2 include_once("../globals.php");
3 include_once("$srcdir/md5.js");
4 include_once("$srcdir/sql.inc");
5 require_once(dirname(__FILE__
) . "/../../library/classes/WSProvider.class.php");
9 if (isset($_POST["mode"])) {
10 if ($_POST["mode"] == "facility")
12 sqlStatement("insert into facility set
13 name='{$_POST['facility']}',
14 phone='{$_POST['phone']}',
15 fax='{$_POST['fax']}',
16 street='{$_POST['street']}',
17 city='{$_POST['city']}',
18 state='{$_POST['state']}',
19 postal_code='{$_POST['postal_code']}',
20 country_code='{$_POST['country_code']}',
21 federal_ein='{$_POST['federal_ein']}',
22 facility_npi='{$_POST['facility_npi']}'");
23 } elseif ($_POST["mode"] == "new_user") {
24 if ($_POST["authorized"] != "1") {
25 $_POST["authorized"] = 0;
27 $_POST["info"] = addslashes($_POST["info"]);
29 $res = sqlStatement("select distinct username from users where username != ''");
31 while ($row = mysql_fetch_array($res)) {
32 if ($doit == true && $row['username'] == $_POST["username"]) {
38 $prov_id = idSqlStatement("insert into users set " .
39 "username = '" . $_POST["username"] .
40 "', password = '" . $_POST["newauthPass"] .
41 "', fname = '" . $_POST["fname"] .
42 "', mname = '" . $_POST["mname"] .
43 "', lname = '" . $_POST["lname"] .
44 "', federaltaxid = '" . $_POST["federaltaxid"] .
45 "', authorized = '" . $_POST["authorized"] .
46 "', info = '" . $_POST["info"] .
47 "', federaldrugid = '" . $_POST["federaldrugid"] .
48 "', upin = '" . $_POST["upin"] .
49 "', npi = '" . $_POST["npi"].
50 "', facility = '" . $_POST["facility"] .
51 "', see_auth = '" . $_POST["see_auth"] .
53 sqlStatement("insert into groups set name = '" . $_POST["groupname"] .
54 "', user = '" . $_POST["username"] . "'");
55 $ws = new WSProvider($prov_id);
57 $alertmsg .= "User " . $_POST["username"] . " already exists. ";
60 elseif ($_POST["mode"] == "new_group") {
61 $res = sqlStatement("select distinct name, user from groups");
62 for ($iter = 0; $row = sqlFetchArray($res); $iter++
)
63 $result[$iter] = $row;
65 foreach ($result as $iter) {
66 if ($doit == 1 && $iter{"name"} == $_POST["groupname"] && $iter{"user"} == $_POST["username"])
70 sqlStatement("insert into groups set name = '" . $_POST["groupname"] .
71 "', user = '" . $_POST["username"] . "'");
73 $alertmsg .= "User " . $_POST["username"] .
74 " is already a member of group " . $_POST["groupname"] . ". ";
79 if (isset($_GET["mode"])) {
81 // This is the code to delete a user. Note that the link which invokes
82 // this is commented out. Somebody must have figured it was too dangerous.
84 if ($_GET["mode"] == "delete") {
85 $res = sqlStatement("select distinct username, id from users where id = '" .
87 for ($iter = 0; $row = sqlFetchArray($res); $iter++
)
88 $result[$iter] = $row;
90 // TBD: Before deleting the user, we should check all tables that
91 // reference users to make sure this user is not referenced!
93 foreach($result as $iter) {
94 sqlStatement("delete from groups where user = '" . $iter{"username"} . "'");
96 sqlStatement("delete from users where id = '" . $_GET["id"] . "'");
99 elseif ($_GET["mode"] == "delete_group") {
100 $res = sqlStatement("select distinct user from groups where id = '" .
102 for ($iter = 0; $row = sqlFetchArray($res); $iter++
)
103 $result[$iter] = $row;
104 foreach($result as $iter)
106 // $res = sqlStatement("select name,user from groups where user = '" .
