search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Disallow administration of users having permissions that the logged-i… (#4580)
[openemr.git] / interface / usergroup / user_admin.php
blob4a0e2c1bbb723b86f6923606433d6edba01dfbd7
1 <?php
2
3 /**
4 * Edit user.
5 *
6 * @package OpenEMR
7 * @link http://www.open-emr.org
8 * @author Brady Miller <brady.g.miller@gmail.com>
9 * @author Rod Roark <rod@sunsetsystems.com>
10 * @author Daniel Pflieger <daniel@mi-squared.com> <daniel@growlingflea.com>
11 * @author Ken Chapple <ken@mi-squared.com>
12 * @copyright Copyright (c) 2018-2019 Brady Miller <brady.g.miller@gmail.com>
13 * @copyright Copyright (c) 2021 Daniel Pflieger <daniel@mi-squared.com> <daniel@growlingflea.com>
14 * @copyright Copyright (c) 2021 Ken Chapple <ken@mi-squared.com>
15 * @copyright Copyright (c) 2021 Rod Roark <rod@sunsetsystems.com>
16 * @license https://github.com/openemr/openemr/blob/master/LICENSE GNU General Public License 3
17 */
18
19 require_once("../globals.php");
20 require_once("$srcdir/calendar.inc");
21 require_once("$srcdir/options.inc.php");
22 require_once("$srcdir/erx_javascript.inc.php");
23
24 use OpenEMR\Common\Acl\AclExtended;
25 use OpenEMR\Common\Acl\AclMain;
26 use OpenEMR\Common\Csrf\CsrfUtils;
27 use OpenEMR\Core\Header;
28 use OpenEMR\Menu\MainMenuRole;
29 use OpenEMR\Menu\PatientMenuRole;
30 use OpenEMR\Services\FacilityService;
31 use OpenEMR\Services\UserService;
32
33 if (!empty($_GET)) {
34 if (!CsrfUtils::verifyCsrfToken($_GET["csrf_token_form"])) {
35 CsrfUtils::csrfNotVerified();
36 }
37 }
38
39 $facilityService = new FacilityService();
40
41 if (!$_GET["id"] || !AclMain::aclCheckCore('admin', 'users')) {
42 exit();
43 }
44
45 $res = sqlStatement("select * from users where id=?", array($_GET["id"]));
46 for ($iter = 0; $row = sqlFetchArray($res); $iter++) {
47 $result[$iter] = $row;
48 }
49
50 $iter = $result[0];
51 ?>
52
53 <html>
54 <head>
55
56 <?php Header::setupHeader(['common','opener']); ?>
57
58 <script src="checkpwd_validation.js"></script>
59
60 <!-- validation library -->
61 <!--//Not lbf forms use the new validation, please make sure you have the corresponding values in the list Page validation-->
62 <?php $use_validate_js = 1;?>
63 <?php require_once($GLOBALS['srcdir'] . "/validation/validation_script.js.php"); ?>
64 <?php
65 //Gets validation rules from Page Validation list.
66 //Note that for technical reasons, we are bypassing the standard validateUsingPageRules() call.
67 $collectthis = collectValidationPageRules("/interface/usergroup/user_admin.php");
68 if (empty($collectthis)) {
69 $collectthis = "undefined";
70 } else {
71 $collectthis = json_sanitize($collectthis["user_form"]["rules"]);
72 }
73 ?>
74
75 <script>
76
77 /*
78 * validation on the form with new client side validation (using validate.js).
79 * this enable to add new rules for this form in the pageValidation list.
