From ef6a8b5a3b1dd67503bc7566d5faa0927d230879 Mon Sep 17 00:00:00 2001
From: sunsetsystems <sunsetsystems>
Date: Tue, 14 Jul 2009 20:39:05 +0000
Subject: [PATCH] separating facility from user maintenance, improved support
 for multiple facilities from Bill Himmelstoss, and a bit of cleanup

---
 interface/globals.php                              |   4 +
 interface/main/calendar/add_edit_event.php         |  74 +++++++-
 interface/main/calendar/find_appt_popup.php        |   6 +
 interface/main/calendar/index.php                  |  19 ++
 .../default/views/day/ajax_template.html           |  46 +++--
 .../default/views/day/orig_default.html            |  40 +++-
 .../default/views/month/ajax_template.html         |  17 +-
 .../default/views/week/ajax_template.html          |  20 +-
 .../calendar/modules/PostCalendar/pnuserapi.php    |   8 +-
 interface/main/ippf_export.php                     |  16 +-
 interface/main/left_nav.php                        |   2 +
 interface/patient_file/encounter/cash_receipt.php  |   5 +-
 interface/patient_file/front_payment.php           |  14 +-
 interface/patient_file/report/custom_report.php    |   9 +
 .../patient_file/report/print_custom_report.php    |  18 +-
 interface/usergroup/facilities.php                 | 118 ++++++++++++
 interface/usergroup/facility_admin.php             |   2 +-
 interface/usergroup/user_admin.php                 | 136 +++++++-------
 interface/usergroup/usergroup_admin.php            | 203 +++++----------------
 interface/usergroup/usergroup_navigation.php       |  12 +-
 library/calendar.inc                               |  17 +-
 library/formdata.inc.php                           |  12 ++
 library/patient.inc                                |  10 +-
 sql/3_0_1-to-3_0_2_upgrade.sql                     |   9 +
 sql/database.sql                                   |   8 +
 25 files changed, 560 insertions(+), 265 deletions(-)
 create mode 100644 interface/usergroup/facilities.php
 create mode 100644 library/formdata.inc.php

diff --git a/interface/globals.php b/interface/globals.php
index 9c0fb0b7e..a91b1d3f8 100644
--- a/interface/globals.php
+++ b/interface/globals.php
@@ -395,6 +395,10 @@ $GLOBALS['ignore_pnotes_authorization'] = true;
 // Everyone should want this, but for now it's optional.
 $GLOBALS['full_new_patient_form'] = true;
 
+// Restrict non-authorized users to the "Schedule Facilities" (aka user_facilities table)
+// set in User admin.
+$GLOBALS['restrict_user_facility'] = false;
+
 // If you want Hylafax support then uncomment and customize the following
 // statements, and also customize custom/faxcover.txt:
 //
diff --git a/interface/main/calendar/add_edit_event.php b/interface/main/calendar/add_edit_event.php
index 1536c4c48..02e7eccc6 100644
--- a/interface/main/calendar/add_edit_event.php
+++ b/interface/main/calendar/add_edit_event.php
@@ -145,7 +145,8 @@ if ( $eid ) {
                             FROM openemr_postcalendar_events
                               LEFT JOIN facility ON (openemr_postcalendar_events.pc_facility = facility.id)
                               WHERE pc_eid = $eid");
-    if ( !$facility['pc_facility'] ) {
+    // if ( !$facility['pc_facility'] ) {
+    if ( is_array($facility) && !$facility['pc_facility'] ) {
         $qmin = sqlQuery("SELECT facility_id as minId, facility FROM users WHERE id = ".$facility['pc_aid']);
         $min  = $qmin['minId'];
         $min_name = $qmin['facility'];
@@ -161,8 +162,13 @@ if ( $eid ) {
         $e2f = $min;
         $e2f_name = $min_name;
     } else {
+      // not edit event
+      if (!$facility['pc_facility'] && ($_SESSION['pc_facility'] || $_COOKIE['pc_facility'])) {
+        $e2f = $_SESSION['pc_facility'] ? $_SESSION['pc_facility'] : $_COOKIE['pc_facility'];
+      } else {
         $e2f = $facility['pc_facility'];
         $e2f_name = $facility['name'];
+      }
     }
 }
 // EOS E2F
@@ -640,7 +646,9 @@ if ($_POST['form_action'] == "save") {
                         $_POST['form_provider'] . "'");
                         $username = $tmprow['username'];
                         $facility = $tmprow['facility'];
-                        $facility_id = $tmprow['facility_id'];
+                        // $facility_id = $tmprow['facility_id'];
+                        // use the session facility if it is set, otherwise the one from the provider.
+                        $facility_id = $_SESSION['pc_facility'] ? $_SESSION['pc_facility'] : $tmprow['facility_id'];
                         $conn = $GLOBALS['adodb']['db'];
                         $encounter = $conn->GenID("sequences");
             addForm($encounter, "New Patient Encounter",
@@ -649,7 +657,8 @@ if ($_POST['form_action'] == "save") {
                         "onset_date = '$event_date', " .
                         "reason = '" . $_POST['form_comments'] . "', " .
                         "facility = '$facility', " .
-                        "facility_id = '$facility_id', " .
+                        // "facility_id = '$facility_id', " .
+                        "facility_id = '" . (int)$_POST['facility'] . "', " .
                         "pid = '" . $_POST['form_pid'] . "', " .
                         "encounter = '$encounter'"
                     ),
@@ -828,7 +837,28 @@ if ($_POST['form_action'] == "save") {
     //(CHEMED)
     //Set default facility for a new event based on the given 'userid'
     if ($userid) {
+        /*************************************************************
         $pref_facility = sqlFetchArray(sqlStatement("SELECT facility_id, facility FROM users WHERE id = $userid"));
+        *************************************************************/
+        if ($_SESSION['pc_facility']) {
+	        $pref_facility = sqlFetchArray(sqlStatement(sprintf("
+		        SELECT f.id as facility_id,
+		        f.name as facility
+		        FROM facility f
+		        WHERE f.id = %d
+	          ",
+		        $_SESSION['pc_facility']
+	          )));	
+        } else {
+          $pref_facility = sqlFetchArray(sqlStatement("
+            SELECT u.facility_id, 
+	          f.name as facility 
+            FROM users u
+            LEFT JOIN facility f on (u.facility_id = f.id)
+            WHERE u.id = $userid
+            "));
+        }
+        /************************************************************/
         $e2f = $pref_facility['facility_id'];
         $e2f_name = $pref_facility['facility'];
     }
@@ -1053,6 +1083,7 @@ if ( $GLOBALS['dutchpc'] ) { ?>
         var c = document.forms[0].form_category;
         var formDate = document.forms[0].form_date;
         dlgopen('find_appt_popup.php?providerid=' + s +
+                '&facility=' + f.options[f.selectedIndex].value +
                 '&catid=' + c.options[c.selectedIndex].value +
                 '&startdate=' + formDate.value, '_blank', 500, 400);
         //END (CHEMED) modifications
@@ -1279,10 +1310,22 @@ if ( $GLOBALS['dutchpc'] ) {
       // EVENTS TO FACILITIES
       //(CHEMED) added service_location WHERE clause
       // get the facilities
+      /***************************************************************
       $qsql = sqlStatement("SELECT * FROM facility WHERE service_location != 0");
+      ***************************************************************/
+      $facils = getUserFacilities($_SESSION['authId']);
+      $qsql = sqlStatement("SELECT id, name FROM facility WHERE service_location != 0");
+      /**************************************************************/
       while ($facrow = sqlFetchArray($qsql)) {
+        /*************************************************************
         $selected = ( $facrow['id'] == $e2f ) ? 'selected="selected"' : '' ;
         echo "<option value={$facrow['id']} $selected>{$facrow['name']}</option>";
+        *************************************************************/
+        if ($_SESSION['authorizedUser'] || in_array($facrow, $facils)) {
+          $selected = ( $facrow['id'] == $e2f ) ? 'selected="selected"' : '' ;
+          echo "<option value={$facrow['id']} $selected>{$facrow['name']}</option>";
+        }
+        /************************************************************/
       }
       // EOS E2F
       // ===========================
@@ -1368,6 +1411,7 @@ if  ($GLOBALS['select_multi_providers']) {
     }
     else {
       // this is a new event so smartly choose a default provider 
+    /*****************************************************************
       if ($userid) {
         // Provider already given to us as a GET parameter.
         $defaultProvider = $userid;
@@ -1395,6 +1439,30 @@ if  ($GLOBALS['select_multi_providers']) {
         echo "</option>\n";
     }
     echo "</select>";
+    *****************************************************************/
+      // default to the currently logged-in user
+      $defaultProvider = $_SESSION['authUserID'];
+      // or, if we have chosen a provider in the calendar, default to them
+      // choose the first one if multiple have been selected
+      if (count($_SESSION['pc_username']) >= 1) {
+        // get the numeric ID of the first provider in the array
+        $pc_username = $_SESSION['pc_username'];
+        $firstProvider = sqlFetchArray(sqlStatement("select id from users where username='".$pc_username[0]."'"));
+        $defaultProvider = $firstProvider['id'];
+      }
+      // if we clicked on a provider's schedule to add the event, use THAT.
+      if ($userid) $defaultProvider = $userid;
+    }
+    echo "<select name='form_provider' style='width:100%' />";
+    while ($urow = sqlFetchArray($ures)) {
+      echo "    <option value='" . $urow['id'] . "'";
+      if ($urow['id'] == $defaultProvider) echo " selected";
+      echo ">" . $urow['lname'];
+      if ($urow['fname']) echo ", " . $urow['fname'];
+      echo "</option>\n";
+    }
+    echo "</select>";
+    /****************************************************************/
 }
 
