From fe7363b0440a8494ac689640daa276706e7f3eb7 Mon Sep 17 00:00:00 2001
From: bradymiller <bradymiller>
Date: Sun, 13 Dec 2009 11:43:58 +0000
Subject: [PATCH] more internationalization and input validation project

---
 interface/forms/CAMOS/notegen.php  | 186 ++++++++++++++++++++++++++++++++++---
 interface/forms/CAMOS/report.php   |   4 +-
 interface/forms/CAMOS/rx_print.php | 116 +++++++++++++++++++----
 3 files changed, 277 insertions(+), 29 deletions(-)

diff --git a/interface/forms/CAMOS/notegen.php b/interface/forms/CAMOS/notegen.php
index 909c172fd..9c64c0479 100755
--- a/interface/forms/CAMOS/notegen.php
+++ b/interface/forms/CAMOS/notegen.php
@@ -1,10 +1,29 @@
-<?
+<?php
 $depth = '../../../';
 include_once ($depth.'interface/globals.php');
 include_once ($depth.'library/classes/class.ezpdf.php');
 ?>
-<?
-if (!$_POST['submit'] && !($_GET['pid'] && $_GET['encounter'])) {
+<?php
+if (!($_POST['submit_pdf'] || $_POST['submit_html']) && ($_GET['pid'] && $_GET['encounter'])) {
+?>
+<html>
+<head>
+<title>
+<?php xl('Print Notes','e'); ?>
+</title>
+</head>
+<body>
+<?php xl('Choose print format for this encounter report.','e'); ?><br><br>
+<form method=post name=choose_patients>
+<input type='submit' name='submit_pdf' value='<?php xl('Print (PDF)','e'); ?>'>
+<input type='submit' name='submit_html' value='<?php xl('Print (HTML)','e'); ?>'>
+</form>
+</body>
+</html>
+<?php
+exit;
+}
+if (!$_POST['submit_pdf'] && !$_POST['submit_html'] && !($_GET['pid'] && $_GET['encounter'])) {
 ?>
 <html>
 <head>
@@ -60,22 +79,167 @@ Calendar.setup({inputField:'end', ifFormat:'%Y-%m-%d', button:'img_end'});
 <input type='text' name='fname'/> 
 </td></tr>
 <tr><td>
-<input type='submit' name='submit' value='<?php xl('Submit','e'); ?>'>
+<input type='submit' name='submit_pdf' value='<?php xl('Print (PDF)','e'); ?>'>
+<input type='submit' name='submit_html' value='<?php xl('Print (HTML)','e'); ?>'>
 </td><td>
 </td></tr>
 </table>
 </form>
 </body>
 </html>
-<?
+<?php
 }
-if ($_POST['submit'] || ($_GET['pid'] && $_GET['encounter'])) {
+if ($_POST['submit_pdf'] || $_POST['submit_html'] && ($_GET['pid'] && $_GET['encounter'])) {
+    $output = getFormData($_POST['start'],$_POST['end'],$_POST['lname'],$_POST['fname']);
+    ksort($output);
+    $first = 1;
+    if ($_POST['submit_html']) { //print as html
+?>
+        <html>
+        <head>
+        <style>
+        body {
+	 font-family: sans-serif;
+	 font-weight: normal;
+	 font-size: 8pt;
+	 background: white;
+	 color: black;
+	}	
+	.paddingdiv {
+	 width: 524pt;
+	 padding: 0pt;
+	 margin-top: 50pt;
+	}
+	.navigate {
+	 margin-top: 2.5em;
+	}	
+	@media print {
+	 .navigate {
+	  display: none;
+	 }	
+	}
+	span.heading {
+	 font-weight: bold;
+	 font-size: 130%;
+	}	
+	</style>	
+	<title><?php xl('Patient Notes','e'); ?></title>
+	</head>
+        <body>
+	<div class='paddingdiv'>
+<?php
+	foreach ($output as $datekey => $dailynote) {
+		foreach ($dailynote as $note_id => $notecontents) {
+			preg_match('/(\d+)_(\d+)/', $note_id, $matches); //the unique note id contains the pid and encounter
+			$pid = $matches[1];
+			$enc = $matches[2];
+			if (!$first) { //generate a new page each time except first iteration when nothing has been printed yet
+			    
+				//new page code here
+				
+			}
+			else {
+				$first = 0;
+			}
+			print xl("Date").": ".$notecontents['date'] . "<br/>";
+			print xl("Name").": ".$notecontents['name'] . "<br/>";
+
+			$query = sqlStatement("select pubpid from patient_data where id=".$_GET['pid']);
+			if ($results = mysql_fetch_array($query, MYSQL_ASSOC)) {
+				$pubpid = $results['pubpid'];
+			}
+			print xl("Claim")."# ".$pubpid . "<br/>";
+
+			print "<br/>";
+			print xl("Chief Complaint").": ".$notecontents['reason'] . "<br/>";
+			if ($notecontents['vitals']) {
+				print "<br/>";
+				print $notecontents['vitals'] . "<br/>";
+			}
+			if (count($notecontents['exam']) > 0) {
+				print "<br/>";
+				print "<span class='heading'>" . xl("Progress Notes") . "</span><br/>";
+				print "<br/>";
+				foreach($notecontents['exam'] as $examnote) {
