search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Fully responsive globals.php with vertical menu (#2460)
[openemr.git] / interface / usergroup / usergroup_admin.php
blobb1f71ee9e2ac8e0cd5aa8eb569884f0ac9292577
1 <?php
2 /**
3 * This script Assign acl 'Emergency login'.
4 *
5 * @package OpenEMR
6 * @link http://www.open-emr.org
7 * @author Roberto Vasquez <robertogagliotta@gmail.com>
8 * @author Brady Miller <brady.g.miller@gmail.com>
9 * @copyright Copyright (c) 2015 Roberto Vasquez <robertogagliotta@gmail.com>
10 * @copyright Copyright (c) 2017-2019 Brady Miller <brady.g.miller@gmail.com>
11 * @license https://github.com/openemr/openemr/blob/master/LICENSE GNU General Public License 3
12 */
13
14
15 require_once("../globals.php");
16 require_once("../../library/acl.inc");
17 require_once("$srcdir/auth.inc");
18
19 use OpenEMR\Core\Header;
20 use OpenEMR\Services\UserService;
21
22 if (!empty($_POST)) {
23 if (!verifyCsrfToken($_POST["csrf_token_form"])) {
24 csrfNotVerified();
25 }
26 }
27
28 if (!empty($_GET)) {
29 if (!verifyCsrfToken($_GET["csrf_token_form"])) {
30 csrfNotVerified();
31 }
32 }
33
34 if (!acl_check('admin', 'users')) {
35 die(xlt('Access denied'));
36 }
37
38 if (!acl_check('admin', 'super')) {
39 //block non-administrator user from create administrator
40 foreach ($_POST['access_group'] as $aro_group) {
41 if (is_group_include_superuser($aro_group)) {
42 die(xlt('Saving denied'));
43 };
44 }
45 if ($_POST['mode'] === 'update') {
46 //block non-administrator user from update administrator
47 $user_service = new UserService();
48 $user = $user_service->getUser($_POST['id']);
49 $aro_groups = acl_get_group_titles($user->getUsername());
50 foreach ($aro_groups as $aro_group) {
51 if (is_group_include_superuser($aro_group)) {
52 die(xlt('Saving denied'));
53 };
54 }
55 }
56 }
57
58 $alertmsg = '';
59 $bg_msg = '';
60 $set_active_msg=0;
61 $show_message=0;
62
63 /* Sending a mail to the admin when the breakglass user is activated only if $GLOBALS['Emergency_Login_email'] is set to 1 */
64 if (is_array($_POST['access_group'])) {
65 $bg_count = count($_POST['access_group']);
66 $mail_id = explode(".", $SMTP_HOST);
67 for ($i = 0; $i < $bg_count; $i++) {
68 if (($_POST['access_group'][$i] == "Emergency Login") && ($_POST['active'] == 'on') && ($_POST['pre_active'] == 0)) {
69 if (($_POST['get_admin_id'] == 1) && ($_POST['admin_id'] != "")) {
70 $res = sqlStatement("select username from users where id= ? ", array($_POST["id"]));
71 $row = sqlFetchArray($res);
72 $uname = $row['username'];
73 $mail = new MyMailer();
74 $mail->From = $GLOBALS["practice_return_email_path"];
75 $mail->FromName = "Administrator OpenEMR";
76 $text_body = "Hello Security Admin,\n\n The Emergency Login user " . $uname .