80 * */
81 var collectvalidation = <?php echo $collectthis; ?>;
82
83 function checkChange()
84 {
85 alert(<?php echo xlj('If you change e-RX Role for ePrescription, it may affect the ePrescription workflow. If you face any difficulty, contact your ePrescription vendor.'); ?>);
86 }
87 function submitform() {
88
89 var valid = submitme(1, undefined, 'user_form', collectvalidation);
90 if (!valid) return;
91
92 top.restoreSession();
93 var flag=0;
94 <?php if (empty($GLOBALS['gbl_ldap_enabled']) || empty($GLOBALS['gbl_ldap_exclusions'])) { ?>
95 if(document.forms[0].clearPass.value!="")
96 {
97 //Checking for the strong password if the 'secure password' feature is enabled
98 if(document.forms[0].secure_pwd.value === 1)
99 {
100 var pwdresult = passwordvalidate(document.forms[0].clearPass.value);
101 if(pwdresult == 0) {
102 flag=1;
103 alert(<?php echo xlj('The password must be at least eight characters, and should'); ?> +
104 '\n' +
105 <?php echo xlj('contain at least three of the four following items:'); ?> +
106 '\n' +
107 <?php echo xlj('A number'); ?> +
108 '\n' +
109 <?php echo xlj('A lowercase letter'); ?> +
110 '\n' +
111 <?php echo xlj('An uppercase letter'); ?> +
112 '\n' +
113 <?php echo xlj('A special character'); ?> +
114 '\n' +
115 '(' +
116 <?php echo xlj('not a letter or number'); ?> +
117 ').' +
118 '\n' +
119 <?php echo xlj('For example:'); ?> +
120 ' healthCare@09');
121 return false;
122 }
123 }
124
125 }//If pwd null ends here
126 <?php } ?>
127 if (document.forms[0].access_group_id) {
128 var sel = getSelected(document.forms[0].access_group_id.options);
129 for (var item in sel) {
130 if (sel[item].value == "Emergency Login") {
131 document.forms[0].check_acl.value = 1;
132 }
133 }
134 }
135
136 <?php if ($GLOBALS['erx_enable']) { ?>
137 alertMsg='';
138 f=document.forms[0];
139 for(i=0;i<f.length;i++){
140 if(f[i].type=='text' && f[i].value)
141 {
142 if(f[i].name == 'fname' || f[i].name == 'mname' || f[i].name == 'lname')
143 {
144 alertMsg += checkLength(f[i].name,f[i].value,35);
145 alertMsg += checkUsername(f[i].name,f[i].value);
146 }
147 else if(f[i].name == 'taxid')
148 {
149 alertMsg += checkLength(f[i].name,f[i].value,10);
150 alertMsg += checkFederalEin(f[i].name,f[i].value);
151 }
152 else if(f[i].name == 'state_license_number')
153 {
154 alertMsg += checkLength(f[i].name,f[i].value,10);
155 alertMsg += checkStateLicenseNumber(f[i].name,f[i].value);
156 }
157 else if(f[i].name == 'npi')
158 {
159 alertMsg += checkLength(f[i].name,f[i].value,10);
160 alertMsg += checkTaxNpiDea(f[i].name,f[i].value);
161 }
162 else if(f[i].name == 'drugid')
163 {
164 alertMsg += checkLength(f[i].name,f[i].value,30);
165 alertMsg += checkAlphaNumeric(f[i].name,f[i].value);
166 }
167 }
168 }
169 if(alertMsg)
170 {
171 alert(alertMsg);
172 return false;
173 }
174 <?php } ?>
175
176 if (flag === 0) {
177 let post_url = $("#user_form").attr("action");
178 let request_method = $("#user_form").attr("method");
179 let form_data = $("#user_form").serialize();
180 // submit form
181 $.ajax({
182 url: post_url,
183 type: request_method,
184 data: form_data
185 }).done(function (r) {
186 if (r) {
187 alert(r);
188 } else {
