20 name=facility_npi value=""></td>
191
192 </tr>
193 <tr>
194 <td>&nbsp;</td><td>&nbsp;</td>
195 <td>&nbsp;</td><td><input type="submit" value=<?php xl('Add Facility','e'); ?>></td>
196 </tr>
197 </table>
198 </form>
199 <br>
200 </tr>
201 <tr>
202 <td valign=top>
203
204 <!-- Why is this here??? - Rod
205 <form name='facility' method='post' action="usergroup_admin.php"
206 onsubmit='return top.restoreSession()'>
207 <input type=hidden name=mode value=<?php xl('facility','e'); ?>>
208 -->
209
210 <span class="bold"><?php xl('Edit Facilities','e'); ?>: </span>
211 </td><td valign=top>
212 <?php
213 $fres = 0;
214 $fres = sqlStatement("select * from facility order by name");
215 if ($fres) {
216 $result2 = array();
217 for ($iter3 = 0;$frow = sqlFetchArray($fres);$iter3++)
218 $result2[$iter3] = $frow;
219 foreach($result2 as $iter3) {
220 ?>
221 <span class="text"><?php echo $iter3{name};?></span>
222 <a href="facility_admin.php?fid=<?php echo $iter3{id};?>" class="link_submit"
223 onclick="top.restoreSession()">(Edit)</a><br>
224 <?php
225 }
226 }
227 ?>
228
229 </td>
230 </tr>
231 <tr><td valign=top>
232 <form name='new_user' method='post' action="usergroup_admin.php"
233 onsubmit='return top.restoreSession()'>
234 <input type=hidden name=mode value=new_user>
235 <span class="bold"><?php xl('New User','e'); ?>:</span>
236 </td><td>
237 <table border=0 cellpadding=0 cellspacing=0>
238 <tr>
239 <td><span class="text"><?php xl('Username','e'); ?>: </span></td><td><input type=entry name=username size=20> &nbsp;</td>
240 <td><span class="text"><?php xl('Password','e'); ?>: </span></td><td><input type="password" size=20 name=clearPass></td>
241 </tr>
242 <tr>
243 <td><span class="text"><?php xl('Groupname','e'); ?>: </span></td><td>
244 <select name=groupname>
245 <?php
246 $res = sqlStatement("select distinct name from groups");
247 $result2 = array();
248 for ($iter = 0;$row = sqlFetchArray($res);$iter++)
249 $result2[$iter] = $row;
250 foreach ($result2 as $iter) {
251 print "<option value='".$iter{"name"}."'>" . $iter{"name"} . "</option>\n";
252 }
253 ?>
254 </select></td>
255 <td><span class="text"><?php xl('Authorized','e'); ?>: </span></td><td><input type=checkbox name='authorized' value="1"></td>
256 </tr>
257 <tr>
258 <td><span class="text"><?php xl('First Name','e'); ?>: </span></td><td><input type=entry name='fname' size=20></td>
259 <td><span class="text"><?php xl('Middle Name','e'); ?>: </span></td><td><input type=entry name='mname' size=20></td>
260 </tr>
261 <tr>
262 <td><span class="text"><?php xl('Last Name','e'); ?>: </span></td><td><input type=entry name='lname' size=20></td>
263 <td><span class="text"><?php xl('Default Facility','e'); ?>: </span></td><td><select name=facility>
264 <?php
265 $fres = sqlStatement("select * from facility order by name");
266 if ($fres) {
267 for ($iter = 0;$frow = sqlFetchArray($fres);$iter++)
268 $result[$iter] = $frow;
269 foreach($result as $iter) {
270 ?>
271 <option value="<?php echo $iter{name};?>"><?php echo $iter{name};?></option>
272 <?php
273 }
274 }
275 ?>
276 </select></td>
277 </tr>
278 <tr>
279 <td><span class="text"><?php xl('Federal Tax ID','e'); ?>: </span></td><td><input type=entry name='federaltaxid' size=20></td>
280 <td><span class="text"><?php xl('Federal Drug ID','e'); ?>: </span></td><td><input type=entry name='federaldrugid' size=20></td>
281 </tr>
282 <tr>
283 <td><span class="text"><?php xl('UPIN','e'); ?>: </span></td><td><input type="entry" name="upin" size="20"></td>
284 <td class='text'><?php xl('See Authorizations','e'); ?>: </td>
285 <td><select name="see_auth">
286 <?php
287 foreach (array(1 => xl('None'), 2 => xl('Only Mine'), 3 => xl('All')) as $key => $value)
288 {
289 echo " <option value='$key'";
290 echo ">$value</option>\n";