77 " was activated at " . date('l jS \of F Y h:i:s A') . " \n\nThanks,\nAdmin OpenEMR.";
78 $mail->Body = $text_body;
79 $mail->Subject = "Emergency Login User Activated";
80 $mail->AddAddress($_POST['admin_id']);
81 $mail->Send();
82 }
83 }
84 }
85 }
86
87 /* To refresh and save variables in mail frame */
88 if (isset($_POST["privatemode"]) && $_POST["privatemode"] =="user_admin") {
89 if ($_POST["mode"] == "update") {
90 if (isset($_POST["username"])) {
91 $user_data = sqlFetchArray(sqlStatement("select * from users where id= ? ", array($_POST["id"])));
92 sqlStatement("update users set username=? where id= ? ", array(trim($_POST["username"]), $_POST["id"]));
93 sqlStatement("update `groups` set user=? where user= ?", array(trim($_POST["username"]), $user_data["username"]));
94 }
95
96 if ($_POST["taxid"]) {
97 sqlStatement("update users set federaltaxid=? where id= ? ", array($_POST["taxid"], $_POST["id"]));
98 }
99
100 if ($_POST["state_license_number"]) {
101 sqlStatement("update users set state_license_number=? where id= ? ", array($_POST["state_license_number"], $_POST["id"]));
102 }
103
104 if ($_POST["drugid"]) {
105 sqlStatement("update users set federaldrugid=? where id= ? ", array($_POST["drugid"], $_POST["id"]));
106 }
107
108 if ($_POST["upin"]) {
109 sqlStatement("update users set upin=? where id= ? ", array($_POST["upin"], $_POST["id"]));
110 }
111
112 if ($_POST["npi"]) {
113 sqlStatement("update users set npi=? where id= ? ", array($_POST["npi"], $_POST["id"]));
114 }
115
116 if ($_POST["taxonomy"]) {
117 sqlStatement("update users set taxonomy = ? where id= ? ", array($_POST["taxonomy"], $_POST["id"]));
118 }
119
120 if ($_POST["lname"]) {
121 sqlStatement("update users set lname=? where id= ? ", array($_POST["lname"], $_POST["id"]));
122 }
123
124 if ($_POST["job"]) {
125 sqlStatement("update users set specialty=? where id= ? ", array($_POST["job"], $_POST["id"]));
126 }
127
128 if ($_POST["mname"]) {
129 sqlStatement("update users set mname=? where id= ? ", array($_POST["mname"], $_POST["id"]));
130 }
131
132 if ($_POST["facility_id"]) {
133 sqlStatement("update users set facility_id = ? where id = ? ", array($_POST["facility_id"], $_POST["id"]));
134 //(CHEMED) Update facility name when changing the id
135 sqlStatement("UPDATE users, facility SET users.facility = facility.name WHERE facility.id = ? AND users.id = ?", array($_POST["facility_id"], $_POST["id"]));
136 //END (CHEMED)
137 }
138
139 if ($GLOBALS['restrict_user_facility'] && $_POST["schedule_facility"]) {
140 sqlStatement("delete from users_facility
141 where tablename='users'
142 and table_id= ?
143 and facility_id not in (" . add_escape_custom(implode(",", $_POST['schedule_facility'])) . ")", array($_POST["id"]));
144 foreach ($_POST["schedule_facility"] as $tqvar) {
145 sqlStatement("replace into users_facility set
146 facility_id = ?,
147 tablename='users',
148 table_id = ?", array($tqvar, $_POST["id"]));
149 }
150 }
151
152 if ($_POST["fname"]) {
153 sqlStatement("update users set fname=? where id= ? ", array($_POST["fname"], $_POST["id"]));
154 }
155
156 if (isset($_POST['default_warehouse'])) {
157 sqlStatement("UPDATE users SET default_warehouse = ? WHERE id = ?", array($_POST['default_warehouse'], $_POST["id"]));
158 }
159
160 if (isset($_POST['irnpool'])) {
161 sqlStatement("UPDATE users SET irnpool = ? WHERE id = ?", array($_POST['irnpool'], $_POST["id"]));
162 }
163
164 if (!empty($_POST['clear_2fa'])) {
165 sqlStatement("DELETE FROM login_mfa_registrations WHERE user_id = ?", array($_POST['id']));
166 }
167
168 if ($_POST["adminPass"] && $_POST["clearPass"]) {
169 require_once("$srcdir/authentication/password_change.php");
170 $clearAdminPass=$_POST['adminPass'];
171 $clearUserPass=$_POST['clearPass'];
172 $password_err_msg="";
173 $success=update_password($_SESSION['authId'], $_POST['id'], $clearAdminPass, $clearUserPass, $password_err_msg);
174 if (!$success) {
175 error_log($password_err_msg);
176 $alertmsg.=$password_err_msg;
177 }
178 }
179
180 $tqvar = $_POST["authorized"] ? 1 : 0;
181 $actvar = $_POST["active"] ? 1 : 0;
182 $calvar = $_POST["calendar"] ? 1 : 0;
183
184 sqlStatement("UPDATE users SET authorized = ?, active = ?, " .