 ?>
diff --git a/interface/main/calendar/find_appt_popup.php b/interface/main/calendar/find_appt_popup.php
index 52bd9b856..c163ee6cd 100644
--- a/interface/main/calendar/find_appt_popup.php
+++ b/interface/main/calendar/find_appt_popup.php
@@ -101,6 +101,12 @@
    "WHERE pc_aid = '$providerid' AND " .
    "((pc_endDate >= '$sdate' AND pc_eventDate < '$edate') OR " .
    "(pc_endDate = '0000-00-00' AND pc_eventDate >= '$sdate' AND pc_eventDate < '$edate'))";
+  // phyaura whimmel facility filtering
+  if ($_REQUEST['facility'] > 0 ) {
+    $facility = $_REQUEST['facility'];
+    $query .= " AND pc_facility = $facility";
+  }
+  // end facility filtering whimmel 29apr08
   $res = sqlStatement($query);
 
   while ($row = sqlFetchArray($res)) {
diff --git a/interface/main/calendar/index.php b/interface/main/calendar/index.php
index aeb2bc118..0b601f6cc 100644
--- a/interface/main/calendar/index.php
+++ b/interface/main/calendar/index.php
@@ -52,8 +52,27 @@ if ($_GET['framewidth']) $_SESSION['pc_framewidth'] = $_GET['framewidth'];
 
 // FACILITY FILTERING (lemonsoftware) (CHEMED)
 $_SESSION['pc_facility'] = 0;
+
+/*********************************************************************
 if ($_POST['pc_facility'])  $_SESSION['pc_facility'] = $_POST['pc_facility'];
+*********************************************************************/
+if (isset($_COOKIE['pc_facility'])) $_SESSION['pc_facility'] = $_COOKIE['pc_facility'];
+// override the cookie if the user doesn't have access to that facility any more
+if ($_SESSION['userauthorized'] != 1 && $GLOBALS['restrict_user_facility']) { 
+  $facilities = getUserFacilities($_SESSION['authId']);
+  // use the first facility the user has access to, unless...
+  $_SESSION['pc_facility'] = $facilities[0]['id']; 
+  // if the cookie is in the users' facilities, use that.
+  foreach ($facilities as $facrow) {
+    if ($facrow['id'] == $_COOKIE['pc_facility'])
+      $_SESSION['pc_facility'] = $_COOKIE['pc_facility'];
+  }
+}
+if (isset($_POST['pc_facility']))  $_SESSION['pc_facility'] = $_POST['pc_facility'];
+/********************************************************************/
+
 if ($_GET['pc_facility'])  $_SESSION['pc_facility'] = $_GET['pc_facility'];
+setcookie("pc_facility", $_SESSION['pc_facility'], time() + (3600 * 365));
 
 // allow tracking of current viewtype -- JRM
 if ($_GET['viewtype']) $_SESSION['viewtype'] = $_GET['viewtype'];
diff --git a/interface/main/calendar/modules/PostCalendar/pntemplates/default/views/day/ajax_template.html b/interface/main/calendar/modules/PostCalendar/pntemplates/default/views/day/ajax_template.html
index 3c7679b2b..f06d2cb87 100644
--- a/interface/main/calendar/modules/PostCalendar/pntemplates/default/views/day/ajax_template.html
+++ b/interface/main/calendar/modules/PostCalendar/pntemplates/default/views/day/ajax_template.html
@@ -130,15 +130,19 @@ $timeslotHeightUnit="px";
 
  $MULTIDAY = count($A_EVENTS) > 1;
 
- //==================================
- //FACILITY FILTERING (CHEMED)
- if ( $_SESSION['pc_facility'] ) {
-    $provinfo = getProviderInfo('%', true, $_SESSION['pc_facility']);
- } else {
-    $provinfo = getProviderInfo();
- }
- //EOS FACILITY FILTERING (CHEMED)
- //==================================
+//==================================
+//FACILITY FILTERING (CHEMED)
+$facilities = getUserFacilities($_SESSION['authId']); // from users_facility
+if (count($facilities) == 1 || !$_SESSION['pc_facility']) {
+  $_SESSION['pc_facility'] = $facilities[0]['id'];
+}
+if ( $_SESSION['pc_facility'] ) {
+  $provinfo = getProviderInfo('%', true, $_SESSION['pc_facility']);
+} else {
+  $provinfo = getProviderInfo();
+}
+//EOS FACILITY FILTERING (CHEMED)
+//==================================
 
 [-/php-]
 
@@ -290,11 +294,22 @@ Providers
 [-php-]
 // ==============================
 // FACILITY FILTERING (lemonsoftware)
+/*********************************************************************
 $facilities = getFacilities();
+*********************************************************************/
+if ($_SESSION['authorizeduser'] == 1) {
+  $facilities = getFacilities();
+} else {
+  $facilities = getUserFacilities($_SESSION['authId']); // from users_facility
+  if (count($facilities) == 1)
+    $_SESSION['pc_facility'] = key($facilities);
+}
+/********************************************************************/
 if (count($facilities) > 1) {
     echo "   <select name='pc_facility' id='pc_facility'>\n";
     if ( !$_SESSION['pc_facility'] ) $selected = "selected='selected'";
-    echo "    <option value='0' $selected>"  .xl('All Facilities'). "</option>\n";
+    // echo "    <option value='0' $selected>"  .xl('All Facilities'). "</option>\n";
+    if (!$GLOBALS['restrict_user_facility']) echo "    <option value='0' $selected>" . xl('All Facilities') . "</option>\n";
     foreach ($facilities as $fa) {
         $selected = ( $_SESSION['pc_facility'] == $fa['id']) ? "selected='selected'" : "" ;
         echo "    <option value='" .$fa['id']. "' $selected>"  .$fa['name']. "</option>\n";
@@ -345,13 +360,19 @@ foreach ($times as $slottime) {
 
     echo "<tr><td class='timeslot'>";
 
+    /*****************************************************************
     $providerid = 0;
     if (count($providers) == 1) {
         $providerid = $providers[0]['id'];
     }
     echo "<a href='javascript:newEvt($startampm,$starttimeh,$starttimem,$Date,$providerid,0)' title='New Appointment' alt='New Appointment'>";
+    *****************************************************************/
+    // can't have a link to new appts since we may have multiple providers displayed
+    //echo "<a href='javascript:newEvt($startampm,$starttimeh,$starttimem,$defaultDate,$providerid,$in_cat_id)' title='New Appointment' alt='New Appointment'>";
+    /****************************************************************/
+
     echo "$disptimeh:$starttimem";
-    echo "</a>";
+    // echo "</a>";
 
     echo "</td></tr>\n";
 }
@@ -598,7 +619,8 @@ foreach ($providers as $provider) {
                 $content .= "<span class='appointment'>";
                 $content .= $dispstarth . ':' . $startm;
                 if ($event['recurrtype'] == 1) $content .= "<img src='$TPL_IMAGE_PATH/repeating8.png' border='0' style='margin:0px 2px 0px 2px;' title='Repeating event' alt='Repeating event'>";
-                $content .= htmlspecialchars($event['apptstatus']);
+                // $content .= htmlspecialchars($event['apptstatus']);
+                $content .= '&nbsp;'.htmlspecialchars($event['apptstatus']);
                 if ($patientid) {
                     $link_title = "Age: ".$patient_age."\nDOB: ".$patient_dob."\n";
                     $link_title .= "(Click to view)";
diff --git a/interface/main/calendar/modules/PostCalendar/pntemplates/default/views/day/orig_default.html b/interface/main/calendar/modules/PostCalendar/pntemplates/default/views/day/orig_default.html
index e7a9af5e8..ec7733744 100644
--- a/interface/main/calendar/modules/PostCalendar/pntemplates/default/views/day/orig_default.html
+++ b/interface/main/calendar/modules/PostCalendar/pntemplates/default/views/day/orig_default.html
@@ -159,9 +159,17 @@ div.tiny { width:1px; height:1px; font-size:1px; }
 
  $MULTIDAY = count($A_EVENTS) > 1;
 
- $provinfo = getProviderInfo();
-
- echo "<form name='theform' action='index.php?module=PostCalendar&func=view" .
+ $facilities = getUserFacilities($_SESSION['authId']); // from users_facility
+ if (count($facilities) == 1 || !$_SESSION['pc_facility']) {
+  $_SESSION['pc_facility'] = $facilities[0]['id'];
+ }
+ if ( $_SESSION['pc_facility'] ) {
+  $provinfo = getProviderInfo('%', true, $_SESSION['pc_facility']);
+ } else {
+  $provinfo = getProviderInfo();
+ }
+ // echo "<form name='theform' action='index.php?module=PostCalendar&func=view" .
+ echo "<form id='theform' name='theform' action='index.php?module=PostCalendar&func=view" .
       "&tplview=default&pc_category=&pc_topic=' " .
       "method='post' onsubmit='return top.restoreSession()'>\n";
  echo "<center>\n";
@@ -182,6 +190,7 @@ div.tiny { width:1px; height:1px; font-size:1px; }
  }
  echo "   </select>\n";
 
