7 * @link http://www.open-emr.org
8 * @author Brady Miller <brady.g.miller@gmail.com>
9 * @author Rod Roark <rod@sunsetsystems.com>
10 * @author Daniel Pflieger <daniel@mi-squared.com> <daniel@growlingflea.com>
11 * @author Ken Chapple <ken@mi-squared.com>
12 * @copyright Copyright (c) 2018-2019 Brady Miller <brady.g.miller@gmail.com>
13 * @copyright Copyright (c) 2021 Daniel Pflieger <daniel@mi-squared.com> <daniel@growlingflea.com>
14 * @copyright Copyright (c) 2021 Ken Chapple <ken@mi-squared.com>
15 * @copyright Copyright (c) 2021 Rod Roark <rod@sunsetsystems.com>
16 * @license https://github.com/openemr/openemr/blob/master/LICENSE GNU General Public License 3
19 require_once("../globals.php");
20 require_once("$srcdir/calendar.inc");
21 require_once("$srcdir/options.inc.php");
22 require_once("$srcdir/erx_javascript.inc.php");
24 use OpenEMR\Common\Acl\AclExtended
;
25 use OpenEMR\Common\Acl\AclMain
;
26 use OpenEMR\Common\Csrf\CsrfUtils
;
27 use OpenEMR\Core\Header
;
28 use OpenEMR\Menu\MainMenuRole
;
29 use OpenEMR\Menu\PatientMenuRole
;
30 use OpenEMR\Services\FacilityService
;
31 use OpenEMR\Services\UserService
;
34 if (!CsrfUtils
::verifyCsrfToken($_GET["csrf_token_form"])) {
35 CsrfUtils
::csrfNotVerified();
39 $facilityService = new FacilityService();
41 if (!$_GET["id"] ||
!AclMain
::aclCheckCore('admin', 'users')) {
45 $res = sqlStatement("select * from users where id=?", array($_GET["id"]));
46 for ($iter = 0; $row = sqlFetchArray($res); $iter++
) {
47 $result[$iter] = $row;
56 <?php Header
::setupHeader(['common','opener']); ?
>
58 <script src
="checkpwd_validation.js"></script
>
60 <!-- validation library
-->
61 <!--//Not lbf forms use the new validation, please make sure you have the corresponding values in the list Page validation-->
62 <?php
$use_validate_js = 1;?
>
63 <?php
require_once($GLOBALS['srcdir'] . "/validation/validation_script.js.php"); ?
>
65 //Gets validation rules from Page Validation list.
66 //Note that for technical reasons, we are bypassing the standard validateUsingPageRules() call.
67 $collectthis = collectValidationPageRules("/interface/usergroup/user_admin.php");
68 if (empty($collectthis)) {
69 $collectthis = "undefined";
71 $collectthis = json_sanitize($collectthis["user_form"]["rules"]);
78 * validation on the form with new client side validation (using validate.js).
79 * this enable to add new rules for this form in the pageValidation list.
81 var collectvalidation
= <?php
echo $collectthis; ?
>;
83 function checkChange()
85 alert(<?php
echo xlj('If you change e-RX Role for ePrescription, it may affect the ePrescription workflow. If you face any difficulty, contact your ePrescription vendor.'); ?
>);
87 function submitform() {
89 var valid
= submitme(1, undefined
, 'user_form', collectvalidation
);
94 <?php
if (empty($GLOBALS['gbl_ldap_enabled']) ||
empty($GLOBALS['gbl_ldap_exclusions'])) { ?
>
95 if(document
.forms
[0].clearPass
.value
!="")
97 //Checking for the strong password if the 'secure password' feature is enabled
98 if(document
.forms
[0].secure_pwd
.value
=== 1)
100 var pwdresult
= passwordvalidate(document
.forms
[0].clearPass
.value
);
103 alert(<?php
echo xlj('The password must be at least eight characters, and should'); ?
> +
105 <?php
echo xlj('contain at least three of the four following items:'); ?