185 "calendar = ?, see_auth = ? WHERE " .
186 "id = ? ", array($tqvar, $actvar, $calvar, $_POST['see_auth'], $_POST["id"]));
187 //Display message when Emergency Login user was activated
188 $bg_count=count($_POST['access_group']);
189 for ($i=0; $i<$bg_count; $i++) {
190 if (($_POST['access_group'][$i] == "Emergency Login") && ($_POST['pre_active'] == 0) && ($actvar == 1)) {
191 $show_message = 1;
192 }
193 }
194
195 if (($_POST['access_group'])) {
196 for ($i=0; $i<$bg_count; $i++) {
197 if (($_POST['access_group'][$i] == "Emergency Login") && ($_POST['user_type']) == "" && ($_POST['check_acl'] == 1) && ($_POST['active']) != "") {
198 $set_active_msg=1;
199 }
200 }
201 }
202
203 if ($_POST["comments"]) {
204 sqlStatement("update users set info = ? where id = ? ", array($_POST["comments"], $_POST["id"]));
205 }
206
207 $erxrole = isset($_POST['erxrole']) ? $_POST['erxrole'] : '';
208 sqlStatement("update users set newcrop_user_role = ? where id = ? ", array($erxrole, $_POST["id"]));
209
210 if ($_POST["physician_type"]) {
211 sqlStatement("update users set physician_type = ? where id = ? ", array($_POST["physician_type"], $_POST["id"]));
212 }
213
214 if ($_POST["main_menu_role"]) {
215 $mainMenuRole = filter_input(INPUT_POST, 'main_menu_role');
216 sqlStatement("update `users` set `main_menu_role` = ? where `id` = ? ", array($mainMenuRole, $_POST["id"]));
217 }
218
219 if ($_POST["patient_menu_role"]) {
220 $patientMenuRole = filter_input(INPUT_POST, 'patient_menu_role');
221 sqlStatement("update `users` set `patient_menu_role` = ? where `id` = ? ", array($patientMenuRole, $_POST["id"]));
222 }
223
224 if ($_POST["erxprid"]) {
225 sqlStatement("update users set weno_prov_id = '$erxprid' where id = ? ", array($_POST["erxprid"], $_POST["id"]));
226 }
227
228 // Set the access control group of user
229 $user_data = sqlFetchArray(sqlStatement("select username from users where id= ?", array($_POST["id"])));
230 set_user_aro(
231 $_POST['access_group'],
232 $user_data["username"],
233 (isset($_POST['fname']) ? $_POST['fname'] : ''),
234 (isset($_POST['mname']) ? $_POST['mname'] : ''),
235 (isset($_POST['lname']) ? $_POST['lname'] : '')
236 );
237 }
238 }
239
240 /* To refresh and save variables in mail frame - Arb*/
241 if (isset($_POST["mode"])) {
242 if ($_POST["mode"] == "new_user") {
243 if ($_POST["authorized"] != "1") {
244 $_POST["authorized"] = 0;
245 }
246
247 $calvar = $_POST["calendar"] ? 1 : 0;
248
249 $res = sqlStatement("select distinct username from users where username != ''");
250 $doit = true;
251 while ($row = sqlFetchArray($res)) {
252 if ($doit == true && $row['username'] == trim($_POST['rumple'])) {
253 $doit = false;
254 }
255 }
256
257 if ($doit == true) {
258 require_once("$srcdir/authentication/password_change.php");
259
260 //if password expiration option is enabled, calculate the expiration date of the password
261 if ($GLOBALS['password_expiration_days'] != 0) {
262 $exp_days = $GLOBALS['password_expiration_days'];
263 $exp_date = date('Y-m-d', strtotime("+$exp_days days"));
264 }
265
266 $insertUserSQL=
267 "insert into users set " .