+/*********************************************************************
  // ==============================
  // FACILITY FILTERING (lemonsoftware)
  $facilities = getFacilities();
@@ -193,6 +202,28 @@ div.tiny { width:1px; height:1px; font-size:1px; }
      echo "    <option value='" .$fa['id']. "' $selected>"  .$fa['name']. "</option>\n";
  }
  echo "   </select>\n";
+*********************************************************************/
+// ==============================
+// FACILITY FILTERING (lemonsoftware)
+if ($_SESSION['authorizeduser'] == 1) {
+  $facilities = getFacilities();
+} else {
+  $facilities = getUserFacilities($_SESSION['authId']); // from users_facility
+  if (count($facilities) == 1)
+    $_SESSION['pc_facility'] = ($facilities[0]['id']);
+}
+if (count($facilities) > 1) {
+  echo "   <select name='pc_facility' id='pc_facility' onChange='document.getElementById(\"theform\").submit();'>\n";
+  if ( !$_SESSION['pc_facility'] ) $selected = "selected='selected'";
+  if ( !$GLOBALS['restrict_user_facility']) echo "    <option value='0' $selected>" . xl('All Facilities') . "</option>\n";
+  foreach ($facilities as $fa) {
+    $selected = ( $_SESSION['pc_facility'] == $fa['id']) ? "selected='selected'" : "" ;
+    echo "    <option value='" . $fa['id'] . "' $selected>" . $fa['name'] . "</option>\n";
+  }
+  echo "   </select>\n";
+}
+/********************************************************************/
+
  // EOS FF
  // ==============================
 
@@ -494,7 +525,8 @@ if ($MULTIDAY) {
      }
      else { // some sort of patient appointment
       $content .= "<a href='javascript:oldEvt($eventdate,$eventid)' title='$catname'>";
-      $content .= $starth . ':' . $startm . htmlspecialchars($event['apptstatus']) . "</a>";
+      // $content .= $starth . ':' . $startm . htmlspecialchars($event['apptstatus']) . "</a>";
+      $content .= $starth . ':' . $startm . '&nbsp;' . htmlspecialchars($event['apptstatus']) . "&nbsp;</a>";
       $content .= "<a href='javascript:goPid($patientid)' title='$title'>";
       if ($catid == 1) $content .= "<strike>";
       $content .= $lname;
diff --git a/interface/main/calendar/modules/PostCalendar/pntemplates/default/views/month/ajax_template.html b/interface/main/calendar/modules/PostCalendar/pntemplates/default/views/month/ajax_template.html
index fd17041eb..c4c2e9672 100644
--- a/interface/main/calendar/modules/PostCalendar/pntemplates/default/views/month/ajax_template.html
+++ b/interface/main/calendar/modules/PostCalendar/pntemplates/default/views/month/ajax_template.html
@@ -127,6 +127,10 @@ $timeslotHeightUnit="px";
 
  //==================================
  //FACILITY FILTERING (CHEMED)
+ $facilities = getUserFacilities($_SESSION['authId']); // from users_facility
+ if (count($facilities) == 1 || !$_SESSION['pc_facility']) {
+  $_SESSION['pc_facility'] = $facilities[0]['id'];
+ }
  if ( $_SESSION['pc_facility'] ) {
     $provinfo = getProviderInfo('%', true, $_SESSION['pc_facility']);
  } else {
@@ -270,11 +274,20 @@ Providers
 [-php-]
 // ==============================
 // FACILITY FILTERING (lemonsoftware)
-$facilities = getFacilities();
+// $facilities = getFacilities();
+if ($_SESSION['authorizeduser'] == 1) {
+  $facilities = getFacilities();
+} else {
+  $facilities = getUserFacilities($_SESSION['authId']); // from users_facility
+  if (count($facilities) == 1)
+    $_SESSION['pc_facility'] = key($facilities);
+}
 if (count($facilities) > 1) {
     echo "   <select name='pc_facility' id='pc_facility'>\n";
     if ( !$_SESSION['pc_facility'] ) $selected = "selected='selected'";
-    echo "    <option value='0' $selected>"  .xl('All Facilities'). "</option>\n";
+    // echo "    <option value='0' $selected>"  .xl('All Facilities'). "</option>\n";
+    if (!$GLOBALS['restrict_user_facility']) echo "    <option value='0' $selected>" . xl('All Facilities') . "</option>\n";
+
     foreach ($facilities as $fa) {
         $selected = ( $_SESSION['pc_facility'] == $fa['id']) ? "selected='selected'" : "" ;
         echo "    <option value='" .$fa['id']. "' $selected>"  .$fa['name']. "</option>\n";
diff --git a/interface/main/calendar/modules/PostCalendar/pntemplates/default/views/week/ajax_template.html b/interface/main/calendar/modules/PostCalendar/pntemplates/default/views/week/ajax_template.html
index a628d6f89..9598ac83e 100644
--- a/interface/main/calendar/modules/PostCalendar/pntemplates/default/views/week/ajax_template.html
+++ b/interface/main/calendar/modules/PostCalendar/pntemplates/default/views/week/ajax_template.html
@@ -127,6 +127,10 @@ $timeslotHeightUnit="px";
 
  //==================================
  //FACILITY FILTERING (CHEMED)
+ $facilities = getUserFacilities($_SESSION['authId']); // from users_facility
+ if (count($facilities) == 1 || !$_SESSION['pc_facility']) {
+  $_SESSION['pc_facility'] = $facilities[0]['id'];
+ }
  if ( $_SESSION['pc_facility'] ) {
     $provinfo = getProviderInfo('%', true, $_SESSION['pc_facility']);
  } else {
@@ -294,11 +298,19 @@ Providers
 [-php-]
 // ==============================
 // FACILITY FILTERING (lemonsoftware)
-$facilities = getFacilities();
+// $facilities = getFacilities();
+if ($_SESSION['authorizeduser'] == 1) {
+  $facilities = getFacilities();
+} else {
+  $facilities = getUserFacilities($_SESSION['authId']); // from users_facility
+ 	if (count($facilities) == 1)
+    $_SESSION['pc_facility'] = key($facilities);
+}
 if (count($facilities) > 1) {
     echo "   <select name='pc_facility' id='pc_facility'>\n";
     if ( !$_SESSION['pc_facility'] ) $selected = "selected='selected'";
-    echo "    <option value='0' $selected>"  .xl('All Facilities'). "</option>\n";
+    // echo "    <option value='0' $selected>"  .xl('All Facilities'). "</option>\n";
+    if (!$GLOBALS['restrict_user_facility']) echo "    <option value='0' $selected>" . xl('All Facilities') . "</option>\n";
     foreach ($facilities as $fa) {
         $selected = ( $_SESSION['pc_facility'] == $fa['id']) ? "selected='selected'" : "" ;
         echo "    <option value='" .$fa['id']. "' $selected>"  .$fa['name']. "</option>\n";
@@ -399,7 +411,9 @@ foreach ($providers as $provider) {
         $slotendmins = $starttimeh * 60 + $starttimem + $interval;
 
         echo "<tr><td class='timeslot'>";
-        echo "<a href='javascript:newEvt($startampm,$starttimeh,$starttimem,$Date,$providerid,$in_cat_id)' title='New Appointment' alt='New Appointment'>";
+//         echo "<a href='javascript:newEvt($startampm,$starttimeh,$starttimem,$Date,$providerid,$in_cat_id)' title='New Appointment' alt='New Appointment'>";
+        echo "<a href='javascript:newEvt($startampm,$starttimeh,$starttimem,$defaultDate,$providerid,$in_cat_id)' title='New Appointment' alt='New Appointment'>";
+
         //echo $slottime['hour'] * 60 + $slottime['minute'];
         echo "$disptimeh:$starttimem</a>";
         echo "</td></tr>\n";
diff --git a/interface/main/calendar/modules/PostCalendar/pnuserapi.php b/interface/main/calendar/modules/PostCalendar/pnuserapi.php
index cd2696dad..d0fe6b0a0 100644
--- a/interface/main/calendar/modules/PostCalendar/pnuserapi.php
+++ b/interface/main/calendar/modules/PostCalendar/pnuserapi.php
@@ -999,15 +999,15 @@ function &postcalendar_userapi_pcQueryEvents($args)
   //FACILITY FILTERING (lemonsoftware)(CHEMED)
     if ( $_SESSION['pc_facility'] ) {
             $pc_facility = $_SESSION['pc_facility'];
-            $sql .= " AND a.pc_facility = $pc_facility
+            $sql .= " AND a.pc_facility = $pc_facility "; /*
                       AND u.facility_id = $pc_facility
-                      AND u2.facility_id = $pc_facility ";
+                      AND u2.facility_id = $pc_facility "; */
     }
     else if ($pc_facility) {
         // pc_facility could be provided in the search arguments -- JRM March 2008
-        $sql .= " AND a.pc_facility = $pc_facility".
+        $sql .= " AND a.pc_facility = $pc_facility "; /*.
                 " AND u.facility_id = $pc_facility".
-                " AND u2.facility_id = $pc_facility ";
+                " AND u2.facility_id = $pc_facility "; */
     }
   //EOS FACILITY FILTERING (lemonsoftware)
   //==================================
diff --git a/interface/main/ippf_export.php b/interface/main/ippf_export.php
index 90c39ee27..c0927c093 100644
--- a/interface/main/ippf_export.php
+++ b/interface/main/ippf_export.php
@@ -271,7 +271,8 @@ if (!empty($form_submit)) {
     "billing_location DESC, id ASC LIMIT 1");
   OpenTag('IMS_eMRUpload_Point');
   Add('ServiceDeliveryPointName' , $facrow['name']);
-  Add('EmrServiceDeliveryPointId', $facrow['id']);
+  // Add('EmrServiceDeliveryPointId', $facrow['id']);
+  Add('EmrServiceDeliveryPointId', $facrow['facility_npi']);
   Add('Channel'                  , '01');
   Add('Latitude'                 , '222222'); // TBD: Add this to facility attributes
   Add('Longitude'                , '433333'); // TBD: Add this to facility attributes
@@ -316,6 +317,17 @@ if (!empty($form_submit)) {
 