> +
107 <?php
echo xlj('A number'); ?
> +
109 <?php
echo xlj('A lowercase letter'); ?
> +
111 <?php
echo xlj('An uppercase letter'); ?
> +
113 <?php
echo xlj('A special character'); ?
> +
116 <?php
echo xlj('not a letter or number'); ?
> +
119 <?php
echo xlj('For example:'); ?
> +
125 }//If pwd null ends here
127 if (document
.forms
[0].access_group_id
) {
128 var sel
= getSelected(document
.forms
[0].access_group_id
.options
);
129 for (var item in sel
) {
130 if (sel
[item
].value
== "Emergency Login") {
131 document
.forms
[0].check_acl
.value
= 1;
136 <?php
if ($GLOBALS['erx_enable']) { ?
>
139 for(i
=0;i
<f
.length
;i++
){
140 if(f
[i
].type
=='text' && f
[i
].value
)
142 if(f
[i
].name
== 'fname' || f
[i
].name
== 'mname' || f
[i
].name
== 'lname')
144 alertMsg +
= checkLength(f
[i
].name
,f
[i
].value
,35);
145 alertMsg +
= checkUsername(f
[i
].name
,f
[i
].value
);
147 else if(f
[i
].name
== 'taxid')
149 alertMsg +
= checkLength(f
[i
].name
,f
[i
].value
,10);
150 alertMsg +
= checkFederalEin(f
[i
].name
,f
[i
].value
);
152 else if(f
[i
].name
== 'state_license_number')
154 alertMsg +
= checkLength(f
[i
].name
,f
[i
].value
,10);
155 alertMsg +
= checkStateLicenseNumber(f
[i
].name
,f
[i
].value
);
157 else if(f
[i
].name
== 'npi')
159 alertMsg +
= checkLength(f
[i
].name
,f
[i
].value
,10);
160 alertMsg +
= checkTaxNpiDea(f
[i
].name
,f
[i
].value
);
162 else if(f
[i
].name
== 'drugid')
164 alertMsg +
= checkLength(f
[i
].name
,f
[i
].value
,30);
165 alertMsg +
= checkAlphaNumeric(f
[i
].name
,f
[i
].value
);
177 let post_url
= $
("#user_form").attr("action");
178 let request_method
= $
("#user_form").attr("method");
179 let form_data
= $
("#user_form").serialize();
183 type
: request_method
,
185 }).done(function (r
) {
189 dlgclose('reload', false);
195 //Getting the list of selected item in ACL
196 function getSelected(opt
) {
197 var selected
= new Array();
199 for (var intLoop
= 0; intLoop
< opt
.length
; intLoop++
) {
200 if ((opt
[intLoop
].selected
) ||
201 (opt
[intLoop
].checked
)) {
202 index
= selected
.length
;
203 selected
[index
] = new Object;
204 selected
[index
].value
= opt
[intLoop
].value
;
205 selected
[index
].index
= intLoop
;
211 function authorized_clicked() {
212 var f
= document
.forms
[0];
213 f
.calendar
.disabled
= !f
.authorized
.checked
;
214 f
.calendar
.checked
= f
.authorized
.checked
;
219 .physician_type_class
{
220 width
: 150px
!important
;
223 width
: 120px
!important
;
227 <body
class="body_top">
229 <div
class="container">
231 /* Get the list ACL for the user */
232 $is_super_user = AclMain
::aclCheckCore('admin', 'super');
233 $acl_name = AclExtended
::aclGetGroupTitles($iter["username"]);
235 if (is_countable($acl_name)) {
236 $bg_count = count($acl_name);
237 $selected_user_is_superuser = false;
238 for ($i = 0; $i < $bg_count; $i++
) {
239 if ($acl_name[$i] == "Emergency Login") {
240 $bg_name = $acl_name[$i];
242 //check if user member on group with superuser rule
243 if (AclExtended
::isGroupIncludeSuperuser($acl_name[$i])) {
244 $selected_user_is_superuser = true;
248 $disabled_save = !$is_super_user && $selected_user_is_superuser ?