268 "username = '" . add_escape_custom(trim((isset($_POST['rumple']) ? $_POST['rumple'] : ''))) .
269 "', password = '" . 'NoLongerUsed' .
270 "', fname = '" . add_escape_custom(trim((isset($_POST['fname']) ? $_POST['fname'] : ''))) .
271 "', mname = '" . add_escape_custom(trim((isset($_POST['mname']) ? $_POST['mname'] : ''))) .
272 "', lname = '" . add_escape_custom(trim((isset($_POST['lname']) ? $_POST['lname'] : ''))) .
273 "', federaltaxid = '" . add_escape_custom(trim((isset($_POST['federaltaxid']) ? $_POST['federaltaxid'] : ''))) .
274 "', state_license_number = '" . add_escape_custom(trim((isset($_POST['state_license_number']) ? $_POST['state_license_number'] : ''))) .
275 "', newcrop_user_role = '" . add_escape_custom(trim((isset($_POST['erxrole']) ? $_POST['erxrole'] : ''))) .
276 "', physician_type = '" . add_escape_custom(trim((isset($_POST['physician_type']) ? $_POST['physician_type'] : ''))) .
277 "', main_menu_role = '" . add_escape_custom(trim((isset($_POST['main_menu_role']) ? $_POST['main_menu_role'] : ''))) .
278 "', patient_menu_role = '" . add_escape_custom(trim((isset($_POST['patient_menu_role']) ? $_POST['patient_menu_role'] : ''))) .
279 "', weno_prov_id = '" . add_escape_custom(trim((isset($_POST['erxprid']) ? $_POST['erxprid'] : ''))) .
280 "', authorized = '" . add_escape_custom(trim((isset($_POST['authorized']) ? $_POST['authorized'] : ''))) .
281 "', info = '" . add_escape_custom(trim((isset($_POST['info']) ? $_POST['info'] : ''))) .
282 "', federaldrugid = '" . add_escape_custom(trim((isset($_POST['federaldrugid']) ? $_POST['federaldrugid'] : ''))) .
283 "', upin = '" . add_escape_custom(trim((isset($_POST['upin']) ? $_POST['upin'] : ''))) .
284 "', npi = '" . add_escape_custom(trim((isset($_POST['npi']) ? $_POST['npi'] : ''))) .
285 "', taxonomy = '" . add_escape_custom(trim((isset($_POST['taxonomy']) ? $_POST['taxonomy'] : ''))) .
286 "', facility_id = '" . add_escape_custom(trim((isset($_POST['facility_id']) ? $_POST['facility_id'] : ''))) .
287 "', specialty = '" . add_escape_custom(trim((isset($_POST['specialty']) ? $_POST['specialty'] : ''))) .
288 "', see_auth = '" . add_escape_custom(trim((isset($_POST['see_auth']) ? $_POST['see_auth'] : ''))) .
289 "', default_warehouse = '" . add_escape_custom(trim((isset($_POST['default_warehouse']) ? $_POST['default_warehouse'] : ''))) .
290 "', irnpool = '" . add_escape_custom(trim((isset($_POST['irnpool']) ? $_POST['irnpool'] : ''))) .
291 "', calendar = '" . add_escape_custom($calvar) .
292 "', pwd_expiration_date = '" . add_escape_custom(trim($exp_date)) .