     $last_pid = $row['pid'];
 
+    // Compute education: 0 = none, 1 = some, 9 = unassigned.
+    // The MAs should be told to use "none" for no education.
+    $education = 9;
+    if (!empty($row['education'])) {
+      if (preg_match('/^il/i', $row['education']) ||
+          preg_match('/^no/i', $row['education']))
+        $education = 0;
+      else
+        $education = 1;
+    }
+
     // Get most recent contraceptive issue.
     $crow = sqlQuery("SELECT l.begdate, c.new_method " .
       "FROM lists AS l, lists_ippf_con AS c WHERE " .
@@ -358,7 +370,7 @@ if (!empty($form_submit)) {
     Add('Pregnancies', 0 + getTextListValue($hrow['genobshist'],'npreg')); // number of pregnancies
     Add('Children'   , 0 + getTextListValue($hrow['genobshist'],'nlc'));   // number of living children
     Add('Abortions'  , 0 + getTextListValue($hrow['genabohist'],'nia'));   // number of induced abortions
-    Add('Education'  , empty($row['education']) ? 0 : $row['education']);
+    Add('Education'  , $education);
     Add('Demo5'      , Sex($row['sex']));
 
     // Dump all visits for this patient at this facility.
diff --git a/interface/main/left_nav.php b/interface/main/left_nav.php
index 3686ba82d..16c9c27c4 100644
--- a/interface/main/left_nav.php
+++ b/interface/main/left_nav.php
@@ -754,6 +754,7 @@ function genPopupsList($style='') {
   <?php if ($GLOBALS['inhouse_pharmacy'] && acl_check('admin', 'drugs')) genMiscLink('RTop','adm','0','Inventory','drugs/drug_inventory.php'); ?>
   <li><span><?php xl('Administration','e') ?></span>
     <ul>
+      <?php if (acl_check('admin', 'users'    )) genMiscLink('RTop','adm','0','Facilities','usergroup/facilities.php'); ?>
       <?php if (acl_check('admin', 'users'    )) genMiscLink('RTop','adm','0','Users','usergroup/usergroup_admin.php'); ?>
       <?php genTreeLink('RTop','pwd','Users Password Change'); ?>
       <?php if (acl_check('admin', 'practice' )) genMiscLink('RTop','adm','0','Practice','../controller.php?practice_settings'); ?>
@@ -830,6 +831,7 @@ function genPopupsList($style='') {
   <?php if ($GLOBALS['inhouse_pharmacy'] && acl_check('admin', 'drugs')) genMiscLink('RTop','adm','0','Inventory','drugs/drug_inventory.php'); ?>
   <li><span><?php xl('Administration','e') ?></span>
     <ul>
+      <?php if (acl_check('admin', 'users'    )) genMiscLink('RTop','adm','0','Facilities','usergroup/facilities.php'); ?>
       <?php if (acl_check('admin', 'users'    )) genMiscLink('RTop','adm','0','Users','usergroup/usergroup_admin.php'); ?>
       <?php if (acl_check('admin', 'practice' )) genMiscLink('RTop','adm','0','Practice','../controller.php?practice_settings'); ?>
       <?php if (acl_check('admin', 'superbill')) genTreeLink('RTop','sup','Services'); ?>
diff --git a/interface/patient_file/encounter/cash_receipt.php b/interface/patient_file/encounter/cash_receipt.php
index 1a005dcba..8ef9d1d7a 100644
--- a/interface/patient_file/encounter/cash_receipt.php
+++ b/interface/patient_file/encounter/cash_receipt.php
@@ -36,7 +36,10 @@
  }
 
  $titleres = getPatientData($pid, "fname,lname,providerID");
- $sql = "select * from facility where billing_location = 1";
+ // $sql = "select * from facility where billing_location = 1";
+ $sql = "select f.* from facility f ".
+  "LEFT JOIN form_encounter fe on fe.facility_id = f.id ".
+  "where fe.encounter = " . $encounter;
  $db = $GLOBALS['adodb']['db'];
  $results = $db->Execute($sql);
  $facility = array();
diff --git a/interface/patient_file/front_payment.php b/interface/patient_file/front_payment.php
index 1f02de398..441294504 100644
--- a/interface/patient_file/front_payment.php
+++ b/interface/patient_file/front_payment.php
@@ -252,13 +252,25 @@ if ($_POST['form_save'] || $_REQUEST['receipt']) {
     "MAX(method) AS method, " .
     "MAX(source) AS source, " .
     "MAX(dtime) AS dtime, " .
-    "MAX(user) AS user " .
+    // "MAX(user) AS user " .
+    "MAX(user) AS user, " .
+    "MAX(encounter) as encounter ".
     "FROM payments WHERE " .
     "pid = '$form_pid' AND dtime = '$timestamp'");
 
   // Create key for deleting, just in case.
   $payment_key = $form_pid . '.' . preg_replace('/[^0-9]/', '', $timestamp);
 
+  // get facility from encounter
+  $tmprow = sqlQuery(sprintf("
+    SELECT facility_id
+    FROM form_encounter
+    WHERE encounter = '%s'",
+    $payrow['encounter']
+    ));
+  $frow = sqlQuery(sprintf("SELECT * FROM facility " .
+    " WHERE id = '%s'",$tmprow['facility_id']));
+
   // Now proceed with printing the receipt.
 ?>
 
diff --git a/interface/patient_file/report/custom_report.php b/interface/patient_file/report/custom_report.php
index 3aecdcf5c..0eca89d78 100644
--- a/interface/patient_file/report/custom_report.php
+++ b/interface/patient_file/report/custom_report.php
@@ -56,8 +56,17 @@ if (sizeof($_GET) > 0) { $ar = $_GET; }
 else { $ar = $_POST; }
 
 if ($printable) {
+  /*******************************************************************
   $titleres = getPatientData($pid, "fname,lname,providerID");
   $sql = "SELECT * FROM facility ORDER BY billing_location DESC LIMIT 1";
+  *******************************************************************/
+  $titleres = getPatientData($pid, "fname,lname,providerID,DATE_FORMAT(DOB,'%m/%d/%Y') as DOB_TS");
+  if ($_SESSION['pc_facility']) {
+    $sql = "select * from facility where id=" . $_SESSION['pc_facility'];
+  } else {
+    $sql = "SELECT * FROM facility ORDER BY billing_location DESC LIMIT 1";
+  }
+  /******************************************************************/
   $db = $GLOBALS['adodb']['db'];
   $results = $db->Execute($sql);
   $facility = array();
diff --git a/interface/patient_file/report/print_custom_report.php b/interface/patient_file/report/print_custom_report.php
index 0983ed695..e204c7664 100644
--- a/interface/patient_file/report/print_custom_report.php
+++ b/interface/patient_file/report/print_custom_report.php
@@ -1,4 +1,4 @@
-<?
+<?php
  include_once("../../globals.php");
  include_once("$srcdir/forms.inc");
  include_once("$srcdir/billing.inc");
@@ -22,21 +22,29 @@
 ?>
 <html>
 <head>
-<? html_header_show();?>
+<?php html_header_show();?>
 <link rel=stylesheet href="<?echo $css_header;?>" type="text/css">
 </head>
 
 <body bgcolor="#ffffff" topmargin=0 rightmargin=0 leftmargin=2 bottommargin=0 marginwidth=2 marginheight=0>
 <p>
-<?
+<?php
  if (sizeof($_GET) > 0) {
   $ar = $_GET;
  } else {
   $ar = $_POST;
  }
 