'disabled' : '';
251 <span
class="title"><?php
echo xlt('Edit User'); ?
></span
> 
;
253 <a
class="btn btn-secondary btn-save" name
='form_save' id
='form_save' href
='#' onclick
='return submitform()' <?php
echo $disabled_save; ?
>> <span
><?php
echo xlt('Save');?
></span
> </a
>
254 <a
class="btn btn-link btn-cancel" id
='cancel' href
='#'><span
><?php
echo xlt('Cancel');?
></span
></a
>
258 <FORM NAME
="user_form" id
="user_form" METHOD
="POST" ACTION
="usergroup_admin.php">
259 <input type
="hidden" name
="csrf_token_form" value
="<?php echo attr(CsrfUtils::collectCsrfToken()); ?>" />
261 <input type
=hidden name
="pre_active" value
="<?php echo attr($iter["active
"]); ?>" >
262 <input type
=hidden name
="get_admin_id" value
="<?php echo attr($GLOBALS['Emergency_Login_email']); ?>" >
263 <input type
=hidden name
="admin_id" value
="<?php echo attr($GLOBALS['Emergency_Login_email_id']); ?>" >
264 <input type
=hidden name
="check_acl" value
="">
265 <input type
=hidden name
="user_type" value
="<?php echo attr($bg_name); ?>" >
267 <TABLE border
=0 cellpadding
=0 cellspacing
=0>
269 <TD style
="width:180px;"><span
class=text
><?php
echo xlt('Username'); ?
>: </span
></TD
>
270 <TD style
="width:270px;"><input type
="text" name
=username style
="width:150px;" class="form-control" value
="<?php echo attr($iter["username
"]); ?>" disabled
></td
>
271 <?php
if (empty($GLOBALS['gbl_ldap_enabled']) ||
empty($GLOBALS['gbl_ldap_exclusions'])) { ?
>
272 <TD style
="width:200px;"><span
class=text
>*<?php
echo xlt('Your Password'); ?
>*: </span
></TD
>
273 <TD
class='text' style
="width:280px;"><input type
='password' name
=adminPass style
="width:150px;" class="form-control" value
="" autocomplete
='off'><font
class="mandatory"></font
></TD
>
276 <?php
if (empty($GLOBALS['gbl_ldap_enabled']) ||
empty($GLOBALS['gbl_ldap_exclusions'])) { ?
>
278 <TD style
="width:180px;"><span
class=text
></span
></TD
>
279 <TD style
="width:270px;"></td
>
280 <TD style
="width:200px;"><span
class=text
><?php
echo xlt('User\'s New Password'); ?
>: </span
></TD
>
281 <TD
class='text' style
="width:280px;"> <input type
=text name
=clearPass style
="width:150px;" class="form-control" value
=""><font
class="mandatory"></font
></td
>
285 <TR height
="30" style
="valign:middle;">
287 <?php
echo xlt('Clear 2FA'); ?
>:
289 <td title
='<?php echo xla('Remove multi
-factor authentications
for this person
.'); ?>'>
290 <input type
="checkbox" name
="clear_2fa" value
='1' />
292 <td colspan
="2"><span
class=text
><?php
echo xlt('Provider'); ?
>:
293 <input type
="checkbox" name
="authorized" onclick
="authorized_clicked()"<?php
294 if ($iter["authorized"]) {
297 <span
class='text'><?php
echo xlt('Calendar'); ?
>:
298 <input type
="checkbox" name
="calendar"<?php
299 if ($iter["calendar"]) {
302 if (!$iter["authorized"]) {
305 <span
class=text
><?php
echo xlt('Portal'); ?
>:
306 <input type
="checkbox" name
="portal_user" <?php
307 if ($iter["portal_user"]) {
310 <span
class='text'><?php
echo xlt('Active'); ?
>:
311 <input type
="checkbox" name
="active"<?php
echo ($iter["active"]) ?
" checked" : ""; ?