291 }
292 ?>
293 </select></td>
294
295 <tr>
296 <td><span class="text"><?php xl('NPI','e'); ?>: </span></td><td><input type="entry" name="npi" size="20"></td>
297
298 <?php
299 // ===========================
300 // DBC DUTCH SYSTEM
301 // if DBC don't show Job Description; show instead Beroep Box
302 if ( !$GLOBALS['dutchpc']) { ?>
303 <td><span class="text"><?php xl('Job Description','e'); ?>: </span></td><td><input type="entry" name="specialty" size="20"></td>
304 <?php } else { ?>
305 <td><span class="text">Beroep</span></td>
306 <td><?php beroep_dropdown() ?></td>
307 <?php }
308 // ===========================
309 ?>
310
311 </tr>
312 <td><span class="text"><?php xl('Taxonomy','e'); ?>: </span></td>
313 <td><input type="entry" name="taxonomy" size="20" value="207Q00000X"></td>
314 <!-- (CHEMED) Calendar UI preference -->
315 <tr>
316 <td><span class="text"><?php xl('Calendar UI','e'); ?>: </span></td><td><select name="cal_ui">
317 <?php
318 foreach (array(1 => xl('Default'), 2 => xl('Fancy'), 3 => xl('Outlook')) as $key => $value)
319 {
320 echo " <option value='$key'";
321 if ($key == $iter['cal_ui']) echo " selected";
322 echo ">$value</option>\n";
323 }
324 ?>
325 </select></td>
326 </tr>
327 <!-- END (CHEMED) Calendar UI preference -->
328
329 <?php
330 // List the access control groups if phpgacl installed
331 if (isset($phpgacl_location) && acl_check('admin', 'acl')) {
332 ?>
333 <tr>
334 <td class='text'><?php xl('Access Control','e'); ?>:</td>
335 <td><select name="access_group[]" multiple>
336 <?php
337 $list_acl_groups = acl_get_group_title_list();
338 $default_acl_group = 'Administrators';
339 foreach ($list_acl_groups as $value) {
340 if ($default_acl_group == $value) {
341 echo " <option selected>$value</option>\n";
342 }
343 else {
344 echo " <option>$value</option>\n";
345 }
346 }
347 ?>
348 </select></td></tr>
349 <?php
350 }
351 ?>
352
353 </table>
354 <span class="text"><?php xl('Additional Info','e'); ?>: </span><br>
355 <textarea name=info cols=40 rows=4 wrap=auto></textarea>
356 <br><input type="hidden" name="newauthPass">
357 <input type="submit" onClick="javascript:this.form.newauthPass.value=MD5(this.form.clearPass.value);this.form.clearPass.value='';" value=<?php xl('Add User','e'); ?>>
358 </form>
359 </td>
360
361 </tr>
362
363 <tr<?php if ($GLOBALS['disable_non_default_groups']) echo " style='display:none'"; ?>>
364
365 <td valign=top>
366 <form name='new_group' method='post' action="usergroup_admin.php"
367 onsubmit='return top.restoreSession()'>
368 <br>
369 <input type=hidden name=mode value=new_group>
370 <span class="bold"><?php xl('New Group','e'); ?>:</span>
371 </td><td>
372 <span class="text"><?php xl('Groupname','e'); ?>: </span><input type=entry name=groupname size=10>
373 &nbsp;&nbsp;&nbsp;
374 <span class="text"><?php xl('Initial User','e'); ?>: </span>
375 <select name=username>
376 <?php
377 $res = sqlStatement("select distinct username from users where username != ''");
378 for ($iter = 0;$row = sqlFetchArray($res);$iter++)
379 $result[$iter] = $row;
380 foreach ($result as $iter) {
381 print "<option value='".$iter{"username"}."'>" . $iter{"username"} . "</option>\n";
382 }
383 ?>
384 </select>
385 &nbsp;&nbsp;&nbsp;
386 <input type="submit" value=<?php xl('Add Group','e'); ?>>
387 </form>
388 </td>
389
390 </tr>
391
392 <tr<?php if ($GLOBALS['disable_non_default_groups']) echo " style='display:none'"; ?>>
393
394 <td valign=top>
395 <form name='new_group' method='post' action="usergroup_admin.php"
396 onsubmit='return top.restoreSession()'>
397 <input type=hidden name=mode value=new_group>
398 <span class="bold"><?php xl('Add User To Group','e'); ?>:</span>
399 </td><td>
400 <span class="text">
401 <?php xl('User','e'); ?>
402 : </span>