- $titleres = getPatientData($pid, "fname,lname,providerID");
- $sql = "select * from facility where billing_location = 1";
+ $titleres = getPatientData($pid, "fname,lname,providerID");
+ /********************************************************************
+ $sql = "select * from facility where billing_location = 1";
+ ********************************************************************/
+ if ($_SESSION['pc_facility']) {
+ 	$sql = "select * from facility where id=" . $_SESSION['pc_facility'];
+ } else {
+ 	$sql = "select * from facility where billing_location = 1";
+ }
+ /*******************************************************************/
  $db = $GLOBALS['adodb']['db'];
  $results = $db->Execute($sql);
  $facility = array();
diff --git a/interface/usergroup/facilities.php b/interface/usergroup/facilities.php
new file mode 100644
index 000000000..2ce552932
--- /dev/null
+++ b/interface/usergroup/facilities.php
@@ -0,0 +1,118 @@
+<?php
+require_once("../globals.php");
+require_once("../../library/acl.inc");
+require_once("$srcdir/sql.inc");
+require_once("$srcdir/formdata.inc.php");
+
+$alertmsg = '';
+
+if (isset($_POST["mode"]) && $_POST["mode"] == "facility") {
+  sqlStatement("INSERT INTO facility SET " .
+  "name = '"         . trim(formData('facility'    )) . "', " .
+  "phone = '"        . trim(formData('phone'       )) . "', " .
+  "fax = '"          . trim(formData('fax'         )) . "', " .
+  "street = '"       . trim(formData('street'      )) . "', " .
+  "city = '"         . trim(formData('city'        )) . "', " .
+  "state = '"        . trim(formData('state'       )) . "', " .
+  "postal_code = '"  . trim(formData('postal_code' )) . "', " .
+  "country_code = '" . trim(formData('country_code')) . "', " .
+  "federal_ein = '"  . trim(formData('federal_ein' )) . "', " .
+  "facility_npi = '" . trim(formData('facility_npi')) . "'");
+}
+?>
+<html>
+<head>
+
+<link rel="stylesheet" href="<?php echo $css_header;?>" type="text/css">
+
+</head>
+<body class="body_top">
+
+<span class="title"><?php xl('Facility Administration','e'); ?></span>
+
+<br><br>
+
+<table width=100%>
+<tr>
+
+<td valign=top>
+
+<form name='facility' method='post' action="facilities.php"
+ onsubmit='return top.restoreSession()'>
+<input type=hidden name=mode value="facility">
+<span class="bold"><?php xl('New Facility Information','e'); ?>: </span>
+</td><td>
+
+<table border=0 cellpadding=0 cellspacing=0>
+<tr>
+<td><span class="text"><?php xl('Name','e'); ?>: </span></td><td><input type=entry name=facility size=20 value=""></td>
+<td><span class="text"><?php xl('Phone','e'); ?>: </span></td><td><input type=entry name=phone size=20 value=""></td>
+</tr>
+<tr>
+<td>&nbsp;</td><td>&nbsp;</td>
+<td><span class="text"><?php xl('Fax','e'); ?>: </span></td><td><input type=entry name=fax size=20 value=""></td>
+</tr>
+<tr>
+<td><span class="text"><?php xl('Address','e'); ?>: </span></td><td><input type=entry size=20 name=street value=""></td>
+<td><span class="text"><?php xl('City','e'); ?>: </span></td><td><input type=entry size=20 name=city value=""></td>
+</tr>
+<tr>
+<td><span class="text"><?php xl('State','e'); ?>: </span></td><td><input type=entry size=20 name=state value=""></td>
+<td><span class="text"><?php xl('Zip Code','e'); ?>: </span></td><td><input type=entry size=20 name=postal_code value=""></td>
+</tr>
+<tr>
+<td height="22"><span class="text"><?php xl('Country','e'); ?>: </span></td>
+<td><input type=entry size=20 name=country_code value=""></td>
+<td><span class="text"><?php xl('Federal EIN','e'); ?>: </span></td><td><input type=entry size=20 name=federal_ein value=""></td>
+</tr>
+<tr>
+<td>&nbsp;</td><td>&nbsp;</td>
+
+<td><span class="text"><?php ($GLOBALS['simplified_demographics'] ? xl('Facility Code','e') : xl('Facility NPI','e')); ?>:
+</span></td><td><input type=entry size=20 name=facility_npi value=""></td>
+
+</tr>
+<tr>
+<td>&nbsp;</td><td>&nbsp;</td>
+<td>&nbsp;</td><td><input type="submit" value=<?php xl('Add Facility','e'); ?>></td>
+</tr>
+</table>
+</form>
+<br>
+</tr>
+<tr>
+<td valign=top>
+
+<span class="bold"><?php xl('Edit Facilities','e'); ?>: </span>
+</td><td valign=top>
+<?php
+$fres = 0;
+$fres = sqlStatement("select * from facility order by name");
+if ($fres) {
+  $result2 = array();
+  for ($iter3 = 0;$frow = sqlFetchArray($fres);$iter3++)
+    $result2[$iter3] = $frow;
+  foreach($result2 as $iter3) {
+?>
+<span class="text"><?php echo $iter3{name};?></span>
+<a href="facility_admin.php?fid=<?php echo $iter3{id};?>" class="link_submit"
+ onclick="top.restoreSession()">(<?php xl('Edit','e'); ?>)</a><br>
+<?php
+  }
+}
+?>
+
+</td>
+</tr>
+</table>
+
+<script language="JavaScript">
+<?php
+  if ($alertmsg = trim($alertmsg)) {
+    echo "alert('$alertmsg');\n";
+  }
+?>
+</script>
+
+</body>
+</html>
diff --git a/interface/usergroup/facility_admin.php b/interface/usergroup/facility_admin.php
index 594ee7213..8b4dbdd7e 100644
--- a/interface/usergroup/facility_admin.php
+++ b/interface/usergroup/facility_admin.php
@@ -122,7 +122,7 @@ if (isset($_POST["fid"])) {
 </tr>
 <tr>
 	<td>&nbsp;</td><td>&nbsp;</td>
-	<td>&nbsp;</td><td><br><br><input type="submit" value=<?php xl('Update Info','e'); ?>>&nbsp;&nbsp;&nbsp;<a href="usergroup_admin.php" class=link_submit>[<?php xl('Back','e'); ?>]</font></a></td>
+	<td>&nbsp;</td><td><br><br><input type="submit" value=<?php xl('Update Info','e'); ?>>&nbsp;&nbsp;&nbsp;<a href="facilities.php" class=link_submit>[<?php xl('Back','e'); ?>]</font></a></td>
 </tr>
 </table>
 </form>
diff --git a/interface/usergroup/user_admin.php b/interface/usergroup/user_admin.php
index 6eaf86875..06f8ae002 100644
--- a/interface/usergroup/user_admin.php
+++ b/interface/usergroup/user_admin.php
@@ -8,91 +8,93 @@ require_once("../globals.php");
 require_once("../../library/acl.inc");
 require_once("$srcdir/md5.js");
 require_once("$srcdir/sql.inc");
+require_once("$srcdir/calendar.inc");
+require_once("$srcdir/formdata.inc.php");
 require_once(dirname(__FILE__) . "/../../library/classes/WSProvider.class.php");
-?>
-
-<html>
-<head>
-
-<link rel="stylesheet" href="<?php echo $css_header; ?>" type="text/css">
-
-</head>
-<body class="body_top">
-
-<a href="usergroup_admin.php"><span class="title"><?php xl('User Administration','e'); ?></span></a>
-<br><br>
 
-<?php
 if (!$_GET["id"] || !acl_check('admin', 'users'))
   exit();
 
 if ($_GET["mode"] == "update") {
   if ($_GET["username"]) {
-    $tqvar = addslashes(trim($_GET["username"]));
+    // $tqvar = addslashes(trim($_GET["username"]));
+    $tqvar = trim(formData('username','G'));
     $user_data = mysql_fetch_array(sqlStatement("select * from users where id={$_GET["id"]}"));
     sqlStatement("update users set username='$tqvar' where id={$_GET["id"]}");
     sqlStatement("update groups set user='$tqvar' where user='". $user_data["username"]  ."'");
     //echo "query was: " ."update groups set user='$tqvar' where user='". $user_data["username"]  ."'" ;
   }
   if ($_GET["taxid"]) {
-    $tqvar = addslashes($_GET["taxid"]);
+    $tqvar = formData('taxid','G');
     sqlStatement("update users set federaltaxid='$tqvar' where id={$_GET["id"]}");
   }
   if ($_GET["drugid"]) {
-    $tqvar = addslashes($_GET["drugid"]);
+    $tqvar = formData('drugid','G');
     sqlStatement("update users set federaldrugid='$tqvar' where id={$_GET["id"]}");
   }
   if ($_GET["upin"]) {
-    $tqvar = addslashes($_GET["upin"]);
+    $tqvar = formData('upin','G');
     sqlStatement("update users set upin='$tqvar' where id={$_GET["id"]}");
   }
   if ($_GET["npi"]) {
-    $tqvar = addslashes($_GET["npi"]);
+    $tqvar = formData('npi','G');
     sqlStatement("update users set npi='$tqvar' where id={$_GET["id"]}");
   }
   if ($_GET["taxonomy"]) {
-    $tqvar = addslashes($_GET["taxonomy"]);
+    $tqvar = formData('taxonomy','G');
     sqlStatement("update users set taxonomy = '$tqvar' where id= {$_GET["id"]}");
   }
   if ($_GET["lname"]) {
-    $tqvar = addslashes($_GET["lname"]);
+    $tqvar = formData('lname','G');
     sqlStatement("update users set lname='$tqvar' where id={$_GET["id"]}");
   }
   if ($_GET["job"]) {
-    $tqvar = addslashes($_GET["job"]);
+    $tqvar = formData('job','G');
     sqlStatement("update users set specialty='$tqvar' where id={$_GET["id"]}");
   }
   if ($_GET["mname"]) {
-          $tqvar = addslashes($_GET["mname"]);
+          $tqvar = formData('mname','G');
           sqlStatement("update users set mname='$tqvar' where id={$_GET["id"]}");
   }
   if ($_GET["facility_id"]) {
-          $tqvar = addslashes($_GET["facility_id"]);
+          $tqvar = formData('facility_id','G');
           sqlStatement("update users set facility_id = '$tqvar' where id = {$_GET["id"]}");
           //(CHEMED) Update facility name when changing the id
           sqlStatement("UPDATE users, facility SET users.facility = facility.name WHERE facility.id = '$tqvar' AND users.id = {$_GET["id"]}");
           //END (CHEMED)
   }
+  if ($_GET["schedule_facility"]) {
+	  sqlStatement("delete from users_facility
+	    where tablename='users'
+	    and table_id={$_GET["id"]}
+	    and facility_id not in (" . implode(",", $_GET['schedule_facility']) . ")");
+	  foreach($_GET["schedule_facility"] as $tqvar) {
+      sqlStatement("replace into users_facility set 
+		    facility_id = '$tqvar',
+		    tablename='users',
+		    table_id = {$_GET["id"]}");
+    }
+  }
   if ($_GET["fname"]) {
-          $tqvar = addslashes($_GET["fname"]);
+          $tqvar = formData('fname','G');
           sqlStatement("update users set fname='$tqvar' where id={$_GET["id"]}");
   }
 