293 "'";
294
295 $clearAdminPass=$_POST['adminPass'];
296 $clearUserPass=$_POST['stiltskin'];
297 $password_err_msg="";
298 $prov_id="";
299 $success = update_password(
300 $_SESSION['authId'],
301 0,
302 $clearAdminPass,
303 $clearUserPass,
304 $password_err_msg,
305 true,
306 $insertUserSQL,
307 trim((isset($_POST['rumple']) ? $_POST['rumple'] : '')),
308 $prov_id
309 );
310 error_log($password_err_msg);
311 $alertmsg .=$password_err_msg;
312 if ($success) {
313 //set the facility name from the selected facility_id
314 sqlStatement(
315 "UPDATE users, facility SET users.facility = facility.name WHERE facility.id = ? AND users.username = ?",
316 array(
317 trim((isset($_POST['facility_id']) ? $_POST['facility_id'] : '')),
318 trim((isset($_POST['rumple']) ? $_POST['rumple'] : ''))
319 )
320 );
321
322 sqlStatement(
323 "insert into `groups` set name = ?, user = ?",
324 array(
325 trim((isset($_POST['groupname']) ? $_POST['groupname'] : '')),
326 trim((isset($_POST['rumple']) ? $_POST['rumple'] : ''))
327 )
328 );
329
330 if (trim((isset($_POST['rumple']) ? $_POST['rumple'] : ''))) {
331 // Set the access control group of user
332 set_user_aro(
333 $_POST['access_group'],
334 trim((isset($_POST['rumple']) ? $_POST['rumple'] : '')),
335 trim((isset($_POST['fname']) ? $_POST['fname'] : '')),
336 trim((isset($_POST['mname']) ? $_POST['mname'] : '')),
337 trim((isset($_POST['lname']) ? $_POST['lname'] : ''))
338 );
339 }
340 }
341 } else {
342 $alertmsg .= xl('User'). ' ' . trim((isset($_POST['rumple']) ? $_POST['rumple'] : '')) . ' ' . xl('already exists.');
343 }
344
345 if ($_POST['access_group']) {
346 $bg_count=count($_POST['access_group']);
347 for ($i=0; $i<$bg_count; $i++) {
348 if ($_POST['access_group'][$i] == "Emergency Login") {
349 $set_active_msg=1;
350 }
351 }
352 }
353 } else if ($_POST["mode"] == "new_group") {
354 $res = sqlStatement("select distinct name, user from `groups`");
355 for ($iter = 0; $row = sqlFetchArray($res); $iter++) {
356 $result[$iter] = $row;
357 }
358
359 $doit = 1;
360 foreach ($result as $iter) {
361 if ($doit == 1 && $iter{"name"} == (trim((isset($_POST['groupname']) ? $_POST['groupname'] : ''))) && $iter{"user"} == (trim((isset($_POST['rumple']) ? $_POST['rumple'] : '')))) {
362 $doit--;
363 }
364 }
365
366 if ($doit == 1) {
367 sqlStatement(
368 "insert into `groups` set name = ?, user = ?",
369 array(
370 trim((isset($_POST['groupname']) ? $_POST['groupname'] : '')),
371 trim((isset($_POST['rumple']) ? $_POST['rumple'] : ''))
372 )
373 );
374 } else {
375 $alertmsg .= "User " . trim((isset($_POST['rumple']) ? $_POST['rumple'] : '')) .
376 " is already a member of group " . trim((isset($_POST['groupname']) ? $_POST['groupname'] : '')) . ". ";
377 }
378 }
379 }
380
381 if (isset($_GET["mode"])) {
382 /*******************************************************************
383 // This is the code to delete a user. Note that the link which invokes
384 // this is commented out. Somebody must have figured it was too dangerous.
385 //
386 if ($_GET["mode"] == "delete") {
387 $res = sqlStatement("select distinct username, id from users where id = '" .
388 $_GET["id"] . "'");
389 for ($iter = 0; $row = sqlFetchArray($res); $iter++)
390 $result[$iter] = $row;
391
392 // TBD: Before deleting the user, we should check all tables that
393 // reference users to make sure this user is not referenced!
