1 <?php
2 // This script and data application were generated by AppGini 5.62
3 // Download AppGini for free from https://bigprof.com/appgini/download/
4
5 /* Configuration */
6 /*************************************/
7
8 $pcConfig = array(
9 'patients' => array(
10 ),
11 'disease_symptoms' => array(
12 ),
13 'medical_records' => array(
14 'patient' => array(
15 'parent-table' => 'patients',
16 'parent-primary-key' => 'id',
17 'child-primary-key' => 'id',
18 'child-primary-key-index' => 0,
19 'tab-label' => 'Medical Records',
20 'auto-close' => false,
21 'table-icon' => 'resources/table_icons/cash_terminal.png',
22 'display-refresh' => true,
23 'display-add-new' => true,
24 'forced-where' => '',
25 'display-fields' => array(1 => 'Patient', 2 => 'Image 1', 3 => 'Image 2', 4 => 'Image 3', 5 => 'Image 4', 6 => 'Image 5', 7 => 'Document 1', 8 => 'Document 2', 9 => 'Document 3', 10 => 'Document 4', 11 => 'Document 5', 12 => 'Description'),
26 'display-field-names' => array(1 => 'patient', 2 => 'image_1', 3 => 'image_2', 4 => 'image_3', 5 => 'image_4', 6 => 'image_5', 7 => 'document_1', 8 => 'document_2', 9 => 'document_3', 10 => 'document_4', 11 => 'document_5', 12 => 'description'),
27 'sortable-fields' => array(0 => '`medical_records`.`id`', 1 => '`medical_records`.`patient`', 2 => '`medical_records`.`image_1`', 3 => '`medical_records`.`image_2`', 4 => '`medical_records`.`image_3`', 5 => '`medical_records`.`image_4`', 6 => '`medical_records`.`image_5`', 7 => '`medical_records`.`document_1`', 8 => '`medical_records`.`document_2`', 9 => '`medical_records`.`document_3`', 10 => '`medical_records`.`document_4`', 11 => '`medical_records`.`document_5`', 12 => '`medical_records`.`description`'),
28 'records-per-page' => 10,
29 'default-sort-by' => false,
30 'default-sort-direction' => 'asc',
31 'open-detail-view-on-click' => true,
32 'display-page-selector' => true,
33 'show-page-progress' => true,
34 'template' => 'children-medical_records',
35 'template-printable' => 'children-medical_records-printable',
36 'query' => "SELECT `medical_records`.`id` as 'id', IF( CHAR_LENGTH(`patients1`.`last_name`) || CHAR_LENGTH(`patients1`.`first_name`), CONCAT_WS('', `patients1`.`last_name`, ',', `patients1`.`first_name`), '') as 'patient', `medical_records`.`image_1` as 'image_1', `medical_records`.`image_2` as 'image_2', `medical_records`.`image_3` as 'image_3', `medical_records`.`image_4` as 'image_4', `medical_records`.`image_5` as 'image_5', `medical_records`.`document_1` as 'document_1', `medical_records`.`document_2` as 'document_2', `medical_records`.`document_3` as 'document_3', `medical_records`.`document_4` as 'document_4', `medical_records`.`document_5` as 'document_5', `medical_records`.`description` as 'description' FROM `medical_records` LEFT JOIN `patients` as patients1 ON `patients1`.`id`=`medical_records`.`patient` "
37 )
38 ),
39 'events' => array(
40 'name_patient' => array(
41 'parent-table' => 'patients',
42 'parent-primary-key' => 'id',
43 'child-primary-key' => 'id',
44 'child-primary-key-index' => 0,
45 'tab-label' => 'Appointments',
46 'auto-close' => false,
47 'table-icon' => 'table.gif',
48 'display-refresh' => true,
49 'display-add-new' => true,
50 'forced-where' => '',
51 'display-fields' => array(1 => 'Appointment Type', 2 => 'Date', 3 => 'Status', 4 => 'Patient Name', 5 => 'Time', 6 => 'Prescription', 7 => 'Diagnosis', 8 => 'Comments'),
52 'display-field-names' => array(1 => 'title', 2 => 'date', 3 => 'status', 4 => 'name_patient', 5 => 'time', 6 => 'prescription', 7 => 'diagnosis', 8 => 'comments'),
53 'sortable-fields' => array(0 => '`events`.`id`', 1 => '`events`.`title`', 2 => '`events`.`date`', 3 => '`events`.`status`', 4 => '`events`.`name_patient`', 5 => '`events`.`time`', 6 => '`events`.`prescription`', 7 => '`events`.`diagnosis`', 8 => '`events`.`comments`'),
54 'records-per-page' => 10,