   //(CHEMED) Calendar UI preference
   if ($_GET["cal_ui"]) {
-          $tqvar = addslashes($_GET["cal_ui"]);
+          $tqvar = formData('cal_ui','G');
           sqlStatement("update users set cal_ui = '$tqvar' where id = {$_GET["id"]}");
   }
   //END (CHEMED) Calendar UI preference
 
   if ($_GET["newauthPass"] && $_GET["newauthPass"] != "d41d8cd98f00b204e9800998ecf8427e") { // account for empty
-    $tqvar = addslashes($_GET["newauthPass"]);
+    $tqvar = formData('newauthPass','G');
     sqlStatement("update users set password='$tqvar' where id={$_GET["id"]}");
   }
 
   // for relay health single sign-on
   if ($_GET["ssi_relayhealth"]) {
-    $tqvar = addslashes($_GET["ssi_relayhealth"]);
+    $tqvar = formData('ssi_relayhealth','G');
     sqlStatement("update users set ssi_relayhealth = '$tqvar' where id = {$_GET["id"]}");
   }
 
@@ -104,49 +106,45 @@ if ($_GET["mode"] == "update") {
     "id = {$_GET["id"]}");
 
   if ($_GET["comments"]) {
-    $tqvar = addslashes($_GET["comments"]);
+    $tqvar = formData('comments','G');
     sqlStatement("update users set info = '$tqvar' where id = {$_GET["id"]}");
   }
 
   if (isset($phpgacl_location) && acl_check('admin', 'acl')) {
     // Set the access control group of user
     $user_data = mysql_fetch_array(sqlStatement("select username from users where id={$_GET["id"]}"));
-    set_user_aro($_GET["access_group"], $user_data["username"], $_GET["fname"], $_GET["mname"], $_GET["lname"]);
-  }
-
-  // ===========================
-  // DBC DUTCH SYSTEM  
-  if ( $_GET["beroep"] ) {
-         $tqvar = (int)($_GET["beroep"]);
-         sqlStatement("INSERT INTO cl_user_beroep SET cl_beroep_sysid='$tqvar', cl_beroep_userid={$_GET['id']}
-         ON DUPLICATE KEY UPDATE cl_beroep_sysid='$tqvar'");
+    set_user_aro($_GET['access_group'], $user_data["username"],
+      formData('fname','G'), formData('mname','G'), formData('lname','G'));
   }
-  // EOS
-  // ===========================
 
   $ws = new WSProvider($_GET['id']);
+
+  // On a successful update, return to the users list.
+  include("usergroup_admin.php");
+  exit(0);
 }
 
 $res = sqlStatement("select * from users where id={$_GET["id"]}");
 for ($iter = 0;$row = sqlFetchArray($res);$iter++)
                 $result[$iter] = $row;
 $iter = $result[0];
+?>
+<html>
+<head>
 
-// ===========================
-// DBC DUTCH SYSTEM
-if ($GLOBALS['dutchpc']) {
-  $beroep = sqlStatement("SELECT * FROM cl_user_beroep WHERE cl_beroep_userid={$_GET["id"]}");
-  $rowberoep = sqlFetchArray($beroep);
-}
-// EOS DBC
-// ===========================
+<link rel="stylesheet" href="<?php echo $css_header; ?>" type="text/css">
+
+</head>
+<body class="body_top">
+
+<a href="usergroup_admin.php"><span class="title"><?php xl('User Administration','e'); ?></span></a>
+<br><br>
 
-?>
 <FORM NAME="user_form" METHOD="GET" ACTION="user_admin.php">
 <TABLE border=0 cellpadding=0 cellspacing=0>
 <TR>
 <TD><span class=text><?php xl('Username','e'); ?>: </span></TD><TD><input type=entry name=username size=20 value="<?php echo $iter["username"]; ?>" disabled> &nbsp;</td>
-<TD><span class=text><?php xl('Password','e'); ?>: </span></TD><TD class='text'><input type=password name=clearPass size=20 value=""> * <?php xl('Leave blank to keep password unchanged.','e'); ?></td>
+<TD><span class=text><?php xl('Password','e'); ?>: </span></TD><TD class='text'><input type=entry name=clearPass size=20 value=""> * <?php xl('Leave blank to keep password unchanged.','e'); ?></td>
 </TR>
 
 <TR>
@@ -183,6 +181,30 @@ foreach($result as $iter2) {
 </select></td>
 </tr>
 
+<tr>
+ <td colspan=2>&nbsp;</td>
+ <td><span class=text><?php xl('Schedule Facilities:', 'e');?></td>
+ <td>
+  <select name="schedule_facility[]" multiple>
+<?php
+  $userFacilities = getUserFacilities($_GET['id']);
+  $ufid = array();
+  foreach($userFacilities as $uf)
+    $ufid[] = $uf['id'];
+  $fres = sqlStatement("select * from facility where service_location != 0 order by name");
+  if ($fres) {
+    while($frow = sqlFetchArray($fres)): 
+?>
+   <option <?php echo in_array($frow['id'], $ufid) || $frow['id'] == $iter['facility_id'] ? "selected" : null ?>
+    value="<?php echo $frow['id'] ?>"><?php echo $frow['name'] ?></option>
+<?php
+  endwhile;
+}
+?>
+  </select>
+ </td>
+</tr>
+
 <TR>
 <TD><span class=text><?php xl('Federal Tax ID','e'); ?>: </span></TD><TD><input type=text name=taxid size=20 value="<?php echo $iter["federaltaxid"]?>"></td>
 <TD><span class=text><?php xl('Federal Drug ID','e'); ?>: </span></TD><TD><input type=text name=drugid size=20 value="<?php echo $iter["federaldrugid"]?>"></td>
@@ -202,22 +224,10 @@ foreach($result as $iter2) {
 ?>
 </select></td>
 </tr>
+
 <tr>
 <td><span class="text"><?php xl('NPI','e'); ?>: </span></td><td><input type="text" name="npi" size="20" value="<?php echo $iter["npi"]?>"></td>
-
-<?php
-// ===========================
-// DBC DUTCH SYSTEM
-// if DBC don't show Job Description; show instead Beroep Box
-if ( !$GLOBALS['dutchpc']) { ?>
-    <td><span class="text"><?php xl('Job Description','e'); ?>: </span></td><td><input type="text" name="job" size="20" value="<?php echo $iter["specialty"]?>"></td>
-<?php } else { ?>
-  <td><span class="text">Beroep</span></td>
-  <td><?php beroep_dropdown($rowberoep['cl_beroep_sysid']) ?></td>
-<?php } 
-// ===========================
-?>
-
+<td><span class="text"><?php xl('Job Description','e'); ?>: </span></td><td><input type="text" name="job" size="20" value="<?php echo $iter["specialty"]?>"></td>
 </tr>
 
 <?php if (!empty($GLOBALS['ssi']['rh'])) { ?>
diff --git a/interface/usergroup/usergroup_admin.php b/interface/usergroup/usergroup_admin.php
index 7c6d7992e..981522831 100644
--- a/interface/usergroup/usergroup_admin.php
+++ b/interface/usergroup/usergroup_admin.php
@@ -1,77 +1,59 @@
 <?php
-include_once("../globals.php");
-include_once("../../library/acl.inc");
-include_once("$srcdir/md5.js");
-include_once("$srcdir/sql.inc");
+require_once("../globals.php");
+require_once("../../library/acl.inc");
+require_once("$srcdir/md5.js");
+require_once("$srcdir/sql.inc");
+require_once("$srcdir/formdata.inc.php");
 require_once(dirname(__FILE__) . "/../../library/classes/WSProvider.class.php");
 
 $alertmsg = '';
 
 if (isset($_POST["mode"])) {
-  if ($_POST["mode"] == "facility") {
-    sqlStatement("insert into facility set
-    name='{$_POST['facility']}',
-    phone='{$_POST['phone']}',
-    fax='{$_POST['fax']}',
-    street='{$_POST['street']}',
-    city='{$_POST['city']}',
-    state='{$_POST['state']}',
-    postal_code='{$_POST['postal_code']}',
-    country_code='{$_POST['country_code']}',
-    federal_ein='{$_POST['federal_ein']}',
-    facility_npi='{$_POST['facility_npi']}'");
-  }
-  else if ($_POST["mode"] == "new_user") {
+  if ($_POST["mode"] == "new_user") {
     if ($_POST["authorized"] != "1") {
       $_POST["authorized"] = 0;
     }
-    $_POST["info"] = addslashes($_POST["info"]);
+    // $_POST["info"] = addslashes($_POST["info"]);
 