189 dlgclose('reload', false);
190 }
191 });
192 return false;
193 }
194 }
195 //Getting the list of selected item in ACL
196 function getSelected(opt) {
197 var selected = new Array();
198 var index = 0;
199 for (var intLoop = 0; intLoop < opt.length; intLoop++) {
200 if ((opt[intLoop].selected) ||
201 (opt[intLoop].checked)) {
202 index = selected.length;
203 selected[index] = new Object;
204 selected[index].value = opt[intLoop].value;
205 selected[index].index = intLoop;
206 }
207 }
208 return selected;
209 }
210
211 function authorized_clicked() {
212 var f = document.forms[0];
213 f.calendar.disabled = !f.authorized.checked;
214 f.calendar.checked = f.authorized.checked;
215 }
216
217 </script>
218 <style>
219 .physician_type_class{
220 width: 150px !important;
221 }
222 #main_menu_role {
223 width: 120px !important;
224 }
225 </style>
226 </head>
227 <body class="body_top">
228
229 <div class="container">
230 <?php
231 /* Get the list ACL for the user */
232 $is_super_user = AclMain::aclCheckCore('admin', 'super');
233 $acl_name = AclExtended::aclGetGroupTitles($iter["username"]);
234 $bg_name = '';
235 if (is_countable($acl_name)) {
236 $bg_count = count($acl_name);
237 $selected_user_is_superuser = false;
238 for ($i = 0; $i < $bg_count; $i++) {
239 if ($acl_name[$i] == "Emergency Login") {
240 $bg_name = $acl_name[$i];
241 }
242 //check if user member on group with superuser rule
243 if (AclExtended::isGroupIncludeSuperuser($acl_name[$i])) {
244 $selected_user_is_superuser = true;
245 }
246 }
247 }
248 $disabled_save = !$is_super_user && $selected_user_is_superuser ? 'disabled' : '';
249 ?>
250 <table><tr><td>
251 <span class="title"><?php echo xlt('Edit User'); ?></span>&nbsp;
252 </td><td>
253 <a class="btn btn-secondary btn-save" name='form_save' id='form_save' href='#' onclick='return submitform()' <?php echo $disabled_save; ?>> <span><?php echo xlt('Save');?></span> </a>
254 <a class="btn btn-link btn-cancel" id='cancel' href='#'><span><?php echo xlt('Cancel');?></span></a>
255 </td></tr>
256 </table>
257 <br />
258 <FORM NAME="user_form" id="user_form" METHOD="POST" ACTION="usergroup_admin.php">
259 <input type="hidden" name="csrf_token_form" value="<?php echo attr(CsrfUtils::collectCsrfToken()); ?>" />
260
261 <input type=hidden name="pre_active" value="<?php echo attr($iter["active"]); ?>" >
262 <input type=hidden name="get_admin_id" value="<?php echo attr($GLOBALS['Emergency_Login_email']); ?>" >
263 <input type=hidden name="admin_id" value="<?php echo attr($GLOBALS['Emergency_Login_email_id']); ?>" >
264 <input type=hidden name="check_acl" value="">
265 <input type=hidden name="user_type" value="<?php echo attr($bg_name); ?>" >
266
267 <TABLE border=0 cellpadding=0 cellspacing=0>
268 <TR>
269 <TD style="width:180px;"><span class=text><?php echo xlt('Username'); ?>: </span></TD>
270 <TD style="width:270px;"><input type="text" name=username style="width:150px;" class="form-control" value="<?php echo attr($iter["username"]); ?>" disabled></td>
271 <?php if (empty($GLOBALS['gbl_ldap_enabled']) || empty($GLOBALS['gbl_ldap_exclusions'])) { ?>
272 <TD style="width:200px;"><span class=text>*<?php echo xlt('Your Password'); ?>*: </span></TD>