+					print nl2br($examnote) . "<br/>";
+				}
+			}
+			if (count($notecontents['prescriptions']) > 0) {
+				print "<br/>";
+				print "<span class='heading'>" . xl("Prescriptions") . "</span><br/>";
+				print "<br/>";
+				foreach($notecontents['prescriptions'] as $rx) {
+					print nl2br($rx) . "<br/>";
+				}
+			}
+			if (count($notecontents['other']) > 0) {
+				print "<br/>";
+				print "<span class='heading'>" . xl("Other") . "</span><br/>";
+				print "<br/>";
+				foreach($notecontents['other'] as $other => $othercat) {
+					print nl2br($other) . "<br/>";
+					foreach($othercat as $items) {
+						print nl2br($items) . "<br/>";
+					}
+				}
+			}
+			if (count($notecontents['billing']) > 0) {
+				$tmp = array();
+				foreach($notecontents['billing'] as $code) {
+					$tmp[$code]++;
+				}
+				if (count($tmp) > 0) {
+					print "<br/>";
+					print "<span class='heading'>" . xl("Coding") . "</span><br/>";
+					print "<br/>";
+					foreach($tmp as $code => $val) {
+						print nl2br($code) . "<br/>";
+					}
+				}
+			}
+			if (count($notecontents['calories']) > 0) {
+				$sum = 0;
+				print "<br/>";
+				print "<span class='heading'>" . xl("Calories") . "</span><br/>";
+				print "<br/>";
+				foreach($notecontents['calories'] as $calories => $value) {
+					print $value['content'].' - '.$value['item'].' - '.$value['date'] . "<br/>";
+					$sum += $value['content'];
+				}
+				print "--------" . "<br/>";
+				print $sum . "<br/>";
+			}
+			print "<br/>";
+			print "<br/>";
+			print "<span class='heading'>" . xl("Digitally Signed") . "</span><br/>";
+
+			$query = sqlStatement("select t2.id, t2.fname, t2.lname, t2.title from forms as t1 join users as t2 on " .
+				"(t1.user like t2.username) where t1.pid=$pid and t1.encounter=$encounter");
+			if ($results = mysql_fetch_array($query, MYSQL_ASSOC)) {
+				$name = $results['fname']." ".$results['lname'].", ".$results['title'];
+				$user_id = $results['id'];
+			}
+			$path = $GLOBALS['fileroot']."/interface/forms/CAMOS";
+			if (file_exists($path."/sig".$user_id.".jpg")) {
+				//show the image here
+			}
+			print "<span class='heading'>" . $name . "<br/>";
+		}	
+	}
+?>
+        <script language='JavaScript'>
+        window.print();
+        </script>
+        </div>
+        </body>
+        </html>
+<?php
+    exit;
+    }
+    else { // print as pdf
   	$pdf =& new Cezpdf();
 	$pdf->selectFont($depth.'library/fonts/Helvetica');
 	$pdf->ezSetCmMargins(3,1,1,1);
-	$output = getFormData($_POST['start'],$_POST['end'],$_POST['lname'],$_POST['fname']);
-	ksort($output);
-	$first = 1;
 	foreach ($output as $datekey => $dailynote) {
 		foreach ($dailynote as $note_id => $notecontents) {
 			preg_match('/(\d+)_(\d+)/', $note_id, $matches); //the unique note id contains the pid and encounter
@@ -89,7 +253,6 @@ if ($_POST['submit'] || ($_GET['pid'] && $_GET['encounter'])) {
 			}
 			$pdf->ezText(xl("Date").": ".$notecontents['date'],8);
 			$pdf->ezText(xl("Name").": ".$notecontents['name'],8);
-//			$pdf->ezText("ID: ".$note_id,8);
 
 			$query = sqlStatement("select pubpid from patient_data where id=".$_GET['pid']);
 			if ($results = mysql_fetch_array($query, MYSQL_ASSOC)) {
@@ -121,7 +284,7 @@ if ($_POST['submit'] || ($_GET['pid'] && $_GET['encounter'])) {
 			}
 			if (count($notecontents['other']) > 0) {
 				$pdf->ezText("",8);
-				$pdf->ezText("Other",12);
+				$pdf->ezText(xl("Other"),12);
 				$pdf->ezText("",8);
 				foreach($notecontents['other'] as $other => $othercat) {
 					$pdf->ezText($other,8);
@@ -174,6 +337,7 @@ if ($_POST['submit'] || ($_GET['pid'] && $_GET['encounter'])) {
 		}
 	}
 	$pdf->ezStream();
+    }
 }
 function getFormData($start_date,$end_date,$lname,$fname) { //dates in sql format
 	$lname = trim($lname);
diff --git a/interface/forms/CAMOS/report.php b/interface/forms/CAMOS/report.php
index cf00a438f..6d1305ccc 100755
--- a/interface/forms/CAMOS/report.php
+++ b/interface/forms/CAMOS/report.php
@@ -14,13 +14,13 @@ function CAMOS_report( $pid, $encounter, $cols, $id) {
     echo " | ";
     echo "<a href='" . $GLOBALS['webroot'] .