403 <select name=username>
404 <?php
405 $res = sqlStatement("select distinct username from users where username != ''");
406 for ($iter = 0;$row = sqlFetchArray($res);$iter++)
407 $result3[$iter] = $row;
408 foreach ($result3 as $iter) {
409 print "<option value='".$iter{"username"}."'>" . $iter{"username"} . "</option>\n";
410 }
411 ?>
412 </select>
413 &nbsp;&nbsp;&nbsp;
414 <span class="text"><?php xl('Groupname','e'); ?>: </span>
415 <select name=groupname>
416 <?php
417 $res = sqlStatement("select distinct name from groups");
418 $result2 = array();
419 for ($iter = 0;$row = sqlFetchArray($res);$iter++)
420 $result2[$iter] = $row;
421 foreach ($result2 as $iter) {
422 print "<option value='".$iter{"name"}."'>" . $iter{"name"} . "</option>\n";
423 }
424 ?>
425 </select>
426 &nbsp;&nbsp;&nbsp;
427 <input type="submit" value=<?php xl('Add User To Group','e'); ?>>
428 </form>
429 </td>
430
431 </tr>
432
433 </table>
434
435 <hr>
436
437 <form name='userlist' method='post' action='usergroup_admin.php'
438 onsubmit='return top.restoreSession()'>
439 <span class='bold'>
440 <input type='checkbox' name='form_inactive' value='1' onclick='submit()'
441 <?php if ($form_inactive) echo 'checked '; ?>/>
442 Include inactive users
443 </span>
444 </form>
445
446 <table border=0 cellpadding=1 cellspacing=2>
447 <tr><td><span class="bold"><?php xl('Username','e'); ?></span></td><td><span class="bold"><?php xl('Real Name','e'); ?></span></td><td><span class="bold"><?php xl('Info','e'); ?></span></td><td><span class="bold"><?php xl('Authorized','e'); ?>?</span></td></tr>
448 <?php
449 $query = "SELECT * FROM users WHERE username != '' ";
450 if (!$form_inactive) $query .= "AND active = '1' ";
451 $query .= "ORDER BY username";
452 $res = sqlStatement($query);
453 for ($iter = 0;$row = sqlFetchArray($res);$iter++)
454 $result4[$iter] = $row;
455 foreach ($result4 as $iter) {
456 if ($iter{"authorized"}) {
457 $iter{"authorized"} = xl('yes');
458 } else {
459 $iter{"authorized"} = "";
460 }
461
462 // ===========================
463 // DBC DUTCH SYSTEM
464 // overwrite 'info' field with dutch job description
465
466 if ( $GLOBALS['dutchpc'] ) $iter{"info"} = what_beroep($iter{"id"});
467
468 // ===========================
469
470 print "<tr><td><span class='text'>" . $iter{"username"} .
471 "</span><a href='user_admin.php?id=" . $iter{"id"} .
472 "' class='link_submit' onclick='top.restoreSession()'>(Edit)</a>" .
473 "</td><td><span class='text'>" .
474 $iter{"fname"} . ' ' . $iter{"lname"}."</span></td><td><span class='text'>" .
475 $iter{"info"} . "</span></td><td align='center'><span class='text'>" .
476 $iter{"authorized"} . "</span></td>";
477 print "<td><!--<a href='usergroup_admin.php?mode=delete&id=" . $iter{"id"} .
478 "' class='link_submit'>[Delete]</a>--></td>";
479 print "</tr>\n";
480 }
481 ?>
482
483 </table>
484
485 <hr>
486
487 <?php
488 if (empty($GLOBALS['disable_non_default_groups'])) {
489 $res = sqlStatement("select * from groups order by name");
490 for ($iter = 0;$row = sqlFetchArray($res);$iter++)
491 $result5[$iter] = $row;
492
493 foreach ($result5 as $iter) {
494 $grouplist{$iter{"name"}} .= $iter{"user"} .
495 "(<a class='link_submit' href='usergroup_admin.php?mode=delete_group&id=" .
496 $iter{"id"} . "' onclick='top.restoreSession()'>Remove</a>), ";
497 }
498
499 foreach ($grouplist as $groupname => $list) {
500 print "<span class='bold'>" . $groupname . "</span><br>\n<span class='text'>" .
501 substr($list,0,strlen($list)-2) . "</span><br>\n";
502 }
503 }
504 ?>
505
506 <script language="JavaScript">
507 <?php
508 if ($alertmsg = trim($alertmsg)) {
509 echo "alert('$alertmsg');\n";
510 }
511 ?>
512 </script>
513
514 </body>
515 </html>
Mirror of official OpenEMR Sourceforge repository