55 'default-sort-by' => false,
56 'default-sort-direction' => 'asc',
57 'open-detail-view-on-click' => true,
58 'display-page-selector' => true,
59 'show-page-progress' => true,
60 'template' => 'children-events',
61 'template-printable' => 'children-events-printable',
62 'query' => "SELECT `events`.`id` as 'id', `events`.`title` as 'title', if(`events`.`date`,date_format(`events`.`date`,'%m/%d/%Y'),'') as 'date', `events`.`status` as 'status', IF( CHAR_LENGTH(`patients1`.`last_name`) || CHAR_LENGTH(`patients1`.`first_name`), CONCAT_WS('', `patients1`.`last_name`, ',', `patients1`.`first_name`), '') as 'name_patient', TIME_FORMAT(`events`.`time`, '%r') as 'time', `events`.`prescription` as 'prescription', `events`.`diagnosis` as 'diagnosis', `events`.`comments` as 'comments' FROM `events` LEFT JOIN `patients` as patients1 ON `patients1`.`id`=`events`.`name_patient` "
63 )
64 )
65 );
66
67 /*************************************/
68 /* End of configuration */
69
70
71 $currDir = dirname(__FILE__);
72 include("{$currDir}/defaultLang.php");
73 include("{$currDir}/language.php");
74 include("{$currDir}/lib.php");
75 @header('Content-Type: text/html; charset=' . datalist_db_encoding);
76
77 handle_maintenance();
78
79 /**
80 * dynamic configuration based on current user's permissions
81 * $userPCConfig array is populated only with parent tables where the user has access to
82 * at least one child table
83 */
84 $userPCConfig = array();
85 foreach($pcConfig as $pcChildTable => $ChildrenLookups){
86 $permChild = getTablePermissions($pcChildTable);
87 if($permChild[2]){ // user can view records of the child table, so proceed to check children lookups
88 foreach($ChildrenLookups as $ChildLookupField => $ChildConfig){
89 $permParent = getTablePermissions($ChildConfig['parent-table']);
90 if($permParent[2]){ // user can view records of parent table
91 $userPCConfig[$pcChildTable][$ChildLookupField] = $pcConfig[$pcChildTable][$ChildLookupField];
92 // show add new only if configured above AND the user has insert permission
93 if($permChild[1] && $pcConfig[$pcChildTable][$ChildLookupField]['display-add-new']){
94 $userPCConfig[$pcChildTable][$ChildLookupField]['display-add-new'] = true;
95 }else{
96 $userPCConfig[$pcChildTable][$ChildLookupField]['display-add-new'] = false;
97 }
98 }
99 }
100 }
101 }
102
103 /* Receive, UTF-convert, and validate parameters */
104 $ParentTable = $_REQUEST['ParentTable']; // needed only with operation=show-children, will be validated in the processing code
105 $ChildTable = $_REQUEST['ChildTable'];
106 if(!in_array($ChildTable, array_keys($userPCConfig))){
107 /* defaults to first child table in config array if not provided */
108 $ChildTable = current(array_keys($userPCConfig));
109 }
110 if(!$ChildTable){ die('<!-- No tables accessible to current user -->'); }
111 $SelectedID = strip_tags($_REQUEST['SelectedID']);
112 $ChildLookupField = $_REQUEST['ChildLookupField'];
113 if(!in_array($ChildLookupField, array_keys($userPCConfig[$ChildTable]))){
114 /* defaults to first lookup in current child config array if not provided */
115 $ChildLookupField = current(array_keys($userPCConfig[$ChildTable]));
116 }
117 $Page = intval($_REQUEST['Page']);
118 if($Page < 1){
119 $Page = 1;
120 }
121 $SortBy = ($_REQUEST['SortBy'] != '' ? abs(intval($_REQUEST['SortBy'])) : false);
122 if(!in_array($SortBy, array_keys($userPCConfig[$ChildTable][$ChildLookupField]['sortable-fields']), true)){
123 $SortBy = $userPCConfig[$ChildTable][$ChildLookupField]['default-sort-by'];
124 }
125 $SortDirection = strtolower($_REQUEST['SortDirection']);
126 if(!in_array($SortDirection, array('asc', 'desc'))){
127 $SortDirection = $userPCConfig[$ChildTable][$ChildLookupField]['default-sort-direction'];
128 }
129 $Operation = strtolower($_REQUEST['Operation']);
130 if(!in_array($Operation, array('get-records', 'show-children', 'get-records-printable', 'show-children-printable'))){