273 <TD class='text' style="width:280px;"><input type='password' name=adminPass style="width:150px;" class="form-control" value="" autocomplete='off'><font class="mandatory"></font></TD>
274 <?php } ?>
275 </TR>
276 <?php if (empty($GLOBALS['gbl_ldap_enabled']) || empty($GLOBALS['gbl_ldap_exclusions'])) { ?>
277 <TR>
278 <TD style="width:180px;"><span class=text></span></TD>
279 <TD style="width:270px;"></td>
280 <TD style="width:200px;"><span class=text><?php echo xlt('User\'s New Password'); ?>: </span></TD>
281 <TD class='text' style="width:280px;"> <input type=text name=clearPass style="width:150px;" class="form-control" value=""><font class="mandatory"></font></td>
282 </TR>
283 <?php } ?>
284
285 <TR height="30" style="valign:middle;">
286 <td class='text'>
287 <?php echo xlt('Clear 2FA'); ?>:
288 </td>
289 <td title='<?php echo xla('Remove multi-factor authentications for this person.'); ?>'>
290 <input type="checkbox" name="clear_2fa" value='1' />
291 </td>
292 <td colspan="2"><span class=text><?php echo xlt('Provider'); ?>:
293 <input type="checkbox" name="authorized" onclick="authorized_clicked()"<?php
294 if ($iter["authorized"]) {
295 echo " checked";
296 } ?> /></span>
297 <span class='text'><?php echo xlt('Calendar'); ?>:
298 <input type="checkbox" name="calendar"<?php
299 if ($iter["calendar"]) {
300 echo " checked";
301 }
302 if (!$iter["authorized"]) {
303 echo " disabled";
304 } ?> /></span>
305 <span class=text><?php echo xlt('Portal'); ?>:
306 <input type="checkbox" name="portal_user" <?php
307 if ($iter["portal_user"]) {
308 echo " checked";
309 } ?> /></span>
310 <span class='text'><?php echo xlt('Active'); ?>:
311 <input type="checkbox" name="active"<?php echo ($iter["active"]) ? " checked" : ""; ?>/></span>
312 </TD>
313 </TR>
314
315 <TR>
316 <TD><span class=text><?php echo xlt('First Name'); ?>: </span></TD>
317 <TD><input type="text" name=fname id=fname style="width:150px;" class="form-control" value="<?php echo attr($iter["fname"]); ?>"><span class="mandatory"></span></td>
318 <td><span class=text><?php echo xlt('Middle Name'); ?>: </span></TD><td><input type="text" name=mname style="width:150px;" value="<?php echo attr($iter["mname"]); ?>"></td>
319 </TR>
320
321 <TR>
322 <td><span class=text><?php echo xlt('Last Name'); ?>: </span></td><td><input type="text" name=lname id=lname style="width:150px;" class="form-control" value="<?php echo attr($iter["lname"]); ?>"><span class="mandatory"></span></td>
323 <td><span class=text><?php echo xlt('Default Facility'); ?>: </span></td><td><select name=facility_id style="width:150px;" class="form-control">
324 <?php
325 $fres = $facilityService->getAllServiceLocations();
326 if ($fres) {
327 for ($iter2 = 0; $iter2 < sizeof($fres); $iter2++) {
328 $result[$iter2] = $fres[$iter2];
329 }
330
331 foreach ($result as $iter2) {
332 ?>
333 <option value="<?php echo attr($iter2['id']); ?>" <?php if ($iter['facility_id'] == $iter2['id']) {
334 echo "selected";
335 } ?>><?php echo text($iter2['name']); ?></option>
336 <?php
337 }
338 }
339 ?>
340 </select></td>
341 </tr>
342
343 <?php if ($GLOBALS['restrict_user_facility']) { ?>