107 // $iter{"user"} . "' and id != {$_GET["id"]}\n");
108 $res = sqlStatement("select name, user from groups where user = '$un' " .
109 "and id != '" . $_GET["id"] . "'");
111 // Remove the user only if they are also in some other group. I.e. every
112 // user must be a member of at least one group.
113 if (sqlFetchArray($res) != FALSE) {
114 sqlStatement("delete from groups where id = '" . $_GET["id"] . "'");
116 $alertmsg .= "You must add this user to some other group before " .
117 "removing them from this group. ";
125 <link rel
=stylesheet href
="<?echo $css_header;?>" type
="text/css">
128 <body
<?
echo $top_bg_line;?
> topmargin
=0 rightmargin
=0 leftmargin
=2 bottommargin
=0 marginwidth
=2 marginheight
=0>
130 <span
class="title"><?
xl('User & Group Administration','e'); ?
></span
>
139 <form name
='facility' method
='post' action
="usergroup_admin.php">
140 <input type
=hidden name
=mode value
="facility">
141 <span
class=bold
><?
xl('New Facility Information','e'); ?
>: </span
>
144 <table border
=0 cellpadding
=0 cellspacing
=0>
146 <td
><span
class=text
><?
xl('Name','e'); ?
>: </span
></td
><td
><input type
=entry name
=facility size
=20 value
=""></td
>
147 <td
><span
class=text
><?
xl('Phone','e'); ?
>: </span
></td
><td
><input type
=entry name
=phone size
=20 value
=""></td
>
150 <td
> 
;</td
><td
> 
;</td
>
151 <td
><span
class=text
><?
xl('Fax','e'); ?
>: </span
></td
><td
><input type
=entry name
=fax size
=20 value
=""></td
>
154 <td
><span
class=text
><?
xl('Address','e'); ?
>: </span
></td
><td
><input type
=entry size
=20 name
=street value
=""></td
>
155 <td
><span
class=text
><?
xl('City','e'); ?
>: </span
></td
><td
><input type
=entry size
=20 name
=city value
=""></td
>
158 <td
><span
class=text
><?
xl('State','e'); ?
>: </span
></td
><td
><input type
=entry size
=20 name
=state value
=""></td
>
159 <td
><span
class=text
><?
xl('Zip Code','e'); ?
>: </span
></td
><td
><input type
=entry size
=20 name
=postal_code value
=""></td
>
162 <td height
="22"><span
class=text
><?
xl('Country','e'); ?
>: </span
></td
>
163 <td
><input type
=entry size
=20 name
=country_code value
=""></td
>
164 <td
><span
class=text
><?
xl('Federal EIN','e'); ?
>: </span
></td
><td
><input type
=entry size
=20 name
=federal_ein value
=""></td
>
167 <td
> 
;</td
><td
> 
;</td
>
169 <td
><span
class=text
><?
xl('Facility NPI','e'); ?
>: </span
></td
><td
><input type
=entry size
=20 name
=facility_npi value
=""></td
>
172 <td
> 
;</td
><td
> 
;</td
>
173 <td
> 
;</td
><td
><input type
="submit" value
=<?
xl('Add Facility','e'); ?
>></td
>
182 <form name
='facility' method
='post' action
="usergroup_admin.php">
183 <input type
=hidden name
=mode value
=<?
xl('facility','e'); ?
>>
184 <span
class=bold
><?
xl('Edit Facilities','e'); ?
>: </span
>
188 $fres = sqlStatement("select * from facility order by name");
191 for ($iter3 = 0;$frow = sqlFetchArray($fres);$iter3++
)
192 $result2[$iter3] = $frow;
193 foreach($result2 as $iter3) {
195 <span
class=text
><?
echo $iter3{name
};?