     $res = sqlStatement("select distinct username from users where username != ''");
     $doit = true;
     while ($row = mysql_fetch_array($res)) {
-      if ($doit == true && $row['username'] == $_POST["username"]) {
+      if ($doit == true && $row['username'] == trim(formData('rumple'))) {
         $doit = false;
       }
     }
 
     if ($doit == true) {
       $prov_id = idSqlStatement("insert into users set " .
-        "username = '"         . trim($_POST["username"]) .
-        "', password = '"      . $_POST["newauthPass"] .
-        "', fname = '"         . $_POST["fname"] .
-        "', mname = '"         . $_POST["mname"] .
-        "', lname = '"         . $_POST["lname"] .
-        "', federaltaxid = '"  . $_POST["federaltaxid"] .
-        "', authorized = '"    . $_POST["authorized"] .
-        "', info = '"          . $_POST["info"] .
-        "', federaldrugid = '" . $_POST["federaldrugid"] .
-        "', upin = '"          . $_POST["upin"] .
-        "', npi  = '"          . $_POST["npi"].
-        "', taxonomy = '"      . $_POST["taxonomy"] .
-        "', facility = '"      . $_POST["facility"] .
-        "', specialty = '"     . $_POST["specialty"] .
-        "', see_auth = '"      . $_POST["see_auth"] .
+        "username = '"         . trim(formData('rumple'       )) .
+        "', password = '"      . trim(formData('newauthPass'  )) .
+        "', fname = '"         . trim(formData('fname'        )) .
+        "', mname = '"         . trim(formData('mname'        )) .
+        "', lname = '"         . trim(formData('lname'        )) .
+        "', federaltaxid = '"  . trim(formData('federaltaxid' )) .
+        "', authorized = '"    . trim(formData('authorized'   )) .
+        "', info = '"          . trim(formData('info'         )) .
+        "', federaldrugid = '" . trim(formData('federaldrugid')) .
+        "', upin = '"          . trim(formData('upin'         )) .
+        "', npi  = '"          . trim(formData('npi'          )).
+        "', taxonomy = '"      . trim(formData('taxonomy'     )) .
+        "', facility = '"      . trim(formData('facility'     )) .
+        "', specialty = '"     . trim(formData('specialty'    )) .
+        "', see_auth = '"      . trim(formData('see_auth'     )) .
         "'");
-      sqlStatement("insert into groups set name = '" . $_POST["groupname"] .
-        "', user = '" . trim($_POST["username"]) . "'");
+      sqlStatement("insert into groups set name = '" . trim(formData('groupname')) .
+        "', user = '" . trim(formData('rumple')) . "'");
 
-      if (isset($phpgacl_location) && acl_check('admin', 'acl') && $_POST["username"]) {
+      if (isset($phpgacl_location) && acl_check('admin', 'acl') && trim(formData('rumple'))) {
         // Set the access control group of user
-        set_user_aro($_POST["access_group"], $_POST["username"], $_POST["fname"], $_POST["mname"], $_POST["lname"]);
+        set_user_aro($_POST['access_group'], trim(formData('rumple')),
+          trim(formData('fname')), trim(formData('mname')), trim(formData('lname')));
       }
 
       $ws = new WSProvider($prov_id);
 
-      // DBC DUTCH SYSTEM
-      if ( $GLOBALS['dutchpc'] ) {
-        sqlStatement("INSERT INTO cl_user_beroep SET cl_beroep_userid = ' ".$prov_id." ',
-        cl_beroep_sysid = ' ".$_POST['beroep']." '");
-      }
-      // EOS DBC
-
     } else {
-      $alertmsg .= "User " . $_POST["username"] . " already exists. ";
+      $alertmsg .= "User " . trim(formData('rumple')) . " already exists. ";
     }
   }
   else if ($_POST["mode"] == "new_group") {
@@ -80,21 +62,22 @@ if (isset($_POST["mode"])) {
       $result[$iter] = $row;
     $doit = 1;
     foreach ($result as $iter) {
-      if ($doit == 1 && $iter{"name"} == $_POST["groupname"] && $iter{"user"} == $_POST["username"])
+      if ($doit == 1 && $iter{"name"} == trim(formData('groupname')) && $iter{"user"} == trim(formData('rumple')))
         $doit--;
     }
     if ($doit == 1) {
-      sqlStatement("insert into groups set name = '" . $_POST["groupname"] .
-        "', user = '" . $_POST["username"] . "'");
+      sqlStatement("insert into groups set name = '" . trim(formData('groupname')) .
+        "', user = '" . trim(formData('rumple')) . "'");
     } else {
-      $alertmsg .= "User " . $_POST["username"] .
-        " is already a member of group " . $_POST["groupname"] . ". ";
+      $alertmsg .= "User " . trim(formData('rumple')) .
+        " is already a member of group " . trim(formData('groupname')) . ". ";
     }
   }
 }
 
 if (isset($_GET["mode"])) {
 
+  /*******************************************************************
   // This is the code to delete a user.  Note that the link which invokes
   // this is commented out.  Somebody must have figured it was too dangerous.
   //
@@ -112,16 +95,15 @@ if (isset($_GET["mode"])) {
     }
     sqlStatement("delete from users where id = '" . $_GET["id"] . "'");
   }
+  *******************************************************************/
 
-  elseif ($_GET["mode"] == "delete_group") {
+  if ($_GET["mode"] == "delete_group") {
     $res = sqlStatement("select distinct user from groups where id = '" .
       $_GET["id"] . "'");
     for ($iter = 0; $row = sqlFetchArray($res); $iter++)
       $result[$iter] = $row;
     foreach($result as $iter)
       $un = $iter{"user"};
-//  $res = sqlStatement("select name,user from groups where user = '" .
-//    $iter{"user"} . "' and id != {$_GET["id"]}\n");
     $res = sqlStatement("select name, user from groups where user = '$un' " .
       "and id != '" . $_GET["id"] . "'");
 
@@ -147,88 +129,12 @@ $form_inactive = empty($_REQUEST['form_inactive']) ? false : true;
 </head>
 <body class="body_top">
 
-<span class="title"><?php xl('User and Facility Administration','e'); ?></span>
+<span class="title"><?php xl('User and Group Administration','e'); ?></span>
 
 <br><br>
 
 <table width=100%>
-<tr>
-
-<td valign=top>
-
-<form name='facility' method='post' action="usergroup_admin.php"
- onsubmit='return top.restoreSession()'>
-<input type=hidden name=mode value="facility">
-<span class="bold"><?php xl('New Facility Information','e'); ?>: </span>
-</td><td>
 
-<table border=0 cellpadding=0 cellspacing=0>
-<tr>
-<td><span class="text"><?php xl('Name','e'); ?>: </span></td><td><input type=entry name=facility size=20 value=""></td>
-<td><span class="text"><?php xl('Phone','e'); ?>: </span></td><td><input type=entry name=phone size=20 value=""></td>
-</tr>
-<tr>
-<td>&nbsp;</td><td>&nbsp;</td>
-<td><span class="text"><?php xl('Fax','e'); ?>: </span></td><td><input type=entry name=fax size=20 value=""></td>
-</tr>
-<tr>
-<td><span class="text"><?php xl('Address','e'); ?>: </span></td><td><input type=entry size=20 name=street value=""></td>
-<td><span class="text"><?php xl('City','e'); ?>: </span></td><td><input type=entry size=20 name=city value=""></td>
-</tr>
-<tr>
-<td><span class="text"><?php xl('State','e'); ?>: </span></td><td><input type=entry size=20 name=state value=""></td>
-<td><span class="text"><?php xl('Zip Code','e'); ?>: </span></td><td><input type=entry size=20 name=postal_code value=""></td>
-</tr>
-<tr>
-<td height="22"><span class="text"><?php xl('Country','e'); ?>: </span></td>
-<td><input type=entry size=20 name=country_code value=""></td>
-<td><span class="text"><?php xl('Federal EIN','e'); ?>: </span></td><td><input type=entry size=20 name=federal_ein value=""></td>
-</tr>
-<tr>
-<td>&nbsp;</td><td>&nbsp;</td>
-
-<td><span class="text"><?php ($GLOBALS['simplified_demographics'] ? xl('Facility Code','e') : xl('Facility NPI','e')); ?>:
-</span></td><td><input type=entry size=20 name=facility_npi value=""></td>
-
-</tr>
-<tr>
-<td>&nbsp;</td><td>&nbsp;</td>
-<td>&nbsp;</td><td><input type="submit" value=<?php xl('Add Facility','e'); ?>></td>
-</tr>
-</table>
-</form>
-<br>
-</tr>
-<tr>
-<td valign=top>
-
-<!-- Why is this here???  - Rod
-<form name='facility' method='post' action="usergroup_admin.php"
- onsubmit='return top.restoreSession()'>
-<input type=hidden name=mode value=<?php xl('facility','e'); ?>>
--->
-
-<span class="bold"><?php xl('Edit Facilities','e'); ?>: </span>
-</td><td valign=top>
-<?php
-$fres = 0;
-$fres = sqlStatement("select * from facility order by name");
-if ($fres) {
-  $result2 = array();
-  for ($iter3 = 0;$frow = sqlFetchArray($fres);$iter3++)
-    $result2[$iter3] = $frow;
-  foreach($result2 as $iter3) {
-?>
-<span class="text"><?php echo $iter3{name};?></span>
-<a href="facility_admin.php?fid=<?php echo $iter3{id};?>" class="link_submit"
- onclick="top.restoreSession()">(<?php xl('Edit','e'); ?>)</a><br>
-<?php
-  }
-}
-?>
-
-</td>
-</tr>
 <tr><td valign=top>
 <form name='new_user' method='post' action="usergroup_admin.php"
  onsubmit='return top.restoreSession()'>
@@ -237,8 +143,8 @@ if ($fres) {
 </td><td>
 <table border=0 cellpadding=0 cellspacing=0>
 <tr>
-<td><span class="text"><?php xl('Username','e'); ?>: </span></td><td><input type=entry name=username size=20> &nbsp;</td>
-<td><span class="text"><?php xl('Password','e'); ?>: </span></td><td><input type="password" size=20 name=clearPass></td>
+<td><span class="text"><?php xl('Username','e'); ?>: </span></td><td><input type=entry name=rumple size=20> &nbsp;</td>
+<td><span class="text"><?php xl('Password','e'); ?>: </span></td><td><input type="entry" size=20 name=stiltskin></td>
 </tr>
 <tr>
 <td><span class="text"><?php xl('Groupname','e'); ?>: </span></td><td>
@@ -295,20 +201,7 @@ if ($fres) {
 