344 <tr>
345 <td colspan=2>&nbsp;</td>
346 <td><span class=text><?php echo xlt('Schedule Facilities:');?></td>
347 <td>
348 <select name="schedule_facility[]" multiple style="width:150px;" class="form-control">
349 <?php
350 $userFacilities = getUserFacilities($_GET['id']);
351 $ufid = array();
352 foreach ($userFacilities as $uf) {
353 $ufid[] = $uf['id'];
354 }
355
356 $fres = $facilityService->getAllServiceLocations();
357 if ($fres) {
358 foreach ($fres as $frow) :
359 ?>
360 <option <?php echo in_array($frow['id'], $ufid) || $frow['id'] == $iter['facility_id'] ? "selected" : null ?>
361 class="form-control" value="<?php echo attr($frow['id']); ?>"><?php echo text($frow['name']) ?></option>
362 <?php
363 endforeach;
364 }
365 ?>
366 </select>
367 </td>
368 </tr>
369 <?php } ?>
370
371 <TR>
372 <TD><span class=text><?php echo xlt('Federal Tax ID'); ?>: </span></TD><TD><input type=text name=taxid style="width:150px;" class="form-control" value="<?php echo attr($iter["federaltaxid"]); ?>"></td>
373 <TD><span class=text><?php echo xlt('DEA Number'); ?>: </span></TD><TD><input type=text name=drugid style="width:150px;" class="form-control" value="<?php echo attr($iter["federaldrugid"]); ?>"></td>
374 </TR>
375
376 <tr>
377 <td><span class="text"><?php echo xlt('UPIN'); ?>: </span></td><td><input type="text" name="upin" style="width:150px;" class="form-control" value="<?php echo attr($iter["upin"]); ?>"></td>
378 <td class='text'><?php echo xlt('See Authorizations'); ?>: </td>
379 <td><select name="see_auth" style="width:150px;" class="form-control" >
380 <?php
381 foreach (array(1 => xl('None{{Authorization}}'), 2 => xl('Only Mine'), 3 => xl('All')) as $key => $value) {
382 echo " <option value='" . attr($key) . "'";
383 if ($key == $iter['see_auth']) {
384 echo " selected";
385 }
386
387 echo ">" . text($value) . "</option>\n";
388 }
389 ?>
390 </select></td>
391 </tr>
392
393 <tr>
394 <td><span class="text"><?php echo xlt('NPI'); ?>: </span></td><td><input type="text" name="npi" style="width:150px;" class="form-control" value="<?php echo attr($iter["npi"]); ?>"></td>
395 <td><span class="text"><?php echo xlt('Job Description'); ?>: </span></td><td><input type="text" name="job" style="width:150px;" class="form-control" value="<?php echo attr($iter["specialty"]); ?>"></td>
396 </tr>
397
398 <tr>
399 <td><span class="text"><?php echo xlt('Taxonomy'); ?>: </span></td>
400 <td><input type="text" name="taxonomy" style="width:150px;" class="form-control" value="<?php echo attr($iter["taxonomy"]); ?>"></td>
401 <td><span class="text"><?php echo xlt('Supervisor'); ?>: </span></td>
402 <td>
403 <select name="supervisor_id" style="width:150px;" class="form-control">
404 <option value=""><?php echo xlt("Select Supervisor") ?></option>
405 <?php
406 $userService = new UserService();
407 $users = $userService->getActiveUsers();
408 foreach ($users as $activeUser) {
409 $p_id = (int)$activeUser['id'];
410 if ($activeUser['authorized'] != 1) {
411 continue;
412 }
413 echo "<option value='" . attr($p_id) . "'";
414 if ((int)$iter["supervisor_id"] === $p_id) {
415 echo " selected";
416 }
417 echo ">" . text($activeUser['lname']) . ' ' .