394
395 foreach($result as $iter) {
396 sqlStatement("delete from `groups` where user = '" . $iter{"username"} . "'");
397 }
398 sqlStatement("delete from users where id = '" . $_GET["id"] . "'");
399 }
400 *******************************************************************/
401
402 if ($_GET["mode"] == "delete_group") {
403 $res = sqlStatement("select distinct user from `groups` where id = ?", array($_GET["id"]));
404 for ($iter = 0; $row = sqlFetchArray($res); $iter++) {
405 $result[$iter] = $row;
406 }
407
408 foreach ($result as $iter) {
409 $un = $iter{"user"};
410 }
411
412 $res = sqlStatement("select name, user from `groups` where user = ? " .
413 "and id != ?", array($un, $_GET["id"]));
414
415 // Remove the user only if they are also in some other group. I.e. every
416 // user must be a member of at least one group.
417 if (sqlFetchArray($res) != false) {
418 sqlStatement("delete from `groups` where id = ?", array($_GET["id"]));
419 } else {
420 $alertmsg .= "You must add this user to some other group before " .
421 "removing them from this group. ";
422 }
423 }
424 }
425 // added for form submit's from usergroup_admin_add and user_admin.php
426 // sjp 12/29/17
427 if (isset($_REQUEST["mode"])) {
428 exit(text(trim($alertmsg)));
429 }
430
431 $form_inactive = empty($_POST['form_inactive']) ? false : true;
432
433 ?>
434 <html>
435 <head>
436 <title><?php echo xlt('User / Groups');?></title>
437
438 <?php Header::setupHeader(['common','jquery-ui']); ?>
439
440 <script type="text/javascript">
441
442 $(function(){
443
444 tabbify();
445
446 $(".medium_modal").on('click', function(e) {
447 e.preventDefault();e.stopPropagation();
448 dlgopen('', '', 660, 450, '', '', {
449 type: 'iframe',
450 url: $(this).attr('href')
451 });
452 });
453
454 });
455
456 function authorized_clicked() {
457 var f = document.forms[0];
458 f.calendar.disabled = !f.authorized.checked;
459 f.calendar.checked = f.authorized.checked;
460 }
461
462 </script>
463
464 </head>
465 <body class="body_top">
466
467 <div class="container">
468 <div class="row">
469 <div class="col-xs-12">
470 <div class="page-title">
471 <h2><?php echo xlt('User / Groups');?></h2>
472 </div>
473 </div>
474 </div>
475 <div class="row">
476 <div class="col-xs-12">
477 <div class="btn-group">
478 <a href="usergroup_admin_add.php" class="medium_modal btn btn-default btn-add"><?php echo xlt('Add User'); ?></a>
479 <a href="facility_user.php" class="btn btn-default btn-show"><?php echo xlt('View Facility Specific User Information'); ?></a>
480 </div>
481 <form name='userlist' method='post' style="display: inline;" class="form-inline" class="pull-right" action='usergroup_admin.php' onsubmit='return top.restoreSession()'>
482 <input type="hidden" name="csrf_token_form" value="<?php echo attr(collectCsrfToken()); ?>" />
483 <div class="checkbox">
484 <label for="form_inactive">
485 <input type='checkbox' class="form-control" id="form_inactive" name='form_inactive' value='1' onclick='submit()' <?php echo ($form_inactive) ? 'checked ' : ''; ?>>
486 <?php echo xlt('Include inactive users'); ?>
487 </label>
488 </div>
489 </form>
490 </div>
491 </div>
492 <div class="row">
493 <div class="col-xs-12">
494 <?php
495 if ($set_active_msg == 1) {