131 $Operation = 'get-records';
132 }
133
134 /* process requested operation */
135 switch($Operation){
136 /************************************************/
137 case 'show-children':
138 /* populate HTML and JS content with children tabs */
139 $tabLabels = $tabPanels = $tabLoaders = '';
140 foreach($userPCConfig as $ChildTable => $childLookups){
141 foreach($childLookups as $ChildLookupField => $childConfig){
142 if($childConfig['parent-table'] == $ParentTable){
143 $TableIcon = ($childConfig['table-icon'] ? "<img src=\"{$childConfig['table-icon']}\" border=\"0\" />" : '');
144 $tabLabels .= sprintf('<li%s><a href="#panel_%s-%s" id="tab_%s-%s" data-toggle="tab">%s%s</a></li>' . "\n\t\t\t\t\t",($tabLabels ? '' : ' class="active"'), $ChildTable, $ChildLookupField, $ChildTable, $ChildLookupField, $TableIcon, $childConfig['tab-label']);
145 $tabPanels .= sprintf('<div id="panel_%s-%s" class="tab-pane%s"><img src="loading.gif" align="top" />%s</div>' . "\n\t\t\t\t", $ChildTable, $ChildLookupField, ($tabPanels ? '' : ' active'), $Translation['Loading ...']);
146 $tabLoaders .= sprintf('post("parent-children.php", { ChildTable: "%s", ChildLookupField: "%s", SelectedID: "%s", Page: 1, SortBy: "", SortDirection: "", Operation: "get-records" }, "panel_%s-%s");' . "\n\t\t\t\t", $ChildTable, $ChildLookupField, addslashes($SelectedID), $ChildTable, $ChildLookupField);
147 }
148 }
149 }
150
151 if(!$tabLabels){ die('<!-- no children of current parent table are accessible to current user -->'); }
152 ?>
153 <div id="children-tabs">
154 <ul class="nav nav-tabs">
155 <?php echo $tabLabels; ?>
156 </ul>
157 <span id="pc-loading"></span>
158 </div>
159 <div class="tab-content"><?php echo $tabPanels; ?></div>
160
161 <script>
162 /* ajax loading of each tab's contents */
163 <?php echo $tabLoaders; ?>
164 </script>
165 <?php
166 break;
167
168 /************************************************/
169 case 'show-children-printable':
170 /* populate HTML and JS content with children buttons */
171 $tabLabels = $tabPanels = $tabLoaders = '';
172 foreach($userPCConfig as $ChildTable => $childLookups){
173 foreach($childLookups as $ChildLookupField => $childConfig){
174 if($childConfig['parent-table'] == $ParentTable){
175 $TableIcon = ($childConfig['table-icon'] ? "<img src=\"{$childConfig['table-icon']}\" border=\"0\" />" : '');
176 $tabLabels .= sprintf('<button type="button" class="btn btn-default" data-target="#panel_%s-%s" id="tab_%s-%s" data-toggle="collapse">%s %s</button>' . "\n\t\t\t\t\t", $ChildTable, $ChildLookupField, $ChildTable, $ChildLookupField, $TableIcon, $childConfig['tab-label']);
177 $tabPanels .= sprintf('<div id="panel_%s-%s" class="collapse"><img src="loading.gif" align="top" />%s</div>' . "\n\t\t\t\t", $ChildTable, $ChildLookupField, $Translation['Loading ...']);
178 $tabLoaders .= sprintf('post("parent-children.php", { ChildTable: "%s", ChildLookupField: "%s", SelectedID: "%s", Page: 1, SortBy: "", SortDirection: "", Operation: "get-records-printable" }, "panel_%s-%s");' . "\n\t\t\t\t", $ChildTable, $ChildLookupField, addslashes($SelectedID), $ChildTable, $ChildLookupField);
179 }
180 }
181 }
182
183 if(!$tabLabels){ die('<!-- no children of current parent table are accessible to current user -->'); }
184 ?>
185 <div id="children-tabs" class="hidden-print">
186 <div class="btn-group btn-group-lg">
187 <?php echo $tabLabels; ?>
188 </div>
189 <span id="pc-loading"></span>
190 </div>
191 <div class="vspacer-lg"><?php echo $tabPanels; ?></div>
192
193 <script>
194 /* ajax loading of each tab's contents */
195 <?php echo $tabLoaders; ?>
196 </script>
197 <?php
198 break;
199
200 /************************************************/
201 case 'get-records-printable':
202 default: /* default is 'get-records' */
203
204 if($Operation == 'get-records-printable'){