418 text($activeUser['fname']) . ' ' . text($activeUser['mname']) . "</option>\n";
419 }
420 ?>
421 </select>
422 </td>
423 </tr>
424
425 <tr>
426 <td><span class="text"><?php echo xlt('State License Number'); ?>: </span></td>
427 <td><input type="text" name="state_license_number" style="width:150px;" class="form-control" value="<?php echo attr($iter["state_license_number"]); ?>"></td>
428 <td class='text'><?php echo xlt('NewCrop eRX Role'); ?>:</td>
429 <td>
430 <?php echo generate_select_list("erxrole", "newcrop_erx_role", $iter['newcrop_user_role'], '', xl('Select Role'), '', '', '', array('style' => 'width:150px')); ?>
431 </td>
432 </tr>
433 <tr>
434 <td><span class="text"><?php echo xlt('Weno Provider ID'); ?>: </span></td><td><input type="text" name="erxprid" style="width:150px;" class="form-control" value="<?php echo attr($iter["weno_prov_id"]); ?>"></td>
435 <td><span class="text"><?php echo xlt('Google Email for Login'); ?>: </span></td><td><input type="text" name="google_signin_email" style="width:150px;" class="form-control" value="<?php echo attr($iter["google_signin_email"]); ?>"></td>
436 </tr>
437
438 <tr>
439 <td><span class="text"><?php echo xlt('Provider Type'); ?>: </span></td>
440 <td><?php echo generate_select_list("physician_type", "physician_type", $iter['physician_type'], '', xl('Select Type'), 'physician_type_class', '', '', ''); ?></td>
441 </tr>
442 <tr>
443 <td>
444 <span class="text"><?php echo xlt('Main Menu Role'); ?>: </span>
445 </td>
446 <td>
447 <?php
448 $menuMain = new MainMenuRole($GLOBALS['kernel']->getEventDispatcher());
449 echo $menuMain->displayMenuRoleSelector($iter["main_menu_role"]);
450 ?>
451 </td>
452 <td>
453 <span class="text"><?php echo xlt('Patient Menu Role'); ?>: </span>
454 </td>
455 <td>
456 <?php
457 $menuPatient = new PatientMenuRole();
458 echo $menuPatient->displayMenuRoleSelector($iter["patient_menu_role"]);
459 ?>
460 </td>
461
462 </tr>
463 <?php if (!empty($GLOBALS['inhouse_pharmacy'])) { ?>
464 <tr>
465 <td class="text"><?php echo xlt('Default Warehouse'); ?>: </td>
466 <td class='text'>
467 <?php
468 echo generate_select_list(
469 'default_warehouse',
470 'warehouse',
471 $iter['default_warehouse'],
472 ''
473 );
474 ?>
475 </td>
476
477 <?php if (!empty($GLOBALS['inhouse_pharmacy'])) { ?>
478 <td class="text"><?php echo xlt('Invoice Refno Pool'); ?>: </td>
479 <td class='text'>
480 <?php
481 echo generate_select_list(
482 'irnpool',
483 'irnpool',
484 $iter['irnpool'],
485 xl('Invoice reference number pool, if used')
486 );
487 ?>
488 </td>
489 <?php } else { ?>
490 <td class="text" colspan="2">&nbsp;</td>
491 <?php } ?>
492
493 </tr>
494 <?php } ?>
495
496 <!-- facility and warehouse restrictions, optional -->
497 <?php if (!empty($GLOBALS['gbl_fac_warehouse_restrictions']) || !empty($GLOBALS['restrict_user_facility'])) { ?>
498 <tr title="<?php echo xla('If nothing is selected here then all are permitted.'); ?>">
499 <td class="text"><?php echo !empty($GLOBALS['gbl_fac_warehouse_restrictions']) ?
500 xlt('Facility and warehouse permissions') : xlt('Facility permissions'); ?>:</td>
501 <td colspan="3">
502 <select name="schedule_facility[]" multiple style="width:490px;">
503 <?php
504 $userFacilities = getUserFacilities($_GET['id'], 'id', $GLOBALS['gbl_fac_warehouse_restrictions']);
505 $ufid = array();
506 foreach ($userFacilities as $uf) {
507 $ufid[] = $uf['id'];
508 }
509 $fres = sqlStatement("select * from facility order by name");
510 if ($fres) {
511 while ($frow = sqlFetchArray($fres)) {
512 // Get the warehouses that are linked to this user and facility.
513 $whids = getUserFacWH($_GET['id'], $frow['id']); // from calendar.inc
514 // Generate an option for just the facility with no warehouse restriction.