>/></span
>
316 <TD
><span
class=text
><?php
echo xlt('First Name'); ?
>: </span
></TD
>
317 <TD
><input type
="text" name
=fname id
=fname style
="width:150px;" class="form-control" value
="<?php echo attr($iter["fname
"]); ?>"><span
class="mandatory"></span
></td
>
318 <td
><span
class=text
><?php
echo xlt('Middle Name'); ?
>: </span
></TD
><td
><input type
="text" name
=mname style
="width:150px;" value
="<?php echo attr($iter["mname
"]); ?>"></td
>
322 <td
><span
class=text
><?php
echo xlt('Last Name'); ?
>: </span
></td
><td
><input type
="text" name
=lname id
=lname style
="width:150px;" class="form-control" value
="<?php echo attr($iter["lname
"]); ?>"><span
class="mandatory"></span
></td
>
323 <td
><span
class=text
><?php
echo xlt('Default Facility'); ?
>: </span
></td
><td
><select name
=facility_id style
="width:150px;" class="form-control">
325 $fres = $facilityService->getAllServiceLocations();
327 for ($iter2 = 0; $iter2 < sizeof($fres); $iter2++
) {
328 $result[$iter2] = $fres[$iter2];
331 foreach ($result as $iter2) {
333 <option value
="<?php echo attr($iter2['id']); ?>" <?php
if ($iter['facility_id'] == $iter2['id']) {
335 } ?
>><?php
echo text($iter2['name']); ?
></option
>
343 <?php
if ($GLOBALS['restrict_user_facility']) { ?
>
345 <td colspan
=2> 
;</td
>
346 <td
><span
class=text
><?php
echo xlt('Schedule Facilities:');?
></td
>
348 <select name
="schedule_facility[]" multiple style
="width:150px;" class="form-control">
350 $userFacilities = getUserFacilities($_GET['id']);
352 foreach ($userFacilities as $uf) {
356 $fres = $facilityService->getAllServiceLocations();
358 foreach ($fres as $frow) :
360 <option
<?php
echo in_array($frow['id'], $ufid) ||
$frow['id'] == $iter['facility_id'] ?
"selected" : null ?
>
361 class="form-control" value
="<?php echo attr($frow['id']); ?>"><?php
echo text($frow['name']) ?
></option
>
372 <TD
><span
class=text
><?php
echo xlt('Federal Tax ID'); ?
>: </span
></TD
><TD
><input type
=text name
=taxid style
="width:150px;" class="form-control" value
="<?php echo attr($iter["federaltaxid
"]); ?>"></td
>
373 <TD
><span
class=text
><?php
echo xlt('DEA Number'); ?
>: </span
></TD
><TD
><input type
=text name
=drugid style
="width:150px;" class="form-control" value
="<?php echo attr($iter["federaldrugid
"]); ?>"></td
>
377 <td
><span
class="text"><?php
echo xlt('UPIN'); ?
>: </span
></td
><td
><input type
="text" name
="upin" style
="width:150px;" class="form-control" value
="<?php echo attr($iter["upin
"]); ?>"></td
>
378 <td
class='text'><?php
echo xlt('See Authorizations'); ?
>: </td
>
379 <td
><select name
="see_auth" style
="width:150px;" class="form-control" >
381 foreach (array(1 => xl('None{{Authorization}}'), 2 => xl('Only Mine'), 3 => xl('All')) as $key => $value) {
382 echo " <option value='" . attr($key) . "'";
383 if ($key == $iter['see_auth']) {
387 echo ">" . text($value) . "</option>\n";
394 <td
><span
class="text"><?php
echo xlt('NPI'); ?
>: </span
></td
><td
><input type
="text" name
="npi" style
="width:150px;" class="form-control" value
="<?php echo attr($iter["npi
"]); ?>"></td
>
395 <td
><span
class="text"><?php
echo xlt('Job Description'); ?
>: </span
></td
><td
><input type
="text" name
="job" style
="width:150px;" class="form-control" value
="<?php echo attr($iter["specialty
"]); ?>"></td
>
399 <td
><span
class="text"><?php
echo xlt('Taxonomy'); ?