></span
><a href
="facility_admin.php?fid=<?echo $iter3{id};?>" class=link_submit
>(Edit
)</a
><br
>
204 <form name
='new_user' method
='post' action
="usergroup_admin.php">
205 <input type
=hidden name
=mode value
=new_user
>
206 <span
class=bold
><?
xl('New User','e'); ?
>:</span
>
208 <table border
=0 cellpadding
=0 cellspacing
=0>
210 <td
><span
class=text
><?
xl('Username','e'); ?
>: </span
></td
><td
><input type
=entry name
=username size
=20>  
;</td
>
211 <td
><span
class=text
><?
xl('Password','e'); ?
>: </span
></td
><td
><input type
="password" size
=20 name
=clearPass
></td
>
214 <td
><span
class=text
><?
xl('Groupname','e'); ?
>: </span
></td
><td
>
215 <select name
=groupname
>
217 $res = sqlStatement("select distinct name from groups");
218 for ($iter = 0;$row = sqlFetchArray($res);$iter++
)
219 $result2[$iter] = $row;
220 foreach ($result2 as $iter) {
221 print "<option value='".$iter{"name"}."'>" . $iter{"name"} . "</option>\n";
225 <td
><span
class=text
><?
xl('Authorized','e'); ?
>: </span
></td
><td
><input type
=checkbox name
='authorized' value
="1"></td
>
228 <td
><span
class=text
><?
xl('First Name','e'); ?
>: </span
></td
><td
><input type
=entry name
='fname' size
=20></td
>
229 <td
><span
class=text
><?
xl('Middle Name','e'); ?
>: </span
></td
><td
><input type
=entry name
='mname' size
=20></td
>
232 <td
><span
class=text
><?
xl('Last Name','e'); ?
>: </span
></td
><td
><input type
=entry name
='lname' size
=20></td
>
233 <td
><span
class=text
><?
xl('Default Facility','e'); ?
>: </span
></td
><td
><select name
=facility
>
235 $fres = sqlStatement("select * from facility order by name");
237 for ($iter = 0;$frow = sqlFetchArray($fres);$iter++
)
238 $result[$iter] = $frow;
239 foreach($result as $iter) {
241 <option value
="<?echo $iter{name};?>"><?
echo $iter{name
};?
></option
>
249 <td
><span
class=text
><?
xl('Federal Tax ID','e'); ?
>: </span
></td
><td
><input type
=entry name
='federaltaxid' size
=20></td
>
250 <td
><span
class=text
><?
xl('Federal Drug ID','e'); ?
>: </span
></td
><td
><input type
=entry name
='federaldrugid' size
=20></td
>
253 <td
><span
class="text"><?
xl('UPIN','e'); ?
>: </span
></td
><td
><input type
="entry" name
="upin" size
="20"></td
>
254 <td
class='text'><?
xl('See Authorizations','e'); ?
>: </td
>
255 <td
><select name
="see_auth">
257 foreach (array(1 => xl('None'), 2 => xl('Only Mine'), 3 => xl('All')) as $key => $value)
259 echo " <option value='$key'";
260 echo ">$value</option>\n";
266 <td
><span
class="text"><?
xl('NPI','e'); ?
>: </span
></td
><td
><input type
="entry" name
="npi" size
="20"></td
>
269 <span
class=text
><?
xl('Additional Info','e'); ?
>: </span
><br
>
270 <textarea name
=info cols
=40 rows
=4 wrap
=auto
></textarea
>
271 <br
><input type
="hidden" name
="newauthPass">
272 <input type
="submit" onClick
="javascript:this.form.newauthPass.value=MD5(this.form.clearPass.value);this.form.clearPass.value='';" value
=<?
xl('Add User','e'); ?
>>
279 <form name
=new_group method
=post action
="usergroup_admin.php">
280 <input type
=hidden name
=mode value
=new_group
>
281 <span
class=bold
><?
xl('New Group','e'); ?
>:</span
>
283 <span
class=text
><?
xl('Groupname','e'); ?