515 echo " <option";
516 if (empty($whids) && in_array($frow['id'], $ufid)) {
517 echo ' selected';
518 }
519 echo " value='" . attr($frow['id']) . "'>" . text($frow['name']) . "</option>\n";
520 // Then generate an option for each of the facility's warehouses.
521 // Does not apply if the site does not use warehouse restrictions.
522 if (!empty($GLOBALS['gbl_fac_warehouse_restrictions'])) {
523 $lres = sqlStatement(
524 "SELECT option_id, title FROM list_options WHERE " .
525 "list_id = ? AND option_value = ? ORDER BY seq, title",
526 array('warehouse', $frow['id'])
527 );
528 while ($lrow = sqlFetchArray($lres)) {
529 echo " <option";
530 if (in_array($lrow['option_id'], $whids)) {
531 echo ' selected';
532 }
533 echo " value='" . attr($frow['id']) . "/" . attr($lrow['option_id']) . "'>&nbsp;&nbsp;&nbsp;" .
534 text(xl_list_label($lrow['title'])) . "</option>\n";
535 }
536 }
537 }
538 }
539 ?>
540 </select>
541 </td>
542 </tr>
543 <?php } ?>
544
545 <tr>
546 <td class='text'><?php echo xlt('Access Control'); ?>:</td>
547 <td><select id="access_group_id" name="access_group[]" multiple style="width:150px;" class="form-control">
548 <?php
549 // Collect the access control group of user
550 $list_acl_groups = AclExtended::aclGetGroupTitleList($is_super_user || $selected_user_is_superuser);
551 $username_acl_groups = AclExtended::aclGetGroupTitles($iter["username"]);
552 foreach ($list_acl_groups as $value) {
553 // Disable groups that have any permissions that the logged-in user does not have.
554 $tmp = AclExtended::iHaveGroupPermissions($value) ? '' : 'disabled ';
555 if ($username_acl_groups && in_array($value, $username_acl_groups)) {
556 $tmp .= 'selected ';
557 }
558 echo " <option value='" . attr($value) . "' $tmp>" . text(xl_gacl_group($value)) . "</option>\n";
559 }
560 ?>
561 </select></td>
562 <td><span class=text><?php echo xlt('Additional Info'); ?>:</span></td>
563 <td><textarea style="width:150px;" name="comments" wrap=auto rows=4 cols=25 class="form-control"><?php echo text($iter["info"]); ?></textarea></td>
564
565 </tr>
566 <tr height="20" valign="bottom">
567 <td colspan="4" class="text">
568 <p>*<?php echo xlt('You must enter your own password to change user passwords. Leave blank to keep password unchanged.'); ?></p>
569 <?php
570 if (!$is_super_user && $selected_user_is_superuser) {
571 echo '<p class="redtext">*' . xlt('View mode - only administrator can edit another administrator user') . '.</p>';
572 }
573 ?>
574 <!--
575 Display red alert if entered password matched one of last three passwords/Display red alert if user password is expired
576 -->
577 <div class="redtext" id="error_message">&nbsp;</div>
578 </td>
579 </tr>
580
581 </table>
582
583 <INPUT TYPE="HIDDEN" NAME="id" VALUE="<?php echo attr($_GET["id"]); ?>">
584 <INPUT TYPE="HIDDEN" NAME="mode" VALUE="update">
585 <INPUT TYPE="HIDDEN" NAME="privatemode" VALUE="user_admin">
586
587 <INPUT TYPE="HIDDEN" NAME="secure_pwd" VALUE="<?php echo attr($GLOBALS['secure_password']); ?>">
588 </FORM>
589 <script>
590 $(function () {
591 $("#cancel").click(function() {
592 dlgclose();
593 });
594
595 });
596 </script>
597
598 <div class="container">
599
600 </BODY>
601
602 </HTML>
Mirror of official OpenEMR Sourceforge repository