205 $userPCConfig[$ChildTable][$ChildLookupField]['records-per-page'] = 2000;
206 }
207
208 // build the user permissions limiter
209 $permissionsWhere = $permissionsJoin = '';
210 if($permChild[2] == 1){ // user can view only his own records
211 $permissionsWhere = "`$ChildTable`.`{$userPCConfig[$ChildTable][$ChildLookupField]['child-primary-key']}`=`membership_userrecords`.`pkValue` AND `membership_userrecords`.`tableName`='$ChildTable' AND LCASE(`membership_userrecords`.`memberID`)='".getLoggedMemberID()."'";
212 }elseif($permChild[2] == 2){ // user can view only his group's records
213 $permissionsWhere = "`$ChildTable`.`{$userPCConfig[$ChildTable][$ChildLookupField]['child-primary-key']}`=`membership_userrecords`.`pkValue` AND `membership_userrecords`.`tableName`='$ChildTable' AND `membership_userrecords`.`groupID`='".getLoggedGroupID()."'";
214 }elseif($permChild[2] == 3){ // user can view all records
215 /* that's the only case remaining ... no need to modify the query in this case */
216 }
217 $permissionsJoin = ($permissionsWhere ? ", `membership_userrecords`" : '');
218
219 // build the count query
220 $forcedWhere = $userPCConfig[$ChildTable][$ChildLookupField]['forced-where'];
221 $query =
222 preg_replace('/^select .* from /i', 'SELECT count(1) FROM ', $userPCConfig[$ChildTable][$ChildLookupField]['query']) .
223 $permissionsJoin . " WHERE " .
224 ($permissionsWhere ? "( $permissionsWhere )" : "( 1=1 )") . " AND " .
225 ($forcedWhere ? "( $forcedWhere )" : "( 2=2 )") . " AND " .
226 "`$ChildTable`.`$ChildLookupField`='" . makeSafe($SelectedID) . "'";
227 $totalMatches = sqlValue($query);
228
229 // make sure $Page is <= max pages
230 $maxPage = ceil($totalMatches / $userPCConfig[$ChildTable][$ChildLookupField]['records-per-page']);
231 if($Page > $maxPage){ $Page = $maxPage; }
232
233 // initiate output data array
234 $data = array(
235 'config' => $userPCConfig[$ChildTable][$ChildLookupField],
236 'parameters' => array(
237 'ChildTable' => $ChildTable,
238 'ChildLookupField' => $ChildLookupField,
239 'SelectedID' => $SelectedID,
240 'Page' => $Page,
241 'SortBy' => $SortBy,
242 'SortDirection' => $SortDirection,
243 'Operation' => $Operation
244 ),
245 'records' => array(),
246 'totalMatches' => $totalMatches
247 );
248
249 // build the data query
250 if($totalMatches){ // if we have at least one record, proceed with fetching data
251 $startRecord = $userPCConfig[$ChildTable][$ChildLookupField]['records-per-page'] * ($Page - 1);
252 $data['query'] =
253 $userPCConfig[$ChildTable][$ChildLookupField]['query'] .
254 $permissionsJoin . " WHERE " .
255 ($permissionsWhere ? "( $permissionsWhere )" : "( 1=1 )") . " AND " .
256 ($forcedWhere ? "( $forcedWhere )" : "( 2=2 )") . " AND " .
257 "`$ChildTable`.`$ChildLookupField`='" . makeSafe($SelectedID) . "'" .
258 ($SortBy !== false && $userPCConfig[$ChildTable][$ChildLookupField]['sortable-fields'][$SortBy] ? " ORDER BY {$userPCConfig[$ChildTable][$ChildLookupField]['sortable-fields'][$SortBy]} $SortDirection" : '') .
259 " LIMIT $startRecord, {$userPCConfig[$ChildTable][$ChildLookupField]['records-per-page']}";
260 $res = sql($data['query'], $eo);
261 while($row = db_fetch_row($res)){
262 $data['records'][$row[$userPCConfig[$ChildTable][$ChildLookupField]['child-primary-key-index']]] = $row;
263 }
264 }else{ // if no matching records
265 $startRecord = 0;
266 }
267
268 if($Operation == 'get-records-printable'){
269 $response = loadView($userPCConfig[$ChildTable][$ChildLookupField]['template-printable'], $data);
270 }else{
271 $response = loadView($userPCConfig[$ChildTable][$ChildLookupField]['template'], $data);
272 }
273
274 // change name space to ensure uniqueness
275 $uniqueNameSpace = $ChildTable.ucfirst($ChildLookupField).'GetRecords';
276 echo str_replace("{$ChildTable}GetChildrenRecordsList", $uniqueNameSpace, $response);
277 /************************************************/
278 }