496 echo "<div class='alert alert-danger'>".xlt('Emergency Login ACL is chosen. The user is still in active state, please de-activate the user and activate the same when required during emergency situations. Visit Administration->Users for activation or de-activation.')."</div><br>";
497 }
498
499 if ($show_message == 1) {
500 echo "<div class='alert alert-danger'>".xlt('The following Emergency Login User is activated:')." "."<b>".text($_GET['fname'])."</b>"."</div><br>";
501 echo "<div class='alert alert-danger'>".xlt('Emergency Login activation email will be circulated only if following settings in the interface/globals.php file are configured:')." \$GLOBALS['Emergency_Login_email'], \$GLOBALS['Emergency_Login_email_id']</div>";
502 }
503
504 ?>
505 <div class="table-responsive">
506 <table class="table table-striped">
507 <thead>
508 <tr>
509 <th><?php echo xlt('Username'); ?></th>
510 <th><?php echo xlt('Real Name'); ?></th>
511 <th><?php echo xlt('Additional Info'); ?></th>
512 <th><?php echo xlt('Authorized'); ?></th>
513 <th><?php echo xlt('MFA'); ?></th>
514 </tr>
515 <tbody>
516 <?php
517 $query = "SELECT * FROM users WHERE username != '' ";
518 if (!$form_inactive) {
519 $query .= "AND active = '1' ";
520 }
521
522 $query .= "ORDER BY username";
523 $res = sqlStatement($query);
524 for ($iter = 0; $row = sqlFetchArray($res); $iter++) {
525 $result4[$iter] = $row;
526 }
527
528 foreach ($result4 as $iter) {
529 if ($iter{"authorized"}) {
530 $iter{"authorized"} = xl('yes');
531 } else {
532 $iter{"authorized"} = xl('no');
533 }
534
535 $mfa = sqlQuery(
536 "SELECT `method` FROM `login_mfa_registrations` " .
537 "WHERE `user_id` = ? AND (`method` = 'TOTP' OR `method` = 'U2F')",
538 [$iter['id']]
539 );
540 if (!empty($mfa['method'])) {
541 $isMfa = xl('yes');
542 } else {
543 $isMfa = xl('no');
544 }
545
546 print "<tr>
547 <td><b><a href='user_admin.php?id=" . attr_url($iter{"id"}) . "&csrf_token_form=" . attr_url(collectCsrfToken()) .
548 "' class='medium_modal' onclick='top.restoreSession()'>" . text($iter{"username"}) . "</a></b>" ."&nbsp;</td>
549 <td>" . text($iter{"fname"}) . ' ' . text($iter{"lname"}) ."&nbsp;</td>
550 <td>" . text($iter{"info"}) . "&nbsp;</td>
551 <td align='left'><span>" .text($iter{"authorized"}) . "</td>
552 <td align='left'><span>" .text($isMfa) . "</td>";
553 print "</tr>\n";
554 }
555 ?>
556 </tbody>
557 </table>
558 </div>
559 <?php
560 if (empty($GLOBALS['disable_non_default_groups'])) {
561 $res = sqlStatement("select * from `groups` order by name");
562 for ($iter = 0; $row = sqlFetchArray($res); $iter++) {
563 $result5[$iter] = $row;
564 }
565
566 foreach ($result5 as $iter) {
567 $grouplist{$iter{"name"}} .= text($iter{"user"}) .
568 "(<a class='link_submit' href='usergroup_admin.php?mode=delete_group&id=" .
569 attr_url($iter{"id"}) . "&csrf_token_form=" . attr_url(collectCsrfToken()) ."' onclick='top.restoreSession()'>" . xlt('Remove') . "</a>), ";
570 }
571
572 foreach ($grouplist as $groupname => $list) {
573 print "<span class='bold'>" . text($groupname) . "</span><br>\n<span>" .
574 substr($list, 0, strlen($list)-2) . "</span><br>\n";
575 }
576 }
577 ?>
578 </div>
579 </div>
580 </div>
581 <script language="JavaScript">
582 <?php
583 if ($alertmsg = trim($alertmsg)) {
584 echo "alert(" . js_escape($alertmsg) . ");\n";
585 }
586 ?>
587 </script>
588 </body>
589 </html>
Mirror of official OpenEMR Sourceforge repository