 <tr>
 <td><span class="text"><?php xl('NPI','e'); ?>: </span></td><td><input type="entry" name="npi" size="20"></td>
-
-<?php
-// ===========================
-// DBC DUTCH SYSTEM
-// if DBC don't show Job Description; show instead Beroep Box
-if ( !$GLOBALS['dutchpc']) { ?>
-    <td><span class="text"><?php xl('Job Description','e'); ?>: </span></td><td><input type="entry" name="specialty" size="20"></td>
-<?php } else { ?>
-  <td><span class="text">Beroep</span></td>
-  <td><?php beroep_dropdown() ?></td>
-<?php }
-// ===========================
-?>
-
+<td><span class="text"><?php xl('Job Description','e'); ?>: </span></td><td><input type="entry" name="specialty" size="20"></td>
 </tr>
 <td><span class="text"><?php xl('Taxonomy','e'); ?>: </span></td>
 <td><input type="entry" name="taxonomy" size="20" value="207Q00000X"></td>
@@ -357,7 +250,7 @@ if ( !$GLOBALS['dutchpc']) { ?>
 <span class="text"><?php xl('Additional Info','e'); ?>: </span><br>
 <textarea name=info cols=40 rows=4 wrap=auto></textarea>
 <br><input type="hidden" name="newauthPass">
-<input type="submit" onClick="javascript:this.form.newauthPass.value=MD5(this.form.clearPass.value);this.form.clearPass.value='';" value=<?php xl('Add User','e'); ?>>
+<input type="submit" onClick="javascript:this.form.newauthPass.value=MD5(this.form.stiltskin.value);this.form.stiltskin.value='';" value=<?php xl('Add User','e'); ?>>
 </form>
 </td>
 
@@ -375,7 +268,7 @@ if ( !$GLOBALS['dutchpc']) { ?>
 <span class="text"><?php xl('Groupname','e'); ?>: </span><input type=entry name=groupname size=10>
 &nbsp;&nbsp;&nbsp;
 <span class="text"><?php xl('Initial User','e'); ?>: </span>
-<select name=username>
+<select name=rumple>
 <?php
 $res = sqlStatement("select distinct username from users where username != ''");
 for ($iter = 0;$row = sqlFetchArray($res);$iter++)
@@ -403,7 +296,7 @@ foreach ($result as $iter) {
 <span class="text">
 <?php xl('User','e'); ?>
 : </span>
-<select name=username>
+<select name=rumple>
 <?php
 $res = sqlStatement("select distinct username from users where username != ''");
 for ($iter = 0;$row = sqlFetchArray($res);$iter++)
@@ -462,14 +355,6 @@ foreach ($result4 as $iter) {
       $iter{"authorized"} = "";
   }
 
-// ===========================
-// DBC DUTCH SYSTEM
-// overwrite 'info' field with dutch job description
-
-if ( $GLOBALS['dutchpc'] ) $iter{"info"} = what_beroep($iter{"id"});
-
-// ===========================
-
   print "<tr><td><span class='text'>" . $iter{"username"} .
     "</span><a href='user_admin.php?id=" . $iter{"id"} .
     "' class='link_submit' onclick='top.restoreSession()'>(" . xl('Edit') . ")</a>" .
diff --git a/interface/usergroup/usergroup_navigation.php b/interface/usergroup/usergroup_navigation.php
index 676e0e2fd..3e8a0e4be 100644
--- a/interface/usergroup/usergroup_navigation.php
+++ b/interface/usergroup/usergroup_navigation.php
@@ -18,9 +18,17 @@ include_once("../../library/acl.inc");
 
 <?php if (acl_check('admin', 'users')) { ?>
 <td valign="middle" nowrap>
-&nbsp;&nbsp;<a class=menu target=Main href="usergroup_admin.php"
+&nbsp;&nbsp;<a class=menu target=Main href="facilities.php"
  onclick="top.restoreSession()"
- title="Add or Edit Users, Groups and Facilities"><?php xl('Users','e'); ?></a>&nbsp;
+ title="Add or Edit Facilities"><?php xl('Facilities','e'); ?></a>&nbsp;
+</td>
+<?php } ?>
+
+<?php if (acl_check('admin', 'users')) { ?>
+<td valign="middle" nowrap>
+&nbsp;<a class=menu target=Main href="usergroup_admin.php"
+ onclick="top.restoreSession()"
+ title="Add or Edit Users and Groups"><?php xl('Users','e'); ?></a>&nbsp;
 </td>
 <?php } ?>
 
diff --git a/library/calendar.inc b/library/calendar.inc
index d297bb2dc..46770f1da 100644
--- a/library/calendar.inc
+++ b/library/calendar.inc
@@ -76,6 +76,21 @@ function getUsername($uID) {
 	return "";
 }
 
+//	returns an array of facility id and names
+function getUserFacilities($uID) {
+  $rez = sqlStatement("
+	  select uf.facility_id as id, f.name
+	  from users_facility uf
+	  left join facility f on (uf.facility_id = f.id)
+	  where uf.tablename='users' 
+	  and uf.table_id = '$uID' 
+    ");
+  $returnVal = array();
+  while ($row = sqlFetchArray($rez)) 
+	  $returnVal[] = $row;
+  return $returnVal;
+}
+
 //retrieve the name based on the username
 function getNamefromUsername($username) {
 	$query = "select * from users where username like '$username' and username != ''";
@@ -83,7 +98,6 @@ function getNamefromUsername($username) {
 	return $res;
 }
 
-
 //retrieve calendar information from calendar id
 function getCalendarfromID ($calid) {
 	
@@ -91,7 +105,6 @@ function getCalendarfromID ($calid) {
 	//return sqlQuery("select * from calendar where id='$calid'");
 }
 
-
 //get calendar dates in a range of dates
 function getCalendarRanges ($fromdate, $todate, $username) {
 	$rez = sqlStatement("select * from calendar where time>='$fromdate' and time<'$todate' and owner like '$username' order by time");
diff --git a/library/formdata.inc.php b/library/formdata.inc.php
new file mode 100644
index 000000000..8cda90d9d
--- /dev/null
+++ b/library/formdata.inc.php
@@ -0,0 +1,12 @@
+<?php
+function formData($name, $type='P') {
+  if ($type == 'P')
+    $s = isset($_POST[$name]) ? $_POST[$name] : '';
+  else if (type == 'G')
+    $s = isset($_GET[$name]) ? $_GET[$name] : '';
+  else
+    $s = isset($_REQUEST[$name]) ? $_REQUEST[$name] : '';
+  if (!get_magic_quotes_gpc()) $s = addslashes($s);
+  return $s;
+}
+?>
diff --git a/library/patient.inc b/library/patient.inc
index 9f03610a9..1fe3e6ad8 100644
--- a/library/patient.inc
+++ b/library/patient.inc
@@ -151,7 +151,15 @@ function getProviderInfo($providerID = "%", $providers_only = true, $facility =
     //(CHEMED) facility filter
     $param2 = "";
     if ($facility) {
-        $param2 = " AND facility_id = $facility ";
+        // $param2 = " AND facility_id = $facility ";
+        $param2 = " AND (facility_id = $facility 
+          OR  $facility IN
+	        (select facility_id 
+	        from users_facility
+	        where tablename = 'users'
+	        and table_id = id)
+	        )
+          ";
     }
     //--------------------------------
 
diff --git a/sql/3_0_1-to-3_0_2_upgrade.sql b/sql/3_0_1-to-3_0_2_upgrade.sql
index b3a5fdba2..651a9caa7 100644
--- a/sql/3_0_1-to-3_0_2_upgrade.sql
+++ b/sql/3_0_1-to-3_0_2_upgrade.sql
@@ -193,3 +193,12 @@ ALTER TABLE `drugs`
   ADD `active` TINYINT(1) DEFAULT 1 COMMENT '0 = inactive, 1 = active';
 #EndIf
 
+#IfNotTable users_facility
+CREATE TABLE `users_facility` (
+  `tablename` varchar(64) NOT NULL,
+  `table_id` int(11) NOT NULL,
+  `facility_id` int(11) NOT NULL,
+  PRIMARY KEY (`tablename`,`table_id`,`facility_id`)
+) ENGINE=InnoDB COMMENT='joins users or patient_data to facility table';
+#EndIf
+
diff --git a/sql/database.sql b/sql/database.sql
index 9118283db..4e18e5fd5 100644
--- a/sql/database.sql
+++ b/sql/database.sql
@@ -2874,3 +2874,11 @@ CREATE TABLE ar_activity (
   PRIMARY KEY (pid, encounter, sequence_no),
   KEY session_id (session_id)
 ) ENGINE=MyISAM;
+
+CREATE TABLE `users_facility` (
+  `tablename` varchar(64) NOT NULL,
+  `table_id` int(11) NOT NULL,
+  `facility_id` int(11) NOT NULL,
+  PRIMARY KEY (`tablename`,`table_id`,`facility_id`)
+) ENGINE=InnoDB COMMENT='joins users or patient_data to facility table';
+
-- 
2.11.4.GIT