>: </span
></td
>
400 <td
><input type
="text" name
="taxonomy" style
="width:150px;" class="form-control" value
="<?php echo attr($iter["taxonomy
"]); ?>"></td
>
401 <td
><span
class="text"><?php
echo xlt('Supervisor'); ?
>: </span
></td
>
403 <select name
="supervisor_id" style
="width:150px;" class="form-control">
404 <option value
=""><?php
echo xlt("Select Supervisor") ?
></option
>
406 $userService = new UserService();
407 $users = $userService->getActiveUsers();
408 foreach ($users as $activeUser) {
409 $p_id = (int)$activeUser['id'];
410 if ($activeUser['authorized'] != 1) {
413 echo "<option value='" . attr($p_id) . "'";
414 if ((int)$iter["supervisor_id"] === $p_id) {
417 echo ">" . text($activeUser['lname']) . ' ' .
418 text($activeUser['fname']) . ' ' . text($activeUser['mname']) . "</option>\n";
426 <td
><span
class="text"><?php
echo xlt('State License Number'); ?
>: </span
></td
>
427 <td
><input type
="text" name
="state_license_number" style
="width:150px;" class="form-control" value
="<?php echo attr($iter["state_license_number
"]); ?>"></td
>
428 <td
class='text'><?php
echo xlt('NewCrop eRX Role'); ?
>:</td
>
430 <?php
echo generate_select_list("erxrole", "newcrop_erx_role", $iter['newcrop_user_role'], '', xl('Select Role'), '', '', '', array('style' => 'width:150px')); ?
>
434 <td
><span
class="text"><?php
echo xlt('Weno Provider ID'); ?
>: </span
></td
><td
><input type
="text" name
="erxprid" style
="width:150px;" class="form-control" value
="<?php echo attr($iter["weno_prov_id
"]); ?>"></td
>
435 <td
><span
class="text"><?php
echo xlt('Google Email for Login'); ?
>: </span
></td
><td
><input type
="text" name
="google_signin_email" style
="width:150px;" class="form-control" value
="<?php echo attr($iter["google_signin_email
"]); ?>"></td
>
439 <td
><span
class="text"><?php
echo xlt('Provider Type'); ?
>: </span
></td
>
440 <td
><?php
echo generate_select_list("physician_type", "physician_type", $iter['physician_type'], '', xl('Select Type'), 'physician_type_class', '', '', ''); ?
></td
>
444 <span
class="text"><?php
echo xlt('Main Menu Role'); ?
>: </span
>
448 $menuMain = new MainMenuRole($GLOBALS['kernel']->getEventDispatcher());
449 echo $menuMain->displayMenuRoleSelector($iter["main_menu_role"]);
453 <span
class="text"><?php
echo xlt('Patient Menu Role'); ?
>: </span
>
457 $menuPatient = new PatientMenuRole();
458 echo $menuPatient->displayMenuRoleSelector($iter["patient_menu_role"]);
463 <?php
if (!empty($GLOBALS['inhouse_pharmacy'])) { ?
>
465 <td
class="text"><?php
echo xlt('Default Warehouse'); ?
>: </td
>
468 echo generate_select_list(
471 $iter['default_warehouse'],
477 <?php
if (!empty($GLOBALS['inhouse_pharmacy'])) { ?
>
478 <td
class="text"><?php
echo xlt('Invoice Refno Pool'); ?
>: </td
>
481 echo generate_select_list(
485 xl('Invoice reference number pool, if used')
490 <td
class="text" colspan
="2"> 
;</td
>
496 <!-- facility
and warehouse restrictions
, optional
-->
497 <?php
if (!empty($GLOBALS['gbl_fac_warehouse_restrictions']) ||
!empty($GLOBALS['restrict_user_facility'])) { ?
>
498 <tr title
="<?php echo xla('If nothing is selected here then all are permitted.'); ?>">
499 <td
class="text"><?php
echo !empty($GLOBALS['gbl_fac_warehouse_restrictions']) ?