>: </span
><input type
=entry name
=groupname size
=10>
285 <span
class=text
><?
xl('Initial User','e'); ?
>: </span
>
286 <select name
=username
>
288 $res = sqlStatement("select distinct username from users where username != ''");
289 for ($iter = 0;$row = sqlFetchArray($res);$iter++
)
290 $result[$iter] = $row;
291 foreach ($result as $iter) {
292 print "<option value='".$iter{"username"}."'>" . $iter{"username"} . "</option>\n";
297 <input type
="submit" value
=<?
xl('Add Group','e'); ?
>>
304 <form name
=new_group method
=post action
="usergroup_admin.php">
305 <input type
=hidden name
=mode value
=new_group
>
306 <span
class=bold
><?
xl('Add User To Group','e'); ?
>:</span
>
309 <?
xl('User','e'); ?
>
311 <select name
=username
>
313 $res = sqlStatement("select distinct username from users where username != ''");
314 for ($iter = 0;$row = sqlFetchArray($res);$iter++
)
315 $result3[$iter] = $row;
316 foreach ($result3 as $iter) {
317 print "<option value='".$iter{"username"}."'>" . $iter{"username"} . "</option>\n";
322 <span
class=text
><?
xl('Groupname','e'); ?
>: </span
>
323 <select name
=groupname
>
325 $res = sqlStatement("select distinct name from groups");
326 for ($iter = 0;$row = sqlFetchArray($res);$iter++
)
327 $result2[$iter] = $row;
328 foreach ($result2 as $iter) {
329 print "<option value='".$iter{"name"}."'>" . $iter{"name"} . "</option>\n";
334 <input type
="submit" value
=<?
xl('Add User To Group','e'); ?
>>
343 <table border
=0 cellpadding
=1 cellspacing
=2>
344 <tr
><td
><span
class=bold
><?
xl('Username','e'); ?
></span
></td
><td
><span
class=bold
><?
xl('Real Name','e'); ?
></span
></td
><td
><span
class=bold
><?
xl('Info','e'); ?
></span
></td
><td
><span
class=bold
><?
xl('Authorized','e'); ?
>?
</span
></td
></tr
>
346 $res = sqlStatement("select * from users where username != '' order by username");
347 for ($iter = 0;$row = sqlFetchArray($res);$iter++
)
348 $result4[$iter] = $row;
349 foreach ($result4 as $iter) {
350 if ($iter{"authorized"}) {
351 $iter{"authorized"} = xl('yes');
353 $iter{"authorized"} = "";
356 print "<tr><td><span class=text>" . $iter{"username"} .
357 "</span><a href='user_admin.php?id=" . $iter{"id"} .
358 "' class=link_submit>(Edit)</a></td><td><span class=text>" .
359 $iter{"fname"} . ' ' . $iter{"lname"}."</span></td><td><span class=text>" .
360 $iter{"info"} . "</span></td><td align='center'><span class=text>" .
361 $iter{"authorized"} . "</span></td>";
362 print "<td><!--<a href='usergroup_admin.php?mode=delete&id=" . $iter{"id"} .
363 "' class=link_submit>[Delete]</a>--></td>";
373 $res = sqlStatement("select * from groups order by name");
374 for ($iter = 0;$row = sqlFetchArray($res);$iter++
)
375 $result5[$iter] = $row;
377 foreach ($result5 as $iter) {
378 $grouplist{$iter{"name"}} .= $iter{"user"} .
379 "(<a class=link_submit href='usergroup_admin.php?mode=delete_group&id=" .
380 $iter{"id"} . "'>Remove</a>), ";
383 foreach ($grouplist as $groupname => $list) {
384 print "<span class=bold>" . $groupname . "</span><br>\n<span class=text>" .
385 substr($list,0,strlen($list)-2) . "</span><br>\n";
389 <script language
="JavaScript">
391 if ($alertmsg = trim($alertmsg)) {
392 echo "alert('$alertmsg');\n";