       "/interface/forms/CAMOS/rx_print.php?sigline=signed' target=_new>" . xl('Signed Rx') . "</a>\n";
-    echo " | ";
+    echo "<br>";
     echo "<a href='" . $GLOBALS['webroot'] .
       "/interface/forms/CAMOS/rx_print.php?letterhead=true&signer=patient' target=_new>" . xl('Letterhead that patient signs') . "</a>\n";
     echo " | ";
     echo "<a href='" . $GLOBALS['webroot'] .
       "/interface/forms/CAMOS/rx_print.php?letterhead=true&signer=doctor' target=_new>" . xl('Letterhead that doctor signs') . "</a>\n";
-    echo " | ";
+    echo "<br>";
     echo "<a href='" . $GLOBALS['webroot'] .
       "/interface/forms/CAMOS/notegen.php?pid=".$GLOBALS['pid']."&encounter=".$GLOBALS['encounter']."' target=_new>" . xl('Print This Encounter') . "</a>\n";
     echo " | ";
diff --git a/interface/forms/CAMOS/rx_print.php b/interface/forms/CAMOS/rx_print.php
index 5a95746a4..38e803a1e 100755
--- a/interface/forms/CAMOS/rx_print.php
+++ b/interface/forms/CAMOS/rx_print.php
@@ -2,6 +2,7 @@
 include_once ('../../globals.php'); 
 include_once ('../../../library/sql.inc'); 
 include_once ('../../../library/classes/Prescription.class.php');
+include_once("../../../library/formdata.inc.php");
 //practice data
 $physician_name = ''; 
 $practice_fname = '';
@@ -51,16 +52,16 @@ if ($result = mysql_fetch_array($query, MYSQL_ASSOC)) {
 //update user information if selected from form
 if ($_POST['update']) { // OPTION update practice inf
   $query = "update users set " .
-    "fname = '" . $_POST['practice_fname'] . "', " .  
-    "lname = '" . $_POST['practice_lname'] . "', " .  
-    "title = '" . $_POST['practice_title'] . "', " .  
-    "street = '" . $_POST['practice_address'] . "', " .  
-    "city = '" . $_POST['practice_city'] . "', " .  
-    "state = '" . $_POST['practice_state'] . "', " .  
-    "zip = '" . $_POST['practice_zip'] . "', " .  
-    "phone = '" . $_POST['practice_phone'] . "', " .  
-    "fax = '" . $_POST['practice_fax'] . "', " .  
-    "federaldrugid = '" . $_POST['practice_dea'] . "' " .  
+    "fname = '" . formData('practice_fname') . "', " .  
+    "lname = '" . formData('practice_lname') . "', " .  
+    "title = '" . formData('practice_title') . "', " .  
+    "street = '" . formData('practice_address') . "', " .  
+    "city = '" . formData('practice_city') . "', " .  
+    "state = '" . formData('practice_state') . "', " .  
+    "zip = '" . formData('practice_zip') . "', " .  
+    "phone = '" . formData('practice_phone') . "', " .  
+    "fax = '" . formData('practice_fax') . "', " .  
+    "federaldrugid = '" . formData('practice_dea') . "' " .  
     "where id =" . $_SESSION['authUserID'];
   sqlInsert($query);
 }
@@ -79,14 +80,14 @@ if ($result = mysql_fetch_array($query, MYSQL_ASSOC)) {
   $practice_fax = $result['fax'];
   $practice_dea = $result['federaldrugid'];
 }
-if ($_POST['print']) { 
+if ($_POST['print_pdf'] || $_POST['print_html']) { 
   $camos_content = array();
   foreach ($_POST as $key => $val) {
     if (substr($key,0,3) == 'ch_') {
       $query = sqlStatement("select content from form_CAMOS where id =" . 