500 xlt('Facility and warehouse permissions') : xlt('Facility permissions'); ?
>:</td
>
502 <select name
="schedule_facility[]" multiple style
="width:490px;">
504 $userFacilities = getUserFacilities($_GET['id'], 'id', $GLOBALS['gbl_fac_warehouse_restrictions']);
506 foreach ($userFacilities as $uf) {
509 $fres = sqlStatement("select * from facility order by name");
511 while ($frow = sqlFetchArray($fres)) {
512 // Get the warehouses that are linked to this user and facility.
513 $whids = getUserFacWH($_GET['id'], $frow['id']); // from calendar.inc
514 // Generate an option for just the facility with no warehouse restriction.
516 if (empty($whids) && in_array($frow['id'], $ufid)) {
519 echo " value='" . attr($frow['id']) . "'>" . text($frow['name']) . "</option>\n";
520 // Then generate an option for each of the facility's warehouses.
521 // Does not apply if the site does not use warehouse restrictions.
522 if (!empty($GLOBALS['gbl_fac_warehouse_restrictions'])) {
523 $lres = sqlStatement(
524 "SELECT option_id, title FROM list_options WHERE " .
525 "list_id = ? AND option_value = ? ORDER BY seq, title",
526 array('warehouse', $frow['id'])
528 while ($lrow = sqlFetchArray($lres)) {
530 if (in_array($lrow['option_id'], $whids)) {
533 echo " value='" . attr($frow['id']) . "/" . attr($lrow['option_id']) . "'> " .
534 text(xl_list_label($lrow['title'])) . "</option>\n";
546 <td
class='text'><?php
echo xlt('Access Control'); ?
>:</td
>
547 <td
><select id
="access_group_id" name
="access_group[]" multiple style
="width:150px;" class="form-control">
549 // Collect the access control group of user
550 $list_acl_groups = AclExtended
::aclGetGroupTitleList($is_super_user ||
$selected_user_is_superuser);
551 $username_acl_groups = AclExtended
::aclGetGroupTitles($iter["username"]);
552 foreach ($list_acl_groups as $value) {
553 // Disable groups that have any permissions that the logged-in user does not have.
554 $tmp = AclExtended
::iHaveGroupPermissions($value) ?
'' : 'disabled ';
555 if ($username_acl_groups && in_array($value, $username_acl_groups)) {
558 echo " <option value='" . attr($value) . "' $tmp>" . text(xl_gacl_group($value)) . "</option>\n";
562 <td
><span
class=text
><?php
echo xlt('Additional Info'); ?
>:</span
></td
>
563 <td
><textarea style
="width:150px;" name
="comments" wrap
=auto rows
=4 cols
=25 class="form-control"><?php
echo text($iter["info"]); ?
></textarea
></td
>
566 <tr height
="20" valign
="bottom">
567 <td colspan
="4" class="text">
568 <p
>*<?php
echo xlt('You must enter your own password to change user passwords. Leave blank to keep password unchanged.'); ?
></p
>
570 if (!$is_super_user && $selected_user_is_superuser) {
571 echo '<p class="redtext">*' . xlt('View mode - only administrator can edit another administrator user') . '.</p>';
575 Display red alert
if entered password matched one of last three passwords
/Display red alert
if user password is expired
577 <div
class="redtext" id
="error_message"> 
;</div
>
583 <INPUT TYPE
="HIDDEN" NAME
="id" VALUE
="<?php echo attr($_GET["id
"]); ?>">
584 <INPUT TYPE
="HIDDEN" NAME
="mode" VALUE
="update">
585 <INPUT TYPE
="HIDDEN" NAME
="privatemode" VALUE
="user_admin">
587 <INPUT TYPE
="HIDDEN" NAME
="secure_pwd" VALUE
="<?php echo attr($GLOBALS['secure_password']); ?>">
591 $
("#cancel").click(function() {
598 <div
class="container">