         substr($key,3));
       if ($result = mysql_fetch_array($query, MYSQL_ASSOC)) {
-  	if (!$_GET['letterhead']) { //do this change to formatting only for web output (rx output)
+  	if ($_POST['print_html']) { //do this change to formatting only for html output
         	$content = preg_replace('|\n|','<br/>', $result['content']);
 	        $content = preg_replace('|<br/><br/>|','<br/>', $content);
 	} else {
@@ -270,8 +271,80 @@ else {
 </html>
 <?php
   }//end of printing to rx not letterhead
-  elseif ($_GET['letterhead']) { //OPTION print to pdf letterhead
-	$content = preg_replace('/PATIENTNAME/i',$patient_name,$camos_content[0]);
+  elseif ($_GET['letterhead']) { //OPTION print to letterhead
+    $content = preg_replace('/PATIENTNAME/i',$patient_name,$camos_content[0]);
+    if($_POST['print_html']) { //print letterhead to html
+?>
+        <html>
+        <head>
+        <style>
+        body {
+	 font-family: sans-serif;
+	 font-weight: normal;
+	 font-size: 12pt;
+	 background: white;
+	 color: black;
+	}	
+	.paddingdiv {
+	 width: 524pt;
+	 padding: 0pt;
+	 margin-top: 50pt;
+	}
+	.navigate {
+	 margin-top: 2.5em;
+	}	
+	@media print {
+	 .navigate {
+	  display: none;
+	 }	
+	}	
+	</style>	
+	<title><?php xl('Letter','e'); ?></title>
+	</head>
+        <body>
+	<div class='paddingdiv'>
+<?php
+	//bold
+        print "<div style='font-weight:bold;'>";
+        print $physician_name . "<br/>\n";
+        print $practice_address . "<br/>\n";
+        print $practice_city.', '.$practice_state.' '.$practice_zip . "<br/>\n";
+        print $practice_phone . ' (' . xl('Voice') . ')' . "<br/>\n";
+        print $practice_phone . ' ('. xl('Fax') . ')' . "<br/>\n";
+        print "<br/>\n";
+        print date("l, F jS, Y") . "<br/>\n";
+        print "<br/>\n";
+	print "</div>";
+        //not bold
+	print "<div style='font-size:90%;'>";
+        print $content;
+	print "</div>";
+        //bold
+	print "<div style='font-weight:bold;'>";
+        print "<br/>\n";
+        print "<br/>\n";
+        if ($_GET['signer'] == 'patient') {
+                print "__________________________________________________________________________________" . "<br/>\n";
+                print xl("Print name, sign and date.") . "<br/>\n";
+        }
+        elseif ($_GET['signer'] == 'doctor') {
+                print xl('Sincerely,') . "<br/>\n";
+                print "<br/>\n";
+                print "<br/>\n";
+                print $physician_name . "<br/>\n";
+        }
+	print "</div>";
+?>
+        <script language='JavaScript'>
+        window.print();
+        </script>
+	</div>
+        </body>
+        </html>
+<?php
+        exit;
+    }
+    else { //print letterhead to pdf
 	include_once('../../../library/classes/class.ezpdf.php');
   	$pdf =& new Cezpdf();
 	$pdf->selectFont('../../../library/fonts/Times-Bold');
@@ -300,6 +373,7 @@ else {
 		$pdf->ezText($physician_name,12);
 	}
 	$pdf->ezStream();
+    } //end of html vs pdf print
   }
 } //end of if print
   else { //OPTION selection of what to print
@@ -371,7 +445,12 @@ function cycle_engine(cb,seed) {
 <input type=button name=cyclerx value='<?php xl('Cycle','e'); ?>' onClick='cycle()'><br/>
 <input type='button' value='<?php xl('Select All','e'); ?>' onClick='checkall()'>
 <input type='button' value='<?php xl('Unselect All','e'); ?>' onClick='uncheckall()'>
-<input type=submit name=print value='<?php xl('Print','e'); ?>'>
+
+<?php if ($_GET['letterhead']) { ?>
+<input type=submit name='print_pdf' value='<?php xl('Print (PDF)','e'); ?>'>
+<?php } ?>
+	
+<input type=submit name='print_html' value='<?php xl('Print (HTML)','e'); ?>'>
 <?
 $query = sqlStatement("select x.id as id, x.category, x.subcategory, x.item from " . 
  "form_CAMOS  as x join forms as y on (x.id = y.form_id) " . 
@@ -405,7 +484,12 @@ foreach($rxarray as $val) {
     $val->drug . ':' . $val->start_date . "<br/>\n";
 }
 ?>
-<input type=submit name=print value='<?php xl('Print','e'); ?>'>
+	
+<?php if ($_GET['letterhead']) { ?>
+<input type=submit name='print_pdf' value='<?php xl('Print (PDF)','e'); ?>'>
+<?php } ?>
+	
+<input type=submit name='print_html' value='<?php xl('Print (HTML)','e'); ?>'>
 </form>
 <h1><?php xl('Update User Information','e'); ?></h1>
 <form method=POST name='pick_items'>
-- 
2.11.4.GIT